April 17, 2020

This week, the Government Accountability Office ("GAO") published a report finding that the Department of Defense ("DoD") has "not fully implemented three of its key initiatives and practices aimed at improving cyber hygiene."

GAO conducted this study, in part, because DoD has become "increasingly reliant on information technology (IT) and risks have increased as cybersecurity threats evolve."  GAO found that some 90% of cyberattacks could be avoided or defeated through basic cyber hygiene, which...

March 21, 2020

Yesterday, Undersecretary of Defense for Acquisition and Sustainment Ellen Lord issued a Memorandum for Defense Industrial Base stating that certain defense contractors are part of the Essential Critical Infrastructure Workforce to national security and are therefore expected to "maintain [their] normal work schedule" during the novel coronavirus (COVID-19) outbreak. 

The memo provides:

  • Consistent with the President's guidelines: "If you work in a critical infrastructure industry, as...

March 20, 2020

Today, the Department of Defense ("DoD") released Version 1.02 of its Cybersecurity Maturity Model Certification ("CMMC"), dated March 18, 2020.  According to the CMMC Errata, all fifteen changes were termed "Administrative" changes (as opposed to "Substantive" or "Critical" changes).  Some of the Administrative changes include, for example:

  • In practice AT.4.059, the references to NIST SP 800-53 Rev 4 AT-2(3), AT-2(4), AT-2(6), AT-2(7) were removed.

  • In practice C...

March 6, 2020

Today, the Department of Defense ("DoD") released DoD Instruction 5200.48, Controlled Unclassified Information ("CUI").  Notably, DoD Instruction 5200.48 cancels DoD Manual 5200.01, Volume 4, “DoD Information Security Program: Controlled Unclassified Information,” February 24, 2012, as amended.

Purpose: In accordance with the authority in DoD Directive (DoDD) 5143.01 and the December 22, 2010 Deputy Secretary of Defense Memorandum, this issuance:

  • Establishes policy, assigns responsibiliti...

September 26, 2019

Today, the Department of Defense ("DoD") issued a final rule amending the Defense Federal Acquisition Regulation Supplement ("DFARS") to implement portions of the FY2017 and FY2018 National Defense Authorization Act ("NDAA"), which provide limitations and prohibitions on DoD's use of lowest price technically acceptable ("LPTA") source selection process. 

Effective Date:  October 1, 2019

Quick Observations

  • The intent of t...

June 8, 2019

DoD to propose Cybersecurity Maturity Model Certification (CMMC)––via third-party audit––and it will add another layer to defense contractor cybersecurity compliance.

It appears that the CMMC will be comprised of five levels, ranging from basic to "State-of-the-Art." In addition, the article reports that, "DoD contracts will require specific levels — and awards will be 'go/no-go' based on the contractor’s certification status."

. . .

Article: https://sera-brynn.com/pentagon-to-unveil-new-cybersec...

November 28, 2017

December 31, 2017 marks the deadline for compliance with DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (“Cyber DFARS”).[1] The Cyber DFARS principally requires defense contractors to provide “adequate security” on all “covered contractor information systems”––by implementing NIST SP 800-171 security safeguards––and to comply with cyber incident reporting requirements.[2] While the Department of Defense (“DoD”) has recognized that “[t]here is no single...

Please reload

About GovConJudicata

Welcome to GovConJudicata an informational blog/website focusing on government contracts issues, including bid protests (e.g., GAO, COFC), claims, disputes, SBA matters, compliance, regulatory, and cyber (e.g., DFARS, NIST SP 800-171, CMMC).

GovConJudicata is published by Joshua Duvall, managing partner at Matross Edwards, a law firm providing government contracts and cybersecurity legal services to small and mid-sized businesses.

Contact Matross Edwards
Search By Tags
Please reload

Connect
  • LinkedIn
  • Twitter
  • Podcast
  • Spotify
  • TuneIn
  • Apple

Copyright © 2020 Joshua B. Duvall. All rights reserved.

GovConJudicata™ #govconjudicata

CyberJudicata™ #cyberjudicata

LegalJudicata™ #legaljudicata