POPULARITY
In this Contracting Conversations episode, Christina Jalbert, DAU's Learning Asset Manager for CON 7130, "Introduction to Profit or Fee Analysis," and CON 7170V, "Analyzing Profit or Fee." She discusses the importance of understanding profit or fee analysis in acquisition roles, emphasizing the subjective nature of these determinations and the need for professionals to grasp the DFARS criteria. Christina explains the structure and objectives of both courses, highlighting the interactive learning experiences and the significance of incorporating industry perspectives. Tune in to learn how these courses can benefit acquisition professionals and enhance their understanding of profit or fee analysis. Available on DAU Media, Apple Podcasts, and YouTube. If you enjoy our content, please hit the like button to support us! If you are watching this video on DAU Media, but rather watch on YouTube, go to https://www.youtube.com/channel/UCbF8yqm-r_M5czw5teb0PsA Apple Podcast: https://podcasts.apple.com/us/podcast/contracting-conversations/id1621567225
CMMC and DFARS compliance is hard - especially in the cloud.Got AWS? They've given you tools that make compliance much easier!In this episode, I sit down with Travis Goldbach from Amazon Web Services (AWS) to break down the solutions AWS has created to simplify CMMC and DFARS compliance.
In this episode of Contracting Conversations, hosts Scott Williams and Jim Valley are joined by Kelley Kiernan, a cybersecurity expert from DAU, for the third segment of their podcast series. They discuss the importance of cybersecurity in protecting DoD data, the FAR and DFARS clauses, and the tools available to contracting teams. Kelley provides a recap of the previous episodes and outlines a plan for 2025, emphasizing the need for cybersecurity controls and the role of contracting officers in verifying these controls. The episode also covers the upcoming CMMC program and its impact on DoD contracts, as well as the importance of supply chain risk management. Tune in to learn more about the latest developments in cybersecurity for contracting teams.Defense Contract Management Agency, Defense Industrial Base Cybersecurity Assessment Center DCMA DIBCAC https://www.dcma.mil/DIBCAC/ An email to ask CMMC questions (Scroll to CONTACT INFORMATION) https://www.dcma.mil/DIBCAC/ DoD's CMMC Program https://dodcio.defense.gov/CMMC/DFARS 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting” https://www.acquisition.gov/dfars/252.204-7012-safeguarding-covered-defense-information-and-cyber-in....Recap of the September 2022 Cyber AB Town Hall event https://www.linkedin.com/pulse/cyber-ab-town-hall-key-takeaways-introducing-caico-other-/DoD CMMC Program Briefing on January 15 www.dau.edu/events DoD Inspector General Report on CUI Protection https://media.defense.gov/2024/Mar/11/2003410405/-1/-1/1/DODIG-2024-031_REVISED%20SECURE.PDF DOD Controlled Unclassified Information program www.dodcui.milDAU Cyber Solutions Supply Chain Risk Management in Contracts event recording https://www.dau.edu/events/dau-cyber-solutions-primer-supply-chain-risk-management-scrm-and-dod-cont... DAU Cyber Solutions Webinars (look on the calendar for the next event) www.dau.edu/events WSS 001 Cybersecurity and Acquisition Integration https://www.dau.edu/courses/wss-001 CLE 074 Cybersecurity Throughout DoD Acquisition https://www.dau.edu/courses/cle-074 DAU Mission Assistance www.dau.edu/mission-assistance DAU Cybersecurity Offerings www.dau.edu/cybersecuritySubscribe to our YouTube channel: https://www.youtube.com/channel/UCbF8yqm-r_M5czw5teb0PsAApple Podcasts: https://podcasts.apple.com/us/podcast/contracting-conversations/id1621567225
Welcome to Contracting Conversations with hosts Jim Valley and Scott Williams. In this episode, cybersecurity expert Kelley Kiernan joins to discuss the critical role of contracting teams in safeguarding against cyber threats. Kelley, DAU's Cyber Security expert, shares insights on FAR and DFARS requirements, the risks to the DoD enterprise, and practical steps for contractors. Topics include the cyber kill chain, essential security controls, CMMC, and the importance of protecting sensitive government data. Learn about the latest DOD instructions, the impact of cyber incidents, and how to ensure compliance and enhance cybersecurity measures. Tune in to stay informed and protect your contracts.Video explaining the Cyber Kill Chain on DoD Contractors: https://cdnapisec.kaltura.com/index.php/extwidget/preview/partner_id/2203981/uiconf_id/39997971/entry_id/1_383l2nnj/embed/dynamic FAR 52.204-21 “Basic Safeguarding of Covered Contractor Information Systems” https://www.acquisition.gov/far/52.204-21 DFARS 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting” https://www.acquisition.gov/dfars/252.204-7012-safeguarding-covered-defense-information-and-cyber-incident-reporting. DoD's CMMC Program https://dodcio.defense.gov/CMMC/ FCI and CUI – What is the difference? https://isoo.blogs.archives.gov/2020/06/19/%e2%80%8bfci-and-cui-what-is-the-difference/#:~:text=Federal%20contract%20information Controlled Unclassified Information (CUI) Definitions www.dodcui.milDoD Cyber Crime Center: Cyber Incident Reporting Instructions https://dibnet.dod.mil DoD INSTRUCTION 5200.48 “Controlled Unclassified Information (CUI)” https://www.dodcui.mil/Portals/109/Documents/Policy%20Docs/DoDI%205200.48%20CUI.pdf DoD INSTRUCTION 5230.24 “Distribution Statements on DoD Technical Information” https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/523024p.pdf?ver=JiZUVfNZrPKmcRMim_UnHg%3d%3d DoD Small Business Innovation Research Program https://www.dodsbirsttr.mil/submissions/login DoD Inspector General Report on CUI Protection https://media.defense.gov/2024/Mar/11/2003410405/-1/-1/1/DODIG-2024-031_REVISED%20SECURE.PDF DAU Mission Assistance www.dau.edu/mission-assistance DAU Cyber Solutions Webinars (look on the calendar for the next event) www.dau.edu/eventsSubscribe to our YouTube channel: https://www.youtube.com/channel/UCbF8yqm-r_M5czw5teb0PsAApple Podcasts: https://podcasts.apple.com/us/podcast/contracting-conversations/id1621567225
