Photo of Monty Cooper

On April 19, 2024, EPA signed the highly anticipated final rule designating two types of PFAS as hazardous substances under section 102(a) of the Comprehensive Environmental Response, Compensation, and Liability Act (“CERCLA”).  At the same time, David M. Uhlmann, Assistant Administrator for Enforcement and Compliance Assurance of the EPA, released an enforcement policy memorandum that provides “direction to all EPA enforcement and compliance staff about how EPA will exercise its enforcement discretion under CERCLA in matters involving PFAS, just as EPA exercises enforcement discretion regarding other hazardous substances.”  This alert summarizes key points from the enforcement policy and flags various uncertainties that lie ahead. 

Continue Reading EPA’s Busy April for CERCLA and PFAS:New CERCLA Authority, an Enforcement Escape Hatch, and the Continued Search for Viable Cleanup Technologies
Photo of Adelicia R. CliffePhoto of Stephanie CrawfordPhoto of Alexandra Barbee-GarrettPhoto of M.Yuan Zhou

On May 3, 2024, the Federal Acquisition Regulation (FAR) Council issued an Advanced Notice of Proposed Rulemaking (ANPR) regarding the prohibition on semiconductors produced by certain Chinese manufacturers, enacted in Section 5949(a)(1) of the James M. Inhofe National Defense Authorization Act (NDAA) for Fiscal Year 2023 (Section 5949) expanding on the prohibition on covered telecommunications equipment and services produced by Huawei, ZTE, and others from Section 889 of the FY 2019 NDAA (Section 889).    

Continue Reading “(Don’t) Let the Chips Fall Where They May”:  FAR Council Previews Proposed Rule Implementing the Covered Semiconductor Prohibition  
Photo of Nkechi KanuPhoto of Brian Tully McLaughlinPhoto of Jacob HarrisonPhoto of Jennie Wang VonCannon

On May 1, 2024, the Department of Justice (DOJ) announced that Insight Global LLC (Insight), an international staffing and services company, will pay $2.7 million to resolve allegations that it violated the False Claims Act (FCA) by failing to implement adequate cybersecurity measures to protect personal health information (PHI) and personally identifiable information (PII) under its contracts with the Pennsylvania Department of Health (PADOH) to provide staffing for COVID-19 contact tracing services.  Although contracts with state agencies generally fall outside the FCA’s ambit, PADOH paid Insight using funds received from the federal Centers for Disease Control and Prevention (CDC)—bringing the contract within the FCA’s scope. 

Continue Reading No End “Insight” for DOJ’s Civil Cyber-Fraud Initiative
Photo of Nicole Owren-WiestPhoto of Erin Rankin
Cards Face Up

Nicole Owren-Wiest and Erin Rankin talk TINA. What is the Truthful Cost or Pricing Data Act, formerly known as the Truth in Negotiations Act? When are contractors and subcontractors required to provide certified cost or pricing data? And what does Nicole’s Cookie Monster coffee mug have to do with it? | PodBean | SoundCloud | Apple Podcasts 

Photo of Michael G. Gruden, CIPP/GPhoto of Evan D. WolffPhoto of Maida Oringher LernerPhoto of Nkechi KanuPhoto of Jacob Harrison

On May 2, 2024, the Department of Defense (DoD) issued a class deviation to DFARS 252.204-7012,  Safeguarding Covered Defense Information and Cyber Incident Reporting (DFARS 7012), specifying that contractors subject to the clause must comply with NIST SP 800-171, Revision 2.  The deviation (labeled Deviation 2024-O0013) will delay the incorporation of NIST SP 800-171, Revision 3—which is set to be finalized in the next few weeks—into DFARS 7012.

The standard version of DFARS 7012 does not identify a specific NIST SP 800-171 Revision number, and has been interpreted by DoD as requiring compliance with NIST SP 800-171’s most current Revision.  But with Revision 3’s final release looming, DoD has directed contracting officers to use Deviation 2024-O0013 in place of the standard clause moving forward, linking DFARS 7012 to Revision 2 for the time being.

In a press release announcing the deviation, DoD stated that the “intent of this class deviation is to provide industry time for a more deliberate transition upon the forthcoming release of [NIST SP 800-171, Revision 3].” 

It is unclear when DoD plans to adopt Revision 3.  However, contractors should take advantage of DoD’s reprieve to get familiar with Revision 3, as the DoD has previously indicated that it intends to incorporate NIST SP 800-171’s newest revision into both DFARS 7012 and its forthcoming Cyber Maturity Model Certification (CMMC) program.

