Jump to content
The Wifcon Forums and Blogs

Centre Law & Consulting

Members
  • Posts

    377
  • Joined

  • Last visited

Contact Methods

  • Website URL
    http://www.centrelawgroup.com/

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. The U.S. Supreme Court slammed the brakes Thursday on a Biden administration vaccine-or-testing rule for private businesses with at least 100 employees, but let a stricter yet narrower rule aimed at the health care industry take effect nationwide. Today the Supreme Court of the United States struck down the “OSHA Vax or Test” rule imposed on most employers with over 100 employees stating, “[Congress authorized OSHA] to set workplace safety standards, not broad public health measures.” However, in a separate decision the Court upheld the vaccine mandate for workers at federally funded health care facilities. The Court reasoned “Congress has authorized the Secretary to impose conditions on the receipt of Medicaid and Medicare funds that ‘the Secretary finds necessary in the interest of the health and safety of individuals who are furnished services.’” This authorization permits the strict rules put into place for the covered health care facilities. While the two decisions may appear at odds, a common thread can be found. Congress holds the power to authorize the Executive, and its agencies, to create vaccine mandates or related testing requirements. However, Congress must be clear when delegating these powers and for what purpose. Both decisions can be found below, in full. https://www.supremecourt.gov/opinions/21pdf/21a240_d18e.pdf https://www.supremecourt.gov/opinions/21pdf/21a244_hgci.pdf The remaining federal, vaccine mandate is the one applicable to government contractors. That mandate was subject to a nationwide injunction; and, last month, the 11th Circuit Court of Appeals rejected an effort by the U.S. Government to overturn that injunction. Briefing on the merits of the government contractor mandate is not set to be concluded until late February, and oral argument before the 11th Circuit will not be held until early April. With the Supreme Court’s recent rulings, the viability of the government contractor mandate is certainly in question. That said, given the innumerable regulatory requirements already placed on government contractors, the contractor mandate arguably appears more akin to the CMS mandate than the OSHA mandate. Time, and the 11th Circuit, and probably the Supreme Court, will tell. Decision Review provided by David Warner, Parter & Tyler Freiberger, Associate Attorney The post Breaking Mandate Decisions appeared first on Centre Law & Consulting. View the full article
  2. The post appeared first on Centre Law & Consulting. View the full article
  3. The post Featured Media Listing Promo3 appeared first on Centre Law & Consulting. View the full article
  4. The post Featured Media Listing Promo2 appeared first on Centre Law & Consulting. View the full article
  5. The post Featured Media Listing Promo appeared first on Centre Law & Consulting. View the full article
  6. http://centrelawgroup.com/wp-content/uploads/2021/12/Group-13563.png The post Featured Media Listing Promo appeared first on Centre Law & Consulting. View the full article
  7. Welcome to WordPress. This is your first post. Edit or delete it, then start writing! The post Hello world! appeared first on Centre Law & Consulting. View the full article
  8. Last Friday, the United States Court of Appeals for the Fifth Circuit issued a preliminary injunction staying enforcement of the Emergency Temporary Standard (ETS) previously issued by the U.S. Department of Labor’s Occupational Safety and Health Administration (OSHA). The OSHA ETS required all employers of 100 or more employees to “develop, implement, and enforce a mandatory COVID-19 vaccination policy” and to require any workers who remain unvaccinated to “undergo weekly COVID-19 testing and wear a face covering at work.” Immediately upon issuance of the ETS, a collection of private employers together with the states of Mississippi, South Carolina and Utah filed suit in the Fifth Circuit seeking to enjoin the mandate’s enforcement. On November 6, 2021, the Court entered a stay pending briefing and expedited judicial review. In that brief order, the Court noted that it found “cause to believe there are grave statutory and constitutional issues with the Mandate.” In its November 12 ruling enjoining the OSHA ETS, the Court expanded on its analysis. First, the Fifth Circuit found that the ETS “grossly exceeds OSHA’s statutory authority.” However, the Court did not limit its review to statutory over-reach. Rather, in the final pages of its recent decision the Court focused on its constitutional concerns surrounding mandatory vaccination. This constitutional analysis could prove to be the undoing of the Biden Administration’s Executive Order imposing a similar vaccine mandate on government contractor personnel. Specifically, the Court noted that the OSHA ETS “likely exceeds the federal government’s