Get Magic Mind at 50% off with the Black Friday offer, available only through my link until December 6th: https://www.magicmind.com/gsabfAny business doing work with the federal government needs a SAM.gov registration, but there are some particular elements that GSA vendors need to pay attention to. If you're an existing GSA vendor or a prospective one, hop into the episode to see if you've answered their questions correctly.As always if you have any questions, or if you'd like direct support from a GSA consultant to help with a specific project please feel free to reach out to us at podcast@elevategsa.comEpisode Notes:For more episodes: www.elevategsa.com/podcastRegister your SAM account here: https://sam.gov/content/entity-registration
This week Michael Gruden, counsel at Crowell & Moring, joins Off the Shelf, for a wide-ranging discussion focusing on cybersecurity and the CMMC journey. Gruden provides a cyber retrospective, outlining the evolution of government cybersecurity requirements to the present-day implementation of CMMC. A former contracting officer and Pentagon Branch Chief, Gruden shares his perspectives and insights on the key contracting considerations surrounding cybersecurity compliance. He also discusses the notable changes in the CMMC program outlined in the final rule along with the key features of the proposed DFARS rule that would implement CMMC in applicable defense contracts. Finally, Gruden discusses the legal risks associated with CMMC and then provides some compliance best practices for addressing those risks. Learn more about your ad choices. Visit podcastchoices.com/adchoices
This week Michael Gruden, counsel at Crowell & Moring, joins Off the Shelf, for a wide-ranging discussion focusing on cybersecurity and the CMMC journey. Gruden provides a cyber retrospective, outlining the evolution of government cybersecurity requirements to the present-day implementation of CMMC. A former contracting officer and Pentagon Branch Chief, Gruden shares his perspectives and insights on the key contracting considerations surrounding cybersecurity compliance. He also discusses the notable changes in the CMMC program outlined in the final rule along with the key features of the proposed DFARS rule that would implement CMMC in applicable defense contracts. Finally, Gruden discusses the legal risks associated with CMMC and then provides some compliance best practices for addressing those risks. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
Confused about Microsoft 365 and DFARS/CMMC compliance?In this episode, I speak with Richard Wakeman, Chief Architect for cybersecurity of Aerospace & Defense @ Microsoft!We discuss the history of the government clouds, the need behind GCC and GCC High, and much more!Here are some highlights:The origins of the Microsoft cloudsWhich clouds support DFARS 7012 complianceWhen will GCC High be FedRAMP authorized?CUI enclave considerationsRichard is a wealth of knowledge, and I have personally benefited from his compliance blog articles since at least 2020!If you are currently operating in the Microsoft cloud or are trying to decide which Microsoft cloud to buy, you won't want to miss this!Were you aware that GCC High isn't FedRAMP authorized yet? What about Microsoft 365 commercial not being compliant with DFARS 7012?Whatever your thoughts are, let me know!Follow Richard on LinkedIn: https://www.linkedin.com/in/wakeman/Microsoft Cloud compliance article: https://techcommunity.microsoft.com/t5/public-sector-blog/understanding-compliance-between-commercial-government-dod-amp/ba-p/4225436Microsoft 365 Roadmap: https://www.microsoft.com/en-us/microsoft-365/roadmap-----------Thanks to our sponsor Vanta!Want to save time filling out security questionnaires?Experience questionnaire automation here: https://vanta.com/grcacademy-----------Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e36&utm_campaign=courses
Fastest 5 Minutes, The Podcast Government Contractors Can't Do Without
This week's episode covers DOJ's update to its Evaluation of Corporate Compliance Programs guidance, a proposed rule to amend the DFARS to implement updates to the Truthful Cost or Pricing Data statute (also known as the Truth in Negotiations Act or TINA), and reminders about common considerations for companies supporting disaster response efforts, and is hosted by Peter Eyre and Yuan Zhou. Crowell & Moring's "Fastest 5 Minutes" is a biweekly podcast that provides a brief summary of significant government contracts legal and regulatory developments that no government contracts lawyer or executive should be without.
