Government Contracts Legislative and Regulatory Updates - January 2018

by Dentons


Our January edition of "Government Contracts Legislative and Regulatory Update" offers a summary of the relevant changes that took place during the month of December.

Highlights this month include:

  • President Trump signs $700B defense policy bill for FY 2018
  • Congress passes, and President Trump signs, temporary funding to avert a government shutdown
  • DoD provides new compliance guidance for contractors regarding DFARS 252.204-7012


President Trump signs $700B defense policy bill for FY 2018

Joseph G. Martinez, Partner in Dentons’ Government Contracts practice, K. Tyler Thomas, Associate in Dentons’ Government Contracts practice, and Chris W.K. Fetzer, Senior Advisor in Dentons’ Public Policy and Regulation practice have provided insight on the final version of the FY18 NDAA. Click here for their analysis.

House of Representatives passes Cybersecurity and Infrastructure Security Agency Act of 2017

On Monday, December 11, 2017, the House of Representatives passed the Cybersecurity and Infrastructure Security Agency Act of 2017 (CISAA), the purpose of which is to centralize authority and responsibility for cybersecurity at the US Department of Homeland Security (DHS), primarily by reorganizing its National Protection and Programs Directorate (NPPD), specifically elevating it into its own operational agency and re-designating it as the “Cybersecurity and Infrastructure Security Agency (CISA).” As background, the NPPD is responsible for securing federal networks and US critical infrastructure from cyber and physical threats.

Chiefly, the bill directs the CISA to be headed by a Director of National Cybersecurity and Infrastructure Security who will lead national efforts to protect and enhance the security and resiliency of US cybersecurity, emergency communications, and critical infrastructure. To facilitate this effort, the new CISA will be divided into three divisions: cybersecurity, infrastructure security and emergency communications. This division will enable the CISA to better coordinate a government response in the event of a cyberattack, particularly the emergency communications aspect. (All nonemergency communications will take place through the new cybersecurity division, which will also serve as a hub for risk assessment and cybersecurity intelligence.)

Government contractors that partner with the NPPD (or CISA, if this bill becomes law) can expect a more organized and efficient flow of cybersecurity information and, it is hoped, a quicker response to a cyber incident. (H.R. 3359, 07/24/2017)

Congress passes, and President Trump signs, temporary funding to avert a government shutdown

On December 21, 2017, the Senate passed a short-term extension of federal funding to keep the government from shutting down for three more weeks, thereby by pushing a number of policy battles into 2018. This emergency funding bill, which passed the Senate by a vote of 66 to 32 and the House by a vote of 231 to 188, will keep the government open at current levels of spending through January 19, 2018.

One of the most noteworthy provisions in the stopgap measure waives a budget rule that would trigger automatic cuts to Medicare and several other federal programs because of the deficit impact of the tax overhaul passed on December 20, 2017. In addition, the continuing resolution funds the popular Children’s Health Insurance Program (CHIP) until March.

The operative word here is “temporary.” Government contractors should pay attention to developments on this front and prepare themselves, to the maximum extent possible, for the possibility of a government shutdown. (Pub. Law No. 115-96, 12/22/2017)

Industry Developments

DoD provides new compliance guidance for contractors regarding DFARS 252.204-7012

On December 1, 2017, the Department of Defense (DoD) updated its internal guidance regarding compliance with the requirements of Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012, “Safeguarding Covered Defense Information and Cyber Incident Reporting.” Specifically, the office of Defense Procurement and Acquisition Policy (DPAP) updated its Procedures, Guidance and Information (PGI) with respect to DFARS 252.204-7012. Despite the fact that the PGI provides internal procedures, guidance and supplemental information to DoD, it enables contractors to glean insight into how DoD interprets its own regulations. Highlights of the updated PGI include:

  • Directing the requiring activity to create a “work statement or specification that includes the identification of covered defense information [(CDI)] or operationally critical support.” This is consistent with DoD statements to industry that procuring entities are responsible for notifying contractors when contract performance involves CDI.
  • Removing statements that (i) the safeguarding requirements apply until such time as the requiring activity removes or changes the designation, and (ii) the CO must coordinate with the requiring activity about disposition of CDI associated with a contract.
  • Clarifying that DoD is responsible for designating one point of contact to coordinate “additional actions required of the contractor, on behalf of affected DoD components.” 
  • Specifying that once a damage assessment is complete, the requiring activity must provide the CO with a report that documents “actions taken to close out the cyber incident.”

Defense contractors should review this updated guidance to ensure strict compliance with DFARS 252.204-7012.

Overseas weapons sales nearly doubled in 2017

Proposed sales of weapons and military equipment to foreign countries nearly doubled in FY17, to approximately $54.2 billion, as compared to $36.7 billion in FY16. In both years, the primary recipients were Middle Eastern counties. Indeed, in 2017, about $32 billion of the $54.2 billion in proposed weapons and military equipment sales was destined for Bahrain, Iraq, Israel, Kuwait, Qatar, Saudi Arabia and the UAE. The largest single proposed sale was to the Kuwait Air Force, which wants 32 Boeing Co. F/A-18E/F fighter aircraft and associated equipment.

As global tensions escalate, spanning multiple countries and continents, US makers of weapons and military equipment are likely to discover new and growing markets for foreign military sales. This will be bolstered by President Trump’s desire to facilitate overseas arms sales to strengthen and protect US allies and create jobs for US workers.

President Trump’s administration cuts new rulemaking by 75 percent

The number of new rules proposed by federal agencies within the first 10 months of President Trump’s presidency is down approximately 75 percent, compared with comparable periods during the presidencies of George W. Bush and Barack Obama. For example, during President George W. Bush's first 10 months, federal agencies submitted 250 significant final rules to the Office of Information and Regulatory Affairs (OIRA). During the same period of the Obama administration, this number jumped to 280. At the end of President Trump's first 10 months, that number had plummeted to 72. Further, the number of proposals and notices submitted to OIRA have followed similar trajectories. Federal agencies in the Bush administration submitted 465 regulatory actions; in the Obama administration, 547; and in the Trump administration, 172. Interestingly, however, with respect to nonsignificant administrative rules, the amount of final rules published by the three administrations were roughly comparable to each other. Final rules published in the first 10 months of the Bush administration totaled 3,503, compared to 2,887 under Obama and 2,734 in the Trump administration.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Dentons | Attorney Advertising

Written by:


Dentons on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.