authority under the Commerce Clause because it regulates noneconomic inactivity that falls squarely within the States’ police power.” (To issue the injunction, the Court needed to conclude that the petitioners would “likely succeed on the merits” of their claims, hence the use of “likely” rather than a more definitive statement from the Court.) Stated another way, while a State legislature could enact legislation for the public good – i.e., a vaccine mandate – the Commerce Clause does not provide the federal government such power. In sum, the Fifth Circuit held that the OSHA ETS “would far exceed current constitutional authority.” The Court then continued to analyze the impact of the mandate on individuals. On this point, the Court noted that the OSHA ETS “threatens to substantially burden the liberty interests of reluctant individual recipients put to a choice between their job(s) and their jab(s).” The Court found that for “individual petitioners, the loss of constitutional freedoms ‘for even minimal periods of time … unquestionably constitutes irreparable injury” thereby supporting entry of the injunction. In sum, the Fifth Circuit held that the OSHA ETS “runs afoul of the statute from which it draws its power and, likely, violates the constitutional structure that safeguards our collective liberty.” The latter conclusion spells potential trouble for the Biden Administration government contractor vaccine mandate. It has long been held that the President’s authority to issue executive orders must stem from the Constitution or a federal statute, and that these limits are judicially enforceable. For example, in Youngstown Sheet and Tube Co. v. Sawyer, 343 U.S. 579 (1952) the Supreme Court invalidated an order seizing and operating most of the nation’s steel mills. The Supreme Court stated: “… The President’s power, if any, to issue the order must stem either from an act of Congress or from the Constitution itself.” See Youngstown, 343 U.S. at 585. Put simply, if the Commerce Clause does not provide constitutional authority for OSHA to implement its vaccine or test mandate, it almost certainly does not provide authority for the broader, government contractor mandate that does not even provide for a testing option. Similarly, the concerns regarding the impact of mandates on constitutionally protected liberty interests are equally present with respect to the contractor mandate as they are under the OSHA ETS. All of the above said, the contractor mandate has not (yet) been enjoined and contractors are well-counseled to continue to prepare for the January 4, 2022, deadline. It seems certain, however, that the Fifth Circuit’s opinion has provided a template for significant legal challenge to the contractor mandate. –This update has been detailed by David Warner. David Warner heads Centre’s litigation, audit, and investigation practices. He is a seasoned trial lawyer and counselor with more than twenty years of experience in the resolution and litigation of complex business and employment disputes before state and federal courts and agencies. His practice is particularly focused on the government contractor, nonprofit, and hospitality industries. The post Injunction of OSHA Mandate appeared first on Centre Law & Consulting. View the full article
  9. I took a test in Existentialism. I left all the answers blank and got 100. ― Woody Allen Let me help you fill in those blanks regarding COVID vaccine mandates. Your other issues, you will have to work through yourself. Let’s get this party started! What happened? On September 9, 2021, President Biden announced his Path Out of the Pandemic, COVID-19 Action Plan. As part of that plan, the President signed Executive Order 14042 on Ensuring Adequate COVID Safety Protocols for Federal Contractors. The Order requires all executive departments and agencies of the federal government to ensure that covered contracts and contract-like instruments include a clause requiring federal government contractors and subcontractors at any tier, to comply with all guidance published by the Task Force on COVID-19 workplace safeguards. Who is covered? My attorney literalist side wants to say, right now, no one is covered. And that is a true statement. However, in the not so distant future, most of you reading this will be covered. Contracts awarded (or modified, renewed or extended) on or after November 14, 2021, must contain a COVID vaccine contract clause. That clause will be arriving on our doorstep on October 8, 2021. For contracts awarded between October 15 and November 14: (a) the contract must include the contract clause if the solicitation for the contract was issued on or after October 15; and (b) if the solicitation for the contract was issued prior to October 15, federal agencies are encouraged to include the contract clause in the contract. Contracts awarded prior to October 15, 2021, are not covered unless an option is exercised or an extension is made. Plan on being covered, because I guarantee you that some of your competitors will be touting their