In this episode of Quality Hub Podcast, host Xavier Francis and Scott Dawson, President of Core Business Solutions, discuss the Cybersecurity Maturity Model Certification (CMMC). CMMC ensures companies handling government information have proper cybersecurity measures and evolved from DFARS and NIST standards. It has three levels: Level 1 (Foundational) for basic practices, Level 2 (Advanced) for handling more sensitive information with NIST SP-800-171 compliance and third-party assessments, and Level 3 (Expert) for highly sensitive projects with additional requirements and government audits. Companies need to check their contracts for CMMC requirements, with certification phased in during renewals. Small businesses in the defense sector must comply to maintain contract eligibility. The episode invites listeners to tune in next week for more details on CMMC's impact on businesses. Helpful Resources: https://www.thecoresolution.com/cybersecurity-webinars https://www.thecoresolution.com/nist-cmmc-3 https://www.thecoresolution.com/cmmc-compliance-overview Contact us at 866.354.0300 or email us at info@thecoresolution.com Articles: https://www.thecoresolution.com/free-learning-resources
In this episode of Quality Hub Podcast, host Xavier Francis and Scott Dawson, President of Core Business Solutions, discuss the Cybersecurity Maturity Model Certification (CMMC). CMMC ensures companies handling government information have proper cybersecurity measures and evolved from DFARS and NIST standards. It has three levels: Level 1 (Foundational) for basic practices, Level 2 (Advanced) for handling more sensitive information with NIST SP-800-171 compliance and third-party assessments, and Level 3 (Expert) for highly sensitive projects with additional requirements and government audits. Companies need to check their contracts for CMMC requirements, with certification phased in during renewals. Small businesses in the defense sector must comply to maintain contract eligibility. The episode invites listeners to tune in next week for more details on CMMC's impact on businesses. Helpful Resources: https://www.thecoresolution.com/cybersecurity-webinars https://www.thecoresolution.com/nist-cmmc-3 https://www.thecoresolution.com/cmmc-compliance-overview Contact us at 866.354.0300 or email us at info@thecoresolution.com Articles: https://www.thecoresolution.com/free-learning-resources
Chris Kimpland is a cybersecurity leader with a passion for helping organizations advance their security posture and succeed in today's threat landscape. He has extensive Governance Risk and Compliance experience across multiple frameworks, standards, and regulations such as DFARS, HIPAA, PCI, and NCUA. In this episode we cover a variety of topics including information security risk management and a great upcoming initiative to combat online predators. --- Send in a voice message: https://podcasters.spotify.com/pod/show/virtual-ciso-moment/message
This week on Off the Shelf, Jason Workmaster from Miller Chevalier provides a legal and policy update for government contractors. Topics include key provisions in the 2024 NDAA impacting procurement and the industrial base, the DFARS commercial item rule and regulatory creep, the impact of a recent federal circuit decision on EULAs and third party suppliers' ability to seek redress under a government contract.Workmaster also discusses the lessons learned and the impact of the CIO-SP4 bid protest decisions, and the split in bid protest case law (GAO vs. Court of Claims) on key personnel requirements. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
This week on Off the Shelf, Jason Workmaster from Miller Chevalier provides a legal and policy update for government contractors. Topics include key provisions in the 2024 NDAA impacting procurement and the industrial base, the DFARS commercial item rule and regulatory creep, the impact of a recent federal circuit decision on EULAs and third party suppliers' ability to seek redress under a government contract. Workmaster also discusses the lessons learned and the impact of the CIO-SP4 bid protest decisions, and the split in bid protest case law (GAO vs. Court of Claims) on key personnel requirements.
In this episode of the Government Contracts Legal Round-Up, Partner David Robbins explains how two recent Court of Federal Claims decisions reaffirm that the court will meaningfully review an agency's proposed corrective action, underscoring that protest litigation before the court can be very different from protest proceedings before the Government Accountability Office (GAO). He also looks at a recent GAO bid protest that was dismissed as untimely, highlighting that contractors should pay close attention to deadlines to avoid disappointment. Finally, David discusses the Department of Defense's final rule amending the Defense Federal Acquisition Regulation Supplement pursuant to President Biden's “Ensuring the Future is Made in America by All of America's Workers” executive order. He calls out four notable changes to the DFARS that contractors should know about.
- For folks not tracking, let's level set a bit, what exactly is NIST 800-171 and CMMC, and what is the succinct background on the evolution of the two?- Are there notable events that led the DoD to pursue CMMC, building on the history of 171?- Obviously the introduction of the 3PAO aspect brings more rigor than previously existed with self-assessments. Many in industry have bemoaned the burden, cost and complexity of the new program and the impact it will have on industry (myself included). What are your thoughts on the potential to impact the DoD supplier base and lead to further consolidation?- Many DIB suppliers are of course SMB's who rely on CSP's and MSP's to meet these requirements, or conduct their daily operations, leveraging various external parties. How does CMMC handle entities like CSP's and MSPs?- There was recently a memo from the DoD CIO clarifying some language around "FedRAMP equivalency" for DFARS 7012. First off, what is 7012, how does it tie to 171 and CMMC and what did the DoD CIO memo essentially say?- Most SMB's in the DIB lack internal cyber expertise and resources, and of course this has led to a booming industry of 171/CMMC consultants and 3PAO's. What are your thoughts on that growing ecosystem and how do SMB's ensure they're working with the right advisors and assessors?- What are some of the details on the timelines and rollout of the finalized CMMC rule? When and how should folks be preparing?- Many of course are quick to claim "compliance isn't security" when discussing stuff like 171 and CMMC. What's your initial reaction to those claims, and how do we help folks understand that industry will not just voluntarily spend and focus on security requirements without being required to do so?- CMMC of course has a ConMon aspect, right now that is does via annual self-assessments/reporting as I understand it. What do you think CMMC gets right on this front, and what could be done better?
In this week's episode, we had the honor of hosting Janetta Brewer, Esq., a luminary figure in federal acquisition regulations. With an illustrious career spanning multiple federal agencies, including pivotal roles in the US Navy, Defense Logistics Agency, Department of Homeland Security, and the Department of Defense, Janetta's insights into the dynamic landscape of FAR and DFARS are unparalleled. Her tenure as a senior member of the Defense Procurement and Acquisition Policy staff provided her with a unique vantage point in the evolution of acquisition regulations. She played a pivotal role in shaping and implementing regulations that have significantly impacted contract execution outcomes, streamlining processes for both government entities and industry stakeholders. During our conversation, she emphasized the challenges faced by both contractors and the government in implementing Congress-mandated directives. Her pragmatic perspective highlighted the limitations within which agencies must operate while striving to minimize the impact on contractors. One of the standout takeaways from the episode was her invaluable advice for small businesses navigating the intricate landscape of federal contracts. She emphasized the importance of comprehensive knowledge and understanding of obligations and responsibilities, empowering businesses to engage confidently and effectively with the government. Currently at the helm of Blue Alchemy Consulting, she continues to leverage her extensive experience to assist government and industry clients alike. Her company focuses on providing cutting-edge policy processes, IT systems, and workforce development solutions, further solidifying her status as a trailblazer in the realm of federal acquisitions. Tune in to this episode for an insightful discussion with Janetta, offering a roadmap for businesses seeking to navigate the complex terrain of federal acquisitions amidst evolving regulations.
Fastest 5 Minutes, The Podcast Government Contractors Can't Do Without
This week's episode covers a DoD final rule that revises DFARS 252.244-7000 (Subcontracts for Commercial Products or Commercial Services), a protest decision relating to key personnel, and a DOJ resolution demonstrating the application of the new safe harbor policy for voluntary self-disclosures made in connection with mergers and acquisitions, and is hosted by Peter Eyre and Yuan Zhou. Crowell & Moring's "Fastest 5 Minutes" is a biweekly podcast that provides a brief summary of significant government contracts legal and regulatory developments that no government contracts lawyer or executive should be without.
