Compliance & Enforcement

On December 26, 2023, the U.S. Department of Defense (DoD) published the much anticipated proposed rule for the revamped Cybersecurity Maturity Model Certification (CMMC) 2.0 Program.

Following growing concerns within DoD that contractors were not consistently implementing the cybersecurity requirements of DFARS 252.204-2012, DoD responded with the creation of the CMMC Program in 2019 to move away from a “self-attestation” model of security. The CMMC Program’s purpose is for contractors and subcontractors to demonstrate that Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) being processed, stored, or transmitted is adequately safeguarded. CMMC builds from existing cybersecurity requirements by requiring that contractors and subcontractors undergo Self-Assessments, Third-Party Assessments, or Government Assessments, as required, to ensure that mandated information protection requirements have been implemented. Continue Reading Happy New Year From DoD – The Proposed CMMC Rule Is Here

On October 3, 2023, the FAR Council released two proposed rules for federal contractor cybersecurity requirements that relate to cyber threat and incident reporting and information sharing (case 2021-017) and standardizing cybersecurity requirements for unclassified federal information systems (case 2021-019). Both proposed rules not only provide new requirements for federal contractors to follow but also provide new definitions and contract provisions for information and contract technology and federal information systems contracts. Continue Reading New Proposed Cybersecurity Rules Mean Big Changes for Federal Contractors

On August 19, 2022, the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) published a notice regarding a Freedom of Information Act (FOIA) request from the Center for Investigative Reporting (CIR) for all Type 2 Consolidated Employer Information Reports, Standard Form 100 (EEO-1 Report), filed by all federal contractors, including “first-tier subcontractors,” (covered contractors) from 2016-2020.
Continue Reading OFCCP Issues September 19 Deadline for Federal Contractors to Object to Disclosure of EEO-1 Data

On July 14, 2022, the Department of Labor (DOL) issued a proposed rule that would require contractors and subcontractors performing covered service contracts to offer, in good faith, service employees employed under the predecessor contract the right of first refusal of employment under the successor contract. The proposed rule implements President Biden’s November 18, 2021 Executive Order 14055, Nondisplacement of Qualified Workers Under Service Contracts (the order). In sum, the order establishes a general policy for the federal government that “service contracts which succeed contracts for the same or similar services, and solicitations for such contracts, shall include a non-displacement clause.”
Continue Reading Don’t You Forget About Me: DOL’s Proposed Rule on the Right of First Refusal in Service Contracts

Last week, the Biden administration updated its position regarding enforcement of the COVID-19 vaccine mandate for federal contractors in response to the nationwide preliminary injunction issued by a U.S. District Court judge in Georgia. In our previous post on this topic, we questioned whether the administration would still attempt to enforce the vaccine mandate for contracts that already include the clauses mandating vaccinations. Thankfully, the administration resolved much of that uncertainty in its updated position by confirming that it will generally not enforce the mandate. However, it stopped short of a blanket policy of non-enforcement.
Continue Reading Biden Administration Updates Contractor Vaccine Mandate Guidance in Response to Nationwide Preliminary Injunction

On December 7, 2021, a federal judge issued a nationwide injunction that, for the time being, halts the COVID-19 vaccine mandate for federal contractors. The injunction is a preliminary injunction, the purpose of which is to preserve the status quo until a final judgment can be reached. This means the injunction will stay in place until the court reaches a final ruling on the merits of the case.
Continue Reading Vaccine Mandate for Federal Contractors on Hold

On November 4, 2021, the Department of Defense (DOD) announced it is revamping the Cybersecurity Maturity Model Certification program. The changes are intended to make the program more streamlined and flexible, which, in turn, will make it easier (and cheaper) for contractors to implement. Details of the revised program are limited, but some of the highlights include:

  • Fewer Levels: CMMC 2.0 will have only three levels of certification rather than five, and they will align more closely with existing cybersecurity standards. For example, Level 2 will align with NIST SP 800-171, the standard that applies when contractors handle controlled unclassified information.

Continue Reading DOD Announces CMMC 2.0; Cancels Rollout of CMMC 1.0

In our last post, we detailed President Biden’s Executive Order 14042 regarding vaccination requirements for government contractors. The order made clear that a new clause requiring vaccinations would be included in new contracts in the near future, but questions remained about which employees would ultimately be subject to the requirements. On September 24, 2021, the Safer Federal Workforce Task Force (Task Force) issued guidance that answered many of those questions.
Continue Reading New Guidance on the Vaccination Mandate for Federal Contractors

Government contractors and subcontractors will need to learn—quickly–how to navigate new COVID-19 requirements. On September 9, 2021, President Biden issued an executive order (the order) imposing COVID-19 vaccine and testing requirements on government contractors and subcontractors. The new requirements will start appearing in contracts in a matter of weeks. Below are the key points that federal contractors need to know.

How will the vaccine requirement be implemented?

The order directs all executive departments and agencies to begin including a new and yet unwritten clause in solicitations, contracts, and contract-like instruments. The clause must state that the contractor will comply with all guidance issued by the Safer Federal Workforce Task Force (Task Force) that pertains to a contractor or subcontractor’s workplace locations.Continue Reading New COVID-19 Vaccination Requirements for Government Contractors

The SBA made numerous changes to its regulations in the past year, but the FAR Council has largely failed to keep pace. Then, earlier this month, the FAR Council published three final rules to implement long-awaited changes to the FAR’s small business contracting requirements. While the changes concern small business contracting requirements, they will impact business contractors of all sizes. For example, one of the rules makes noteworthy changes to the FAR’s Limitations on Subcontracting, resulting in a more friendly regulatory landscape for small business prime contractors. Another of the rules provides clarity for large business contractors who seek to demonstrate “good faith efforts” to comply with a small business subcontracting plan. The new changes bring the FAR’s small business contracting requirements in line with the SBA’s regulations and will be incorporated into new contracts beginning on September 10, 2021.
Continue Reading What FAR Council Updates to Small Business Contracting Requirements Mean for Large and Small Business Contractors