vaccinated staff status. It will be like CMMC but better because that is a multiagency USP (unique selling point). Important point – we are seeing agencies stating that they will modify existing contracts to add this clause. Who is not covered? Grantees, Native American Tribes, OCONUS employees, contracts for less than $250,000 (the simplified acquisition threshold) and subcontracts solely for products (but I think the product provider loophole will be closed). What is required? Each and every one of your current covered employees must be vaccinated against COVID by December 8, 2021. This includes back room employees, remote employees, excellent employees, the person in IT whose name you never remember, and those employees you would love to send to your competitor. All of them. The only exceptions are the religious or health/disability exemptions/accommodations, which our labor and employment attorney, David Warner, says must be carefully documented and vetted. What about HIPAA? It does not apply to you unless you are a medical provider. So worry about other things that might apply to you, like increased IG audits. Our staff got COVID during that ill-fated holiday party cruise. Do we still have to get vaccinated? Yes. Do we have to have a person in charge of this? Of course you do, silly. This is a highly regulated industry! You must designate someone as the workplace safety and other duties as assigned employee in charge of this. HR, I have a feeling this is heading in your direction. Do we need to get a copy of vaccination records from each employee? What about HIPAA? I already told you that HIPAA does not apply. (There is no such thing as multitasking). The Americans with Disabilities Act record keeping requirements do however, apply. Yes, you will need to get vaccine records from your covered employees. This is exhausting. What else do I have to do? No one ever said, contracting with the federal government was easy. There are masking requirements in high risk areas and social distancing requirements. See CDC guidance. If I enter a Federal Agency will I have to provide further information regarding my vaccination status? Yes. See OMB form 33206-0277. If you need expert legal advice regarding COVID Safety Protocols for Federal Contractors, or any Government Contracting needs, contact Centre Law & Consulting. The post Everything Government Contractors Need to Know About COVID Vaccine Mandates appeared first on Centre Law & Consulting. View the full article
  10. GovCon Legal Alerts Client Alert-Labor Day Ransomware Threat By: Brandon Graves, Partner, Centre Law & Consulting Share on facebook Share on twitter Share on linkedin The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory concerning an elevated threat of ransomware attacks over the holiday weekend. Neither agency has identified a specific threat but base their warning on historic spikes in ransomware activity over recent holiday weekends. Commodity ransomware is a threat to all businesses regardless of size due to its low cost to deploy, resulting in a “spray and pray” method of malware distribution. Clients with high revenue or sensitive data are at risk of more targeted threats. Modern ransomware facilitates blackmail in two ways: it encrypts important data and/or systems to that organizations can’t function.it exfiltrates data that the criminals can threaten to release that data if they aren’t paid. This means that effective offline backups are no longer sufficient to address the risks caused by ransomware. Clients should take several steps to prepare for the immediate threat. First, they should ensure that their cybersecurity tools have the indicators of compromise for the malware listed in the advisory loaded. Second, they should make sure that those tools have proper visibility across the organization’s network. Third, all software should be fully patched and updated. Clients should consider advising employees to be especially careful around suspicious emails. Some clients may turn off non-essential services over the holiday weekend, such as RDP. Validating back-ups is another important consideration. These steps may reduce the risk for this holiday weekend. Clients should take additional steps to address ransomware more broadly. These steps include developing and testing incident response plans, disaster recovery plans, and business continuity plans. Clients should also take steps to improve their basic cybersecurity posture, including eliminating unneeded software and services, scanning their networks for vulnerabilities, implementing vendor risk management, and increasing employee training. Multi-factor authentication is another critical tool in addressing ransomware, although it is not a magic bullet. Other actions may be advisable depending on a client’s specific circumstances. If you have questions or concerns about ransomware or cybersecurity more generally, we can help you manage your risks and exposure. If you suffer a ransomware incident this weekend, or anytime, we are available to assist you. Connect