Jump to content
The Wifcon Forums and Blogs

Centre Law & Consulting

Members
  • Posts

    368
  • Joined

  • Last visited

Contact Methods

  • Website URL
    http://www.centrelawgroup.com/

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. GovCon Legal Alerts Client Alert-Labor Day Ransomware Threat By: Brandon Graves, Partner, Centre Law & Consulting Share on facebook Share on twitter Share on linkedin The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory concerning an elevated threat of ransomware attacks over the holiday weekend. Neither agency has identified a specific threat but base their warning on historic spikes in ransomware activity over recent holiday weekends. Commodity ransomware is a threat to all businesses regardless of size due to its low cost to deploy, resulting in a “spray and pray” method of malware distribution. Clients with high revenue or sensitive data are at risk of more targeted threats. Modern ransomware facilitates blackmail in two ways: it encrypts important data and/or systems to that organizations can’t function.it exfiltrates data that the criminals can threaten to release that data if they aren’t paid. This means that effective offline backups are no longer sufficient to address the risks caused by ransomware. Clients should take several steps to prepare for the immediate threat. First, they should ensure that their cybersecurity tools have the indicators of compromise for the malware listed in the advisory loaded. Second, they should make sure that those tools have proper visibility across the organization’s network. Third, all software should be fully patched and updated. Clients should consider advising employees to be especially careful around suspicious emails. Some clients may turn off non-essential services over the holiday weekend, such as RDP. Validating back-ups is another important consideration. These steps may reduce the risk for this holiday weekend. Clients should take additional steps to address ransomware more broadly. These steps include developing and testing incident response plans, disaster recovery plans, and business continuity plans. Clients should also take steps to improve their basic cybersecurity posture, including eliminating unneeded software and services, scanning their networks for vulnerabilities, implementing vendor risk management, and increasing employee training. Multi-factor authentication is another critical tool in addressing ransomware, although it is not a magic bullet. Other actions may be advisable depending on a client’s specific circumstances. If you have questions or concerns about ransomware or cybersecurity more generally, we can help you manage your risks and exposure. If you suffer a ransomware incident this weekend, or anytime, we are available to assist you. Connect with our Legal TeaM Stay in the know. Get industry alerts from our legal team. Read More Alerts Client Alert-Labor Day Ransomware Threat The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory concerning an elevated threat of ransomware attacks over the holiday weekend. Neither agency has identified a specific threat but base their warning on historic spikes in ransomware activity over recent holiday weekends. Read More » The Importance of Patch Updates and Validation The release of software patches, even ones patching actively exploited vulnerabilities, is, unfortunately, not news. But we wanted to take this opportunity to remind our clients about some legal issues related to patching. Read More » Vaccines for Federal Contractor Employees – Not Required, But Certainly Encouraged In general, the new safety plans will split government employees, on-site contractors, and visitors into two groups – (1) the fully vaccinated and (2) those not vaccinated or those who refuse to provide proof of vaccination. Unsurprisingly, things are much harder for the second group: Read More » Interested in Connecting with our Legal Team? Contact US The post Client Alert-Labor Day Ransomware Threat appeared first on Centre Law & Consulting. View the full article
  2. GovCon Legal Alerts The Importance of Patch Updates and Validation By: Brandon Graves, Partner, Centre Law & Consulting Share on facebook Share on twitter Share on linkedin Today, Microsoft released patches for 44 security vulnerabilities in Windows and related products. According to Microsoft, at least one of these vulnerabilities is being actively exploited. Organizations that use Microsoft products should patch their software as soon as possible. The release of software patches, even ones patching actively exploited vulnerabilities, is, unfortunately, not news. But we wanted to take this opportunity to remind our clients about some legal issues related to patching. Failing to Patch Creates LiabilityUpdating software is essential to running a modern business. In the past, there was at least some room to debate particular patches due to the possibility that a patch could break legacy software or cause other disruptions. While patch testing and validation is still a critical part of software updates, there is very little tolerance for unpatched software. The Equifax data breach is an excellent case study. On March 8, 2017, the United States Computer Emergency Readiness Team (US-CERT) issued an alert about a newly discovered vulnerability in software that Equifax used to manage its web applications. The next day, Equifax’s computer security team sent an email to 400 employees directing them to update their software within 48 hours in accordance with Equifax’s Patch Management Policy. The next week, Equifax conducted an automated vulnerability scan of its network to ensure that all the relevant software was patched. Unfortunately, the scanner was not configured correctly and missed a web application, called the ACIS Dispute Portal. This portal remained unpatched for more than four months. During these four months, attackers exploited the vulnerability (as well as some other security issues) and stole an enormous amount of personal information, including 145.5 million Social Security Numbers. Ultimately, Equifax agreed to pay between $575 and $700 million dollars in a settlement with the FTC, CFPB, and 50 U.S. states and territories. It is subject to additional litigation, as well as significant harm to its reputation. Due to its privileged status as one of three nationwide consumer reporting agencies, Equifax will survive. Organizations that do not have such a privileged position may not survive such a widespread security failure. There are a number of lessons we can draw from Equifax’s experience. First, an unpatched security vulnerability creates almost strict liability. Second, organizations must have systems in place to patch vulnerabilities, including policies, patch testing, and vulnerability scanners. And finally, Organizations must audit these systems regularly to ensure that they are patching their software appropriately. Outdated Software Should Be RemovedSoftware has a lifecycle, and at some point, that lifecycle ends. Software that has reached its End of Life (EOL) must be replaced or otherwise protected. All software has vulnerabilities, and people will continue to discover those vulnerabilities even after software has reached EOL. What changes at EOL is that the software vendor no longer patches those vulnerabilities. Some legal regimes, such as HIPAA, explicitly address EOL software. But even if an organization isn’t subject to one of those regimes, EOL software is unpatched software and creates the same risks that we saw in the Equifax case study. There are ways to protect EOL software, especially in circumstances where an organization relies on proprietary software with little in the way of commercial replacement. If an organization decides to use EOL software, it must take the appropriate steps to protect that software and understand the risks involved. ConclusionMicrosoft’s recent software update release is an excellent opportunity to validate existing patch management and software update programs. A program failure in these areas can create significant legal liability for companies, and the opportunities for failure abound. If you have any questions about software