In this episode of the Government Contracts Legal Roundup, David Robbins shares the mic with Jan Larson, a Co-Chair of the firm's Insurance Recovery and Counseling Practice. Jan explains how her practice dovetails with the needs of government contractors and all policyholders who seek insurance to recover damages. “The key part,” she tells David, “is you're helping to bring money back in.” In addition to his interview with Jan, David provides a quick update on a recent DFARS amendment.
In this episode Jacob speaks with Michael Greenman from Deltek.Michael has worked in government and cloud-based technology for over 20 years, and currently works at Deltek in the Product Strategy group and is the evangelist for cybersecurity compliance and cloud services!Michael shares Deltek's perspective on security and compliance as a cloud service provider.Here are some highlights from the episode:How Michael got into cybersecurityDeltek's government cloudsDFARS 252.204-7012's C - G incident reporting requirementsHow cloud providers can demonstrate FedRAMP moderate equivalencyWhat is a shared responsibility matrixThe need for a defense focused CSP / ESP / MSP marketplaceFollow Michael on LinkedIn: https://www.linkedin.com/in/michael-greenman-94952a3/Deltek website: https://www.deltek.com/-----------Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e15&utm_campaign=coursesNeed a FedRAMP authorized Password Manager?Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/
Alex Canizares, partner at Perkins Coie, joins Off the Shelf for a discussion of the evolving cybersecurity framework and what it means for government contractors.Cybersecurity has become a foundational performance requirement for government contractors. In a wide-ranging discussion Canizares first addresses the cybersecurity basics starting with what is controlled unclassified information and moving on to discuss the basics of NIST 800-171, the standard FAR based safeguarding clause, and the DFARS clauses.He also provides some historical context, discussing the role of Executive Order 14028 (May 2021) and the White House National Cybersecurity Strategy (March 2023). Canizares highlights the government's keen focus on cybersecurity compliance, pointing to the Department of Justice's (DOJ's) Civil Cyber-Frand Initiative. DOJ's Civil Cyber-Fraud Initiative brings the Civil False Claims Act (FCA) front and center as an enforcement tool for cybersecurity compliance in government contracts. Finally Canizares outlines the risks to government contractors and shares best practices for mitigating those risks, and provides his thoughts and analysis of two new proposed FAR rules addressing cybersecurity and reporting: The cyber incident and information sharing Standardizing cybersecurity requirements for unclassified federal information. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
Alex Canizares, partner at Perkins Coie, joins Off the Shelf for a discussion of the evolving cybersecurity framework and what it means for government contractors. Cybersecurity has become a foundational performance requirement for government contractors. In a wide-ranging discussion Canizares first addresses the cybersecurity basics starting with what is controlled unclassified information and moving on to discuss the basics of NIST 800-171, the standard FAR based safeguarding clause, and the DFARS clauses. He also provides some historical context, discussing the role of Executive Order 14028 (May 2021) and the White House National Cybersecurity Strategy (March 2023). Canizares highlights the government's keen focus on cybersecurity compliance, pointing to the Department of Justice's (DOJ's) Civil Cyber-Frand Initiative. DOJ's Civil Cyber-Fraud Initiative brings the Civil False Claims Act (FCA) front and center as an enforcement tool for cybersecurity compliance in government contracts. Finally Canizares outlines the risks to government contractors and shares best practices for mitigating those risks, and provides his thoughts and analysis of two new proposed FAR rules addressing cybersecurity and reporting: The cyber incident and information sharing Standardizing cybersecurity requirements for unclassified federal information.
Fastest 5 Minutes, The Podcast Government Contractors Can't Do Without
This week's episode covers a new DFARS provision about Commercial Solutions Opening, a bid protest decision about timeliness, significant developments in the SBA's 8(a) Business Development Program, and updates to the Davis-Bacon Act and Related Acts, and is hosted by Peter Eyre, Olivia Lynch, and Yuan Zhou. Crowell & Moring's "Fastest 5 Minutes" is a biweekly podcast that provides a brief summary of significant government contracts legal and regulatory developments that no government contracts lawyer or executive should be without.
This week on Off the Shelf, Tom Voshell, vice president, Federal Program Office at Coupa Software provides his insights and analysis regarding data management and cyber security with a focus on the Department of Defense's upcoming release and implementation of an updated version of its Cybersecurity Maturity Model Certification (CMMC 2.0). Voshell discusses the underlying DFARs provisions and NIST 800-171 standard and controlled unclassified information (CUI). He lays out the process, applicability and management considerations for contractors and subcontractors who will be subject to CMMC. Voshell also gives his thoughts on the new software attestation form, the recently released DHS cybersecurity regulations, and FedRAMP.
This week on Off the Shelf, Tom Voshell, vice president, Federal Program Office at Coupa Software provides his insights and analysis regarding data management and cyber security with a focus on the Department of Defense's upcoming release and implementation of an updated version of its Cybersecurity Maturity Model Certification (CMMC 2.0).Voshell discusses the underlying DFARs provisions and NIST 800-171 standard and controlled unclassified information (CUI). He lays out the process, applicability and management considerations for contractors and subcontractors who will be subject to CMMC.Voshell also gives his thoughts on the new software attestation form, the recently released DHS cybersecurity regulations, and FedRAMP. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
Fastest 5 Minutes, The Podcast Government Contractors Can't Do Without
This week's episode covers an OMB memo that extends the deadline by which agencies must collect attestation letters from software producers certifying their compliance with the NIST Guidance, a proposed DFARS clause implementing revisions to the Buy American Act, an interim rule prohibiting the use of DoD funds to knowingly procure any products mined, produced, or manufactured wholly or in part by forced labor from the Xinjiang Uyghur Autonomous Region, and an ASBCA opinion about its jurisdiction to hear monetary and nonmonetary claims, and is hosted by Peter Eyre and Yuan Zhou. Crowell & Moring's "Fastest 5 Minutes" is a biweekly podcast that provides a brief summary of significant government contracts legal and regulatory developments that no government contracts lawyer or executive should be without.