with our Legal TeaM Stay in the know. Get industry alerts from our legal team. Read More Alerts Client Alert-Labor Day Ransomware Threat The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory concerning an elevated threat of ransomware attacks over the holiday weekend. Neither agency has identified a specific threat but base their warning on historic spikes in ransomware activity over recent holiday weekends. Read More » The Importance of Patch Updates and Validation The release of software patches, even ones patching actively exploited vulnerabilities, is, unfortunately, not news. But we wanted to take this opportunity to remind our clients about some legal issues related to patching. Read More » Vaccines for Federal Contractor Employees – Not Required, But Certainly Encouraged In general, the new safety plans will split government employees, on-site contractors, and visitors into two groups – (1) the fully vaccinated and (2) those not vaccinated or those who refuse to provide proof of vaccination. Unsurprisingly, things are much harder for the second group: Read More » Interested in Connecting with our Legal Team? Contact US The post Client Alert-Labor Day Ransomware Threat appeared first on Centre Law & Consulting. View the full article
  11. GovCon Legal Alerts The Importance of Patch Updates and Validation By: Brandon Graves, Partner, Centre Law & Consulting Share on facebook Share on twitter Share on linkedin Today, Microsoft released patches for 44 security vulnerabilities in Windows and related products. According to Microsoft, at least one of these vulnerabilities is being actively exploited. Organizations that use Microsoft products should patch their software as soon as possible. The release of software patches, even ones patching actively exploited vulnerabilities, is, unfortunately, not news. But we wanted to take this opportunity to remind our clients about some legal issues related to patching. Failing to Patch Creates LiabilityUpdating software is essential to running a modern business. In the past, there was at least some room to debate particular patches due to the possibility that a patch could break legacy software or cause other disruptions. While patch testing and validation is still a critical part of software updates, there is very little tolerance for unpatched software. The Equifax data breach is an excellent case study. On March 8, 2017, the United States Computer Emergency Readiness Team (US-CERT) issued an alert about a newly discovered vulnerability in software that Equifax used to manage its web applications. The next day, Equifax’s computer security team sent an email to 400 employees directing them to update their software within 48 hours in accordance with Equifax’s Patch Management Policy. The next week, Equifax conducted an automated vulnerability scan of its network to ensure that all the relevant software was patched. Unfortunately, the scanner was not configured correctly and missed a web application, called the ACIS Dispute Portal. This portal remained unpatched for more than four months. During these four months, attackers exploited the vulnerability (as well as some other security issues) and stole an enormous amount of personal information, including 145.5 million Social Security Numbers. Ultimately, Equifax agreed to pay between $575 and $700 million dollars in a settlement with the FTC, CFPB, and 50 U.S. states and territories. It is subject to additional litigation, as well as significant harm to its reputation. Due to its privileged status as one of three nationwide consumer reporting agencies, Equifax will survive. Organizations that do not have such a privileged position may not survive such a widespread security failure. There are a number of lessons we can draw from Equifax’s experience. First, an unpatched security vulnerability creates almost strict liability. Second, organizations must have systems in place to patch vulnerabilities, including policies, patch testing, and vulnerability scanners. And finally, Organizations must audit these systems regularly to ensure that they are patching their software appropriately. Outdated Software Should Be RemovedSoftware has a lifecycle, and at some point, that lifecycle ends. Software that has reached its End of Life (EOL) must be replaced or otherwise protected. All software has vulnerabilities, and people will continue to discover those vulnerabilities even after software has reached EOL. What changes at EOL is that the software vendor no longer patches those vulnerabilities. Some legal regimes, such as HIPAA, explicitly address EOL software. But even if an organization isn’t subject to one of those regimes, EOL software is unpatched software and creates the same risks that we saw in the Equifax case study. There are ways to protect EOL software, especially in circumstances where an organization relies on proprietary software with little in the way of commercial replacement. If an organization decides to use EOL software, it must take the appropriate steps to protect that