Jump to content

Search the Community

Showing results for tags 'software'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Instructions and Terms of Use
    • Terms Of Use
    • Before You Register, Before You Post, Instructions for Writing Your Question
  • Contracting Forum
    • What Happened?
    • Polls
    • For Beginners Only
    • About The Regulations
    • COVID-19 And Its Effect on Contracting
    • Contracting Workforce
    • The Good, The Bad, the Ugly
    • Recommended Reading
    • Contract Award Process
    • Contract Pricing Including CAS & Allowable Costs
    • Contract Administration
    • Schedules, GWACS, MACs, IDIQs
    • Subcontracts & Subcontract Management
    • Small Business, Socioeconomic Programs
    • Proposed Law & Regulations; Legal Decisions

Blogs

  • The Wifcon Blog
  • Don Mansfield's Blog
  • Government Contracts Blog
  • Government Contracts Insights
  • Emptor Cautus' Blog
  • SmallGovCon.com
  • The Contractor's Perspective
  • Government Contracts Legal Forum
  • NIH NITAAC Blog
  • NIH NITAAC Blog

Product Groups

There are no results to display.

Categories

  • Rules & Tools
  • Legal Opinions
  • News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 10 results

  1. Late last year, the United States Office of Management and Budget (OMB) published a memorandum, M-22-18, that required federal agencies to comply with the guidelines regarding ensuring the safety and integrity of third-party software on federal information technology systems. This memorandum applied to the use of firmware, operating systems, applications, cloud-based software and general software. The memo requires federal agencies to comply with the National Institute of Standards and Technology (NIST) guidance, as detailed in President Biden’s cybersecurity Executive Order 14028, and stipulated that agencies “only use software provided by software producers who can attest to complying with the Government-specified secure software development practices, as described in the NIST Guidance.” The memo instructed agencies to collect a standardized self-attestation form from all software contractors before deploying their products. Initially, each agency will identify the software and collect the self-attestations forms. The end goal is to create a government-wide central repository of all software-related information, to shore up any cybersecurity vulnerabilities. I wanted to provide you with a brief update on where the NIH Information Technology Acquisition and Assessment Center (NITAAC) is in the self-attestation process and make you aware of some key dates that will impact your company. NITAAC is working with the OMB to determine the formal agency posture on this matter. We also are working to finetune the process for our communications requirements, as it relates to collecting the self-attestation forms. In the meantime, contractors should be aware of the following key dates: June 11, 2023: NITAAC deadline to collect self-attestation forms from critical software providers. September 14, 2023: NITAAC deadline to collect the forms from all software providers on the NITAAC networks. TBD: If needed, NITAAC will request a software bill of materials or other artifact(s) that demonstrate conformance with secure software development practices. You will hear more from NITAAC as we get additional clarity, however, I wanted you to know you are not in this alone. I understand that this request presents several challenges on your end, in terms of staffing and the additional labor required to conduct and submit the self-attestations. We face those same challenges at NITAAC. One of the biggest obstacles being faced on the federal level is that of time. The reality is that the government likely will not be able to produce and distribute the attestation forms in a timely manner. Unfortunately, if we cannot do so, this administrative burden will fall upon our contract holders, as you will then need to develop your own forms. I can’t promise that this process will be smooth, as there are several variables at play, but what I can promise is that we will be as transparent as possible and will make it our business to provide you with timely and relevant updates. I value our partnership and look forward to attesting the safety, integrity and security of all the software our contract holders provide to the federal government. This will become just one more example of the high-quality, best in class service agencies can expect from the NITAAC Contract Holders. We will discuss this further on our next Contact Holders’ call. To read the Executive Order, visit https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity. To learn more about the OMB Memo, visit https://www.whitehouse.gov/wp-content/uploads/2022/09/M-22-18.pdf.