In this episode Jacob speaks with Rick Rosenberry about Cyber Insurance in the context of DoD and government contracting.Rick is an insurance broker and a CMMC Registered Practitioner, and he explains that not all cyber insurance policies are equal and the importance of working with an insurance broker that understands cybersecurity and your regulatory environment.Here are a few of the topics we discussed:Overview of cyber insurance fundamentalsKey roles in the cyber insurance processHow underwriters assess a business's cyber riskCritical security controls underwriters want in placeBenefits of compliance frameworks like NIST 800-171 and ISO 27001False Claims Act cyber insurance claim scenariosGetting the right coverage to support DFARS 252-204-7012 incident reportingFollow Rick on LinkedIn: https://www.linkedin.com/in/rick-rosenberry/-----------Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e5&utm_campaign=coursesNeed a FedRAMP authorized Password Manager?Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/
From November 30, 2022 - Jacob Horne was born with a rare genetic mutation that allows him to read NIST publications and government regulations without experiencing boredom like a normal person and has made a career out of using this power for good. He does a great job of using NIST SP 800-53 to clarify the bizarre, heavily tailored world of NIST SP 800-171 and CMMC - if you're interested in CMMC you must follow him on LinkedIn! He is also co-host of the Sum It Up podcast which sums up the news and developments relevant to CMMC; DFARS and other regulations; and NIST standards such as SP 800-171, SP 800-53, the NIST Cybersecurity Framework, and others. --- Send in a voice message: https://podcasters.spotify.com/pod/show/virtual-ciso-moment/message
Fastest 5 Minutes, The Podcast Government Contractors Can't Do Without
This week's episode covers a final rule amending the DFARS to incorporate the expanded capabilities of the Supplier Performance Risk System and requirements on contracting officers, a bid protest decision at the Court of Federal Claims regarding standing, and a GAO protest decision about the Procurement Integrity Act, and is hosted by Peter Eyre and Yuan Zhou. Crowell & Moring's "Fastest 5 Minutes" is a biweekly podcast that provides a brief summary of significant government contracts legal and regulatory developments that no government contracts lawyer or executive should be without.
Jim and Scott meet with Mark Jenkins (on camera!!), the Learning Asset Manager for DAU's Provision and Clause Matrix. This matrix is highly popular amongst all the tools DAU offers (see link below) and has been used over 17,500 times. If your position requires you to determine what provision and clauses are needed to flowdown to subcontractors, or just want to know what the prescription is, this is the tool for you - be sure to watch, as Mark explains what the tool is all about. Be sure to check out the links below:Tool Provision and Clause Matrix and instructional video: https://www.dau.edu/tools/t/FAR,-DFARS,-VAAR,-DEAR-Provision-and-Clause-MatrixDAU Tools: https://www.dau.edu/tools Contracting Community of Practice: https://www.dau.edu/cop/contracting/Pages/Default.aspxIf you are watching this video on DAU Media, but rather watch on YouTube, go to https://www.youtube.com/channel/UCbF8yqm-r_M5czw5teb0PsAApple Podcast: https://podcasts.apple.com/us/podcast/contracting-conversations/id1621567225
Fastest 5 Minutes, The Podcast Government Contractors Can't Do Without
This week's episode covers the National Cyber Security Strategy, a final DFARS clause requiring disclosure of use of workforce and facilities in the China, the Department of Commerce's first Notice of Funding Opportunity under the CHIPS and Science Act of 2022, and congressional inquiries about financial conflicts of interest and ethically questionable behavior by senior government officials across the executive branch, and is hosted by Peter Eyre and Yuan Zhou. Crowell & Moring's "Fastest 5 Minutes" is a biweekly podcast that provides a brief summary of significant government contracts legal and regulatory developments that no government contracts lawyer or executive should be without.
In this month's special end of month Wednesday episode we talk with Jacob Horne, who was born with a rare genetic mutation that allows him to read NIST publications and government regulations without experiencing boredom like a normal person and has made a career out of using this power for good. He does a great job of using NIST SP 800-53 to clarify the bizarre, heavily tailored world of NIST SP 800-171 and CMMC - if you're interested in CMMC you must follow him on LinkedIn! He is also co-host of the Sum It Up podcast which sums up the news and developments relevant to CMMC; DFARS and other regulations; and NIST standards such as SP 800-171, SP 800-53, the NIST Cybersecurity Framework, and others. --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message Support this podcast: https://anchor.fm/virtual-ciso-moment/support
Partner David Robbins discusses two final rules released by the Department of Defense that amend the DFARS requirements related to contract cost and pricing. He outlines the new obligation contractors should be aware of under the first rule and the potential to see an increase in the use of cost-reimbursement contracts under the second. Mr. Robbins also explains key takeaways of recent protest cases.
