On April 15, 2025, the Department of Defense (DoD) released official guidance on Organizationally Defined Parameters (ODPs) appearing in the newly published NIST SP 800-171 Revision 3. At the same time, the DoD reaffirmed...more
4/28/2025
/ Compliance ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Contracts ,
Department of Defense (DOD) ,
DFARS ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Government Agencies ,
New Guidance ,
NIST ,
Regulatory Requirements ,
Subcontractors ,
Supply Chain
As St. Patrick’s Day approaches, many of us are on the lookout for four-leaf clovers, a pot of gold, or perhaps even a mischievous leprechaun guarding his treasure. But in the world of government contracting, the real...more
Amid the chaos of the past few weeks—sweeping executive orders, relentless cost-cutting, and an air of uncertainty that lingers like smoke after a fire—federal contractors have been left reeling, straining to hear what comes...more
After years of anticipation, the Federal Acquisition Regulation (FAR) Council has announced the arrival of its proposed rule to enhance the safeguarding of Controlled Unclassified Information (CUI) in federal contracts (the...more
1/17/2025
/ Compliance ,
Controlled Unclassified Information (CUI) ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Protection ,
Department of Defense (DOD) ,
DFARS ,
Employee Training ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
NARA ,
NIST ,
Proposed Rules ,
Risk Management ,
Software ,
Subcontractors ,
Supply Chain ,
System For Award Management (SAM)
Over the course of the past few years, gallons of ink have been spilled addressing the seemingly ever-pending US Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) Program. After keeping us...more
Some might say there’s little difference between dealing with the devil and being a federal contractor. And for the unwary or unprepared, that may not be far off. Federal contracting comes with a litany of “fine print” that...more
9/5/2024
/ Chief Information Officers (CIO) ,
Compliance ,
Cybersecurity ,
Department of Defense (DOD) ,
Department of Justice (DOJ) ,
DFARS ,
False Claims Act (FCA) ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Information Technology ,
Relators ,
Risk Management ,
Whistleblowers
On May 14, 2024, the National Institute of Standards and Technology (NIST) dropped the third remix…er, revision…of its Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems...more
On December 26, 2023, the Department of Defense (“DoD”) belatedly gifted defense contractors and subcontractors a Proposed Rule on the Cybersecurity Maturity Model Certification (“CMMC”) Program. DoD also released eight CMMC...more
2/14/2024
/ Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Contracts ,
Department of Defense (DOD) ,
DFARS ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
NIST ,
Proposed Rules ,
Risk Assessment ,
Risk Management ,
Subcontractors
On October 25, 2023, the Department of Defense (DoD) published a Proposed Rule amending the Department of Defense Federal Acquisition Regulation Supplement (DFARS) and permanently authorizing the DoD Mentor-Protégé Program...more
After months of review, on November 4, 2021, the Department of Defense (DoD) finally unveiled its new version of the Cybersecurity Maturity Model Certification (CMMC 2.0). Well, almost. In a blink-and-you’ll-miss-it moment,...more
Four memoranda, released in the last several business days, provide federal contracting officers guidance and suggested clauses to implement President Biden’s Executive Order 14042 (the Executive Order) in federal contracts...more
10/7/2021
/ Americans with Disabilities Act (ADA) ,
Coronavirus/COVID-19 ,
Department of Defense (DOD) ,
DFARS ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
General Services Administration (GSA) ,
Joe Biden ,
OMB ,
Reasonable Accommodation ,
Religious Exemption ,
Subcontractors ,
Vaccinations
As COVID-19 antibodies begin flooding the immune systems of most Americans, it is important to remember the important role that hygiene has played over the past fifteen months. For many, the risks and dangers of the pandemic...more
6/16/2021
/ American Rescue Plan Act of 2021 ,
Business Associates Agreement (BAA) ,
Buy American Act ,
CARES Act ,
Coronavirus/COVID-19 ,
Critical Infrastructure Sectors ,
Department of Defense (DOD) ,
Department of Energy (DOE) ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
False Claims Act (FCA) ,
Federal Acquisition Regulations (FAR) ,
Information Technology ,
Joe Biden ,
Masks ,
Sanitation ,
Supply Chain ,
Trade Agreements Act ,
Trading Advisory Agreements (TAAs) ,
U.S. Commerce Department
Akin to the exasperations of the newly minted “homeschool teachers” the pandemic has created, the Biden administration’s recent Executive Order on Improving the Nation’s Cybersecurity (Order) is a mix of sound logic and utter...more
5/18/2021
/ Biden Administration ,
Corporate Counsel ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Defense (DOD) ,
Department of Homeland Security (DHS) ,
Executive Orders ,
FBI ,
Infrastructure ,
National Security ,
Popular
Like the hits produced by DJ Khaled, the FAR Council offers “another one.” As covered extensively in this blog, federal contractors have been—or should have been (you have been working toward compliance, haven’t...more
When last we left the Federal Government, agency buyers were staring down the Interim Rule prohibiting them from contracting with entities that use “covered telecommunications equipment” under Section 889(a)(1)(B) (“Section...more
On April 8, 2020, the Department of Defense (“DoD”) issued a Class Deviation authorizing contracting officers to use a new cost principle – DFARS 231.205-79, CARES Act Section 3610 Implementation – to permit the reimbursement...more
There’s an often mistranslated Taoist adage that counsels “A journey of a thousand miles begins with a single step.” So it is presently with the Department of Defense’s (DoD’s) Cybersecurity Maturity Model Certification...more
So you want to acquire a government contractor? Makes sense, and you’re not alone. Over the past few years, the federal contracting landscape continues to evolve as a result of mergers and acquisitions (M&A), primarily...more
Cybersecurity. It’s never over, is it? In what can only be described as a “soft” release, the Department of Defense (DoD) has slowly and quietly begun to reveal its intent to provide federal contractors with formal...more