Category: Regulatory Compliance and Ethics

DHS Contractor? Pricey New Cybersecurity Requirements (and Hidden Risks) May Await You

Justin Chiarodo

The Department of Homeland Security (“DHS”) recently issued three new proposed cybersecurity regulations for DHS contractors which warrant careful attention. Although a freeze on new regulations by the Trump administration will likely delay any final agency action, and extensive comments and meaningful changes to any final rules are expected, these new regulations could radically impact the compliance landscape for DHS contractors. As with recent cybersecurity amendments to the Federal Acquisition Regulation (“FAR”) and Defense Federal Acquisition Regulation Supplement (“DFARS”) (which we’ve covered here and here), these proposed rules seek to impose more safeguarding, handling, reporting, and training requirements on covered contractors. We continue to see cybersecurity as a major business risk in the industry today, and recommend contractors pay close attention to their operational, technology, and risk management practices relating to cybersecurity. We highlight the key elements of the proposed rules below. Continue reading “DHS Contractor? Pricey New Cybersecurity Requirements (and Hidden Risks) May Await You”

Does Your Cybersecurity Program Satisfy Recent DFARS Amendments?

Justin Chiarodo

There is no question cybersecurity is a critical compliance and risk area for federal contractors. A seemingly endless stream of cyberattacks—on corporate databases, government servers, even baby monitors—shows the breadth of these problems and the need for action. Government contractors have the added challenge of specialized regulatory obligations, with compliance (or non-compliance) having a direct impact on the value of their business. Continue reading “Does Your Cybersecurity Program Satisfy Recent DFARS Amendments?”

Fair Pay and Safe Workplaces Final Rule Takes Effect in October: Are You Ready?

Christian N. Curran

In what may be the most significant change to contractor compliance this year, the Fair Pay and Safe Workplaces final rule takes effect on October 25, 2016. On August 25, 2016, the FAR Council and Department of Labor (“DOL”) issued the final rule and guidance implementing the Fair Pay and Safe Workplaces Executive Order, also known as “The Blacklisting Order” (originally issued on July 31, 2014). The order created new requirements for contractors, adding pre- and post-award reporting demands on covered contracts regarding contractor compliance with 14 separate labor laws. The proposed rule that was published on May 28, 2015, resulted in over 10,000 comments being submitted. The rule contains substantial new compliance obligations for contractors and drastic consequences for noncompliance. As discussed below, contractors need to take immediate steps in order to ensure readiness for these expansive new obligations. Continue reading “Fair Pay and Safe Workplaces Final Rule Takes Effect in October: Are You Ready?”

Five Things Government Contractors Should Keep in Mind about Political Activities this Election Season

Justin Chiarodo and Stephanie M. Harden 

The 2016 election season is unlike any other in recent memory. But like elections past and yet to come, political contributions and lobbying remain a mainstay of the political process. This is particularly true in the federal government contracting community, which is heavily influenced by executive and legislative action (and inaction). Though we can expect the unexpected in the three months leading up to the election, we offer below five fundamental “do’s and don’ts” that government contractors should keep in mind to guide their political activities. Continue reading “Five Things Government Contractors Should Keep in Mind about Political Activities this Election Season”

SBA Final Rule Expanding Mentor-Protégé Program to Take Effect This Month

Justin A. Chiarodo and Christian N. Curran

After a long wait and much anticipation, the Small Business Administration (“SBA”) issued its final rule expanding the mentor-protégé program to all small businesses on July 25, 2016. The new rule broadly expands upon the existing 8(a) mentor-protégé program, and is projected to result in $2 billion in federal contracts to program participants. Though the final rule largely tracks the February 2015 proposed rule, which we previously wrote about here, the final rule does make some key changes, including changes regarding size certification and reporting. As the new rule goes into effect on August 24, 2016, contractors both large and small should prepare now to take advantage of what the newly expanded program has to offer. Continue reading “SBA Final Rule Expanding Mentor-Protégé Program to Take Effect This Month”

GSA’s Transactional Data Reporting Rule Ushers in a New Era

Merle M. DeLancey Jr.Justin Chiarodo, and Philip Beshara

Last month, the General Services Administration (“GSA”) finalized a rule marking what the agency describes as the most significant development to its Schedules program in over two decades. The rule completely changes how GSA will analyze vendor pricing for products and services.

Under the rule, vendors will eventually be required to submit monthly transactional data reports with information related to orders and prices under certain GSA Schedule contracts and other vehicles. Along with the implementation of the new Transactional Data Reporting (“TDR”) requirement, GSA will relieve vendors from two preexisting compliance burdens—eliminating the Commercial Sales Practices (“CSP”) and Price Reductions Clause (“PRC”) reporting requirements when vendors begin submitting transactional data.