software and understand the risks involved. ConclusionMicrosoft’s recent software update release is an excellent opportunity to validate existing patch management and software update programs. A program failure in these areas can create significant legal liability for companies, and the opportunities for failure abound. If you have any questions about software patching, legal liability, or any related questions, please contact our cybersecurity legal experts at the link below. Connect with our Legal TeaM Stay in the know. Get industry alerts from our legal team. Read More Alerts The Importance of Patch Updates and Validation The release of software patches, even ones patching actively exploited vulnerabilities, is, unfortunately, not news. But we wanted to take this opportunity to remind our clients about some legal issues related to patching. Read More » Vaccines for Federal Contractor Employees – Not Required, But Certainly Encouraged In general, the new safety plans will split government employees, on-site contractors, and visitors into two groups – (1) the fully vaccinated and (2) those not vaccinated or those who refuse to provide proof of vaccination. Unsurprisingly, things are much harder for the second group: Read More » Department of Labor Cybersecurity Guidelines Become Rules Government agencies continue to expand the current patchwork of cybersecurity requirements. On April 14, 2021, the Department of Labor (DOL) released cybersecurity guidance for benefit plan sponsors, plan fiduciaries, record keepers, and plan participants. Read More » Interested in Connecting with our Legal Team? Contact US The post The Importance of Patch Updates and Validation appeared first on Centre Law & Consulting. View the full article
  12. GovCon Legal Alerts Vaccines for Federal Contractor Employees – Not Required, But Certainly Encouraged By: Tyler Freiberger, Associate Attorney, Centre Law & Consulting Share on facebook Share on twitter Share on linkedin “If you want to do business with the federal government, get your workers vaccinated.” While President Biden’s statement on July 29, 2021 appears abundantly clear, the administration’s written direction issued on the same day paints a slightly more nuanced picture for federal contractors. First, the “Agency Model Safety Principles” are instructions for how federal agencies should update their COVID-19 workplace safety plans. They are not legal mandates for private contractors. That said, they will eventually trickle down into the demands agencies make for contractors’ on-site employees. While the requirements are not unexpected, federal contractors should immediately start preparing for how they plan to communicate the requirements to their employees. In general, the new safety plans will split government employees, on-site contractors, and visitors into two groups – (1) the fully vaccinated and (2) those not vaccinated or those who refuse to provide proof of vaccination. Unsurprisingly, things are much harder for the second group: Those Federal employees and onsite contractors who are not fully vaccinated or decline to provide their vaccination status must wear a mask, physically distance, and comply with a weekly or twice-weekly screening testing requirement and are subject to Government-wide restrictions on official travel. In contrast, those that have provided proof of their vaccinations are not subject to any of these requirements, unless they are working in a county considered “high or substantial transmission” by the CDC. If so, then masks may be required. Communicating these requirements to an employee and implementing workplace vaccination policies can bring challenges. Employers should be aware that the Equal Employment Opportunity Commission has stated that employers may mandate the COVID-19 vaccine for on-site employees, subject to civil rights and disability statutes. Similarly, the Department of Justice recently published an opinion stating public and private entities are not prohibited from requiring vaccinations, even if the vaccines have been approved only for emergency use. If you have any questions about the new federal direction or returning employees to work in a COVID world, please contact either David Warner or Tyler Freiberger from our legal team or reach out via the link below. Connect with our Legal TeaM Stay in the know. Get industry alerts from our legal team. Read More Alerts The Importance of Patch Updates and Validation The release of software patches, even ones patching actively exploited vulnerabilities, is, unfortunately, not news. But we wanted to take this opportunity to remind our clients about some legal issues related to patching. Read More » Vaccines for Federal Contractor Employees – Not Required, But Certainly Encouraged In general, the new safety plans will split government employees, on-site contractors, and visitors into two groups – (1) the fully vaccinated and (2) those not vaccinated or those who refuse to provide proof of vaccination. Unsurprisingly, things are much harder for the second group: Read More » Department of Labor Cybersecurity Guidelines Become Rules Government agencies continue to expand the current patchwork of cybersecurity requirements. On April 14, 2021, the Department of Labor (DOL) released cybersecurity guidance for benefit plan sponsors, plan fiduciaries, record keepers, and plan participants. Read More » Interested in Connecting with our Legal Team? Contact US The post Vaccines for Federal Contractor Employees – Not Required, But Certainly Encouraged appeared first on Centre Law & Consulting. View the full article