patching, legal liability, or any related questions, please contact our cybersecurity legal experts at the link below. Connect with our Legal TeaM Stay in the know. Get industry alerts from our legal team. Read More Alerts The Importance of Patch Updates and Validation The release of software patches, even ones patching actively exploited vulnerabilities, is, unfortunately, not news. But we wanted to take this opportunity to remind our clients about some legal issues related to patching. Read More » Vaccines for Federal Contractor Employees – Not Required, But Certainly Encouraged In general, the new safety plans will split government employees, on-site contractors, and visitors into two groups – (1) the fully vaccinated and (2) those not vaccinated or those who refuse to provide proof of vaccination. Unsurprisingly, things are much harder for the second group: Read More » Department of Labor Cybersecurity Guidelines Become Rules Government agencies continue to expand the current patchwork of cybersecurity requirements. On April 14, 2021, the Department of Labor (DOL) released cybersecurity guidance for benefit plan sponsors, plan fiduciaries, record keepers, and plan participants. Read More » Interested in Connecting with our Legal Team? Contact US The post The Importance of Patch Updates and Validation appeared first on Centre Law & Consulting. View the full article
  3. GovCon Legal Alerts Vaccines for Federal Contractor Employees – Not Required, But Certainly Encouraged By: Tyler Freiberger, Associate Attorney, Centre Law & Consulting Share on facebook Share on twitter Share on linkedin “If you want to do business with the federal government, get your workers vaccinated.” While President Biden’s statement on July 29, 2021 appears abundantly clear, the administration’s written direction issued on the same day paints a slightly more nuanced picture for federal contractors. First, the “Agency Model Safety Principles” are instructions for how federal agencies should update their COVID-19 workplace safety plans. They are not legal mandates for private contractors. That said, they will eventually trickle down into the demands agencies make for contractors’ on-site employees. While the requirements are not unexpected, federal contractors should immediately start preparing for how they plan to communicate the requirements to their employees. In general, the new safety plans will split government employees, on-site contractors, and visitors into two groups – (1) the fully vaccinated and (2) those not vaccinated or those who refuse to provide proof of vaccination. Unsurprisingly, things are much harder for the second group: Those Federal employees and onsite contractors who are not fully vaccinated or decline to provide their vaccination status must wear a mask, physically distance, and comply with a weekly or twice-weekly screening testing requirement and are subject to Government-wide restrictions on official travel. In contrast, those that have provided proof of their vaccinations are not subject to any of these requirements, unless they are working in a county considered “high or substantial transmission” by the CDC. If so, then masks may be required. Communicating these requirements to an employee and implementing workplace vaccination policies can bring challenges. Employers should be aware that the Equal Employment Opportunity Commission has stated that employers may mandate the COVID-19 vaccine for on-site employees, subject to civil rights and disability statutes. Similarly, the Department of Justice recently published an opinion stating public and private entities are not prohibited from requiring vaccinations, even if the vaccines have been approved only for emergency use. If you have any questions about the new federal direction or returning employees to work in a COVID world, please contact either David Warner or Tyler Freiberger from our legal team or reach out via the link below. Connect with our Legal TeaM Stay in the know. Get industry alerts from our legal team. Read More Alerts The Importance of Patch Updates and Validation The release of software patches, even ones patching actively exploited vulnerabilities, is, unfortunately, not news. But we wanted to take this opportunity to remind our clients about some legal issues related to patching. Read More » Vaccines for Federal Contractor Employees – Not Required, But Certainly Encouraged In general, the new safety plans will split government employees, on-site contractors, and visitors into two groups – (1) the fully vaccinated and (2) those not vaccinated or those who refuse to provide proof of vaccination. Unsurprisingly, things are much harder for the second group: Read More » Department of Labor Cybersecurity Guidelines Become Rules Government agencies continue to expand the current patchwork of cybersecurity requirements. On April 14, 2021, the Department of Labor (DOL) released cybersecurity guidance for benefit plan sponsors, plan fiduciaries, record keepers, and plan participants. Read More » Interested in Connecting with our Legal Team? Contact US The post Vaccines for Federal Contractor Employees – Not Required, But Certainly Encouraged appeared first on Centre Law & Consulting. View the full article
  4. GovCon Legal Alerts Department of Labor Cybersecurity Guidelines Become Rules Share on facebook Share on twitter Share on linkedin Government agencies continue to expand the current patchwork of cybersecurity requirements. On April 14, 2021, the Department of Labor (DOL) released cybersecurity guidance for benefit plan sponsors, plan fiduciaries, record keepers, and plan participants. Now, there are multiple reports that DOL has included cybersecurity as part of its audits, effectively converting the guidelines to a standard. DOL Cybersecurity GuidanceDOL issued three forms of cybersecurity guidance in April. The first is Online Security Tips, which is targeted at plan participants and beneficiaries. It includes basic steps that individuals can take to safeguard themselves. While it may be helpful to provide the guidance to employees, it is otherwise inapplicable to businesses. The other two forms are applicable to organizations. Tips for Hiring a Service Provider is targeted at plan sponsors and fiduciaries seeking to hire a service provider. Cybersecurity Program Best Practices targets plan fiduciaries and record keepers. Tips for Hiring a Service ProviderTips for Hiring a Service Provider targets plan sponsors and fiduciaries. The beginning of the guidance points to the legal hook: “business owners and fiduciaries . . . responsibilit[y] under ERISA to prudently select and monitory . . . service providers, . . .” This guidance provides high-level instructions on how to conduct vendor risk management. This includes how to evaluate vendors and what terms to include in vendor contracts. It lacks some key concepts found in other guidance documents and regulations, but if DOL intends to use this guidance document as a minimum floor for plan sponsors and fiduciaries, then it provides a decent baseline without being overly burdensome. Plan sponsors and fiduciaries should review their service provider contracts and confirm they contain the appropriate provisions and begin to develop vendor risk assessments prior to retaining new vendors. Cybersecurity Program Best PracticesThe more impactful guidance is Cybersecurity Program Best Practices. This guidance, targeted at plan fiduciaries and record keepers, provides 12 cybersecurity controls that should be implemented. None of these controls are overly burdensome, and some courts have imposed such controls on employers through litigation already. Again, these controls may serve as a floor, although they are more detailed—and so more burdensome—than the vendor risk management guidance. Plan fiduciaries and record keeps should begin reviewing their cybersecurity posture against these controls. They will also want to ensure that their cybersecurity program is developing compliance documentation for auditors to review. DOL Cybersecurity AuditsAlthough DOL issued these documents as guidance, several firms have reported that DOL auditors are examining cybersecurity during scheduled