  2. WIFCON community, My team is in the second phase of a product specifically built for 1102s (Contract Specialists and Contract Officers), to help them efficiently identify rules/regulations/etc. that address questions that come up during their work, including: procurement of supplies, services, construction, or research & development evaluation of contract price proposals, and the administration or termination and close out of contracts. While designing this tool, we've found it challenging to find & run our prototypes by folks whose job it is to reference the FAR and its supplements, or other rules/regulations which might apply. This has led to some guesswork on our end. We want to minimize that guesswork, so our tool would actually meet the needs of 1102s (starting with our current customer). Some examples of invaluable insights I'm looking for (from Contract Specialists and Officers) include: what tools they use right now, and how effective they are (if at all) challenges posed by current duties that a tool like this could address how they'd use this tool — what queries would they make give feedback on prototypes If you are interested in helping, please reply below, or reach out to me directly. Otherwise, I’ll be posting some polls in the coming days & weeks. We’d appreciate any insights you can provide. Thanks a million! Dave Marsee Senior UX Designer ARiA (Applied Research in Acoustics) Dave -dot- Marsee -at- ariacoustics -dot- com
  3. So our IT guys have set up an “incubation lab”. This will allow them to play with potential tools already available commercially, and see what breaks (of their stuff or ours) and what we like. Or to consider whether we can justify building it ourselves, as opposed to buying it. Now they want to do something like this— Release a single solicitation Make (basically) identical awards to, say, 4 companies. With option years. and 3 stages. Potential XXX gazillion dollars for each award. Initial period, for EVALUATION IN OUR ENVIRONMENT (XXX thousand dollars, a few months) Follow on for FURTHER DEMONSTRATION OF FURTHER CAPABILITIES (significantly more money. More months) And then IMPLEMENTATION (Potential XXX gazillion dollars for each award, up to 4 additional years.) Fleshed out a bit-- Initial period, for EVALUATION IN OUR ENVIRONMENT Each company will come in and show off, and let us play with their toys for a few months. We will pay for their expenses. Follow on for DEMONSTRATION OF FURTHER CAPABILITIES If we like Company A and B, we can exercise an option to have JUST THOSE companies come in for more playtime. Again, paid, but more money, and a longer time. BUT the same options for companies C&D are NOT exercised. But these are options, so those companies cannot object. (as opposed to a new award) After whatever time it takes, we decide we like company A more, because it is “friendlier” (note: not a defensible argument for sole source, but often what I am given) For IMPLEMENTATION we exercise options with COMPANY A only. And company B cannot object, because those are OPTIONS. Have you come across anything like this? Any pros or cons leap out? NOTE: We do NOT have any of those special OTHER TRANSACTIONAL AUTHORITIES that some other agencies have been given. Just vanilla civilian agency FAR. NOTE: We have looked at and rejected the USDS 8(a) Digital Service Initiative for “Select the Tech”, https://techfarhub.cio.gov/initiatives/8a/. While this may be a great thing for smaller agencies, our guys want to do the eval themselves.
  4. I recently inherited a software maintenance contract which includes FFP service maintenance and Cost Reimbursable Travel and ODCs. The contract was awarded with the need to move the software to a cloud environment. The technical POC has determined a viable cloud computing company that is able to support the software and requested that I add the company’s monthly subscription fee to the contract as an ODC. The technical POC indicated that they assumed the costs would be handled as an ODC and they estimated it as such when they prepared their IGCE. What’s the best way for me to add the software subscription to the contract? I do not like the idea of adding the subscription as an ODC since its not a typical ODC expense and it seems odd to pay for a commercial software subscription on a cost reimbursable basis. I’m considering modifying the contract to add a new Software CLIN which we could fund the subscription. I’m also wondering if I should modify the contract at all because maybe the software subscription should be handled as a subcontract to the prime? Any input is greatly appreciated.