  13. GovCon Legal Alerts Department of Labor Cybersecurity Guidelines Become Rules Share on facebook Share on twitter Share on linkedin Government agencies continue to expand the current patchwork of cybersecurity requirements. On April 14, 2021, the Department of Labor (DOL) released cybersecurity guidance for benefit plan sponsors, plan fiduciaries, record keepers, and plan participants. Now, there are multiple reports that DOL has included cybersecurity as part of its audits, effectively converting the guidelines to a standard. DOL Cybersecurity GuidanceDOL issued three forms of cybersecurity guidance in April. The first is Online Security Tips, which is targeted at plan participants and beneficiaries. It includes basic steps that individuals can take to safeguard themselves. While it may be helpful to provide the guidance to employees, it is otherwise inapplicable to businesses. The other two forms are applicable to organizations. Tips for Hiring a Service Provider is targeted at plan sponsors and fiduciaries seeking to hire a service provider. Cybersecurity Program Best Practices targets plan fiduciaries and record keepers. Tips for Hiring a Service ProviderTips for Hiring a Service Provider targets plan sponsors and fiduciaries. The beginning of the guidance points to the legal hook: “business owners and fiduciaries . . . responsibilit[y] under ERISA to prudently select and monitory . . . service providers, . . .” This guidance provides high-level instructions on how to conduct vendor risk management. This includes how to evaluate vendors and what terms to include in vendor contracts. It lacks some key concepts found in other guidance documents and regulations, but if DOL intends to use this guidance document as a minimum floor for plan sponsors and fiduciaries, then it provides a decent baseline without being overly burdensome. Plan sponsors and fiduciaries should review their service provider contracts and confirm they contain the appropriate provisions and begin to develop vendor risk assessments prior to retaining new vendors. Cybersecurity Program Best PracticesThe more impactful guidance is Cybersecurity Program Best Practices. This guidance, targeted at plan fiduciaries and record keepers, provides 12 cybersecurity controls that should be implemented. None of these controls are overly burdensome, and some courts have imposed such controls on employers through litigation already. Again, these controls may serve as a floor, although they are more detailed—and so more burdensome—than the vendor risk management guidance. Plan fiduciaries and record keeps should begin reviewing their cybersecurity posture against these controls. They will also want to ensure that their cybersecurity program is developing compliance documentation for auditors to review. DOL Cybersecurity AuditsAlthough DOL issued these documents as guidance, several firms have reported that DOL auditors are examining cybersecurity during scheduled audits. Some of the reported document requests have been extensive. Cybersecurity audits can be a challenge. This is especially true when the agency conducting the audit is just starting to assess cybersecurity, and when the standards are somewhat vague, which are both true for the DOL audits. It is critical for organizations subject to DOL audits to first establish an adequate cybersecurity program and then prepare for a cybersecurity audit. Establishing an adequate program can take months, if not years. This makes DOL’s rapid movement from initial guidance to audit potentially problematic for many organizations. They must establish policies, conduct risk assessments, train their workforce, and upgrade their IT and security infrastructure. Preparing for an audit can take time, as well. Organizations must ensure all paperwork is gathered and up to date, they must train interview subjects, and they may have to seek documents from service providers for work they outsource. If You Need AssistanceWe can help you develop a cybersecurity program, assess your current compliance, or prepare for an audit. We offer flat fee options for some of the specific requirements, such as risk assessments. We also offer assistance on a broad range of labor and employment matters, including the other targets of DOL audits. If you have any questions about this alert or any of the services we offer, please reach out to our legal team below. Connect with our Legal TeaM Stay in the know. Get industry alerts from our legal team. Read Other Alerts Department of Labor Cybersecurity Guidelines Become Rules Government agencies continue to expand the current patchwork of cybersecurity requirements. On April 14, 2021, the Department of Labor (DOL) released cybersecurity guidance for benefit plan sponsors, plan fiduciaries, record keepers, and plan participants. Read More » August 25, 2021 Interested in Connecting with our Legal Team? Contact US The post Department of Labor Cybersecurity Guidelines Become Rules appeared first on Centre Law & Consulting. View the full article