audits. Some of the reported document requests have been extensive. Cybersecurity audits can be a challenge. This is especially true when the agency conducting the audit is just starting to assess cybersecurity, and when the standards are somewhat vague, which are both true for the DOL audits. It is critical for organizations subject to DOL audits to first establish an adequate cybersecurity program and then prepare for a cybersecurity audit. Establishing an adequate program can take months, if not years. This makes DOL’s rapid movement from initial guidance to audit potentially problematic for many organizations. They must establish policies, conduct risk assessments, train their workforce, and upgrade their IT and security infrastructure. Preparing for an audit can take time, as well. Organizations must ensure all paperwork is gathered and up to date, they must train interview subjects, and they may have to seek documents from service providers for work they outsource. If You Need AssistanceWe can help you develop a cybersecurity program, assess your current compliance, or prepare for an audit. We offer flat fee options for some of the specific requirements, such as risk assessments. We also offer assistance on a broad range of labor and employment matters, including the other targets of DOL audits. If you have any questions about this alert or any of the services we offer, please reach out to our legal team below. Connect with our Legal TeaM Stay in the know. Get industry alerts from our legal team. Read Other Alerts Department of Labor Cybersecurity Guidelines Become Rules Government agencies continue to expand the current patchwork of cybersecurity requirements. On April 14, 2021, the Department of Labor (DOL) released cybersecurity guidance for benefit plan sponsors, plan fiduciaries, record keepers, and plan participants. Read More » August 25, 2021 Interested in Connecting with our Legal Team? Contact US The post Department of Labor Cybersecurity Guidelines Become Rules appeared first on Centre Law & Consulting. View the full article
  5. GovCon Legal Alerts Don't miss the latest news & developments in government contracting. Get timely alerts from our legal team. Recent Alerts Department of Labor Cybersecurity Guidelines Become Rules Government agencies continue to expand the current patchwork of cybersecurity requirements. On April 14, 2021, the Department of Labor (DOL) released cybersecurity guidance for benefit plan sponsors, plan fiduciaries, record keepers, and plan participants. Read More » Shape Interested in Connecting with our Legal Team? Contact US The post GovCon Alerts appeared first on Centre Law & Consulting. View the full article
  6. GSA Alerts GSA Interim Rule to Implement the Secure Federal Leases from Espionage and Suspicious Entanglements Act Share on facebook Share on twitter Share on linkedin The Secure Federal Leases from Espionage and Suspicious Entanglements Act is a bipartisan bill signed into law late last year. The bill was introduced by Sens. Gary Peters, D-Mich., and Rob Portman, R-Ohio, after the findings from a 2017 report. The GAO found the GSA had leased high-security spaces from foreign owners in 20 buildings, including six FBI field offices. Some of the spaces hosted classified operations, were used for evidence storage, and housed sensitive data. Most of the federal tenants were unaware of the foreign ownership of the physical space used for the operation of sensitive activities. Of the GSA active leases for high-security facilities, the GAO was unable to identify the ownership for one-third of the locations. The law requires the disclosure of immediate and highest-level foreign ownership of facilities leased to the government. It also mandates lease language that would restrict property owners’ physical access to high-security spaces. The bill requires the GSA to identify any foreign owners of “high-security spaces” — properties with a security level of three or higher — as well as any foreigners who benefit from partial ownership of the properties. To implement provisions of the Secure Federal Leases from Espionage and Suspicious Entanglements Act, the General Services Administration unveiled an interim rule (that went into effect on Wednesday June 30, 2021), requiring the “immediate owners” of high-security space rented to the federal government to disclose foreign ownership. According to the interim rule, the GSA holds approximately 1,263 leases for high-security spaces as of June 2021, that fall under the Secure Federal Leases from Espionage and Suspicious Entanglements Act. The interim rule does not address provisions of the Secure Federal Leases Act requiring the disclosure of foreign “beneficial owners,” that is, individuals who exercise direct or indirect control over, or have economic interests in high-security spaces through “any contract, arrangement, understanding, relationship, or otherwise.” The GSA has stated this will be addressed in the future, and that the GSA is seeking some form of electronic means to implement the Federal Secure Leases Act. The GSA seeks public comments on the potential impact of the Thursday rule on federal lessors. “Comments are welcome on foreign ownership, including beneficial ownership, with the understanding that such comments may help inform a future regulatory action,” the GSA said. Have questions about the Interim Rule? Don’t hesitate to contact Centre. Stay in the know. Get industry alerts from our GSA Consulting Team. See More GSA Alerts GSA Interim Rule to Implement the Secure Federal Leases from Espionage and Suspicious Entanglements Act General Services Administration unveiled an interim rule on June 30, 2021, requiring the “immediate owners” of high-security space rented to the federal government to disclose foreign ownership. Read More » July 12, 2021 GSA Extends Moratorium on $25k minimum sales criteria through 9/30/2021 GSA extends moratorium on the enforcement of the minimum sales requirements of FAS clause I-FSS-639, Contract Sales Criteria, to September 30, 2021 Read More » July 12, 2021 Verified Products Portal (VPP) Implementation GSA develops the Verified Products Portal (VPP), for manufacturers and wholesalers to provide product content for commercial off-the-shelf (COTS) products. Read More » July 12, 2021 Interested in Connecting with our GSA or Legal Practice? Contact US The post GSA Interim Rule to Implement the Secure Federal Leases from Espionage and Suspicious Entanglements Act appeared first on Centre Law & Consulting. View the full article
  7. GSA Alerts GSA Extends Moratorium on $25k Minimum Sales Criteria Through 9/30/2021 Share on facebook Share on twitter Share on linkedin On June 18, 2020, The GSA Office of Government-wide Policy, OFFICE OF ACQUISITION POLICY (MV), issued the Acquisition Letter MV-20-09 to provide a temporary moratorium on the enforcement of the minimum sales requirements of FAS clause I-FSS-639, Contract Sales Criteria in Response to COVID-19. This action was then extended in Supplement 1 from September 30, 2020 to March 31, 2021. Acquisition Letter MV-20-09, Supplement 2 was issued on March 5, 2021. This action will extend the temporary moratorium on the enforcement of the minimum sales requirements of FAS clause I-FSS-639, Contract Sales Criteria, to September 30, 2021 in order to continue support of America’s response to COVID-19. l-FSS-639, Contract Sales Criteria, stipulates that the Government may cancel a GSA schedule contract if reported sales do not exceed $25,000 in the first 24 months following contract award, and exceed $25,000 in each 12-month period thereafter. The Novel Coronavirus Disease 2019 (COVID-19) was declared a nationwide emergency by the President on March 13, 2020. This declaration was made pursuant to section 501 (b) of the Stafford Act. COVID-19 has also been declared a pandemic by the World Health Organization (WHO) on March 11, 2020 (see the WHO webpage), and public health emergency by the Secretary of Health and Human Services on January 31, 2020 (see the Public Health Emergency webpage). The economic impact of the COVID-19 pandemic continues to be felt by businesses throughout the country, to include GSA’s Federal