Cybersecurity Maturity Model Certification (“CMMC”) is a cybersecurity requirement that is coming down through the U.S. Department of Defense (“DoD”), and it will ultimately affect all suppliers throughout all the tiers in the supply chain for DoD contracts. In this episode we host Scott Dawson, President of Core Business Solutions, discussing the new cybersecurity requirements for large primes through small business subcontractors; anywhere that information is being exchanged or contracts are being put in place to support defense contracts. To safeguard sensitive national security information, the DoD launched CMMC as a three level set of practices to protect the defense industrial base's sensitive information from frequent and increasingly complex cyberattacks. Federal Contract Information (“FCI”) is protected by CMMC Level 1 and Controlled Unclassified Information (“CUI”) is protected by CMMC Level 2. CMMC Level 3 exists to protect highly sensitive CUI. While companies should already have cybersecurity protections in place as a matter of good business practices, CMMC is a formal compliance process based on self-assessments (Level 1 and lower-priority Level 2), third-party assessments (higher-priority Level 2), and government assessments (Level 3). Without this certification, companies will be ineligible for work on DoD projects.CMMC is a DoD requirement, but has not yet been integrated into contracts. However, companies should be aware that this will soon be part of the terms and conditions of all DoD and related contracts. In order to be awarded future contracts, companies will need to employ several information security solutions and put formal cybersecurity policies into place that drive action for their organizations and require technical and organizational upgrades.The rapidly approaching deadline for implementation means that defense industry contractors and subcontractors can't wait to get started. The formal CMMC regulations should be finalized by March 2023 with the requirements beginning to appear in contracts in May 2023. It is estimated this may impact as many as 300,000 companies doing business with the DoD.The requirements for CMMC originate from the National Institute of Standards and Technology at the U.S. Department of Commerce, commonly referred to as “NIST.” NIST SP800-171 is a codification of the requirements that any non-federal computer system must follow in order to store, process, or transmit CUI or provide security protection for such systems.Defense contractors must implement the recommended requirements contained in NIST SP 800-171 to demonstrate their provision of adequate security to protect CUI included in their defense contracts, as required by DFARS clause 252.204-7012. If a manufacturer is part of a DoD, General Services Administration (“GSA”), NASA or other federal or state agencies' supply chain, the implementation of the security measures included in NIST SP 800-171 is required.
Listen in as your hosts Just Nate and Dennis sit down and chat with Sam Stiles (Vice President of Marketing for Summit 7). WE KNOW COMPLIANCE IN THE MICROSOFT GOVERNMENT CLOUD For more than a decade, Summit 7's focus has always been on data protection and data governance. The company recently received the Microsoft Partner Award for Security and Compliance due to extensive work with the Microsoft Government Cloud platforms over the last four years to address the critical cybersecurity issues facing the Defense Industrial Base (DIB). Over 600 DoD contractors rely on Summit 7's solutions and services focused on meeting DFARS 7012, 7019, 7020, 7021 and the Cybersecurity Maturity Model Certification (CMMC) Summit 7 Systems engages with every organization and respective project with a singular motive – leave a Legacy that is worth fighting for. Summit 7 strives to give employees the ability to be a part of something bigger than themselves. Summit 7 strategically partners with select organizations to redeem the lives of children, young adults, the homeless community, and veterans in both local and national contexts. To find out more about Summit7 find them on the web at: https://www.summit7.us/ To find out more about the Smalls or become a member, please check us out at www.thesmalls.org To contact Just Nate: justnate@thesmalls.org — Send in a voice message: https://anchor.fm/thesmalls/message Support this podcast: https://anchor.fm/thesmalls/support www.patreon.com/thesmalls --- Send in a voice message: https://anchor.fm/thesmalls/message Support this podcast: https://anchor.fm/thesmalls/support
In this episode of Bona Fide Needs, Arnold & Porter Partner Mike McGill and PubKGroup Managing Editor Bill Olver cover a broad range of recent legal developments affecting government contractors. Our headline feature this month is Mike's broad discussion with Arnold & Porter partner Judah Prero on the interplay between the regulation of the chemical PFAS and federal procurement, which is part of the Biden Administration's broader effort on climate change and environmental sustainability. Mike also examines new procurement rules, including a FAR rule on the use of small business procedures for overseas procurements, a final DFARS rule on commerciality determinations, and a final DFARS rule on the validation of intellectual property rights and data related to commercial products. Mike also revisits GSA's acquisition letter on economic price adjustments to combat inflation. Bill rounds out the episode with a brief update on important developments for federal contractors, including OMB's Buy American guidance for infrastructure projects, OFCCP guidance on contractor compliance evaluations, the Interagency Suspension and Debarment Committee's report on S&D activity for FY2020, as well as regulatory, legislative, and cybersecurity activity. Show notes 0:20 – Introduction and Overview 1:45 – Recent Regulatory Developments 12:00 – Federal Procurement Headlines 23:15 – The Intersection of PFAS Regulation and Federal Procurement 1:10:00 – Practical Wrap Up 1:14:00 – Credits and copyright Further Reading Arnold & Porter Environmental Edge Blog: Federal Procurement and PFAS: Important Recent Developments EPA: Recommendations of Specifications, Standards, and Ecolabels for Federal Purchasing EPA: How EPA's Recommended Standards and Ecolabels Address Per- and Polyfluoroalkyl Substances (PFAS) Initial Implementation Guidance on Application of Buy America Preference in Federal Financial Assistance Programs for Infrastructure White House Directive Promotes Quantum Computing for Cyber Infrastructure Federal Agencies Likely to Get New Cybersecurity Guidance ‘In Coming Weeks' CMMC Interim Rule Could Land in May Can Small Businesses Keep up with Defense Cyber Requirements? Pentagon Eyeing the Cloud to Help Firms Meet CMMC Cybersecurity Requirements DOD Expands Vulnerability Disclosure Program to Contracting Base in Pilot New OFCCP Compliance Review Directions ISDC Report: Suspensions and Debarments Down from Pre-Pandemic Levels H.R.7185 - Federal Contracting for Peace and Security Act House Oversight and Reform Committee: Federal Contracting for Peace and Security Act S.3905 - Preventing Organizational Conflicts of Interest in Federal Acquisition Act Former Health Care Staffing Executive Convicted of Obstructing FTC Investigation into Wage-Fixing Allegations Jury Acquits DaVita, ex-CEO Kent Thiry in Landmark Antitrust Prosecution of Non-Poaching Agreements Notice of Proposed Rulemaking: Set-Asides for Indian-Owned Businesses Small Business Size Standards: Agriculture, Forestry, Fishing and Hunting; Mining, Quarrying, and Oil and Gas Extraction; Utilities; Construction What Federal Agencies Need to Know Now About the New Lease Accounting Standard
As the implementation of CMMC by the DIB picks up pace, the frequently shifting requirements can be daunting — especially when the guidance is already so complex. And that's doubly true for managed service providers (MSPs), who have to contend with some of the most confusing CUI requirements. In today's episode, making his 3rd guest appearance, I'm joined by Caleb Leidy, CUI Protection and CMMC Consultant at Pivot Point Security, who is here to clear up the confusion and share his insights into how the rollout of CMMC into the DIB impacts MSPs. Join us as we discuss the current state of CUI for MSPs in the DIB, including: The controls MSPs have responsibility for in a client's environment The controls clients have responsibility for in their environment The controls MSPs have to implement in their own environment to meet DFARS flow down requirements To hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here. If you don't use Apple Podcasts, you can find all our episodes here. Listening on a desktop & can't see the links? Just search for The Virtual CISO Podcast in your favorite podcast player.