  14. GovCon Legal Alerts Don't miss the latest news & developments in government contracting. Get timely alerts from our legal team. Recent Alerts Department of Labor Cybersecurity Guidelines Become Rules Government agencies continue to expand the current patchwork of cybersecurity requirements. On April 14, 2021, the Department of Labor (DOL) released cybersecurity guidance for benefit plan sponsors, plan fiduciaries, record keepers, and plan participants. Read More » Shape Interested in Connecting with our Legal Team? Contact US The post GovCon Alerts appeared first on Centre Law & Consulting. View the full article
  15. GSA Alerts GSA Interim Rule to Implement the Secure Federal Leases from Espionage and Suspicious Entanglements Act Share on facebook Share on twitter Share on linkedin The Secure Federal Leases from Espionage and Suspicious Entanglements Act is a bipartisan bill signed into law late last year. The bill was introduced by Sens. Gary Peters, D-Mich., and Rob Portman, R-Ohio, after the findings from a 2017 report. The GAO found the GSA had leased high-security spaces from foreign owners in 20 buildings, including six FBI field offices. Some of the spaces hosted classified operations, were used for evidence storage, and housed sensitive data. Most of the federal tenants were unaware of the foreign ownership of the physical space used for the operation of sensitive activities. Of the GSA active leases for high-security facilities, the GAO was unable to identify the ownership for one-third of the locations. The law requires the disclosure of immediate and highest-level foreign ownership of facilities leased to the government. It also mandates lease language that would restrict property owners’ physical access to high-security spaces. The bill requires the GSA to identify any foreign owners of “high-security spaces” — properties with a security level of three or higher — as well as any foreigners who benefit from partial ownership of the properties. To implement provisions of the Secure Federal Leases from Espionage and Suspicious Entanglements Act, the General Services Administration unveiled an interim rule (that went into effect on Wednesday June 30, 2021), requiring the “immediate owners” of high-security space rented to the federal government to disclose foreign ownership. According to the interim rule, the GSA holds approximately 1,263 leases for high-security spaces as of June 2021, that fall under the Secure Federal Leases from Espionage and Suspicious Entanglements Act. The interim rule does not address provisions of the Secure Federal Leases Act requiring the disclosure of foreign “beneficial owners,” that is, individuals who exercise direct or indirect control over, or have economic interests in high-security spaces through “any contract, arrangement, understanding, relationship, or otherwise.” The GSA has stated this will be addressed in the future, and that the GSA is seeking some form of electronic means to implement the Federal Secure Leases Act. The GSA seeks public comments on the potential impact of the Thursday rule on federal lessors. “Comments are welcome on foreign ownership, including beneficial ownership, with the understanding that such comments may help inform a future regulatory action,” the GSA said. Have questions about the Interim Rule? Don’t hesitate to contact Centre. Stay in the know. Get industry alerts from our GSA Consulting Team. See More GSA Alerts GSA Interim Rule to Implement the Secure Federal Leases from Espionage and Suspicious Entanglements Act General Services Administration unveiled an interim rule on June 30, 2021, requiring the “immediate owners” of high-security space rented to the federal government to disclose foreign ownership. Read More » July 12, 2021 GSA Extends Moratorium on $25k minimum sales criteria through 9/30/2021 GSA extends moratorium on the enforcement of the minimum sales requirements of FAS clause I-FSS-639, Contract Sales Criteria, to September 30, 2021 Read More » July 12, 2021 Verified Products Portal (VPP) Implementation GSA develops the Verified Products Portal (VPP), for manufacturers and wholesalers to provide product content for commercial off-the-shelf (COTS) products. Read More » July 12, 2021 Interested in Connecting with our GSA or Legal Practice? Contact US The post GSA Interim Rule to Implement the Secure Federal Leases from Espionage and Suspicious Entanglements Act appeared first on Centre Law & Consulting. View the full article
×
×
  • Create New...