Supply Schedule (FSS) Program industry partners. Executive Order 13924 directs agencies to “identify regulatory standards that may inhibit economic recovery” and to take actions such as recission or suspension. If you have any questions regarding the moratorium extension please do not hesitate to contact the Centre Consulting Team. Stay in the know. Get industry alerts from our GSA Consulting Team. See More GSA Alerts GSA Interim Rule to Implement the Secure Federal Leases from Espionage and Suspicious Entanglements Act General Services Administration unveiled an interim rule on June 30, 2021, requiring the “immediate owners” of high-security space rented to the federal government to disclose foreign ownership. Read More » July 12, 2021 GSA Extends Moratorium on $25k minimum sales criteria through 9/30/2021 GSA extends moratorium on the enforcement of the minimum sales requirements of FAS clause I-FSS-639, Contract Sales Criteria, to September 30, 2021 Read More » July 12, 2021 Verified Products Portal (VPP) Implementation GSA develops the Verified Products Portal (VPP), for manufacturers and wholesalers to provide product content for commercial off-the-shelf (COTS) products. Read More » July 12, 2021 Interested in Connecting with our GSA or Legal Practice? Contact US The post GSA Extends Moratorium on $25k minimum sales criteria through 9/30/2021 appeared first on Centre Law & Consulting. View the full article
  8. GSA Alerts Verified Products Portal (VPP) Implementation Share on facebook Share on twitter Share on linkedin GSA recently developed the Verified Products Portal (VPP), for manufacturers and wholesalers to provide product content for commercial off-the-shelf (COTS) products. This system collects and displays authorized supplier information directly from the participating manufacturers and wholesalers with source files of product images, product videos, and pdf documents and manuals, including standardized manufacturer names, part numbers, and product specifications. The product and supplier data provided will be used to identify prohibited products and standardize contractor catalogs, ensuring products with VPP coverage are accurately represented. This will allow participating manufacturers and wholesalers to control how their products appear in GSA e-commerce platforms, ensuring product accuracy from the source suppliers. The GSA acquisition workforce is required to review VPP data to determine vendor authorization status when making determinations about new offers, modifications, and contract options. When vendors seek to add products to their schedule, the acquisition workforce will check this system, and then notify vendors regarding products that require a Letter of Supply (LOS), because the VPP data does not exist. The VPP is completely voluntary, with no cost for manufacturers or wholesalers to participate. For assistance with the Verified Products Portal, please contact the Centre Consulting Team. Stay in the know. Get industry alerts from our GSA Consulting Team. See More GSA Alerts GSA Interim Rule to Implement the Secure Federal Leases from Espionage and Suspicious Entanglements Act General Services Administration unveiled an interim rule on June 30, 2021, requiring the “immediate owners” of high-security space rented to the federal government to disclose foreign ownership. Read More » July 12, 2021 GSA Extends Moratorium on $25k minimum sales criteria through 9/30/2021 GSA extends moratorium on the enforcement of the minimum sales requirements of FAS clause I-FSS-639, Contract Sales Criteria, to September 30, 2021 Read More » July 12, 2021 Verified Products Portal (VPP) Implementation GSA develops the Verified Products Portal (VPP), for manufacturers and wholesalers to provide product content for commercial off-the-shelf (COTS) products. Read More » July 12, 2021 Interested in Connecting with our GSA or Legal Practice? Contact US The post Verified Products Portal (VPP) Implementation appeared first on Centre Law & Consulting. View the full article
  9. GSA Alerts GSA Interim Rule to Implement the Secure Federal Leases from Espionage and Suspicious Entanglements Act Share on facebook Share on twitter Share on linkedin The Secure Federal Leases from Espionage and Suspicious Entanglements Act is a bipartisan bill signed into law late last year. The bill was introduced by Sens. Gary Peters, D-Mich., and Rob Portman, R-Ohio, after the findings from a 2017 report. The GAO found the GSA had leased high-security spaces from foreign owners in 20 buildings, including six FBI field offices. Some of the spaces hosted classified operations, were used for evidence storage, and housed sensitive data. Most of the federal tenants were unaware of the foreign ownership of the physical space used for the operation of sensitive activities. Of the GSA active leases for high-security facilities, the GAO was unable to identify the ownership for one-third of the locations. The law requires the disclosure of immediate and highest-level foreign ownership of facilities leased to the government. It also mandates lease language that would restrict property owners’ physical access to high-security spaces. The bill requires the GSA to identify any foreign owners of “high-security spaces” — properties with a security level of three or higher — as well as any foreigners who benefit from partial ownership of the properties. To implement provisions of the Secure Federal Leases from Espionage and Suspicious Entanglements Act, the General Services Administration unveiled an interim rule (that went into effect on Wednesday June 30, 2021), requiring the “immediate owners” of high-security space rented to the federal government to disclose foreign ownership. According to the interim rule, the GSA holds approximately 1,263 leases for high-security spaces as of June 2021, that fall under the Secure Federal Leases from Espionage and Suspicious Entanglements Act. The interim rule does not address provisions of the Secure Federal Leases Act requiring the disclosure of foreign “beneficial owners,” that is, individuals who exercise direct or indirect control over, or have economic interests in high-security spaces through “any contract, arrangement, understanding, relationship, or otherwise.” The GSA has stated this will be addressed in the future, and that the GSA is seeking some form of electronic means to implement the Federal Secure Leases Act. The GSA seeks public comments on the potential impact of the Thursday rule on federal lessors. “Comments are welcome on foreign ownership, including beneficial ownership, with the understanding that such comments may help inform a future regulatory action,” the GSA said. Have questions about the Interim Rule? Don’t hesitate to contact Centre. Stay in the know. Get industry alerts from our GSA Consulting Team. See More GSA Alerts GSA Interim Rule to Implement the Secure Federal Leases from Espionage and Suspicious Entanglements Act General Services Administration unveiled an interim rule on June 30, 2021, requiring the “immediate owners” of high-security space rented to the federal government to disclose foreign ownership. Read More » July 12, 2021 May 24th, 2021 SAM.gov Will Merge With beta.SAM.gov Changes SAM.gov users can expect after May 24 include but are not limited to the following. Read More » April 30, 2021 Unilateral GSA Schedule Modifications – Have You Seen a Change in Your CS/CO Assignment? With the GSA seeking to streamline Phase 3 processes, many schedule holders have received unilateral modifications with a new CS/CO assigned to their contract(s). Read More » April 30, 2021 Interested in Connecting with our GSA or Legal Practice? Contact US The post GSA Interim Rule to Implement the Secure Federal Leases from Espionage and Suspicious Entanglements Act appeared first on Centre Law & Consulting. View the full article
