It’s almost here. After years of rulemaking, covered defense contractors will soon be fully subject to heightened cybersecurity standards for covered defense information (“CDI”) on IT systems under DFARS 252.204-7012, and contractors submitting new proposals will be representing that their systems are compliant with these security requirements pursuant to DFARS 252.204-7008. We discuss in this post seven compliance tips beyond the basics that are worth revisiting during this final compliance push. Continue reading “DFARS Cybersecurity Compliance Countdown: Are You Ready?”
Hurricane Harvey’s damage to Texas and other areas is virtually unprecedented and is already estimated to be in the tens of billions of dollars. And Hurricane Irma, hurtling towards Florida, could likewise cause catastrophic damage. Though every disaster presents unique recovery challenges, a common theme in disaster relief efforts is the key role of the Federal Emergency Management Administration (“FEMA”) and a federal law known as the Stafford Act. Contractors eager to assist with relief and rebuilding efforts should pay close attention to the legal landscape underpinning the public funding behind disaster relief efforts, particularly given the scrutiny these efforts will receive in the wake of Hurricane Katrina. Continue reading “Disaster Relief Contracting: How to Avoid the Pitfalls”
A recent federal court decision vacating a staggering 15-year debarment based on shortcomings in the administrative record offers a glimmer of hope to contractors facing exclusion from federal programs, and reinforces the importance that any final debarment decision be based on a fulsome record—particularly in “fact-based” debarments where there are disputed material facts. The big takeaway for contractors facing an exclusion is to ensure that the administrative record on which a debarment decision is based reflects all information showing why an exclusion is unwarranted (or unnecessary) to protect the Government.
President Trump signed an Executive Order yesterday, marking another step forward in his promotion of “Buy American” and “Hire American” policies. The Executive Order focuses on two areas: cracking down abuse of the H-1B guest worker program and promoting the purchase of American products in federal procurements. We tackle in this post the “Buy American” portion of the Executive Order, which is of particular importance to federal contractors. Continue reading “How Is Your Domestic Preference Compliance? President Trump Signals More Scrutiny of “Buy American, Hire American” Practices”
It is no secret that deregulation is a top priority for the Trump Administration and the Republican-led Congress. In the early weeks of governing together, President Trump and House Speaker Paul Ryan have dusted off the Congressional Review Act (“CRA”) as the tool of choice for undoing federal rules and regulatory initiatives implemented by the Obama Administration. The little-known but important law, enacted by President Clinton in 1996, provides Congress with the ability to enact legislation overturning certain federal agency rules. In the more than two decades on the books, the CRA has only been used to overturn a federal rule on one occasion when, in 2001, President George W. Bush signed a resolution overturning an ergonomics rule issued by the preceding administration. However, despite its past obscurity, the CRA is now more important than ever. Continue reading “How a Clinton-Era Law Could Reduce Regulations on Government Contractors under President Trump”
The Department of Homeland Security (“DHS”) recently issued three new proposed cybersecurity regulations for DHS contractors which warrant careful attention. Although a freeze on new regulations by the Trump administration will likely delay any final agency action, and extensive comments and meaningful changes to any final rules are expected, these new regulations could radically impact the compliance landscape for DHS contractors. As with recent cybersecurity amendments to the Federal Acquisition Regulation (“FAR”) and Defense Federal Acquisition Regulation Supplement (“DFARS”) (which we’ve covered here and here), these proposed rules seek to impose more safeguarding, handling, reporting, and training requirements on covered contractors. We continue to see cybersecurity as a major business risk in the industry today, and recommend contractors pay close attention to their operational, technology, and risk management practices relating to cybersecurity. We highlight the key elements of the proposed rules below. Continue reading “DHS Contractor? Pricey New Cybersecurity Requirements (and Hidden Risks) May Await You”
There is no question cybersecurity is a critical compliance and risk area for federal contractors. A seemingly endless stream of cyberattacks—on corporate databases, government servers, even baby monitors—shows the breadth of these problems and the need for action. Government contractors have the added challenge of specialized regulatory obligations, with compliance (or non-compliance) having a direct impact on the value of their business. Continue reading “Does Your Cybersecurity Program Satisfy Recent DFARS Amendments?”