  5. My company produces a commercial item that it will supply to the DoD through its Prime Contractor as a first tier sub. As, we will make slight modifications to our item for the purposes of integration into the Prime's product for sale to the government, the Prime Contractor wants to negotiate rights to technical data, specifically asking for exclusivity "on behalf of the government" that we will not further market the item. I have asked the Prime if the government has specifically requested exclusivity. I didn't get a straight answer (a we want to protect the govts rights) but I assume as I did when the request was made that the answer is no. Prime confirmed that the modification is being funded under the USG contract and not by their own R&D. It seems to me that the push for exclusivity is coming from the Prime and not from the government. Either way I have a few questions: 1. If I'm understanding things correctly, we can grant to the government standard commercial rights under DFARS 252.227-7015 for our existing IP and government purpose rights under 252.227-7013. Is my assumption correct? 2. I believe that as the modification is minor, does not significantly alter the nongovernmental function or essential physical characteristic of the item or change the purpose of the process and therefore does not affect the commerciality of our product? 3. If commerciality is in tact can I assert -7015 rights for the entire product? (I don't think so. But if we can...) 4. We will grant the prime a limited use license for fulfillment of the requirements under the existing government contract. Any suggestions on language for this clause? 5. Are we required to assert data rights for our commercial IP? I'm not finding a requirement to do so but think it may be a good idea to eliminate confusion. Thoughts?
  6. Can a federal agency buy, not just obtain a license, but buy outright, a contractor's commercial computer software? Say that software was developed 100% at private expense by the contractor. Say that agency wants to obtain the SOURCE CODE to that commercial computer software, and hopes to provide it to offerors on the recompete.
  7. Hi, An agency is interested in evaluating a COTS software package from a vendor for a defined period of time, for no cost ($0). The vendor will supply an evaluation software license agreement covering the use of the software during the evaluation period. Is this considered an acquistion and does it fall under the guidance of the FAR? Any feedback would be greatly appreciated! Thanks!
  8. The FAR and DFARS clauses for copyright and patent do not expressly address the scenario where the government agency desires to retain ownership of the software developed during the performance of a contract for software development. The FAR and DFARS clauses seem to say, if a contractor is paid to develop software during the life a government contract, at the expiration of the contract, the contractor has ownership or title to the software developed at government expense/funding, but the government gets the right to use the software/data produced ("unlimited data rights"). So my question is, is there any way to lawfully structure a government contract to ensure that the government gets ownership, not just a license, to the data produced, software developed, and the source code, at the end of a contract? How would all this be harmonized with the FAR and DFARS clauses? Would this involve seeking an individual deviation from the FAR and DFARS? There was a similar discussion on Government Data Rights in Wifcon at this link, but I want to expand on it further: http://www.wifcon.com/discussion/index.php?/topic/1337-government-data-rights/page__hl__copyright
  9. The idea behind this topic is to consolidate ideas somebody (I "volunteer" Vern Edwards! LOL!!! ) could pass up the chain so we could get better contract-writing software. I use PD2 and considered it a lot better than a typewriter and almost as good as MSWord... so, my suggestions: - CCR synchronization SHOULD mean no local database maintenance. - The user should have more control of how the final document looks like: - User-defined CLIN templates (set up how the CLIN will actually look to the public. i.e. where the description is placed, an underline for the offeror to input the unit and total prices, space between CLINs, etc.) - Improved ability to drag-and-drop items. - Clause Matrix – allow the ability to accept, discard, and change clauses/provisions after using it. - Ability to modify coordination with resource management (RM) software (PD2 is not talking well with Army RM). Any more ideas for the upcoming "new and improved" contract-writing software?
  10. From the VA Handbook 6500.6: "d. Custom software development and outsourced operations must be located in the U.S. to the maximum extent practical. If such services are proposed to be performed abroad and are not disallowed by other VA policy or mandates, the contractor/subcontractor must state where all non-U.S. services are provided and detail a security plan, deemed to be acceptable by VA, specifically to address mitigation of the resulting problems of communication, control, data protection, and so forth. Location within the U.S. may be an evaluation factor." Does anyone know of any federal policies or VA policy/mandates that would prohibit software development OCONUS? Thanks, Prezmil2020
×
×
  • Create New...