  10. Legal Services Government Contracts Law Bid Protests Contract Claims & Disputes Government Contracts Litigation Service Contract Labor Standards Small Business Subcontracting Subcontracts & Teaming Agreements Terminations, Suspensions, and Debarment Buy American Act & Trade Agreements Act Other Transaction Authority (OTA) Litigation, Bid Protests, Claims and Disputes Bid Protests Commercial Litigation Employment Litigation Government Contracts Litigation Cybersecurity & Privacy Law Corporate Law Labor & Employment Law Service Contract Labor Standards Export Controls, ITAR, and EAR GSA GSA & VA Schedule Offerings GSA Alerts GSA & VA Schedule FAQs Contract Administration Training CSCM Program Course Calendar Courseware Development Our Training Center Government Human Capital Solutions Government Training Courses Legal & Acquisition Services Contract Vehicles NAICS Codes Government Clients News & Articles Insights Centre in the News White Papers, Webinars, & Mini Guides Wine and Wisdom Virtual Talk Show About Us About Our People Careers Contact Menu Legal Services Government Contracts Law Bid Protests Contract Claims & Disputes Government Contracts Litigation Service Contract Labor Standards Small Business Subcontracting Subcontracts & Teaming Agreements Terminations, Suspensions, and Debarment Buy American Act & Trade Agreements Act Other Transaction Authority (OTA) Litigation, Bid Protests, Claims and Disputes Bid Protests Commercial Litigation Employment Litigation Government Contracts Litigation Cybersecurity & Privacy Law Corporate Law Labor & Employment Law Service Contract Labor Standards Export Controls, ITAR, and EAR GSA GSA & VA Schedule Offerings GSA Alerts GSA & VA Schedule FAQs Contract Administration Training CSCM Program Course Calendar Courseware Development Our Training Center Government Human Capital Solutions Government Training Courses Legal & Acquisition Services Contract Vehicles NAICS Codes Government Clients News & Articles Insights Centre in the News White Papers, Webinars, & Mini Guides Wine and Wisdom Virtual Talk Show About Us About Our People Careers Contact Search Close INSIGHTS DOD Issues New Proposed Rule on Enhanced Debriefings GAO Has Released Its Annual Bid Protest Report By: Heather Mims Share on linkedin Share on twitter Share on facebook Share on email Share on print You may have been aware that the Department of Defense... You may have been aware that the Department of Defense was providing enhanced debriefings as part of its procurement process via a Class Deviation announced in 2018. DOD now seeks to make that rule permanent and has published a proposed rule to amend the Defense Federal Acquisition Regulation (DFAR) to continue to provide enhanced post-award debriefing under negotiated contracts, and task and delivery orders that exceed $10 Million. The enhanced debriefing permits offerors the opportunity to submit follow-up questions related to the debriefing within two business days after receiving the debriefing and to receive agency responses within five business days of receipt of the questions. The debriefing will not be considered concluded until the agency delivers its written response to an offeror, which is important for bid protest deadlines. Finally, the proposed rule in some circumstances also requires the agency’s debriefing information to include the written source selection document, redacted accordingly. The source selection document should be included in the debriefing: (1) where requested by a small business or nontraditional defense contractor for contract awards in excess of $10 Million but less than $100 Million; and (2) for contract awards in excess of $100 Million. The proposed rule also includes specific information on when contracting officers are required to suspend performance of a contract upon notification from the Government Accountability Office (“GAO”) that a protest has been filed: Within 10 days after the date of contract award or the issuance of a task or delivery order, where the value of the order exceeds $25 million. Within 5 days after the date that is offered to an unsuccessful offeror for a debriefing that is requested, and when requested is required, and the unsuccessful offeror submits no additional questions related to the debriefing. Within 5 days after the date that is offered to an unsuccessful offeror for a debriefing that is requested, and when requested is required, if the debriefing date offered is not accepted. Within 5 days, commencing on the day the Government delivers its written response to additional questions timely submitted by the unsuccessful offeror, when a requested and required debriefing is held on the date offered These changes are merely proposed at this stage and are not yet in effect. Comments on being accepted on the proposed rule through July 19, 2021, so there are several months before we will formally see any of these changes. Download Article About the Author Heather Mims is an associate attorney at Centre Law & Consulting. Her practice is primarily focused on government contracts law, employment law, and litigation. She has extensive experience litigating bid protests before the GAO as well as experience working with contractors on claims and appeals, government contract terminations, and subcontract disputes. Heather is a top-rated attorney selected to Rising Stars for 2019-2020 by Super Lawyers Interested in Connecting with our Legal Practice About Bid Protests? Contact US Explore More Insights DOD Issues New Proposed Rule on Enhanced Debriefings You may have been aware that the Department of Defense was providing enhanced debriefings as part of its procurement process via a Class Deviation announced in 2018. DOD now seeks to make that rule permanent and has published a proposed rule to amend the Defense Federal Acquisition Regulation (DFAR) to continue to provide enhanced post-award debriefing under negotiated contracts, and task and delivery orders that exceed $10 Million. Read More » May 28, 2021 Biden’s Cybersecurity Order and You On May 12, 2021, President Biden signed the Executive Order on Improving the Nation’s Cybersecurity (EO). Driven in part by recent cyberattacks on network tools, enterprise software, and critical infrastructure, the EO implements (or attempts to implement; more on that later) a veritable wish-list of cybersecurity provisions. Read More » May 19, 2021 Pipeline Cyberattack Highlights Fragile Infrastructure The Colonial Pipeline ransomware attack is a wake up call to many regarding the state of their cybersecurity infrastructure. Centre Cybersecurity Partner Brandon Graves provides insight on how organizations can protect themselves against threats and reduce vulnerabilities. Read More » May 11, 2021 Receive the latest news Subscribe To Our Newsletter Email Address subscribe Privacy Terms & Policies Contact Menu Privacy Terms & Policies Contact Find Us Here Linkedin-in Facebook-f Envelope Phone 8330 Boone Blvd STE 300 Tysons, VA 22182 All Rights Reserved © 2020 The post DOD Issues New Proposed Rule on Enhanced Debriefings appeared first on Centre Law & Consulting. View the full article
  11. Legal Services Government Contracts Law Bid Protests Contract Claims & Disputes Government Contracts Litigation Service Contract Labor Standards Small Business Subcontracting Subcontracts & Teaming Agreements Terminations, Suspensions, and Debarment Buy American Act & Trade Agreements Act Other Transaction Authority (OTA) Litigation, Bid Protests, Claims and Disputes Bid Protests Commercial Litigation Employment Litigation Government Contracts Litigation Cybersecurity & Privacy Law Corporate Law Labor & Employment Law Service Contract Labor Standards Export Controls, ITAR, and EAR GSA GSA & VA Schedule Offerings GSA Alerts GSA & VA Schedule FAQs Contract Administration Training CSCM Program Course Calendar Courseware Development Our Training Center Government Human Capital Solutions Government Training Courses Legal & Acquisition Services Contract Vehicles NAICS Codes Government Clients News & Articles Insights Centre in the News White Papers, Webinars, & Mini Guides Wine and Wisdom Virtual Talk Show About Us About Our People Careers Contact Menu Legal Services Government Contracts Law Bid Protests Contract Claims & Disputes Government Contracts Litigation Service Contract Labor Standards Small Business Subcontracting Subcontracts & Teaming Agreements Terminations, Suspensions, and Debarment Buy American Act & Trade Agreements Act Other Transaction Authority (OTA) Litigation, Bid Protests, Claims