In an article published by Law360, we examined a report issued by the U.S. Department of Defense (DoD) Inspector General on July 23, which summarizes the findings of an audit into the protection of controlled unclassified information (CUI) on contractor networks.

The DoD reviewed nine contractors’ information systems and revealed some deficiencies that do not meet the standards set forth in National Institute of Standards and Technology (NIST) Special Publication 800-171. The exposed deficiencies include: not mitigating vulnerabilities on their networks and systems, not scanning their network for vulnerabilities, not mitigating high vulnerabilities identified in the contractor’s management programs and more.


Continue Reading

The Department of Defense (DoD) Inspector General recently issued a report summarizing the findings of an audit into the protection of Controlled Unclassified Information (CUI) on contractor networks.  Based on an in-depth review into nine contractors, the audit uncovered some common practices that fall short of meeting the standards set forth in NIST SP 800-171, which contractors are obligated to follow under DFARS 252.204-7012.

Shortcomings Discovered in DoD Audit

These common lapses include the following, among others:

  • Inconsistent tracking of cybersecurity threats
  • Failure to consistently mitigate network vulnerabilities
  • Uneven use of strong passwords
  • Inconsistent use of multifactor identification


Continue Reading

At the end of June, the U.S. Supreme Court issued an important Freedom of Information Act (FOIA) decision that decreases the burden on contractors seeking to protect confidential information.  As most contractors are aware, FOIA requires that, upon request, the government disclose information in its possession, unless an exemption applies.  This presents a significant risk for contractors as they regularly provide highly sensitive information to the government in the course of obtaining or performing federal contracts and grants.

Fortunately, that type of information falls within the scope of the exemption at 5 U.S.C. 552(b)(4) (Exemption 4), which shields from disclosure “trade secrets and commercial or financial information obtained from a person and privileged or confidential.”  After receiving notice that a party is seeking the public release of such information, in order to protect it, contractors previously had to demonstrate that the information was customarily kept private and that the government agreed, implicitly or expressly, to treat it as confidential.


Continue Reading

Bass, Berry & Sims attorneys Todd Overman and Sylvia Yi will be presenting on key government contracting issues for small businesses.

We are excited to be presenting on key government contracting issues for small businesses on July 17, 2019 at The Tower at Peabody Place in Memphis, Tennessee. The presentation, titled, “Government Contracting Law Overview,” will discuss the pros and cons of business entity types, requirements of the SBA’s All Small Mentor Protégé Program, protecting partnerships

Bass, Berry & Sims attorney Richard Arnholt provided insight into delays to the procurement timeline in the Department of Defense’s (DoD) important $10 billion "JEDI" cloud procurement due to pending and potential protests.I recently provided insight into delays to the procurement timeline in the Department of Defense’s (DoD) important $10 billion “JEDI” cloud procurement due to pending and potential protests.

In a recent court filing, DoD said it would not award the contract until at least July 19, but the resolution of Oracle’s pending suit, as well as other potential related actions, may push the award and implementation dates out past this summer.


Continue Reading

I am excited to be presenting, “Realizing the Desired Reward on Exit,” at the National Defense Industrial Association (NDIA) New England Chapter’s Getting Your Government Contract Business from Spring to Summer event on May 22, 2019 in Burlington, Massachusetts.

This advanced workshop will provide benefit across the spectrum from firms providing services to the federal

In an article published on April 9, 2019 in CO—, a new digital platform by the U.S. Chamber of Commerce, I provided insight on the process of securing federal contracts for small businesses.

Once a business has searched for contracting opportunities and has completed all the necessary registration requirements, it can begin bidding on contracts. Though before bidding, it is important that the company can handle the job the contract requires and that it can meet all of the regulatory requirements – otherwise the contract could ultimately be terminated. “Don’t overpromise in your technical proposal, that becomes part of your contract and you’re going to have to deliver to those technical specs,” I explained.

Additionally, the proposal should include pricing information and according to Todd, the company will want to be realistic and not overcharge while also keeping in mind that the government sometimes chooses the best value over the lowest price.


Continue Reading