Updating Govt Cloud Security

Cloud vendors will soon see standardized security liability language in all government contracts. This is partly due to agencies’ migration to the cloud being sped up once the pandemic hit and increased teleworking, making the need for cybersecurity assurances essential. (Nextgov, May 20, 2020)

Thomas Santucci, the director of the Data Center and Cloud Optimization Infrastructure Program Management Office at GSA, recently elaborated on the subject, “I think there is a need to update our [service level agreements] with the cloud providers and we’re actively working on that within [the General Services Administration]…. OMB has just stood up a [program management office] to work on a cloud SLA template for the federal government to be attached to every contract.” (ibid)

When referring to the pandemic, Santucci said, “Users are now remote rather than in a central building or campus. Agencies that are doing well are mostly in the cloud with little or no impact. Remote users do not need a [virtual private network] to gain access to their emails or files, collaboration products have significantly reduced file duplicates, and bandwidth consumption is between the home internet connection and the cloud. It’s a great success story.” (ibid)

Officials at the National Institute of Standards and Technology (NIST) believe moving to the cloud does not mean security is a “one and done” feature. There are many considerations that customers may be responsible for under contracts. Increased use of cloud services is not 100 percent secure.

Rep. Doris Matsui, D-California recently wrote to NIST Director Walter Copan, requesting NIST work to establish metrics to accompany their Cybersecurity Framework. The framework allows entities to implement security controls based on their needs. Matsui’s letter to Copan asked for ways to evaluate the security implications of those decisions. Matsui states, “with quantifiable measurement tools, cybersecurity strategies can be compared across industries and between entities. Metrics and measurements that facilitate comparisons and assess risk will be valuable for consumers, companies, and governments.” (ibid)

Wondering how your contract or upcoming proposal might be impacted by cloud migration and updated service level agreements? Give us a call.

CARES Funds Available For Contractors

The Office of Management and Budget (OMB) recently published a supplement to Section 3610 of the CARES Act that allows contractors sick or paid time-off during the national emergency if contractors are not able to access their worksites or telework. (Government Executive, April 17, 2020)

At this time, maximizing telework is advised; however, many contractor jobs involve sensitive and/or classified work, making telework not feasible. Trade associations realized this pretty quickly and asked for additional clarification of the Act. For these specific contractors, agencies are allowed to “modify the terms and conditions of a contract, or other agreement to reimburse at the minimum applicable contract billing rates up to an average of 40 hours per week for any paid leave (including sick leave) a contractor provides to keep its employees or subcontractors in a ready state.”

In addition to the paid leave/sick leave clarification, the updated guidance allows agencies to reimburse contractors from the 27 March (when the CARE Act was signed) through 30 September 2020. The original bill did not include a start date. (ibid)

OMB, via the Office of Federal Procurement Policy, developed a guide to assist agencies when working with contractors to ensure the correct documentation is submitted for proper reimbursement. (ibid)

Don’t know where to start the process of getting paid during this national emergency? Give us a call.

 

 

 

Government Contractor Aid

A recent study conducted by the National Defense Industrial Association (NDIA) found that over half of small business government contractors are losing money due to a reduction in billable hours as a direct result of stay-at-home orders. To assist, the DoD is adjusting approximately 1,500 contracts to aid with cash flow for those contractors suffering financial strain. (Federal News Network, March 30, 2020)

The Defense Contract Management Agency is administering a mass modification to increase the amount of money allowed to pay vendors who have not finished their work under their current contracts. These “progress payments” will be increased to 95 percent for small companies and 90 percent for large companies. (ibid)

Additionally, provisions for contractors that cannot telework due to the nature of their work were signed into law on 27 March 27 2020 under the Coronavirus Aid, Relief and Economic Security Act, aimed at supporting individuals and businesses struggling with the economic downturn,  as a result of the pandemic. (Government Executive, March 31, 2020)

For some contractors, agencies may “modify the terms and conditions of a contract or other agreement” to reimburse at the minimum applicable contract billing rates” up to an “average of 40 hours per week for any paid leave a contractor provides to keep its employees or subcontractors in a ready state” as stated under the Act. (ibid)

The National Defense Industrial Association and the Professional Services Council both commend the act. During the pandemic, the Act will assist in ensuring contractors are part of the economic relief efforts and kept in a ready state. The legislation runs through the end of the fiscal year, 30 September 2020.

Questions about your minimum billing rates or how to obtain reimbursement? Give us a call.

More COVID-19 Guidance

Last week the Office of Management and Budget (OMB) updated its agency guidance for federal contractors, as a response to the COVID-19 pandemic. The three main takeaways are:

  • Agencies are encouraged to work with their contractors to allow for the maximization of telework.
  • Agencies must be flexible providing extensions to performance dates if working virtually isn’t possible or if a contractor must quarantine. Agencies should also weigh whether to keep key personnel in a mobile-ready state for national security measures.
  • Agencies are urged to leverage the special emergency procurement authorized in connection with the emergency declaration under the “Stafford Act”. These include increases to: the micro-purchase threshold; the simplified acquisition threshold; and the threshold for using simplified procedures for certain commercial items. These are designed to reduce discord for contractors, especially small businesses, allowing for a more rapid response to the increasing demands agencies face. (Nextgov, March 22, 2020)

The agency guidance comes after trade groups and lawmakers strongly voiced the need for contractor guidance. The updated guidance includes a section of frequently asked questions, including contractor exposure to COVID-19. (ibid)

OMB also issued technology guidance for use during the COVID-19 national emergency. The technology guidance also includes a FAQ section, with steps to ensure IT and cybersecurity measures are met while working remotely. It urges agencies to continue updating their websites to enable public access to government services.

Need some help figuring out OMBs agency guidance for contractors? Give us a call.

Telework, the New (Temporary?) Norm

In a recent letter to her contracting staff, Soraya Correa, Homeland Security’s chief procurement officer, asked her contracting staff to stay apprised of the outbreak of COVID-19, before taking any trips. She is relying on the honor system for employees who must take trips to “affected areas, to contact their managers prior to their return to discuss possible telework or leave options.” Also, if they’ve been in close contact with a person “known to have COVID-19” or if airport screeners told them to self-quarantine after returning from overseas travel. Correa went on to say, “if contract performance is affected due to the COVID-19 situation, such as the need for alternate work locations, or travel or schedule changes, the contracting officer is the authority to discuss this with your company.” (FCW, March 9, 2020)

A spokesman for the Professional Services Council expects adjustments of this nature to be the new normal. He expects alternatives to how and where contracting personnel work, with programs necessitating a high level of security being prioritized. (ibid)

Federal agencies are already beginning to shake things up. One example is a recent notice on beta.SAM.gov, where the Department of Defense suggested that attendees of its National Cyber Range Complex Event Planning, Operations, and Support contracting meeting in Florida next week, have alternates at the ready. The notice also mentioned staying tuned in, as the outbreak could cancel the event. (ibid)

Need help determining if your contract may be at risk due to travel/work restrictions as a result of the virus outbreak ? Give us a call.