and Disputes Bid Protests Commercial Litigation Employment Litigation Government Contracts Litigation Cybersecurity & Privacy Law Corporate Law Labor & Employment Law Service Contract Labor Standards Export Controls, ITAR, and EAR GSA GSA & VA Schedule Offerings GSA Alerts GSA & VA Schedule FAQs Contract Administration Training CSCM Program Course Calendar Courseware Development Our Training Center Government Human Capital Solutions Government Training Courses Legal & Acquisition Services Contract Vehicles NAICS Codes Government Clients News & Articles Insights Centre in the News White Papers, Webinars, & Mini Guides Wine and Wisdom Virtual Talk Show About Us About Our People Careers Contact Search Close INSIGHTS Biden’s Cybersecurity Order and You How do I avoid being next? By: Brandon Graves Share on linkedin Share on twitter Share on facebook Share on email Share on print KEY TOPICS If you provide IT services or equipment to the government… If you develop software… If you consult with the government… Ultimately, the EO will impact everyone What do you need to do in the wake of the President’s groundbreaking action? On May 12, 2021, President Biden signed the Executive Order on Improving the Nation’s Cybersecurity (EO). Driven in part by recent cyberattacks on network tools, enterprise software, and critical infrastructure, the EO implements (or attempts to implement; more on that later) a veritable wish-list of cybersecurity provisions. What the EO means to you will vary based on industry. If you provide IT services or equipment to the government… Your logging and reporting requirements are going to increase. IT service and equipment providers will have several new FAR and DFARS clauses in the coming months, generally related to information sharing and incident response. First, various government agencies will review existing FAR clauses and suggest updates to require service providers to: preserve significant data related to cybersecurity event prevention and detection; share that data as it relates to potential cybersecurity incidents; collaborate with federal investigative agencies in response to potential incidents; and share cyberthreat information in industry-recognized formats. Next, government agencies will review existing FAR clauses and suggest updates that address: the types of security incidents that require reporting; what information must be included in reports; appropriate privacy protections for these reports; time periods for reporting (but not more than 72 hours for most serious breaches); additional reporting requirements; and which contractors need to report breaches. The EO is attempting to get more information quicker so that the government can respond to problems, and ideally, potential problems faster. The administration recognizes that much of the information necessary resides in the hands of government contractors. The government’s lack of visibility will increase as the government pushes more of its IT infrastructure into the cloud, as discussed below. It is too early to say definitively what these new clauses will look like, as it will likely take more than a month before proposed language is circulated. However, if post is prologue, look for STIX and TAXII requirements, and a web-based breach reporting portal with certificate requirements. There will be lots of opportunity for work. There are significant IT modernization goals in the EO. The EO pushes the government to fully adopt cloud services and move towards Zero Trust Architecture. IT modernization has been a government “priority” for years, but the EO provides more direction. What it does not provide is funding. Parts of the government have been moving to the cloud for years, but the challenge is perfectly illustrated by DoD’s JEDI contract. IT modernization has been notoriously underfunded for years, and a complete change architecture is an enormous lift. Service providers who can assist with this transition and cloud providers should have significant opportunities as federal agencies grapple with this transition. If you develop software… Your development life cycle may fundamentally change. The EO has a section focused on securing the software supply chain. Recognizing government’s lack of expertise in this area, the EO directs NIST to solicit input from both public and private sector to develop guidelines for enhancing software supply chain security. The preliminary guidelines are supposed to be published within six months, so the solicitation will happen quickly. The guidelines will address: separate build environments; auditing trust relationships; multi-factor, risk based authentication and conditional access; documented dependencies; minimized dependencies on build environments; data encryption; and monitoring. Further, the government will likely require that software developers keep artifacts showing compliance with these guidelines, as well as automation to meet the requirements. In fact, it sounds like DevSecOps, but instead of referencing that concept, the EO spells it out at length. The EO also calls for a Software Bill of Materials (SBOM) for each product. Various organizations have been calling for SBOM requirements for years. If SBOMs are required, software developers will have to be more diligent in documenting what components their developers use in creating new software and providing that list to the government. This is a requirement that will need to flow-down to ensure that the end product actually represents all of the components that exist in a piece of software. Part of the EO will include attestations to the integrity of open source software used in a product, which would naturally be part of an SBOM. Ultimately, organizations developing software that will be sold to the government, either directly or through the supply chain, will need to develop a robust software development life cycle that involves robust infrastructure, advanced automation, mature compliance and documentation, and vulnerability monitoring. If you consult with the government… There are a lot of opportunities. The EO calls for the development of new FAR clauses, organizations, programs, and documents. First, if the EO is followed closely, a number of new FAR and DFARS clauses related to cybersecurity will be proposed and developed in the coming months. These clauses will address data collection, breach notification, software development requirements, among others. Second, the EO orders the establishment of a Cyber Safety Review Board, which will, among other things, review and assess significant cyber incidents. The Board will include representatives from various agencies, private sector suppliers, and others. Third, the EO calls a standardization of the government’s playbook for incident response. This playbook will be a set of standard operational procedures for planning and conducting cybersecurity vulnerability and incident response activities. Fourth, the EO requires the government to improve the detection of cybersecurity vulnerabilities and incidents on federal networks as a separate task from the FAR clauses and playbook discussed above. This includes the deployment of EDR software throughout the government’s IT infrastructure, the development of a continuous diagnostic and mitigation program, the writing of a report on how to conduct threat hunting on certain federal networks without prior authorization from agencies, and other tasks. Ultimately, the EO will impact everyone The EO has a lot of moving parts. Some will be scaled back, while others won’t be sufficiently funded. But even a scaled back version of the EO will result in increased breach and vulnerability reporting requirements, more mature compliance programs, and disruption of the federal IT infrastructure. The EO will impact some industries more than others, but no one will completely escape its reach. Prudent organizations will watch the proposed FAR clauses and take the opportunity to guide the discussion, either through submitting comments or through less formal mechanisms. The federal government has a long way to go to adequately securing its IT infrastructure, but this EO should be a good first step. Download Article About the Author