Search the Community
Showing results for tags 'reporting'.
Found 3 results
Company needs to report a cyber security incident under DFARS 252.204-7011. Reporting is required within 72 hours. I have two questions: Are there penalties or other adverse consequences for late reporting? Before the Company can report, an employee must obtain a DoD-approved medium assurance certificate and this appears to take a couple days. That is a significant delay when you're sprinting toward a 72-hours deadline. Do most companies sign up for this certificate in advance? I did not see reference to it in the NIST SP 800-171. Thanks in advance for any insight! Best, Nena
Hi All, I've just received a mod to an existing contract that adds a requirement for Contractor Manpower Reporting to a DOD contract that is being administered by a non-DOD agency. The language in the mod states that the reporting will be done at no additional cost to the Government. However, my recollection of doing this type of reporting is that it can be fairly burdensome. I also recall that it was a direct charge to the contract. My questions are: 1. As this is a CPFF contract, should the costs incurred for doing the reporting be captured as direct labor or indirect labor? 2. If the costs should be captured as indirect labor, would the language prohibiting the reporting from being charged to the Government make it an unallowable cost? Thanks!
Our SBA just notified us that: "If the contract is modified and the dollar value goes up or down the subcontracting plan goals need to be renegotiate to reflect the dollar change and the percentages that may be effected do the change. This will also be reflected in the eSRS reports." This doesn't make sense to me. My interpretation of FAR 19.705-2 and 19.702 leads me to believe that it must meet a certain dollar threshold and subcontract opportunites must exist. That means we would be negotiating the SB goal dollars on a $3k mod. Background on our contract, $232M CPIF. Am I missing something or is the SBA right?