Supply Chain

Subscribe to Supply Chain via RSS
Photo of Sharmistha DasPhoto of Stephanie CrawfordPhoto of Riley Delfeld

The Transportation Security Administration (TSA) recently proposed an expanded role regulating unmanned aircraft systems (UAS), or drones.  On August 7, 2025, the Federal Aviation Administration (FAA) and TSA published a joint Notice of Proposed Rulemaking (proposed rule), titled Normalizing Unmanned Aircraft Systems Beyond Visual Line of Sight Operations (BVLOS).  Through this landmark proposed rule, the FAA and TSA aim to provide industry with a clear path forward for streamlined UAS operations for a variety of purposes, including package delivery, agriculture, aerial surveying, civic interest (public safety), and flight testing.  Comments on the proposed rule are due October 6, 2025.Continue Reading Securing the Skies: Landmark Proposed Rule Contains New Security Requirements for Expanded Commercial Drone Deployments

Photo of Adelicia R. CliffePhoto of Alexandra Barbee-GarrettPhoto of Stephanie CrawfordPhoto of M.Yuan Zhou

On September 18, 2025, the Director of National Intelligence (DNI) issued the first order under the authority conferred by the Federal Acquisition Supply Chain Security Act (FASCSA), requiring exclusion and removal of products and services by an identified source.[1]
Continue Reading Off the (Supply) Chain: Director of National Intelligence Issues First Exclusion and Removal Order Under the Federal Acquisition Supply Chain Security Act

Photo of Adelicia R. CliffePhoto of Alexandra Barbee-Garrett

On January 2, 2025, the U.S. Department of Defense (DoD) updated the 1260H List of entities identified as “Chinese military companies” (CMC) operating in the United States, as required by section 1260H of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2021 (Section 1260H), adding new entities and removing others.  The updated 1260H List now includes 76 entities. Continue Reading New Year, Updated List: The U.S. Department of Defense Updates Its List of Chinese Military Companies with Ancillary Supply Chain and USG Contracting Impacts

Photo of Stephanie CrawfordPhoto of Adelicia R. CliffePhoto of Alexandra Barbee-Garrett

On May 30, 2024, the Department of Defense (DoD) issued a final rule implementing Section 844 of the Fiscal Year (FY) 2021 National Defense Authorization Act (NDAA) and Section 854 of the FY 2024 NDAA by amending DFARS 225.7018-2 and accompanying DFARS clause 252.225-7052, which restrict DoD from acquiring certain metals and magnets from “covered countries” of Iran, North Korea, Russia, and China, to prohibit even earlier inputs in the supply chain from occurring in these countries.  Despite comments discussing the infancy of the domestic market for many “covered materials”—defined as samarium-cobalt magnets, tantalum metals and alloys, tungsten metal powder, and tungsten heavy alloy or any finished or semi-finished component containing tungsten heavy alloy—the final rule expands the restrictions on sourcing covered materials from covered countries.  Currently, the rule requires that covered materials not be melted or produced in covered countries but, effective January 1, 2027, the updated rule prohibits covered materials being mined, refined, separated, melted or produced in one of the covered countries. The expansion of the focus of the prohibition all the way back to where these materials were mined is consistent with the U.S. government’s effort to develop the domestic industrial base for and encourage on-shoring of critical minerals, magnets, and metals.   Continue Reading DoD Expands Restrictions on Supply Chain for Certain Magnets, Tantalum, and Tungsten

Photo of Adelicia R. CliffePhoto of Stephanie CrawfordPhoto of Alexandra Barbee-Garrett

On April 1, 2024, the Department of Defense (DoD), General Services Administration (GSA), and the National Aeronautics and Space Administration (NASA) issued a final rule updating the Federal Acquisition Regulation (FAR) to add Part 40 on information security and supply chain security. This first action did not implement any new requirements; however, separate rulemakings will follow to relocate existing information security and supply chain security policies and procedures to the new Part 40. Additionally, new related regulations will be housed in Part 40. These actions suggest that the flow of information security and supply chain regulations is likely to continue unabated for at least the next few years.Continue Reading New FAR Part 40 to Address Supply Chain and Information Security Requirements