Brandon Graves is a Partner at Centre Law & Consulting focusing on cybersecurity practices. He helps clients manage everything from crises related to security breaches, regulatory investigations, and disputes, to helping companies operate more securely in their normal course of business. Recently, Brandon assisted companies develop information security programs, prepare for certifications under the DoD’s Cybersecurity Maturity Model, and manage their supply chain risk. Learn more Interested in Connecting with our Legal Practice about Cybersecurity and Privacy? Contact US Explore More Insights Biden’s Cybersecurity Order and You On May 12, 2021, President Biden signed the Executive Order on Improving the Nation’s Cybersecurity (EO). Driven in part by recent cyberattacks on network tools, enterprise software, and critical infrastructure, the EO implements (or attempts to implement; more on that later) a veritable wish-list of cybersecurity provisions. Read More » May 19, 2021 Pipeline Cyberattack Highlights Fragile Infrastructure The Colonial Pipeline ransomware attack is a wake up call to many regarding the state of their cybersecurity infrastructure. Centre Cybersecurity Partner Brandon Graves provides insight on how organizations can protect themselves against threats and reduce vulnerabilities. Read More » May 11, 2021 Navigating the Cybersecurity Maturity Model Certification (CMMC) Learn how Centre’s Cybersecurity Maturity Model Certification (CMMC) Accreditation Board (AB) Registered Practitioner Organization (RPO) designation help contractors. Read More » March 28, 2021 Receive the latest news Subscribe To Our Newsletter Email Address subscribe Privacy Terms & Policies Contact Menu Privacy Terms & Policies Contact Find Us Here Linkedin-in Facebook-f Envelope Phone 8330 Boone Blvd STE 300 Tysons, VA 22182 All Rights Reserved © 2020 The post Biden’s Cybersecurity Order and You appeared first on Centre Law & Consulting. View the full article
  12. Legal Services Government Contracts Law Bid Protests Contract Claims & Disputes Government Contracts Litigation Service Contract Labor Standards Small Business Subcontracting Subcontracts & Teaming Agreements Terminations, Suspensions, and Debarment Buy American Act & Trade Agreements Act Other Transaction Authority (OTA) Litigation, Bid Protests, Claims and Disputes Bid Protests Commercial Litigation Employment Litigation Government Contracts Litigation Cybersecurity & Privacy Law Corporate Law Labor & Employment Law Service Contract Labor Standards Export Controls, ITAR, and EAR GSA GSA & VA Schedule Offerings GSA Alerts GSA & VA Schedule FAQs Contract Administration Training CSCM Program Course Calendar Courseware Development Our Training Center Government Human Capital Solutions Government Training Courses Legal & Acquisition Services Contract Vehicles NAICS Codes Government Clients News & Articles Insights Centre in the News White Papers, Webinars, & Mini Guides Wine and Wisdom Virtual Talk Show About Us About Our People Careers Contact Menu Legal Services Government Contracts Law Bid Protests Contract Claims & Disputes Government Contracts Litigation Service Contract Labor Standards Small Business Subcontracting Subcontracts & Teaming Agreements Terminations, Suspensions, and Debarment Buy American Act & Trade Agreements Act Other Transaction Authority (OTA) Litigation, Bid Protests, Claims and Disputes Bid Protests Commercial Litigation Employment Litigation Government Contracts Litigation Cybersecurity & Privacy Law Corporate Law Labor & Employment Law Service Contract Labor Standards Export Controls, ITAR, and EAR GSA GSA & VA Schedule Offerings GSA Alerts GSA & VA Schedule FAQs Contract Administration Training CSCM Program Course Calendar Courseware Development Our Training Center Government Human Capital Solutions Government Training Courses Legal & Acquisition Services Contract Vehicles NAICS Codes Government Clients News & Articles Insights Centre in the News White Papers, Webinars, & Mini Guides Wine and Wisdom Virtual Talk Show About Us About Our People Careers Contact Search Close INSIGHTS America’s Fragile Cybersecurity Infrastructure How do I avoid being next? By: Brandon Graves Share on linkedin Share on twitter Share on facebook Share on email Share on print KEY TOPICS Infrastructure Cybersecurity What Comes Next? On May 8, 2021, Colonial Pipeline announced that it was the victim of a ransomware attack. According to the statement, Colonial’s response to the breach shut down all pipeline operations. Colonial is responsible for 45% of fuel consumed on the East Coast. While this security incident is grabbing headlines, it is far from the worst case scenario. We should consider it another wake-up call in a long line of them. Infrastructure Cybersecurity Companies responsible for infrastructure typically run at least two types of networks. The first is a standard network for business operations, such as customer service, billing, and the like. The other is a supervisory control and data acquisition (SCADA) network, which is responsible for the actual infrastructure. SCADA security has been a concern for years. In 2009, someone used vulnerabilities in Sieman computer systems to cause physical damage to Iran’s nuclear program. The Department of Homeland Security’s critical infrastructure work focuses in large part on SCADA systems. Unfortunately, the desire for more functions has led to closer ties between SCADA systems and other network infrastructure. These functions include remote administration, data gathering, and financial tasks. In fact, as local utilities across the country have decreased staff, the need for remote administration has increased. This increase led to a dangerous attack on a water treatment plant in Florida earlier this year. Luckily, a worker saw the intrusion and was able to stop the attack before the attacker was able to add dangerous levels of sodium hydroxide to the water supply. Other infrastructure attacks have led to extensive damage. For instance, intruders were able to damage a blast furnace in Germany through remote access. As more of these systems are connected to external networks, more attacks will occur. What Comes Next? President Biden’s infrastructure bill was already subject to widespread criticism for its lack of cybersecurity funding. We expect that to change. We also anticipate Executive Orders addressing this infrastructure security. Congress was already considering mandatory breach and vulnerability reporting, and it will likely move faster. This breach highlights the need for resiliency in networks of all types. Colonial Pipeline had to shut down its pipeline operations to mitigate a ransomware attack. Incident response plans should integrate with disaster recovery/business continuity plans, all of which should be tested at least annually. Sensitive systems and data should be segmented, but network testing should assume that the segmentation will fail. Download Article About the Author Brandon Graves is a Partner at Centre Law & Consulting focusing on cybersecurity practices. He helps clients manage everything from crises related to security breaches, regulatory investigations, and disputes, to helping companies operate more securely in their normal course of business. Recently, Brandon assisted companies develop information security programs, prepare for certifications under the DoD’s Cybersecurity Maturity Model, and manage their supply chain risk. Learn more Interested in Connecting with our Legal Practice about Cybersecurity and Privacy? Contact US Explore More Insights America’s Fragile Cybersecurity Infrastructure Learn how Centre’s Cybersecurity Maturity Model Certification (CMMC) Accreditation Board (AB) Registered Practitioner Organization (RPO) designation help contractors. Read More » May 11, 2021 Navigating the Cybersecurity Maturity Model Certification (CMMC) Learn how Centre’s Cybersecurity Maturity Model Certification (CMMC) Accreditation Board (AB) Registered Practitioner Organization (RPO) designation help contractors. Read More » March 28, 2021 Virginia’s New Data Privacy Law On March 2, 2020, Virginia’s governor signed into law the Consumer Data Protection Act. Who does this law apply to and what does it mean for consumers? Understand what else must controllers do and what is the path forward. Read More » March 9, 2021 Receive the latest news Subscribe To Our Newsletter Email Address subscribe Privacy Terms & Policies Contact Menu Privacy Terms & Policies Contact Find Us Here Linkedin-in Facebook-f Envelope Phone 8330 Boone Blvd STE 300 Tysons, VA 22182 All Rights Reserved © 2020 The post America’s Fragile Cybersecurity Infrastructure appeared first on Centre Law & Consulting. View the full article
