On March 22, 2022, the Department of Defense (DoD) issued a final rule requiring contracting officers to consider supplier risk assessments in DoD’s Supplier Performance Risk System (SPRS) when evaluating offers. SPRS is a DoD enterprise system that collects contractor quality and delivery performance data from a variety of systems to develop three risk assessments:
This week’s episode covers the National Cyber Security Strategy, a final DFARS clause requiring disclosure of use of workforce and facilities in the China, the Department of Commerce’s first Notice of Funding Opportunity under the CHIPS and Science Act of 2022, and congressional inquiries about financial conflicts of interest and ethically questionable behavior by senior
On March 2, 2023, the Biden Administration released the 35-page National Cybersecurity Strategy (the “Strategy”) with a goal “to secure the full benefits of a safe and secure digital ecosystem for all Americans.”
The Strategy highlights the government’s commitment to investing in cybersecurity research and new technologies to protect the nation’s security and improve critical infrastructure defenses. It outlines five pillars of action, each of which implicates critical infrastructure entities, from strengthening their cybersecurity processes, to receiving support from the federal government. For example, the Strategy highlights improving the security of Internet of Things (IoT) devices and expanding IoT cybersecurity labels, investing in quantum-resisting systems, developing a stronger cyber workforce, evolving privacy-enhancing platforms, and adopting security practices that are aligned with the National Institute of Standards and Technology (NIST) framework are some other suggested approaches that the private sector could take.
Continue Reading Biden Administration Releases Comprehensive National Cybersecurity Strategy
The National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2023, signed into law on December 23, 2022, makes numerous changes to acquisition policy. Crowell & Moring’s Government Contracts Group discusses the most consequential changes for government contractors here. These include changes that provide new opportunities for contractors to recover inflation-related costs, authorize new programs for small businesses, impose new clauses or reporting requirements on government contractors, require government reporting to Congress on acquisition authorities and programs, and alter other processes and procedures to which government contractors are subject. The FY 2023 NDAA also includes the Advancing American AI Act, the Intelligence Authorization Act for FY 2023, and the Water Resources Development Act of 2022, all of which include provisions relevant for government contractors.
Yesterday, the Office of Management and Budget (OMB) released Memorandum M-22-18, implementing software supply chain security requirements that will have a significant impact on software companies and vendors in accordance with Executive Order 14028, Improving the Nation’s Cybersecurity. The Memorandum requires all federal agencies and their software suppliers to comply with the NIST Secure Software Development Framework (SSDF), NIST SP 800-218, and the NIST Software Supply Chain Security Guidance whenever third-party software is used on government information systems or otherwise affects government information. The term “software” includes firmware, operating systems, applications, and application services (e.g., cloud-based software), as well as products containing software. It is critical to note that these requirements will apply whenever there is a major version update or new software that the government will be using.
After much anticipation, the Cyber AB, formerly known as the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body, recently released its pre-decisional draft CMMC Assessment Process (CAP). The CAP describes the overarching procedures and guidance that CMMC Third-Party Assessment Organizations (C3PAOs) will use to assess entities seeking CMMC certification. The current version of the CAP applies to contractors requiring CMMC Level 2 certification, which will likely be most contractors handling Controlled Unclassified Information (CUI) based on the Department of Defense’s (DoD) provisional scoping guidance for CMMC 2.0.
In this episode, host Evan Wolff discusses the Biden Administration’s recent Executive Order on Improving the Nation’s Cybersecurity. Crowell & Moring’s “Byte-Sized Q&A” podcast takes the complex world of government contracts cybersecurity and breaks it down into byte-sized pieces.
Click below to listen or access from one of these links:
Listen: Crowell.com | PodBean |
This week’s episode covers a new Executive Order on Improving the Nation’s Cybersecurity, expansion of the GSA Schedule Transactional Data Reporting pilot program, conflicts of interest, revised CDC mask guidance, and Treasury’s Interim Final Rule to provide guidance on the Coronavirus State and Local Fiscal Recovery Funds established under the American Rescue Plan Act, and
In this episode, host Kate Growley is joined by Chris Hebdon as they discuss current requirements for cloud service providers interested in working for the Department of Defense. Crowell & Moring’s “Byte-Sized Q&A” podcast takes the complex world of government contracts cybersecurity and breaks it down into byte-sized pieces.
Click below to listen or access
In this episode, host Kate Growley is joined by Lee Matheson as they discuss the basics of the FedRAMP process. Crowell & Moring’s “Byte-Sized Q&A” podcast takes the complex world of government contracts cybersecurity and breaks it down into byte-sized pieces.
Listen: Crowell.com | PodBean | SoundCloud | Apple Podcasts