Cybersecurity and Compliance with Craig Petronella - CMMC, NIST, DFARS, HIPAA, GDPR, ISO27001
***In order to get the breaking cyber news to you guys FAST we are posting these right after the live broadcast! If you prefer your news more filtered, keep an eye out for the edited posting tomorrow!***Today we welcome Craig back! Not only do we get to hear about Compliance regulations you're probably subject to but unaware of, but we also get to hear Craig's harrowing tail of 'Gator wrestling in the murky waters of North Carolina!Link: Craig Reels in a Gator in Arapahoe, NC!Host: CraigCo-Hosts: BJ, Blake, and ErinPlease like, subscribe and visit all of our properties at:YouTube: https://www.youtube.com/channel/UC8Hgyv0SzIqLfKqQ03ch0BgYouTube: https://www.youtube.com/channel/UCa9l3tgOOHMJ6dClNn8BiqQ Podcasts: https://petronellatech.com/podcasts/ Website: https://compliancearmor.comWebsite: https://blockchainsecurity.comLinkedIn: https://www.linkedin.com/in/cybersecurity-compliance/ Please be sure to Call 877-468-2721 or visit https://petronellatech.com
When it comes to implementing efficient and effective information security programs, higher education institutions can use all the help they can get. That's where the RRCoP community comes in.In today's episode, our guests, Carolyn Ellis, Erik Deumens, and Michael Parisi talk through the goals of the RRCoP community and the impact is has on the higher education cybersecurity community as they work hard to raise the security and compliance posture for their institutions.The 5 RRCoP GoalsGoal 1: Build a CommunityThe Regulated Research Community of Practice (RRCoP) builds a network of people able to help each other in implementing an affordable but effective cybersecurity and compliance program at academic institutions.Goal 2: Collect and Share ResourcesEstablish a leadership training and development program accelerating availability of distributed university resources.Goal 3: Advocate and NegotiateDevelop representation through strategic partnerships with industry and government entities.Goal 4: Manage ChangeThe Department of Defense modified the DFARS clause to mandate that NIST 800-171 be followed for data classified and marked as CUI in 2017. The next evolution of this program, CMMC, has already undergone significant changes now called CMMC 2.0. Other agencies, for example, Department of Education, have indicated that they are considering following a similar path to safeguard data.Goal 5: Simplify ComplianceA collective and streamline approach to compliance lowers the barrier to entrance for expansion of supported regulations by individual institutions.____________________________GuestsCarolyn EllisCMMC Program Manager at UC San Diego [@ucsandiego]On LinkedIn | https://www.linkedin.com/in/carolynellis1/Erik DeumensResearch Computing Director, Information Technology at University of Florida [@UF]On LinkedIn | https://www.linkedin.com/in/deumens-erik-164167146/Michael Parisi, VP of Adoption, @HITRUST____________________________This Episode's SponsorsImperva: https://itspm.ag/imperva277117988____________________________ResourcesRegulated Research Community of Practice: https://www.regulatedresearch.org/____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?
When it comes to implementing efficient and effective information security programs, higher education institutions can use all the help they can get. That's where the RRCoP community comes in.In today's episode, our guests, Carolyn Ellis, Erik Deumens, and Michael Parisi talk through the goals of the RRCoP community and the impact is has on the higher education cybersecurity community as they work hard to raise the security and compliance posture for their institutions.The 5 RRCoP GoalsGoal 1: Build a CommunityThe Regulated Research Community of Practice (RRCoP) builds a network of people able to help each other in implementing an affordable but effective cybersecurity and compliance program at academic institutions.Goal 2: Collect and Share ResourcesEstablish a leadership training and development program accelerating availability of distributed university resources.Goal 3: Advocate and NegotiateDevelop representation through strategic partnerships with industry and government entities.Goal 4: Manage ChangeThe Department of Defense modified the DFARS clause to mandate that NIST 800-171 be followed for data classified and marked as CUI in 2017. The next evolution of this program, CMMC, has already undergone significant changes now called CMMC 2.0. Other agencies, for example, Department of Education, have indicated that they are considering following a similar path to safeguard data.Goal 5: Simplify ComplianceA collective and streamline approach to compliance lowers the barrier to entrance for expansion of supported regulations by individual institutions.____________________________GuestsCarolyn EllisCMMC Program Manager at UC San Diego [@ucsandiego]On LinkedIn | https://www.linkedin.com/in/carolynellis1/Erik DeumensResearch Computing Director, Information Technology at University of Florida [@UF]On LinkedIn | https://www.linkedin.com/in/deumens-erik-164167146/Michael Parisi, VP of Adoption, @HITRUST____________________________This Episode's SponsorsImperva: https://itspm.ag/imperva277117988____________________________ResourcesRegulated Research Community of Practice: https://www.regulatedresearch.org/____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?
