On November 4, 2021, the White House released a fact sheet on the issuance of new OSHA ETS and CMS Rules and also addressed some changes to the previously announced EO 14042 federal contractor vaccination mandate. During last week’s White House press briefing, officials had suggested that the administration might at least delay implementation of
Mandatory COVID-19 Vaccination Rule for Government Contractors Continues to Develop
We have previously reported on implementation issues arising from President Biden’s Path out of the Pandemic plan, which included issuance of Executive Order 14042, Ensuring Adequate COVID-19 Safety Protocols for Federal Contractors, the related Safer Workforce Task Force Guidance, and Federal Acquisition Regulation (FAR) Class Deviations.
Since our last report, several legal developments warrant
Update on Vaccine Requirements and Roll Out of the Path out of Pandemic Plan
We have been answering a number of questions from clients regarding the nature and scope of the requirements for COVID vaccination, testing, masking and more. Our previous alert and blogs laid out the administration’s Path out of the Pandemic, the overarching directive outlining the federal government’s vaccination plan across government and industry sectors. This
A Sea Change in Handling of Government Contractor Cyber Incident Reporting?
In the wake of increasing cybersecurity threats and incidents, the U.S. Department of Defense (DoD) amended its Federal Acquisition Regulation Supplement (DFARS) in 2015 to issue the 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting clause (DFARS clause). The DFARS clause, which is included in all DoD solicitations and contracts, including those for acquisitions of commercial items, requires that the contractor must “provide adequate security on all covered contractor information systems.” Covered contractor information systems are those that are “owned, or operated by or for, a contractor and that processes, stores, or transmits covered defense information.” The DFARS clause also requires that a contractor discovering a cyber incident that “affects a covered contractor information system or the covered defense information residing therein, or affects the contractor’s ability to perform the requirements of the contract that are designated as operationally critical support and identified in the contract,” must conduct a review and “rapidly report” the cyber incident to the DoD Cyber Crime Center (DC3). A “cyber incident” is defined as “actions taken through the use of computer networks that result in a compromise or an actual or potentially adverse effect on an information system and/or the information residing therein.” The current version of the clause goes on to define “compromise,” “covered defense information,” and more. Thus, a reportable event only arises when a number of elements are present. There still remain questions about the timing and scope of reporting under the clause. Recognizing this, even when there are not mandatory reporting requirements, DoD has established a voluntary public-private Defense Industrial Base (DIB) Cybersecurity program that allows for the sharing of information on cyber threats and more.
Continue Reading A Sea Change in Handling of Government Contractor Cyber Incident Reporting?
FAR Class Deviations Being Issued to Implement Executive Order 14042, Ensuring Adequate COVID Safety Protocols for Federal Contractors
On September 30, 2021, the Civilian Agency Acquisition Council (CAAC) issued a formal Class Deviation from the Federal Acquisition Regulation (FAR), to implement rollout of the President’s Executive Order 14042, Ensuring Adequate COVID Safety Protocols for Federal Contractors. The CAAC Class Deviation provides for inclusion of the following clause in all covered procurements:
Continue Reading FAR Class Deviations Being Issued to Implement Executive Order 14042, Ensuring Adequate COVID Safety Protocols for Federal Contractors