On June 9, 2023, the Office of Management and Budget (OMB) issued M-23-16, Update to Memorandum M-22-18, providing an extension to the deadline for software developers to submit attestation forms to Federal agencies.
Topics: DFARS Business Systems, Contractor Purchasing System Review (CPSR), Cybersecurity
On April 27, 2023, The Cybersecurity and Infrastructure Security Agency (CISA) of The Department of Homeland Security (DHS) published a draft Secure Software Development Attestation Form. Software producers that sell to the government will be required to complete the self-attestation form to attest that the software they produce was developed in conformity with specified secure development practices.
Topics: DFARS Business Systems, Contractor Purchasing System Review (CPSR), Cybersecurity
The National Defense Authorization Act (NDAA) 2023, Section 803 amended the data that contractors are required to supply for commercial products at the subsystem, component and spare-part levels for major weapons system. While a DFARS proposed rule is being drafted, we expect Contracting Officers and DCMA Commercial Item Group (CIG) to begin requiring this information for proposed commercial products in advance of the DFARS proposed rule.
Topics: DFARS Business Systems, Contractor Purchasing System Review (CPSR), Commercial Item Determination
The purpose of a CPSR is to determine if a contractor’s purchasing system and related internal controls comply with applicable laws and regulations, are effective over compliance with applicable laws and regulations, and are adequate and operating effectively. Contractors should evaluate their purchasing system by using the following regulations and DCMA guidance:
Topics: DFARS Business Systems, Contractor Purchasing System Review (CPSR)
The Small Business Administration issued a final rule effective August 22, 2022 (Federal Register: Past Performance Ratings for Small Business Joint Venture Members and Small Business First-Tier Subcontractors), which provides two new methods for small business government contractors to obtain/receive credit for past performance ratings. Prior to this rule, small businesses did not always receive credit for past performance for much of their efforts supporting the Federal Government. A small business can now get credit for past performance under a joint venture or use a past performance rating for work performed as a first-tier subcontractor to compete for their own prime contracts. See Redstone’s blog “Small Businesses Have More Opportunities to Obtain Past Performance Ratings under SBA Final Rule”. It is unclear whether the FAR 52.219-9 Small Business Subcontracting Plan clause will be updated.
Topics: Small Business Compliance, Contractor Purchasing System Review (CPSR)
The Small Business Administration issued a final rule effective August 22, 2022 (Federal Register: Past Performance Ratings for Small Business Joint Venture Members and Small Business First-Tier Subcontractors), which provides two new methods for small business government contractors to obtain/receive credit for past performance ratings. Prior to this rule, small businesses did not always receive credit for past performance for much of their efforts supporting the Federal Government. A small business can now get credit for past performance under a joint venture or use a past performance ratings for work performed as a first-tier subcontractor to compete for their own prime contracts. It is unclear whether the FAR 52.219-9 Small Business Subcontracting Plan clause will be updated.
Topics: Small Business Compliance, Contractor Purchasing System Review (CPSR)
So, you have a Contractor Purchasing System Review (CPSR) in the pipeline. Whether your first CPSR review or Defense Contract Management Agency (DCMA) is returning to perform a comprehensive review, you should make sure your house is in order.
Office of Management and Budget (OMB) issued a memorandum dated September 14, 2022, Subject Enhancing the Security of the Software Supply Chain through Secure Software Development Practices. This is a result of the President’s Executive Order on Improving the Nation’s Cybersecurity.
Topics: DFARS Business Systems, Contractor Purchasing System Review (CPSR), Cybersecurity
The Department of Justice (DOJ) settled one of the first lawsuits related to alleged cybersecurity fraud by Aerojet Rocketdyne, a defense contractor. So how did it begin. Aerojet Rocketdyne hired an employee as the Senior Director for Cyber Security, Compliance and Controls. The employee asserts that Aerojet misrepresented its compliance with the cyber requirements in DFARS 252.204-7012 when communicating with government officials to obtain DOD and NASA contracts between 2013 and 2015. The employee later refused to sign documents stating Aerojet was compliant with the cybersecurity requirements and reported it to the company’s ethics hotline and filed an internal company report. The employee was terminated and filed a qui tam suit alleging cybersecurity fraud under the False Claims Act.
Topics: DFARS Business Systems, Contractor Purchasing System Review (CPSR), Cybersecurity
DoD issued a final rule under DFARS Case 2020-D033, effective April 28, 2022, that allows Contracting Officers to rely on a contract issued under FAR Part 12 procedures to serve as a prior commercial item determination on future buys. It only makes sense, that Contracting Officers rely on prior FAR 12 contracts instead of recreating the wheel each time a contractor submits a commercial product/service and making the contractor continually support a product/service already determined commercial.
Topics: DFARS Business Systems, Contractor Purchasing System Review (CPSR), Commercial Item Determination