Justin A. Chiarodo will serve as a panelist at American Conference Institute’s 13th Advanced Forum on DCAA & DCMA Cost, Pricing, Compliance & Audits, being held June 22 and 23, 2022, in Arlington, VA.
Justin’s session, “Significant Regulatory and Litigation Developments—from Bid Protests to Vaccine Mandates—and Beyond,” will take place on Thursday, June 23, from 11:50 a.m. to 12:45 p.m.
For more details, visit our website.
In February 2021, the Department of Defense (“DoD”) promulgated 32 C.F.R. Part 117. This move converted the National Industrial Security Program Operating Manual (“NISPOM”)—the rules that govern personnel and facility security clearances—from DoD policy into federal law. The move originally garnered little attention because the new regulations include virtually all requirements that were in the prior NISPOM. DoD, however, embedded new requirements with potentially significant implications for cleared contractors and their senior management officials (“SMO”). And the Defense Counterintelligence and Security Agency (“DCSA”) is now signaling that it will hold SMOs accountable if they fail to meet these requirements.
A cleared contractor’s SMO is the person “with ultimate authority over the facility’s operations and the authority to direct actions necessary for the safeguarding of classified information in the facility.” § 117.3(b). Typically, the SMO is the individual who holds the top position at a company, such as a chief executive officer or majority owner. Prior to the promulgation of Part 117, the SMO had discretion to delegate responsibility over the contractor’s industrial security program to another employee. Section 117.7(b)(2) of the new NISPOM regulations has put an end to that practice.
Continue reading “NISPOM Creates New Requirements for Senior Management Officials”Law360, May 25, 2022
Anthony Rapa and Matthew J. Thomas ●
The wide-ranging sanctions and export controls that the U.S. and its partners have imposed on Russia in recent months pose complex compliance challenges for parties operating across borders, even when there is not a direct or obvious nexus with Russia.
Notably, the U.S. rules include restrictions relating to dealings with sanctioned persons, exports to Russia of a broad range of items, certain services, banknotes, certain imports, and new investment. Furthermore, the annexed Crimea region of Ukraine is subject to a comprehensive U.S. embargo, as are the so-called Donetsk People’s Republic, or DNR, and the Luhansk People’s Republic, or LNR.
This article provides practical guidance for compliance with such restrictions, which can affect commercial operations, investments, and processing of financial transactions.
You can read the full article on our website.
On March 11, 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022. The Law includes new reporting requirements for companies who experience cyber incidents or make ransomware payments.
Under the Law, covered entities that experience covered cyber incidents must report the incident to the Cybersecurity and Infrastructure Security Agency (“CISA”) within 72 hours after the covered entity reasonably believes that a covered cyber incident has occurred. Covered entities must also notify CISA within 24 hours of making a ransomware payment.
The new cyber reporting law tasks CISA with creating more precise definitions for who constitutes a “covered entity” and what constitutes a “cyber incident.” Even the general language of the statute, however, provides some guidance for companies.
Continue reading “Is Your Company Prepared for the New Cyber Incident Reporting Requirements?”
On January 21, 2022, the General Services Administration (“GSA”) Office of Inspector General (“OIG”) informed the Federal Acquisition Service (“FAS”) that ongoing monitoring by the OIG found that the FAS failed to properly monitor the sale of products for compliance with the Trade Agreements Act (“TAA”) during the COVID-19 response. Previously, in April 2020, GSA relaxed compliance with the TAA for a limited number of Federal Supply Classes (“FSCs”) to aid the government’s response to the COVID-19 pandemic. The applicable FSCs included those covering N95 masks, cleaners and disinfectants, disposable gloves, and hand sanitizers. After several extensions, the TAA exception policy expired on April 30, 2021.
