Justin A. Chiarodo and Robyn N. Burrows
A very Happy New Year to our GovCon Navigator readers! Further expanding recent supply chain restrictions across federal procurement, the Department of Defense (“DoD”) issued an interim rule prohibiting DoD from procuring equipment or services from certain Chinese entities (and possibly Russian) if used to carry out DoD nuclear deterrence or homeland defense missions. The rule builds on the Section 889 supply chain restrictions we previously covered in a prior blog post.
What should contractors do now given the interim rule is already in effect? Contractors should first evaluate their existing contract portfolios for covered missions and take immediate steps to eliminate all covered products from their supply chain (and find alternate sources of supply). If the rule might impact contract performance, you should be prepared to address this with the appropriate counterparty. And given the requirement for compliance certifications that mirror Section 889, contractors should also harmonize monitoring and compliance with their existing supply chain compliance programs. Among other things, this should address the requirement to obtain compliance certifications from downstream subcontractors and suppliers.
Read on for the specifics. Continue reading “A DoD New Year’s Resolution: No More Chinese (and Possibly Russian) Products and Services in Support of Key Missions”
Merle M. DeLancey Jr.
On August 15, 2019, the Defense Health Agency (“DHA”) and Defense Logistics Agency (“DLA”) agreed upon a joint approach to healthcare logistics. Under the Memorandum of Agreement (“MOA”), DLA will be responsible for materiel acquisitions, while DHA will take the lead on medical services acquisitions. The MOA clarifies the agencies’ complementary roles and responsibilities and avoids duplication of effort. The MOA covers all aspects of medical logistics support provided by DLA to DHA, and DHA’s consideration for that support in performance areas including pharmaceuticals, medical-surgical supplies, healthcare technology equipment, cataloging, and Class VIII surge and sustainment materiel required by the services to meet the demands of the national military support strategy.
The uninformed might question the need for DHA and DLA to formally enter into a MOA. After all, DHA and DLA are both under the Department of Defense (‘DoD”) umbrella. Why is an agreement required to coordinate the two agencies’ efforts? Why wasn’t such coordination and avoidance of duplication of effort simply ordered by DoD senior command? Good questions perhaps, but the MOA was necessary to ensure the agencies stay in their respective lanes. Continue reading “Defense Health Agency and Defense Logistics Agency Memorandum of Agreement: A Good First Step, but What about Coordination with the Department of Veterans Affairs?”
Carolyn R. Cody-Jones
A recent decision in the federal district court for the Eastern District of California is one of the first to recognize application of the False Claims Act (“FCA”) to Department of Defense (“DoD”) cybersecurity requirements, and will likely encourage future lawsuits alleging noncompliance with federal cybersecurity procurement regulations. In United States ex rel. Markus v. Aerojet Rocketdyne Holdings, Inc., No. 2:15-cv-2245 WBS AC, 2019 WL 2024595 (E.D. Cal. May 8, 2019), the court denied the defendant contractor’s motion to dismiss qui tam complaint fraud allegations against the company. The complaint—brought by a former employee from the company’s cybersecurity department a month after his termination from the company—alleged the defendant fraudulently entered into DoD and National Aeronautics and Space Administration (“NASA”) contracts despite knowing that it did not meet the minimum standards required to receive the awards. The court permitted the case to move forward despite the government declining to intervene.
The primary regulations at issue in the case are DFARS 252.204-7012, which recently required, as of December 31, 2017, that contractors have a cybersecurity plan in place complying with 110 recommended security control standards set forth in NIST SP 800-171. However, the court’s decision in Aerojet Rocketdyne focused on the previous 2013 final rule and the two interim rules in 2015 implementing DFARS 252.204-7012, and also a NASA cybersecurity regulation at 48 C.F.R. § 1852.204-76 involving contractor security controls for sensitive but unclassified government information. Continue reading “Eastern District of California Allows False Claims Act Allegations Based on Noncompliance with DoD Cybersecurity Requirements to Go Forward”