The Department of Homeland Security (“DHS”) recently issued three new proposed cybersecurity regulations for DHS contractors which warrant careful attention. Although a freeze on new regulations by the Trump administration will likely delay any final agency action, and extensive comments and meaningful changes to any final rules are expected, these new regulations could radically impact the compliance landscape for DHS contractors. As with recent cybersecurity amendments to the Federal Acquisition Regulation (“FAR”) and Defense Federal Acquisition Regulation Supplement (“DFARS”) (which we’ve covered here and here), these proposed rules seek to impose more safeguarding, handling, reporting, and training requirements on covered contractors. We continue to see cybersecurity as a major business risk in the industry today, and recommend contractors pay close attention to their operational, technology, and risk management practices relating to cybersecurity. We highlight the key elements of the proposed rules below. Continue reading “DHS Contractor? Pricey New Cybersecurity Requirements (and Hidden Risks) May Await You”
There is no question cybersecurity is a critical compliance and risk area for federal contractors. A seemingly endless stream of cyberattacks—on corporate databases, government servers, even baby monitors—shows the breadth of these problems and the need for action. Government contractors have the added challenge of specialized regulatory obligations, with compliance (or non-compliance) having a direct impact on the value of their business. Continue reading “Does Your Cybersecurity Program Satisfy Recent DFARS Amendments?”
Christian N. Curran
In what may be the most significant change to contractor compliance this year, the Fair Pay and Safe Workplaces final rule takes effect on October 25, 2016. On August 25, 2016, the FAR Council and Department of Labor (“DOL”) issued the final rule and guidance implementing the Fair Pay and Safe Workplaces Executive Order, also known as “The Blacklisting Order” (originally issued on July 31, 2014). The order created new requirements for contractors, adding pre- and post-award reporting demands on covered contracts regarding contractor compliance with 14 separate labor laws. The proposed rule that was published on May 28, 2015, resulted in over 10,000 comments being submitted. The rule contains substantial new compliance obligations for contractors and drastic consequences for noncompliance. As discussed below, contractors need to take immediate steps in order to ensure readiness for these expansive new obligations. Continue reading “Fair Pay and Safe Workplaces Final Rule Takes Effect in October: Are You Ready?”
The 2016 election season is unlike any other in recent memory. But like elections past and yet to come, political contributions and lobbying remain a mainstay of the political process. This is particularly true in the federal government contracting community, which is heavily influenced by executive and legislative action (and inaction). Though we can expect the unexpected in the three months leading up to the election, we offer below five fundamental “do’s and don’ts” that government contractors should keep in mind to guide their political activities. Continue reading “Five Things Government Contractors Should Keep in Mind about Political Activities this Election Season”
Justin A. Chiarodo and Christian N. Curran
After a long wait and much anticipation, the Small Business Administration (“SBA”) issued its final rule expanding the mentor-protégé program to all small businesses on July 25, 2016. The new rule broadly expands upon the existing 8(a) mentor-protégé program, and is projected to result in $2 billion in federal contracts to program participants. Though the final rule largely tracks the February 2015 proposed rule, which we previously wrote about here, the final rule does make some key changes, including changes regarding size certification and reporting. As the new rule goes into effect on August 24, 2016, contractors both large and small should prepare now to take advantage of what the newly expanded program has to offer. Continue reading “SBA Final Rule Expanding Mentor-Protégé Program to Take Effect This Month”
Last month, the General Services Administration (“GSA”) finalized a rule marking what the agency describes as the most significant development to its Schedules program in over two decades. The rule completely changes how GSA will analyze vendor pricing for products and services.
Under the rule, vendors will eventually be required to submit monthly transactional data reports with information related to orders and prices under certain GSA Schedule contracts and other vehicles. Along with the implementation of the new Transactional Data Reporting (“TDR”) requirement, GSA will relieve vendors from two preexisting compliance burdens—eliminating the Commercial Sales Practices (“CSP”) and Price Reductions Clause (“PRC”) reporting requirements when vendors begin submitting transactional data.
While vendors should welcome the relief provided from the elimination of two burdensome regulations, the shift to TDR will not be without cost and risk; and, the eventual efficiencies promised by GSA remain to be seen. Indeed, the impact of the change will likely extend beyond compliance burdens, with potential effects varying from the nature of False Claims Act suits to the potential publication of competitive information.
We summarize these and other key takeaways from the new rule below, and answer questions important to vendors as GSA rolls out this significant development. Continue reading “GSA’s Transactional Data Reporting Rule Ushers in a New Era”
Justin A. Chiarodo and Philip Beshara
The government recently issued long-awaited amendments to the National Industrial Security Program Operating Manual (“NISPOM”). The amendments, known as Conforming Change 2, are targeted at combating insider threats and impose several new requirements warranting immediate action by contractors holding facility clearances.
There are four key elements to Change 2: (1) a mandated Insider Threat Program (“ITP”); (2) new cyber incident reporting requirements; (3) newly defined NISPOM components; and, (4) an updated standard for foreign-owned or controlled companies seeking access to proscribed information. We summarized these changes and provide implementation suggestions below.
I. Insider Threat – Mandated Insider Threat Program
Change 2 requires cleared contractors to have a written Insider Threat Program plan no later than November 30, 2016. The ITP must detect, deter, and mitigate insider threats consistent with the ITP requirements currently imposed on executive branch agencies (as set forth in Executive Order 13587 and the National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs). Continue reading “NISPOM Conforming Change 2: What You Need to Know”