The OIG identified two deficiencies in FAS’ implementation of the TAA exception policy. First, the OIG found that FAS failed to properly track the addition of non-compliant products to contracts. As a result, after expiration of the exception policy, there was no effective way for GSA to remove the non-compliant products from contracts. Second, the OIG found that GSA improperly permitted the addition of non-compliant products to GSA contracts. For example, some products that were added were unrelated to the government’s response to the pandemic; some products were added to GSA contracts prior to the effective date of the TAA exception policy; and, remarkably, in one case, a product was added to a contract that identified North Korea as its country of origin.
Continue reading “Expect GSA to More Closely Scrutinize Trade Agreements Act Compliance”In response to more than 850 public comments, the Department of Defense (“DOD”) has decided to significantly revamp the Cybersecurity Maturity Model Certification (“CMMC”) program. On November 4, 2021, DOD announced that it was replacing the current CMMC program with CMMC 2.0, which is expected to significantly reduce the regulatory burden on companies in the Defense Industrial Base (“DIB”). DOD made three significant changes through the new CMMC 2.0 program:
Reduces the number of CMMC levels. As we explained in earlier posts, CMMC 1.0 originally had five CMMC levels of ascending sophistication. CMMC 2.0 now only has three levels:
Justin A. Chiarodo and Albert B. Krachman
Answering some questions and raising others, the Safer Federal Workforce Task Force issued its highly anticipated COVID-19 Workplace Safety: Guidance for Federal Contractors and Subcontractors on Friday, September 24. The Guidance follows the president’s September 9, 2021, Executive Order (“EO”), which we summarized in FAQ: Government Contractor COVID Safeguards Executive Order.
In short: a broad vaccine mandate for employees of government contractors is coming. But the exact details on application, exemptions, and compliance remain unclear. New rules due by October 8, 2021, should better address those questions. Adding to this uncertainty, the Guidance encourages individual agencies to issue their own (potentially broader) guidance. That said, we can infer a lot from Friday’s guidance.
Continue reading “Breaking Down the COVID-19 Safety Guidance for Government Contractors and Subcontractors: What We Know, What We Don’t, and What’s Next”With the recent adoption of the Virginia Consumer Data Protection Act (“VCDPA”), the state’s consumers will have new rights to understand what data a company collects about them, how that data is used, and with whom they share it. In short, the new law will have a national impact on any company doing business in the state.
Led by attorneys from Blank Rome’s Privacy, Security & Data Protection and White Collar Defense & Investigation Groups, this complimentary webinar will provide in-depth analysis of the VCDPA and timely insights on how businesses should prepare to comply with its provisions, including discussion of:
PRESENTERS
CLE Credit
This course is anticipated to qualify for the following CLE credits: VA 1.0 general credit
QUESTIONS? Please contact Courtney Litman via e-mail.
Tuesday, September 21, 2021
10:00‒11:00 a.m. PDT / 1:00‒2:00 p.m. EDT
Online Event
Justin A. Chiarodo, Brooke T. Iley, and Albert B. Krachman
We forecast in March (Will Federal Contractors Be Required to Certify Employee COVID Vaccinations?) possible COVID safety mandates for government contractors. They’ve arrived. President Biden issued a September 9, 2021, executive order (“EO”) that will implement sweeping COVID Safety protocols for government contractors, including potential vaccine mandates, to be established by the Safer Federal Workforce Task Force.
This FAQ breaks down the basics and includes our assessment of best practices pending forthcoming rulemaking.
Continue reading “FAQ: Government Contractor COVID Safeguards Executive Order”“If you want to do business with the federal government,
get your workers vaccinated.”
-President Biden, July 29, 2021
Please join Blank Rome’s Albert B. Krachman, partner in our Government Contracts practice group, and Brooke T. Iley, partner and co-chair of our Labor & Employment practice group, as they provide timely and insightful analysis of President Biden’s vaccination mandate for federal contractors in the wake of the Delta variant, including in-depth discussion of:
Tuesday, August 31, 2021 | 1:00—1:30 p.m. EDT
Online Event
To learn more, please read Will Federal Contractors Be Required to Certify Employee COVID Vaccinations? (Government Contracts Navigator, March 10, 2021).
