Andy Irwin

Subscribe to all posts by Andy Irwin

The Government Contractor Supply Chain Toolkit 2.0

Notwithstanding the uncertainty associated with the upcoming change in Administration, we decided to push forward with issuing the second edition of Steptoe’s Government Contractor Supply Chain Toolkit. Version 2.0 of the Toolkit (available here) provides an update on various federal rules and developments imposing supply chain requirements on federal contractors and subcontractors. The updated Toolkit … Continue Reading

DOD Rule Would Create Export Control Issues For Contractors

On October 31, 2016, the US Department of Defense published a proposed rule titled Withholding of Unclassified Technical Data and Technology from the Public Disclosure.  Public comments on the rule are due December 30, 2016.  Essentially, the proposed rule sets forth procedures already incorporated in pre-existing DOD directives regarding the dissemination and withholding of export-controlled information associated … Continue Reading

DFARS Proposed Rule Provides Guidance on Indirect Offset Costs

On November 4, 2016, the Department of Defense (DoD) published a proposed rule to modify the Defense Federal Acquisition Regulation Supplement (DFARS) and apply statutory changes pertaining to costs associated with indirect offsets under foreign military sales (FMS) agreements. For more information, please see our advisory.… Continue Reading

Proposed DoD Rule on Protection of Unclassified Technical Data Would “Disqualify” Contractors with Export Violations

On October 31, 2016, the Department of Defense (DoD) published a proposed rule entitled, Withholding of Unclassified Technical Data and Technology from the Public Disclosure.  Public comments must be submitted by December 30, 2016. The proposed rule establishes DoD policy, assigns responsibilities, and prescribes procedures for the circulation and withholding of certain unclassified technical data and … Continue Reading

Three Recent Cybersecurity and Information Systems Management Rules Impact Government Contractors

In the past two months, the federal government has issued several cybersecurity-related regulations that are or will be directly or indirectly applicable to a wide variety of federal contractors and subcontractors.  Additional rules (including a blanket FAR provision) are expected, but the three rules below present an interrelated set of requirements and standards that federal … Continue Reading

FAR Council Issues Rule on Basic Safeguarding of Covered Contractor Information Systems

As mentioned in our prior post, the Federal Acquisition Regulatory (FAR) Council has issued a final rule adding a new subpart and contract clause for the basic safeguarding of contractor information systems that process, store or transmit Federal contract information. Our detailed advisory on the topic is now available here.… Continue Reading

FAR Rule Issued Regarding Basic Safeguarding of Contractor Information Systems

On May 16, 2016, the Federal Acquisition Regulation (FAR) was amended to add a new subpart and contract clause for the basic safeguarding of contractor information systems that process, store or transmit Federal contract information.  The clause does not relieve contractors of any other specific safeguarding requirement specified by Federal agencies and departments as it … Continue Reading

BIS Issues Final Rule Expanding Offset Reporting to Include Sales of ‘600 Series’ Items

On March 1, 2016, the Bureau of Industry and Security (BIS) of the US Department of Commerce published a final rule that adopted, without change, its December 2, 2015 proposed rule expanding the requirements to report offsets in defense sales agreements. Effective March 31, 2016, companies must report certain offsets in the sale of items … Continue Reading

DoD Issues New Rule That Allows Contractors Two Years to Implement NIST SP 800-171

On December 30, partially in response to industry concerns voiced during its December 14 public meeting, DoD issued a new interim rule further revising the August 26, 2015 Network Penetration and Cloud Computing Rule interim rule, which originally had obliged many defense contractors immediately to implement a new set of security standards for their unclassified networks.  … Continue Reading

Slides from Industry Implementation Day Meeting for DoD Network Penetration Rule Are Published Online

DoD held a public meeting on its Network Penetration and Cloud Computing Interim Rule on December 14.  The meeting was well-attended by small and large companies alike, as well as their technical and legal advisors (including ourselves).  Speakers included representatives from the DoD GC and CIO organization, as well as DIB and the DAR Council.  … Continue Reading

New FAR Rule Regarding Delinquent Tax Liabilities and Felony Convictions Increases Attention on Debarment

On December 4, DoD, GSA and NASA issued an interim rule amending the Federal Acquisition Regulation (FAR) to implement sections of the Consolidated and Further Continuing Appropriations Act, 2015, to prohibit the Federal Government from entering into a contract with any corporation having a delinquent Federal tax liability or a felony conviction under Federal law, … Continue Reading

Sanctions Partially Removed on Russian Entity to Allow Maintenance Subcontracts for Mi-17 Helicopters used in USG Programs

On September 2, 2015, the US Government announced the imposition of measures including the following against Rosoboronexport (ROE) (Russia) and any successor, sub-unit, or subsidiary thereof: “No department or agency of the United States Government may procure or enter into any contract for the procurement of any goods, technology, or services from [Rosoboronexport (ROE) (Russia) … Continue Reading

Compliance Issues Regarding the Syrian Conflict

In light of recent events related to Syria, it is possible that companies will be approached by entities seeking to arm or otherwise assist the Syrian opposition or the Kurdish Peshmerga.  We remind companies subject to the ITAR that there are significant compliance issues associated with such transfers, whether directly to the opposition or the … Continue Reading

DoD Issues Procedures, Guidance and Information (PGI) and FAQs Regarding the Network Penetration and Cloud Computing Rule

On November 18, DoD issued PGI available for the August 26, 2015 DFARS final rule that we summarized here.  Additional information is below: Network Penetration PGI Cloud Computing PGI FAQs The rule continues to attract much attention in industry, particularly because many of the definitions are ambiguous and because it was effective immediately for new … Continue Reading

State Department Approves Possible Transaction to Weaponize Unmanned Aerial Systems

As reported by the Defense Security Cooperation Agency on November 4, 2015, the State Department approved a possible sale of equipment to Italy under the Foreign Military Sales (FMS) Program for weaponization of MQ-9s Reaper “drones” and associated equipment, parts and logistical support for an estimated cost of $129.6 million.  DSCA provided the required certification … Continue Reading

Offsets and Export Controls

The DISAM Journal (published by the Defense Security Cooperation Agency (DSCA)) recently contained an interesting article that highlights the interplay between purchasing country offset requirements and US export controls.  According to the article, the US government has denied certain export licenses that are important to Lockheed’s offset requirements to support the indigenous KFX fighter program as part … Continue Reading

DOE Issues Issues Final Rule Regarding Compliance with Export Controls in DOE Contracts

On October 23, the US Department of Energy (DOE) adopted as final, with changes, a rule amending the Department of Energy Acquisition Regulation (DEAR) to add clauses regarding applicable export control requirements for DOE contracts.  The rule recognizes contractor responsibilities to comply with all applicable export control laws and regulations in the performance of DOE … Continue Reading

Comment Period for DFARS Network Penetration and Cloud Computing Rule Extended

Today’s Federal Register contains a notice indicating that the period for commenting on this important and complex interim final rule has been extended to November 20 – see For more information regarding the rule, see our prior posts regarding the rule and regarding DoD’s class deviation.… Continue Reading

DoD Issues Class Deviation Regarding Its Network Penetration Rule

On October 8, DoD issued a class deviation to the August 26 interim DFARS rule we reported on here which called for contractors working with covered defense information (which includes export-controlled information) to implement security requirements contained in NIST Special Publication (SP) 800-171.  The class deviation allows offerors up to nine (9) months, after contract award, … Continue Reading