  13. GSA Alerts May 24th, 2021 SAM.gov Will Merge With beta.SAM.gov Share on facebook Share on twitter Share on linkedin Industry is invited to the next Integrated Award Environment online Stakeholder Forum on Wednesday, May 5, 2021, from 1:00 – 3:00 p.m. EDT to see the new SAM.gov changes. Please register here for a meeting link to learn more about many of the upcoming changes. Several systems have merged into what is now beta.SAM.gov (e.g. FBO.gov, WDOL.gov, and CFDA.gov). On May 24th, SAM.gov will be the next to integrate. The SAM.gov functions that users visit the site for today – where entities register to do business with the federal government, find exclusion records, search entity registrations –will move into the new SAM.gov system. Changes SAM.gov users can expect after May 24 include but are not limited to: A single user URL (no more “beta”) and login for all functions currently in beta.SAM.gov and SAM.gov A single personalized user Workspace based on your roles and the entity registrations you manage Landing pages with help specific to entity registrations, exclusions, and entity reporting Service Contract Reporting (SCR) and Bio-Preferred reporting access from the entity’s Workspace System account functionalities for non-federal users Login requirement to search entity registration data Optional identity verification for entity administrators (not required until 2022) Streamlined search filter functionality Search for contract opportunities Find wage determinations Current SAM.gov registration functions Please be aware of these changes, as “selling season” for proposals will so be picking up. Having fluency with this new system will be useful in federal contractors’ business development efforts. Stay in the know. Get industry alerts from our GSA Consulting Team. See More GSA Alerts May 24th, 2021 SAM.gov Will Merge With beta.SAM.gov Changes SAM.gov users can expect after May 24 include but are not limited to the following. Read More » April 30, 2021 Unilateral GSA Schedule Modifications – Have You Seen a Change in Your CS/CO Assignment? With the GSA seeking to streamline Phase 3 processes, many schedule holders have received unilateral modifications with a new CS/CO assigned to their contract(s). Read More » April 30, 2021 MAS Consolidation Phase 3 Plans Due Sept. 30, 2021 GSA has officially moved into Phase 3 of MAS Consolidation in August 2020. This requires contractors with multiple MAS contracts to consolidate down to one contract per Unique Entity Identifier. Read More » April 30, 2021 Interested in Connecting with our GSA or Legal Practice? Contact US The post May 24th, 2021 SAM.gov Will Merge With beta.SAM.gov appeared first on Centre Law & Consulting. View the full article
  14. GSA Alerts Unilateral GSA Schedule Modifications – Have You Seen a Change in Your CS/CO Assignment? Share on facebook Share on twitter Share on linkedin With the GSA seeking to streamline Phase 3 processes, many schedule holders have received unilateral modifications with a new CS/CO assigned to their contract(s). The GSA is seeking to consolidate schedules to one Procurement Contracting Officer (PCO), when possible. This will enable contractors to have one PCO to work with during consolidation activities. This is to lessen administrative burdens and prevent the need to coordinate across multiple PCOs, as GSA and industry affects contract actions for consolidation. Some schedule holders with only one contract may be reassigned a new CS/CO, as the GSA seeks to balance the workload across regions and contracting workforce. Prior to moving any contracts, the PCO will be completing a series of checks of the contract file to prepare the file for transfer. If you receive any requests for information from your PCO, please seek to clarify the reasoning for the request. If the request is due to consolidation the GSA asks vendors to promptly respond. The GSA has stated that contracts will only be reassigned to a new PCO after transfer requirements are met and documented. If you are a multi-schedule holder and are seeking to start consolidating your contracts before they are transferred, the GSA asks that industry please communicate your intentions to all of your PCOs. For assistance with your consolidation plan, and to answer any new CS/CO assignment questions, please contact Centre. Stay in the know. Get industry alerts from our GSA Consulting Team. See More GSA Alerts Unilateral GSA Schedule Modifications – Have You Seen a Change in Your CS/CO Assignment? With the GSA seeking to streamline Phase 3 processes, many schedule holders have received unilateral modifications with a new CS/CO assigned to their contract(s). Read More » April 30, 2021 MAS Consolidation Phase 3 Plans Due Sept. 30, 2021 GSA has officially moved into Phase 3 of MAS Consolidation in August 2020. This requires contractors with multiple MAS contracts to consolidate down to one contract per Unique Entity Identifier. Read More » April 30, 2021 The GSA Has Completed Its Routine Review ETS Items. If you are a product vendor on GSA schedule, please be aware that GSA recently conducted a review of electronic catalogs on GSA Advantage. Read More » April 29, 2021 Interested in Connecting with our GSA or Legal Practice? Contact US The post Unilateral GSA Schedule Modifications – Have You Seen a Change in Your CS/CO Assignment? appeared first on Centre Law & Consulting. View the full article
  15. GSA Alerts MAS Consolidation Phase 3 Plans Due Sept. 30, 2021 Share on facebook Share on twitter Share on linkedin GSA has officially moved into Phase 3 of MAS Consolidation in August 2020. This requires contractors with multiple MAS contracts to consolidate down to one contract per Unique Entity Identifier (UEI), e.g. Data Universal Numbering System (DUNS) number. Vendors who manage two or more contracts under the same DUNS number have a deadline to meet for Phase 3 MAS Consolidation. Specifically, contractors with multiple MAS contracts must complete a “Phase 3 Checklist and Plan” to consolidate down to one contract per Unique Entity Identifier (UEI) (e.g. Data Universal Numbering System (DUNS) number) by September 30, 2021. These plans are the first step in determining your surviving contract and beginning the process to get to one contract per UEI. No Phase 3 modifications will be approved without a completed and approved plan. The GSA is asking only for the plan at this time – the timing and process of the contract consolidation will be decided between vendors and their COs. For assistance with the Phase 3 Checklist and Plan requirement, please contact Centre. Stay in the know. Get industry alerts from our GSA Consulting Team. See More GSA Alerts Unilateral GSA Schedule Modifications – Have You Seen a Change in Your CS/CO Assignment? With the GSA seeking to streamline Phase 3 processes, many schedule holders have received unilateral modifications with a new CS/CO assigned to their contract(s). Read More » April 30, 2021 MAS Consolidation Phase 3 Plans Due Sept. 30, 2021 GSA has officially moved into Phase 3 of MAS Consolidation in August 2020. This requires contractors with multiple MAS contracts to consolidate down to one contract per Unique Entity Identifier. Read More » April 30, 2021 The GSA Has Completed Its Routine Review ETS Items. If you are a product vendor on GSA schedule, please be aware that GSA recently conducted a review of electronic catalogs on GSA Advantage. Read More » April 29, 2021 Interested in Connecting with our GSA or Legal Practice? Contact US The post MAS Consolidation Phase 3 Plans Due Sept. 30, 2021 appeared first on Centre Law & Consulting. View the full article
×
×
  • Create New...