Georgia Tech Procurement Assistance Center

  • Home
  • About Us
  • Training
    • Class Registration
    • On-demand Training
    • Cybersecurity Video
    • Veterans Verification Video
    • GTPAC Community
    • Other Training Audio & Video
  • Useful Links
  • Team Directory
    • Albany Counselor
    • Athens Counselor
    • Atlanta Counselors
    • Augusta Counselor
    • Carrollton Counselor
    • Columbus Counselor
    • Gainesville Counselor
    • Savannah Counselor
    • Warner Robins Counselor
  • Directions
    • Athens
    • Atlanta – Training Facility
    • Atlanta – Office
    • Albany
    • Augusta
    • Carrollton
    • Columbus
    • Gainesville
    • Savannah
    • Warner Robins
  • New Client Application
  • Contact Us

Strict security notification and disclosure requirements for government contractors

September 25, 2018 By Andrew Smith

Businesses that seek to obtain and preserve contracts with the United States government, or to deal in certain enumerated defense articles and services, are subject to strict privacy regulations imposed by the U.S. government.

For those under contract (or subcontract) with the U.S. Department of Defense (DoD), the Defense Federal Acquisition Regulation Supplements (DFARS) place stringent minimum security requirements and reporting obligations that must be met, otherwise a business could face financial penalties or termination of its contract.

Businesses that export and import defense articles or services and related technical data must comply with the International Traffic in Arms Regulations (ITAR), which comprise approval, registration and records maintenance requirements. If a violation of ITAR is voluntarily reported, the penalties imposed by the U.S. Department of State’s Directorate of Defense Trade Controls (DDTC) can be reduced.

Businesses subject to DFARS and ITAR should have a compliance program in place that includes an appropriate response to any security incident.

Keep reading this article at: http://www.mondaq.com/article.asp?articleid=733388

See GTPAC’s video, template and other resources designed to help contractors comply with the DoD/NIST cybersecurity rules at: http://gtpac.org/cybersecurity-training-video/

Filed Under: Contracting Tips Tagged With: controlled unclassified information, CUI, cybersecurity, DFARS, DoD, federal regulations, ITAR, NIST, NIST 800-171

Strict notification and disclosure requirements apply to defense contractors

September 13, 2018 By Andrew Smith

Businesses that seek to obtain and preserve contracts with the United States government, or to deal in certain enumerated defense articles and services, are subject to strict privacy regulations imposed by the U.S. government.

For those under contract (or subcontract) with the U.S. Department of Defense (DoD), the Defense Federal Acquisition Regulation Supplements (DFARS) place stringent minimum security requirements and reporting obligations that must be met, otherwise a business could face financial penalties or termination of its contract.

Businesses that export and import defense articles or services and related technical data must comply with the International Traffic in Arms Regulations (ITAR), which comprise approval, registration and records maintenance requirements. If a violation of ITAR is voluntarily reported, the penalties imposed by the U.S. Department of State’s Directorate of Defense Trade Controls (DDTC) can be reduced.

Businesses subject to DFARS and ITAR should have a compliance program in place that includes an appropriate response to any security incident.

Keep reading this article at: https://www.lexology.com/library/detail.aspx?g=d5fda8c7-68e4-4a1c-a4f5-7e387e51741d

Filed Under: Contracting Tips Tagged With: defense contractors, DFARS, DoD, ITAR, NIST, NIST SP 800-171, privacy regulations, records, security incident

Software review provisions proposed by Senate Armed Services Committee could have significant impact on DoD contractors

June 20, 2018 By Andrew Smith

As the Senate approaches the end of its debate on the National Defense Authorization Act (NDAA) for Fiscal Year 2019, provisions of the bill regarding access to and review of information technology code deserve close attention.  These sections, if enacted, would significantly impact Department of Defense contractors and also would affect matters associated with investments subject to review by U.S. national security agencies.

As drafted, the provisions could expose current and prospective contractors to intrusive scrutiny and significant risks.  They lack clarity on key definitions, leaving the precise scope of those risks unclear.  We summarize major issues and concerns below.  We expect these provisions to receive scrutiny during the House-Senate conference on the NDAA over the summer.

Synopsis of the Proposed Legislation

Three sections of the Senate’s version of the NDAA, which passed the Senate Armed Services Committee in May, would establish new rules designed to mitigate “risks posed by providers of information technology with obligations to foreign governments.”  Those risks involve the access that foreign governments may have to code in products or services that are offered to the Department of Defense.  The provisions also impose new disclosure requirements on the efforts of a prospective vendor to obtain a license under the Export Administration Regulations (“EAR”) or the International Traffic in Arms Regulation (“ITAR”).

The pending legislation would require proactive disclosure of those matters, and would impose an ongoing duty to supplement those disclosures during the period of performance on the contract.  The Secretary of Defense would be authorized to assess and mitigate any resulting national security risks through contractual provisions or other performance requirements.

