Search the Community
Showing results for tags 'dfars'.
Found 3 results
I am an Army Contracting Officer in charge of the source selection for the production of an Army system. Since it always looks good for the program management folks to reach out to the other services (demonstrates you understand the “big picture”), this has occurred. In this case, the USMC wants to “be part of the procurement.” On the contracting side, it has always been our position to attempt to accommodate where it makes sense and when it does not jeopardize our core objective of meeting the Army mission. Now in the current situation, the participation of the USMC is considerable. Their desired portion/impact has the following characteristics: (1) They would be getting about 55% of the produced systems; (2) They would be providing about 55% of the funding; (3) About 20% of the specifications are not shared between the Army and USMC, so the USMC systems would require adjustment; & (4) A small but critical portion of the USMC systems would require a major configuration change. Some other important factors: The Army has based its decision to move ahead with this acquisition based on the system being COTS or an NDI. This is not a designated joint program and there is no formal agreement between the Army and USMC (no MOA exists). There is also a question as to whether the major system configuration change desired by the USMC falls under COTS or NDI. As an Army contracting officer, I want to do the right thing and best serve the Warfighter (which includes marines). We are very much encouraged to do this. Alternatively, this is not just adding on a few extra systems for the USMC; this is slightly over half of the procurement. I (we) have already sketched out numerous legal/ regulatory pitfalls, etc., but I do not want to influence anyone. What does everyone think about this? What are some ideas on how to best resolve?
Regarding the Department of Defense's new cyber security rule (DFARS 252.204-7008 and -7012), does anyone have any experience submitting a notice to the DoD's Chief Information Officer of any of the prescribed information security standards that your company has not yet implemented? The provisions most relevant to my question are summarized below: 252.204-7008(b) - requires that the security requirements in 204-7012 for all "covered defense information" shall be incorporated into the contract. Those security standards, in turn, implement the standards in NIST SP 800-171. 252.204-7008(c) - requires that by submitting a bid for a DoD contract, the offeror represents that it will implement all security requirements required in 204-7012 no later than 12/31/2017. 252.204-7012(b)(2)(ii)(A) - requires that, for all contracts awarded prior to 10/1/2017, the contractor must notify the DoD's CIO within 30 days of contract award of any of the NIST 800-171 security standards that are/were not implemented at the time of contract award. Does anyone have any experience making this 30-day notice to the DoD CIO? DoD guidance says that the purpose of this notice requirement is solely to give the agency general information on where contractors are in implementing the standards, but I'm somewhat skeptical that this is an "informational only" type of requirement. If anyone has made such a report, I would be curious to hear what DoD said in response and generally how that process went for you.
I would be interested if anyone saw this proposed rule when posted and commented as to it potential impact on the Prime and Subcontractor reporting needs. For one I think it lacks a defined definition of "services" and when I reviewed the CMRA website it would appear that subcontractors would have to have registered within SAM in order to report, which I think brings another issue into account as many "subs" don't want to be primes and as such do not wish to be registered in various government databases. https://www.federalregister.gov/articles/2014/06/05/2014-12810/defense-federal-acquisition-regulation-supplement-service-contract-reporting-dfars-case-2012-d051 Any thoughts on what this may do to the reporting burden of an already burdensome environment for contractors? For reference: CMRA website - https://afcmra.hqda.pentagon.mil