Photo of Jana del-CerroPhoto of Chandler Leonard

On May 1, 2024, the Department of State’s Directorate of Defense Trade Controls (DDTC) published a proposed rule that, if implemented, would streamline defense trade between and among Australia, the United Kingdom (UK), and the United States in furtherance of the trilateral security partnership (the “AUKUS” partnership). DDTC issued the proposed rule pursuant to new authorities and requirements contained in Section 1343 of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2024 which, in part, directs the Department of State to immediately implement an International Traffic in Arms Regulations (ITAR) exemption, subject to certain statutory limitations, for the UK and Australia if State determines and certifies that each has implemented (1) a system of export controls comparable to those of the United States and (2) a comparable exemption from its export controls for the United States. According to DDTC, the proposed rule “prepare[s] for a future exemption” and solicits public feedback “to shape a final rule following any positive certification.”

Continue Reading DDTC Publishes Proposed ITAR Amendments to Enhance AUKUS Defense Trade
Photo of Stephen M. ByersPhoto of Lyndsay GortonPhoto of Brian Tully McLaughlinPhoto of Catherine Shames

A recently-announced False Claims Act (FCA) settlement illustrates how government contractors and other FCA defendants can take advantage of a Department of Justice (DOJ) policy that rewards voluntary self-disclosure to, and subsequent cooperation with, the government.

Continue Reading False Claims Act Settlement Illustrates Value of Disclosure and Cooperation
Photo of Steve McBradyPhoto of Skye MathiesonPhoto of Michelle ColemanPhoto of Charles BaekPhoto of John NakonecznyPhoto of Tyler Piper

In MLU Services, Inc. v. Department of Homeland Security, CBCA No. 8002, the Civilian Board of Contract Appeals (Board) denied a Federal Emergency Management Agency (FEMA) motion to dismiss for failure to prosecute, which the agency filed just four days after MLU failed to timely submit one of its initial pleadings.

This case involves the relatively rare circumstance in which each party asserted monetary claims against the other. The Board ordered MLU to file a complaint describing the basis for its claim; FEMA to file an answer to the complaint and an addendum describing the basis for the government’s claim; and MLU to file a response to FEMA’s addendum. The parties filed the first two pleadings, but MLU did not meet the deadline for its response to FEMA’s addendum. The following week, asserting failure to prosecute, FEMA moved to dismiss MLU’s challenge to the FEMA claim.

The Board promptly denied the motion—before MLU even filed an opposition brief—noting that the Board viewed FEMA’s motion as “bordering on the frivolous.” The Board explained that “[d]ismissal for failure to prosecute is one of the harshest sanctions available” and “it is an option [the Board uses] sparingly and only when the evidence presented in support of the motion is especially convincing.” Rather than dismissing the relevant portion of MLU’s appeal, the Board entered a general denial of the allegations in FEMA’s addendum on behalf of MLU.

This decision serves as a reminder that requesting sanctions for failure to prosecute is a drastic measure that should be carefully considered.

Photo of Peter J. EyrePhoto of M.Yuan Zhou
FAR Part 40, Cyber Reporting, Bid Protest

This week’s episode covers a final rule updating the FAR to add Part 40 on information security and supply chain security, a notice of proposed rulemaking detailing how companies will have to comply with the Cyber Incident Reporting for Critical Infrastructure Act of 2022, and a bid protest decision involving inadvertent disclosure of source selection information, and is hosted by Peter Eyre and Yuan Zhou. Crowell & Moring’s “Fastest 5 Minutes” is a biweekly podcast that provides a brief summary of significant government contracts legal and regulatory developments that no government contracts lawyer or executive should be without. | PodBean | SoundCloud | Apple Podcasts 

Photo of Lorraine M. CamposPhoto of Erin RankinPhoto of J. Chris HailePhoto of Skye MathiesonPhoto of Laura J. Mitchell BakerPhoto of Alexandra Barbee-GarrettPhoto of Catherine Shames

On April 22, 2024, the Office of Management and Budget (OMB) issued a Final Rule significantly revising the Uniform Guidance for grants, cooperative agreements, and other federal financial assistance.  The Final Rule (titled “OMB Guidance for Federal Financial Assistance”), and OMB’s accompanying memorandum to agencies and reference guide, state that the revisions aim to streamline and clarify the grant rules and improve management, transparency, and oversight of federal financial assistance.  Agencies must implement the Final Rule by October 1, 2024; however, agencies may apply it to federal awards as early as June 21, 2024.

Continue Reading OMB Final Rule Rewrites the Uniform Guidance for Grants, Cooperative Agreements, and Other Federal Financial Assistance