Keep reading this article at: https://www.insidegovernmentcontracts.com/2018/06/senate-armed-services-committee-proposes-expansive-unclear-software-review-provisions/

Filed Under: Contracting News Tagged With: code, COTS, cybersecurity, data security, DoD, EAR, export administration regulations, foreign governments, IT, ITAR, national security, NDAA, risk, risk assessment, Senate Armed Services Committee, technology

Compliance with export controls can be essential to winning government contracts

December 14, 2016 By Andrew Smith

GAO-GovernmentAccountabilityOffice-SealAn August 2016 bid protest decision highlights the importance of government contractors having, and being able to demonstrate, an effective export controls compliance program.

As described in the U.S. Government Accountability Office’s (GAO) decision in Microwave Monolithics, Inc., B-413088 (Aug. 11, 2016), the Army eliminated Microwave Monolithics’ (MM) proposal from competition due to MM’s failure to meet the solicitation’s requirements pertaining to compliance with the International Traffic in Arms Regulations (ITAR).

The solicitation at issue required that offerors and their subcontractors demonstrate ITAR compliance, or have a viable plan to become ITAR compliant prior to contract award. Specifically, the solicitation required that the contractor show that it had appointed an employee to be responsible for ITAR compliance and had established written policies and procedures for employees performing activities subject to ITAR.

Offerors’ proposals also had to show that the contractor had established procedures for the receipt, handling, storing, implementation, and testing of ITAR-controlled items and data, procedures for the restriction of access by foreign nationals to ITAR-controlled items or data, an auditing procedure for ITAR compliance, and procedures for actions to be taken if violations were discovered.

Keep reading this article at: http://www.mondaq.com/article.asp?articleid=549398

Download the GAO decision here: http://www.gao.gov/assets/680/679029.pdf

Filed Under: Contracting Tips Tagged With: Army, export-controlled data, exporting, GAO, ITAR

DoD’s proposed rule would create additional risk and burdens for contractors handling export-controlled information

November 25, 2016 By Andrew Smith

A newly-released Proposed Rule would create a procedure for the Dept. of Defense (DoD) to release unclassified technical data subject to Export Administration Regulations (EAR) and International Traffic in Arms Regulations (ITAR) to “qualified contractors,” which are defined to mean qualified U.S. and Canadian contractors.

The public-comment period ends on December 30, 2016.

The Proposed Rule raises the following critical operational and legal issues for U.S. and Canadian defense contractors seeking to obtain ITAR and EAR technical data from DoD:

  1. the certification requirements related to qualification,
  2. the use of overlapping and confusing terminology throughout the rule regarding the type of information subject to the rule,
  3. the limitations on further dissemination, and
  4. the possibility of disqualification for export violations.

For a brief summary of the process, the contractor certification requirement, the type of information subject to the rule, the disclosure limitations, and the issue of disqualification, click on this link: http://www.mondaq.com/article.asp?articleid=541556

Filed Under: Contracting News Tagged With: DoD, EAR, export-controlled data, ITAR, proposed rule, technical data

Recent Posts

  • The Navy gets tough on DFARS cybersecurity compliance
  • Wait! Wait! Don’t sign that!
  • Protégé subcontract revenues from mentor hold no basis for economic dependence
  • Are more FCA cases against small businesses on the horizon?
  • Big changes to the Buy American Act are coming—will they matter?

Popular Topics

8(a) abuse Army bid protest budget budget cuts certification construction contract awards contracting opportunities cybersecurity DoD DOJ False Claims Act FAR federal contracting federal contracts fraud GAO Georgia Tech government contracting government contract training government trends GSA GSA Schedule GTPAC HUBZone innovation IT Justice Dept. marketing NDAA OMB SBA SDVOSB set-aside small business small business goals spending subcontracting technology VA veteran owned business VOSB wosb

Contracting News

GSA takes next step towards consolidating multiple award schedules

OIG report: SBA’s all small mentor-protégé program falling short

Say goodbye to FedBizOpps!

SBA adjusts monetary-based size standards for inflation

DoD issues final rule restricting the use of LPTA procurements

Read More

Contracting Tips

The Navy gets tough on DFARS cybersecurity compliance

Wait! Wait! Don’t sign that!

Protégé subcontract revenues from mentor hold no basis for economic dependence

Are more FCA cases against small businesses on the horizon?

Big changes to the Buy American Act are coming—will they matter?

Read More

GTPAC News

SBA hosting access to capital forum Sept. 16th

Recent DoD contract awards (Aug. 15 – 28)

Georgia National Guard hosting Vendor Expo Day Nov. 14, 2019

GTPAC participates at National MBE Manufacturers Summit

Recent DoD contract awards (Aug. 6-14)

Read More

Georgia Tech News

President Cabrera’s First Week

Research, sponsored activity awards top $1 billion at Georgia Tech

Georgia Tech’s economic impact on Atlanta clocks in at $3.3B in 2018

Georgia Tech aerospace engineering graduate James McConville sworn in as Army’s top officer

Georgia Tech: A driver of economic development

Read More

  • SAM.gov registration is free, and help with SAM is free, too
APTAC RSS Twitter GTPAC - 30th Year of Service

Copyright © 2019 · Georgia Tech - Enterprise Innovation Institute