The Contracting Education Academy

Contracting Academy Logo
You are here: Home / Archives for Homeland Security

By

Feds spend billions on COVID-19 contracts, often without fully competitive bidding

When nurses and doctors across the country were struggling to treat coronavirus patients without enough protective gear, and the federal government was scrambling to find those supplies, Quedon Baul saw an opportunity.

His three-person company in McKinney, Texas, distributes medical supplies but didn’t have much experience with face shields.  Still, he landed two government contracts worth up to $20 million to deliver the personal protective equipment.  He couldn’t meet the first deadline, so he found subcontractors to do the job.

“You get an opportunity, you take it,” Baul says. “It wasn’t my first rodeo, but it’s certainly my first big rodeo.”

The U.S. government has granted contracts worth as much as $25 billion as it races to address the COVID-19 public health crisis.  NPR reviewed a database of thousands of contracting actions and found more than 250 companies that got contracts worth more than $1 million without going through a fully competitive bidding process.

Some of the companies, such as Baul’s, had little or no experience with personal protective equipment.  Others had never worked in the medical field at all.  Contractors also included a company that imported vodka and a school security consultant.

Keep reading this article at: https://www.npr.org/2020/06/09/869052415/feds-spend-billions-on-covid-19-contracts-often-without-fully-competitive-biddin

The Contracting Education Academy at Georgia Tech has established a webpage where all contract-related developments related to the coronavirus (COVID-19) are summarized.  Find the page at: https://contractingacademy.gatech.edu/coronavirus-information-for-contracting-officers-and-contractors/

By

Homeland Security will use a new procurement pilot program to fight COVID-19

The Department of Homeland Security announced April 9 that it will use a recently established pilot program to procure innovative tools to assist in its fight against the new coronavirus.

The new effort comes on the heels of an April 1 announcement from DHS chief procurement officer Soraya Correa, who said the department will set up a Procurement & Acquisition Innovation Response team to handle the influx of industry inquiries looking to help the department with its response to the COVID-19 pandemic.

The effort will involve DHS’ Commercial Solutions Opening Pilot program, established by the fiscal 2017 defense policy law and kicked off in 2019, which allows DHS to procure new commercial technologies at a faster and more efficient rate.

The department’s needs are broad, ranging from handling the shortage of personal protective equipment to converting logistics operations to support its pandemic response.

Keep reading this article at: https://www.fifthdomain.com/govcon/contracting/2020/04/10/homeland-security-will-use-a-new-procurement-pilot-program-to-fight-covid-19/

The Contracting Education Academy at Georgia Tech has established a webpage where all contract-related developments related to the coronavirus (COVID-19) are summarized.  Find the page at: https://contractingacademy.gatech.edu/coronavirus-information-for-contracting-officers-and-contractors/

By

Pentagon announces final version of cyber standards for contractors

During an event where Defense Department officials looked to dispel myths about a plan to certify the cybersecurity of its contractors through third-party audits, the department’s head of acquisitions spoke to why the rollout of the program isn’t expected to be done till 2026. 

“We are doing this with what I would call irreversible momentum,” Undersecretary of Defense for Acquisition and Sustainment Ellen Lord said, answering questions from reporters.

Some stakeholders have said the plan to subject companies in the defense industrial base to reviews by independent auditors—instead of allowing them to self-attest to security practices—is moving at break-neck speed.  But Defense officials were pressed at the event to explain why it would take such a long time to fully implement the program.

“We’re being realistic in terms of making sure we have pathfinder projects and then we implement it and learn, get the feedback, and go on,” Lord said.

While the department plans to note CMMC requirements in requests for information starting late spring, specific security levels—ranging 1 through 5, described in a final version 1.0 of the model—won’t be included in requests for proposals till the fall, when it is expected the related rule will be finalized in Defense Federal Acquisition Regulations.

Spring is also when auditors will start attending classes and CMMC training will be available on the Defense Acquisition University website, officials said.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2020/01/pentagon-announces-final-version-cyber-standards-contractors/162807/

By

Final DoD cybersecurity certification model due Friday

The Defense Department official leading the development of an ambitious plan to independently certify military contractors’ cybersecurity practices will review a final version of the plan Friday (Jan. 31, 2020) and shared key details for its implementation.

Stipulations of the Cybersecurity Maturity Model Certification (CMMC) will be written into the Defense Federal Acquisition Regulation Supplement (DFARS) as an update to rule 252.204.7012, which currently requires contractors handling information of certain sensitivity to implement security practices spelled out in National Institute of Standards and Technology (NIST) Special Publication 800-171 and to report cyber incidents within 72 hours.

The major change in the updated rule—which is expected to be open for comment in the spring—will be that contractors will no longer be permitted to self-attest their adherence to the NIST-described practices, as they are now.

The new program will also introduce five levels of tiered requirements for defense contractors. Contractors dealing with information that is not as sensitive would have to meet the “basic cyber hygiene” of level 1, versus the “good cyber hygiene” that implies compliance with the NIST 800-171 controls, or the “advanced” practices that would be required at level 5.

That risk-based approach has gotten the coming CMMC some praise, but the contracting community is on high alert with concerns ranging from the cost of certification to the details of how the audits will function through a nonprofit accreditation body.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2020/01/final-dod-cybersecurity-certification-model-due-friday/162713/

By

DoD aims to issue proposed rule for certifying contractors’ cybersecurity in the fall

A sweeping plan to conduct independent third-party cybersecurity audits of prospective Defense Department contractors’ management of sensitive information will be subject to a formal rulemaking process, but the department and the nonprofit organization being established to train and approve certifiers are still moving at a quick clip. 

“Because we’re doing rulemaking, this isn’t going to roll out as hard and fast as we thought,” said a government official delivering a briefing on Defense’s Cybersecurity Maturity Model Certification (CMMC) program at a recent meeting of the Software Supply Chain Assurance forum.

Quarterly meetings of the forum — co-led by Defense, the General Services Administration, the National Institute of Standards and Technology, and Homeland Security Department—are attended by public and private sector representatives and conducted under the Chatham House Rule to encourage a free exchange of ideas.

The official said Defense expects the CMMC requirements to be issued as a proposed rule this fall, but regardless of the related public comment process, officials still plan to include the rules in requests for proposals starting in the third quarter.

“In June, we’re going to give you an [request for information] that says these procurements are targeted to have CMMC requirements,” the official also noted.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2020/01/dod-aims-issue-proposed-rule-certifying-contractors-cybersecurity-fall/162463/

Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter