Georgia Tech Procurement Assistance Center

Strict security notification and disclosure requirements for government contractors

By

Businesses that seek to obtain and preserve contracts with the United States government, or to deal in certain enumerated defense articles and services, are subject to strict privacy regulations imposed by the U.S. government.

For those under contract (or subcontract) with the U.S. Department of Defense (DoD), the Defense Federal Acquisition Regulation Supplements (DFARS) place stringent minimum security requirements and reporting obligations that must be met, otherwise a business could face financial penalties or termination of its contract.

Businesses that export and import defense articles or services and related technical data must comply with the International Traffic in Arms Regulations (ITAR), which comprise approval, registration and records maintenance requirements. If a violation of ITAR is voluntarily reported, the penalties imposed by the U.S. Department of State’s Directorate of Defense Trade Controls (DDTC) can be reduced.

Businesses subject to DFARS and ITAR should have a compliance program in place that includes an appropriate response to any security incident.

Keep reading this article at: http://www.mondaq.com/article.asp?articleid=733388

See GTPAC’s video, template and other resources designed to help contractors comply with the DoD/NIST cybersecurity rules at: http://gtpac.org/cybersecurity-training-video/

Strict notification and disclosure requirements apply to defense contractors

By

Businesses that seek to obtain and preserve contracts with the United States government, or to deal in certain enumerated defense articles and services, are subject to strict privacy regulations imposed by the U.S. government.

For those under contract (or subcontract) with the U.S. Department of Defense (DoD), the Defense Federal Acquisition Regulation Supplements (DFARS) place stringent minimum security requirements and reporting obligations that must be met, otherwise a business could face financial penalties or termination of its contract.

Businesses that export and import defense articles or services and related technical data must comply with the International Traffic in Arms Regulations (ITAR), which comprise approval, registration and records maintenance requirements. If a violation of ITAR is voluntarily reported, the penalties imposed by the U.S. Department of State’s Directorate of Defense Trade Controls (DDTC) can be reduced.

Businesses subject to DFARS and ITAR should have a compliance program in place that includes an appropriate response to any security incident.

Keep reading this article at: https://www.lexology.com/library/detail.aspx?g=d5fda8c7-68e4-4a1c-a4f5-7e387e51741d

Software review provisions proposed by Senate Armed Services Committee could have significant impact on DoD contractors

By

As the Senate approaches the end of its debate on the National Defense Authorization Act (NDAA) for Fiscal Year 2019, provisions of the bill regarding access to and review of information technology code deserve close attention.  These sections, if enacted, would significantly impact Department of Defense contractors and also would affect matters associated with investments subject to review by U.S. national security agencies.

As drafted, the provisions could expose current and prospective contractors to intrusive scrutiny and significant risks.  They lack clarity on key definitions, leaving the precise scope of those risks unclear.  We summarize major issues and concerns below.  We expect these provisions to receive scrutiny during the House-Senate conference on the NDAA over the summer.

Synopsis of the Proposed Legislation

Three sections of the Senate’s version of the NDAA, which passed the Senate Armed Services Committee in May, would establish new rules designed to mitigate “risks posed by providers of information technology with obligations to foreign governments.”  Those risks involve the access that foreign governments may have to code in products or services that are offered to the Department of Defense.  The provisions also impose new disclosure requirements on the efforts of a prospective vendor to obtain a license under the Export Administration Regulations (“EAR”) or the International Traffic in Arms Regulation (“ITAR”).

The pending legislation would require proactive disclosure of those matters, and would impose an ongoing duty to supplement those disclosures during the period of performance on the contract.  The Secretary of Defense would be authorized to assess and mitigate any resulting national security risks through contractual provisions or other performance requirements.

Keep reading this article at: https://www.insidegovernmentcontracts.com/2018/06/senate-armed-services-committee-proposes-expansive-unclear-software-review-provisions/

Compliance with export controls can be essential to winning government contracts

By

GAO-GovernmentAccountabilityOffice-SealAn August 2016 bid protest decision highlights the importance of government contractors having, and being able to demonstrate, an effective export controls compliance program.

As described in the U.S. Government Accountability Office’s (GAO) decision in Microwave Monolithics, Inc., B-413088 (Aug. 11, 2016), the Army eliminated Microwave Monolithics’ (MM) proposal from competition due to MM’s failure to meet the solicitation’s requirements pertaining to compliance with the International Traffic in Arms Regulations (ITAR).

The solicitation at issue required that offerors and their subcontractors demonstrate ITAR compliance, or have a viable plan to become ITAR compliant prior to contract award. Specifically, the solicitation required that the contractor show that it had appointed an employee to be responsible for ITAR compliance and had established written policies and procedures for employees performing activities subject to ITAR.

Offerors’ proposals also had to show that the contractor had established procedures for the receipt, handling, storing, implementation, and testing of ITAR-controlled items and data, procedures for the restriction of access by foreign nationals to ITAR-controlled items or data, an auditing procedure for ITAR compliance, and procedures for actions to be taken if violations were discovered.

Keep reading this article at: http://www.mondaq.com/article.asp?articleid=549398

Download the GAO decision here: http://www.gao.gov/assets/680/679029.pdf

DoD’s proposed rule would create additional risk and burdens for contractors handling export-controlled information

By

A newly-released Proposed Rule would create a procedure for the Dept. of Defense (DoD) to release unclassified technical data subject to Export Administration Regulations (EAR) and International Traffic in Arms Regulations (ITAR) to “qualified contractors,” which are defined to mean qualified U.S. and Canadian contractors.

The public-comment period ends on December 30, 2016.

The Proposed Rule raises the following critical operational and legal issues for U.S. and Canadian defense contractors seeking to obtain ITAR and EAR technical data from DoD:

  1. the certification requirements related to qualification,
  2. the use of overlapping and confusing terminology throughout the rule regarding the type of information subject to the rule,
  3. the limitations on further dissemination, and
  4. the possibility of disqualification for export violations.

For a brief summary of the process, the contractor certification requirement, the type of information subject to the rule, the disclosure limitations, and the issue of disqualification, click on this link: http://www.mondaq.com/article.asp?articleid=541556

Contracting News

Read More

Contracting Tips

Read More

GTPAC News

Read More

Georgia Tech News

Read More