Redstone Government Consulting Blog (52)

Courtney and Asa go to extreme lengths to avoid answering hard and uncomfortable questions on this month's Dish or Dish.

The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) is still in the process of working with DoD stakeholders and industry to finalize the development of the Cybersecurity Maturity Model Certification (CMMC). A stated on the OUSD(A&S) website: “The CMMC effort builds upon existing regulation (DFARS 252.204-7012) that is based on trust by adding a verification component with respect to cybersecurity requirements.” On March 13, 2020, Under Secretary of Defense Ellen Lord issued a statement on misleading cybersecurity certification information. She stated, “some third-party entities have made public representations of being able to provide CMMC certifications to enable contracting with DoD.” This is not a factual statement as “[t]he requirements for becoming a CMMC third-party assessment organization (C3PAO) have not yet been finalized.”

As every government contractor is no doubt aware, no business is immune (no pun intended) from the potentially devastating economic impact of the global coronavirus outbreak. As we confront new restrictions, with the possibility of more to come, on both businesses and employees that could last for months, the costs continue to mount.

In our line of work supporting government contractors, we get to see on a first-hand basis the level of our preparedness as a Nation to deal with the most complex challenges the world can throw at us.  We are reminded of similar challenges our Nation has faced over its relatively short existence and the ingenuity, speed, and compassion for our fellow Americans that was put into the response to those efforts.  In every instance, we have weathered the storm and come out on the other side stronger for it.  No disaster response will ever be perfect; if they were, we wouldn’t call them disasters, emergencies, or other terms denoting their unexpected and undefined nature.

Redstone GCI is currently monitoring the Families First Coronavirus Response Act bill passed by the House over the weekend, which will provide a number of economic, policy, and regulatory benefits in response to COVID-19. We are closely following the bill as it progresses through the regulatory process to be finalized.

The FAR Truth Episode 2: Kimberly Basden discusses the truth behind the requirements of an Incurred Cost Proposal.

The most common CAS (Cost Accounting Standards) exemption for most businesses is the small business exemption.  Most contractors understand that as long as they’re small, CAS is a non-issue.  What happens when you’re approaching your NAICS cap and headed toward the dreaded “other than small” status?

Back in the days of DCAA ICAPS audits, the billing system was a standalone audit program.  Even DCAA’s first pass at auditing for compliance with DFARS 252.242-7006 provided a standalone sub-assignment for the coverage of contractor billing systems.

FAR 31.201-6(a) and CAS 9904.405-30(a) both define directly associated cost as “any cost which is generated solely as a result of incurring another cost, and which would not have been incurred had the other cost not been incurred.”  FAR 31.201-6(a) restates the definition replacing the word “which” with the word “that.”  Still a consistent view of what directly associated cost means.