While vendors should welcome the relief provided from the elimination of two burdensome regulations, the shift to TDR will not be without cost and risk; and, the eventual efficiencies promised by GSA remain to be seen. Indeed, the impact of the change will likely extend beyond compliance burdens, with potential effects varying from the nature of False Claims Act suits to the potential publication of competitive information.

We summarize these and other key takeaways from the new rule below, and answer questions important to vendors as GSA rolls out this significant development. Continue reading “GSA’s Transactional Data Reporting Rule Ushers in a New Era”

NISPOM Conforming Change 2: What You Need to Know

Justin A. Chiarodo and Philip Beshara

The government recently issued long-awaited amendments to the National Industrial Security Program Operating Manual (“NISPOM”).  The amendments, known as Conforming Change 2, are targeted at combating insider threats and impose several new requirements warranting immediate action by contractors holding facility clearances.

There are four key elements to Change 2: (1) a mandated Insider Threat Program (“ITP”); (2) new cyber incident reporting requirements; (3) newly defined NISPOM components; and, (4) an updated standard for foreign-owned or controlled companies seeking access to proscribed information.  We summarized these changes and provide implementation suggestions below.

I. Insider Threat – Mandated Insider Threat Program

Change 2 requires cleared contractors to have a written Insider Threat Program plan no later than November 30, 2016.  The ITP must detect, deter, and mitigate insider threats consistent with the ITP requirements currently imposed on executive branch agencies (as set forth in Executive Order 13587 and the National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs). Continue reading “NISPOM Conforming Change 2: What You Need to Know”

Coming to a Government Contract Near You: Mandatory Information Safeguarding Requirements

Justin A. Chiarodo,  Philip E. Beshara, and Heather L. Petrovich

The government recently finalized a sweeping amendment to the Federal Acquisition Regulation (“FAR”) that will impose basic information system safeguarding requirements on many federal acquisitions, marking the latest in the continuing government effort to regulate and enhance cybersecurity protections in the industry. The Final Rule, effective June 15, 2016, imposes fifteen basic safeguarding requirements for contractors with information systems containing information provided by, or generated for, the government under a federal contract.

Though many contractors likely maintain information security standards that meet or exceed the new rule, they should confirm their compliance status by assessing these requirements against their current cybersecurity compliance program (to help mitigate the risk of a breach of contract claim or more serious enforcement action). This should include confirming that the requirement is flowed down to subcontractors where appropriate. Continue reading “Coming to a Government Contract Near You: Mandatory Information Safeguarding Requirements”

Human Trafficking Regulations to be Updated to Define “Recruitment Fees”

Justin A. Chiarodo and Stephanie M. Harden

In the latest regulatory action targeted at human trafficking, the Federal Acquisition Regulatory Councils (“FAR Councils”) on May 11, 2016 issued a proposed rule to include a sweeping new definition of the term “recruitment fees.” The proposed definition would cover nearly any conceivable charge related to recruiting, hiring, and onboarding of employees, no matter the location of the employee, the skill level of the job, or customary business practices in the industry. Contractors should pay close attention, given that the rule also makes them responsible for recruitment fees collected by third parties, including subcontractors at all tiers, recruiters, and staffing firms.

Recognizing the far-reaching consequences the rule will have, the FAR Councils have flagged key open questions for contractors to comment upon. Given the potential sweeping change, contractors should think carefully about how the proposed rule will impact their hiring practices. Continue reading “Human Trafficking Regulations to be Updated to Define “Recruitment Fees””

DOL’s Proposed Rule on Paid Sick Leave for Federal Contractors Will Significantly Increase Costs and Contract Administration Requirements for Contractors

Christian N. Curran

In February the Department of Labor (“DOL”) published a proposed rule implementing the mandate of Executive Order 13706 to require that all federal contractors provide paid sick leave to their employees.  The rule will significantly impact government contractors.  DOL estimates that the rule will require the provision of paid sick leave to over 800,000 contractor employees, over half of which currently have no such benefits at all.  The rule will also require extensive recordkeeping and related tracking efforts for compliance and reporting purposes which will significantly increase administrative burdens for contractors at substantial cost.  The proposed rule will apply to all contracts solicited or awarded after January 1, 2017.  The key provisions of the proposed rule are as follows.

  • Amount of Sick Leave: The rule requires that one hour of sick leave be provided for every thirty hours of work on covered contracts, for a minimum total of 56 hours per year.
  • Covered Contracts: The proposed rule would apply to several categories of contracts, including construction contracts covered by the Davis-Bacon Act, service contracts covered by the Service Contract Act, concessions contracts, and contracts regarding federal property or lands and relating to services for federal employees, dependents, or the public.

Continue reading “DOL’s Proposed Rule on Paid Sick Leave for Federal Contractors Will Significantly Increase Costs and Contract Administration Requirements for Contractors”

Exit mobile version
%%footer%%