In the wake of increasing cybersecurity threats and incidents, the U.S. Department of Defense (DoD) amended its Federal Acquisition Regulation Supplement (DFARS) in 2015 to issue the 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting clause (DFARS clause). The DFARS clause, which is included in all DoD solicitations and contracts, including those for acquisitions of commercial items, requires that the contractor must “provide adequate security on all covered contractor information systems.” Covered contractor information systems are those that are “owned, or operated by or for, a contractor and that processes, stores, or transmits covered defense information.” The DFARS clause also requires that a contractor discovering a cyber incident that “affects a covered contractor information system or the covered defense information residing therein, or affects the contractor’s ability to perform the requirements of the contract that are designated as operationally critical support and identified in the contract,” must conduct a review and “rapidly report” the cyber incident to the DoD Cyber Crime Center (DC3). A “cyber incident” is defined as “actions taken through the use of computer networks that result in a compromise or an actual or potentially adverse effect on an information system and/or the information residing therein.” The current version of the clause goes on to define “compromise,” “covered defense information,” and more. Thus, a reportable event only arises when a number of elements are present. There still remain questions about the timing and scope of reporting under the clause. Recognizing this, even when there are not mandatory reporting requirements, DoD has established a voluntary public-private Defense Industrial Base (DIB) Cybersecurity program that allows for the sharing of information on cyber threats and more.
On September 30, 2021, the Civilian Agency Acquisition Council (CAAC) issued a formal Class Deviation from the Federal Acquisition Regulation (FAR), to implement rollout of the President’s Executive Order 14042, Ensuring Adequate COVID Safety Protocols for Federal Contractors. The CAAC Class Deviation provides for inclusion of the following clause in all covered procurements:
Last year at this time, we reported on the prospect of a partial government shutdown due to Congress’s failure to enact appropriations legislation to fund all aspects of the government for Fiscal Year (FY) 2021. In that case, the bill was passed and life continued. This year the stakes are higher. Though Congress started early, preparing separate appropriations bills for FY 2022 this summer, they still have not been passed. In addition, we are seeing bills for higher levels of spending than in the previous years, since the spending limits set in the Obama-era Budget Control Act of FY 2011 have now ended.
On September 24, 2021, the Safer Federal Workforce Task Force issued its hotly anticipated workplace safety guidelines as required by Executive Order 14042, Ensuring Adequate COVID Safety Protocols for Federal Contractors. The guidance, which is sure to spur as many questions as it answers, at a high level does the following:
As reported in an earlier alert and blog, on September 9, 2021, President Biden rolled out his Path Out of the Pandemic plan (the “Plan”) to combat the spread of COVID-19. Two central portions of the Plan include issuance of (1) an instruction to the Department of Labor Occupational Safety and Health Administration (OSHA) to issue a directive that requires companies with 100 or more employees to ensure their workforces are either fully vaccinated or their workers test negative for COVID-19 on a weekly basis before coming to work, and (2) an Executive Order on Ensuring Adequate COVID Safety Protocols for Federal Contractors (EO) that requires that covered government contractors and subcontractors at any tier comply with all guidance published by the Safer Federal Workforce Task Force (or the “Task Force”) that is determined to “promote economy and efficiency in Federal contracting” by the Director of the Office of Management and Budget, for those contractor or subcontractor workplace locations where individuals are “working on or in connection with a Federal Government contract or contract-like instrument.”