Helping individuals, companies, and organizations understand key legal and practical considerations for promoting compliance and making better business decisions in these types of federal, state, and local government contracting matters MORE

As anticipated in our prior alerts, there have been continuing practical and legal challenges to implementing the Path Out of the Pandemic plan. This alert provides an update on the current status of challenges to OSHA’s Emergency Temporary Standard (ETS), Executive Order 14042 for federal contractors, and the Centers for Medicare and Medicaid Services (CMS)

On November 4, 2021, the White House released a fact sheet on the issuance of new OSHA ETS and CMS Rules and also addressed some changes to the previously announced EO 14042 federal contractor vaccination mandate. During last week’s White House press briefing, officials had suggested that the administration might at least delay implementation of

We have previously reported on implementation issues arising from President Biden’s Path out of the Pandemic plan, which included issuance of Executive Order 14042, Ensuring Adequate COVID-19 Safety Protocols for Federal Contractors, the related Safer Workforce Task Force Guidance, and Federal Acquisition Regulation (FAR) Class Deviations.

Since our last report, several legal developments warrant

We have been answering a number of questions from clients regarding the nature and scope of the requirements for COVID vaccination, testing, masking and more. Our previous alert and blogs laid out the administration’s Path out of the Pandemic, the overarching directive outlining the federal government’s vaccination plan across government and industry sectors. This

In the wake of increasing cybersecurity threats and incidents, the U.S. Department of Defense (DoD) amended its Federal Acquisition Regulation Supplement (DFARS) in 2015 to issue the 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting clause (DFARS clause).  The DFARS clause, which is included in all DoD solicitations and contracts, including those for acquisitions of commercial items, requires that the contractor must “provide adequate security on all covered contractor information systems.” Covered contractor information systems are those that are “owned, or operated by or for, a contractor and that processes, stores, or transmits covered defense information.” The DFARS clause also requires that a contractor discovering a cyber incident that “affects a covered contractor information system or the covered defense information residing therein, or affects the contractor’s ability to perform the requirements of the contract that are designated as operationally critical support and identified in the contract,” must conduct a review and “rapidly report” the cyber incident to the DoD Cyber Crime Center (DC3).  A “cyber incident” is defined as “actions taken through the use of computer networks that result in a compromise or an actual or potentially adverse effect on an information system and/or the information residing therein.”  The current version of the clause goes on to define “compromise,” “covered defense information,” and more.  Thus, a reportable event only arises when a number of elements are present.  There still remain questions about the timing and scope of reporting under the clause.  Recognizing this, even when there are not mandatory reporting requirements, DoD has established a voluntary public-private Defense Industrial Base (DIB) Cybersecurity program that allows for the sharing of information on cyber threats and more.
Continue Reading A Sea Change in Handling of Government Contractor Cyber Incident Reporting?