Cybersecurity and Compliance with Craig Petronella - CMMC, NIST, DFARS, HIPAA, GDPR, ISO27001
***In order to get the breaking cyber news to you guys FAST we are posting these right after the live broadcast! If you prefer your news more filtered, keep an eye out for the edited posting tomorrow!***In today's podcast, PreVeil's compliance manager, Noël Vestal, discusses how using Zero-Trust end-to-end encryption helps fight the Zero-Day attacks that are all the rage today, and why having trusted vendors is crucial to help implement compliance standards, especially when a government contract is on the line.Compliance takes hard work, even with vendors there to help, but knowing who to trust makes all the difference.Links: Google Chrome Bug Actively Exploited as Zero-Day Apple Rushes Out Patches for 0-Days in MacOS, iOSSpecial Guest: Noël Vestal, Compliance Manager at PreVeilHost: Craig PetronellaCo-Hosts: Blake, Erin, & BJPlease like, subscribe and visit all of our properties at:YouTube: https://www.youtube.com/channel/UC8Hgyv0SzIqLfKqQ03ch0BgYouTube: https://www.youtube.com/channel/UCa9l3tgOOHMJ6dClNn8BiqQ Podcasts: https://petronellatech.com/podcasts/ Website: https://compliancearmor.comWebsite: https://blockchainsecurity.comLinkedIn: https://www.linkedin.com/in/cybersecurity-compliance/ Please be sure to Call 877-468-2721 or visit https://petronellatech.com
Think of the CMMC like HIPAA for companies that work with the Department of Defense. It's a seemingly-endless list of concerns to juggle when planning a CMMC compliance journey, and the guides for getting started are overwhelming. If you can make it past the Special Publications (like NIST 800-53 and 800-171), there are maturity levels to manage and DFARS requirements, and waiting at the finish line is the promise of legal ramifications if you did the whole thing wrong. In this episode, Nate and Joshua find a loophole to bring their Tye Dye Lazer Gun business to market without going through all the hassle that comes along with CMMC. We're thankful that Joy Beland was there to talk us through our decision making process. Joy seems to know everything about CMMC, which perfectly suites her as she travels around to meet with MSPs about their compliance concerns and runs the CMMC Boot Camp for Edwards Performance Solutions. Joy Beland is easy to find on LinkedIn, and you can find more information about her boot camp at https://edwps.com. For more titilating CMMC content, head over to www.sittadel.com, tweet us @sittadelpodcast, and send your questions to ask[at]sittadel.com.
It's a privilege to be sitting down with Didrik Beck, CEO of Elmatica, the world's oldest PCB broker company and now part of the NCAB group and CAB group. Together we will dive into exciting topics surrounding cybersecurity, compliance, and supply chain and his upcoming presentation at IPC Apex. Didrik has some interesting insights on supply chain Cybersecurity management in the PCB design and manufacturing industry. Make sure to watch through the end and check out the additional resources below. This episode will be an insightful one! Altium 365: Where the World Designs Electronics Watch the video, click here. Dedrick Bech introducing Elmatica World's oldest PCB broker Recently acquired by the NCAB group Securing PCBs for different partners in the PCB supply chain A quick summary of what was going to be in the IPC Apex paper that Dedrick is presenting Different levels of compliance and to what extent does this apply in the PCB design and manufacturing Controlled Unclassified Information (UCI) Every country has a different view on it Two possible aspects of greater focus on compliance Intellectual property Cybersecurity concerns How to get IT and compliance strategy come back and get implemented together Data security awareness - some tips and practical steps Is it worth it to invest for a data security software and team More ways companies can do to help guarantee compliance and prevent data to be copied Formalized packages for a high level of compliance - how deep does this have to go for small companies Compliance and Cybersecurity differs from country to country and depending on: the company the country's regulations where the PCB is produced There is a room for improvement in creating some compliance hazards for designers Start with a good communication with the supply chain team Gather data ahead of time Misconception about sharing data Securing supply chain for large subcontractors The importance of reading and understanding Defense Federal Acquisition Regulation Supplement (DFARS) regulation AltiumLive Connect was successful! Watch the exclusive recorded sessions here Links and Resources: Connect with Didrik Bech on LinkedIn Visit Elmatica's Website here National Institute of Standards and Technology Defense Federal Acquisition Regulation Supplement (DFARS) Watch AltiumLive 2022 Connect Recorded Sessions Here ALTIMADE Design to Manufacture, Made Easy | Request Access Now Full OnTrack Podcast Library Altium Website Download your Altium Designer Free Trial Learn More about Altium Nexus Altium 365: Where the World Designs Electronics
We sat down with John and Pete from Synagex and a mutual client, The Coating House, and discussed the reality of CMMC. Harley Kata, with The Coating House gave us a rundown on the importance of this certification process and why it is so important for small and medium sized manufacturers to be secure with […]
Crowell & Moring's “Byte-Sized Q&A” podcast takes the complex world of government contracts cybersecurity and breaks it down into byte-sized pieces. In this final episode of a three-part series, host Kate Growley digests the current state of DFARS clause 252.204-7021 and what contractors should know about the Cybersecurity Maturity Model Certification (or CMMC).
The DFARS interim rule that went into effect on November 30th has a lot of nuances to it — and many out there have questions about how it applies to them. In this episode, I sit down with Corbin Evans, Principal Director, Strategic Programs at National Defense Industrial Association, to get answers to some of the most common questions about these CMMC nuances, including: - What do DIB orgs with a 7012 clause in their contracts need to do now? - What happens if you submit a low SPRS score? - What are the different types of CUI? Check out this resource we mentioned during the podcast: - https://www.dodcui.mil/ To hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here. If you don't use Apple Podcasts, you can find all our episodes here.
In today's Federal Newscast, the Defense Department is looking to require all fixed price contracts be paid out through performance-based contractual payments.
The people responsible for the Defense supplement to the Federal Acquisition Regulations, known as the DFARS, just issued a number of final and proposed rules. Together they add up to something a lot of people need to watch. Jeffery Chiow, an attorney with Rogers, Joseph O'Donnell, joined Federal Drive with Tom Temin for the highlights.
First volume of three expected reports from the "Section 809" panel seeks changes in areas ranging from business IT to contract oversight and commercial buying.
In today's Federal Newscast, the Defense Department is targeting procurement rules in response to President Trump's executive order to evaluate existing regulations and recommend their repeal, replacement or modification.