Photo of Peter J. EyrePhoto of M.Yuan Zhou

This week’s episode covers the FAR clauses implementing the Federal Acquisition Supply Chain Security Act, updates to NASA’s Small Business Mentor Protégé Program, and DOJ’s new safe harbor policy for voluntary self-disclosures made in connection with mergers and acquisitions, and is hosted by Peter Eyre and Yuan Zhou. Crowell & Moring’s “Fastest 5 Minutes” is

Photo of Adelicia R. CliffePhoto of Stephanie CrawfordPhoto of Alexandra Barbee-Garrett

On October 5, 2023, the Federal Acquisition Regulation (FAR) Council published an interim rule to prohibit, in the performance of a government contract, the delivery or use of “covered articles” (which includes certain information technology and telecommunications equipment, hardware, systems, devices, software, and services) subject to a Federal Acquisition Supply Chain Security Act (FASCSA) exclusion or removal order.  The interim rule also imposes obligations for a related “reasonable inquiry” at the time of proposal submission and quarterly monitoring during contract performance.  These changes implement the FASCSA of 2018 (P.L. 115-390).  While the Federal Acquisition Security Council (FASC) and the order-issuing agencies (Department of Homeland Security (DHS), Department of Defense (DoD), and the Office of the Director for National Intelligence (ODNI)) have not yet issued any such FASCSA orders, those orders will be identified in the System for Award Management (SAM) or – in some cases – identified in and specific to the contract and any resulting subcontracts.Continue Reading Coming December 4: Do You Know Where Your Supply Chain Risks Are? FAR Council Issues Interim Rule Requiring Contractor Diligence for FASC Exclusion and Removal Orders

Photo of Michael G. Gruden, CIPP/GPhoto of Jacob HarrisonPhoto of Alexis Ward

On June 9, 2023, the Office of Management and Budget (OMB) released M-23-16, Update to Memorandum M-22-18, which alters key deadlines and clarifies how agencies and software developers can comply with M-22-18.  The original memorandum, published in September 2022, required all federal agencies and their software developers to comply with the National Institute of Standards and Technology (NIST) Secure Software Development Framework (SSDF), NIST SP 800-218, and the NIST Software Supply Chain Security Guidance (collectively, NIST Guidance) whenever third-party software is used on government information systems or otherwise affects government information. Continue Reading Softening the Blow: OMB Extends Software Supply Chain Security Deadline and Clarifies Scope

Photo of Alexandra Barbee-GarrettPhoto of Adelicia R. CliffePhoto of Stephanie CrawfordPhoto of Christopher D. GarciaPhoto of Rina GashawPhoto of Lyndsay GortonPhoto of Michael G. Gruden, CIPP/GPhoto of Jacob HarrisonPhoto of Olivia LynchPhoto of John E. McCarthy Jr.Photo of Zachary SchroederPhoto of Rob SneckenbergPhoto of Anuj VohraPhoto of Per MidboePhoto of Alexis Ward

The National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2023, signed into law on December 23, 2022, makes numerous changes to acquisition policy. Crowell & Moring’s Government Contracts Group discusses the most consequential changes for government contractors here. These include changes that provide new opportunities for contractors to recover inflation-related costs, authorize new programs for small businesses, impose new clauses or reporting requirements on government contractors, require government reporting to Congress on acquisition authorities and programs, and alter other processes and procedures to which government contractors are subject. The FY 2023 NDAA also includes the Advancing American AI Act, the Intelligence Authorization Act for FY 2023, and the Water Resources Development Act of 2022, all of which include provisions relevant for government contractors. Continue Reading FY 2023 National Defense Authorization Act: Key Provisions Government Contractors Should Know

Photo of Michael G. Gruden, CIPP/GPhoto of Jacob Harrison

Yesterday, the Office of Management and Budget (OMB) released Memorandum M-22-18, implementing software supply chain security requirements that will have a significant impact on software companies and vendors in accordance with Executive Order 14028, Improving the Nation’s Cybersecurity.  The Memorandum requires all federal agencies and their software suppliers to comply with the NIST Secure Software Development Framework (SSDF)NIST SP 800-­218, and the NIST Software Supply Chain Security Guidance whenever third-party software is used on government information systems or otherwise affects government information.  The term “software” includes firmware, operating systems, applications, and application services (e.g., cloud-based software), as well as products containing software.  It is critical to note that these requirements will apply whenever there is a major version update or new software that the government will be using. Continue Reading Going Hard on Software: OMB Unveils Mandatory Software Supply Chain Security Compliance Requirements