Roger V. Abbott

On Dec. 18, 2025, the Department of Defense (DoD) issued deviations to over half of the Defense Federal Acquisition Regulation Supplement (DFARS) Parts, all of which became effective Feb. 1, 2026. Two days later, DoD issued a deviation for DFARS Part 204, which became effective Feb. 17. These deviations reorganize and streamline some of the DFARS regulations and contract clauses that define contractors’ cybersecurity requirements. Technically, they are “temporary” exceptions to the DFARS that were issued on an emergency basis in

(A version of this blog post has been previously published with the possibility of a federal government shutdown. After weathering the longest government shutdown in U.S. history last fall, government contractors now face an imminent partial shutdown Jan. 31. Full-year appropriations for the Departments of Agriculture, Veterans Affairs, Justice, Energy, Interior and Environment, as well as the legislative branch, military construction, science (including NASA and the National Science Foundation) and water development have already passed. However, appropriations bills for the Departments of Labor, Homeland

The Federal Acquisition Regulatory Council (FAR Council) recently released the rewrite of FAR Part 19, a notoriously complex set of regulations that covers the policies, procedures and programs designed to maximize small business participation in federal contracting. This rewrite is intended to enhance the intuitiveness and ease of applying regulations to small businesses in the federal procurement process. The FAR Council also issued a Practitioner Album, which summarizes proposed changes to the regulations and provides helpful guidance and resources for

On September 10, 2025, the Department of Defense (DoD) issued a Final Rule officially incorporating the Cybersecurity Maturity Model Certification (CMMC) Program into the Defense Federal Acquisition Regulation Supplement (DFARS). The Final Rule establishes the processes for integrating the CMMC requirements into DoD Contracts and Subcontracts and creates two new contract clauses that make CMMC compliance a condition for award. The Final Rule is effective November 10, 2025, which gives entities a brief window of time to familiarize themselves with

(A version of this blog post has been previously published with the possibility of a federal government shutdown. Federal funding is set to expire Sept. 30 if lawmakers do not reach a deal.) Shutdowns are inevitably disruptive for federal contractors, but the impact will vary depending on whether the contract is already funded, whether the work is considered “essential,” and whether the contractor requires access to federal facilities or approvals from non-essential federal employees, among other considerations. Contractors can minimize the effect

The U.S. Supreme Court agreed last week to permit the National Institutes of Health (NIH) to terminate hundreds of grants related to diversity, equity and inclusion (DEI) initiatives worth approximately $800 million. The order was issued in response to the government’s emergency request to stay a lower court injunction barring the termination of the grants. The Supreme Court held that suits challenging these terminations must be brought before the Court of Federal Claims (CFC) and that, conversely, the federal district

The Department of Defense (DoD) published a Final Rule earlier this month formally implementing the Cybersecurity Maturity Model Certification (CMMC) Program. This Final Rule is the culmination of five years of work to standardize the safeguards that government contractors must implement to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) while also bolstering compliance with these requirements. (For more background on the road to the Final Rule, please read our earlier blog posts on what we’ve called “CMMC Program

(A version of this blog post was originally published in September and then published again in January. Funding for several federal agencies will run out Friday night, with funding for the remaining agencies expiring March 8, if Congress does not act.) Shutdowns are inevitably disruptive for federal contractors, but the impact will vary depending on whether the contract is already funded, whether the work is considered “essential,” and whether the contractor requires access to federal facilities or approvals from non-essential federal employees, among

(A version of this blog post was originally published in September. Congress has until Jan. 19 to approve four separate appropriations bills to keep the government open.) Shutdowns are inevitably disruptive for federal contractors, but the impact will vary depending on whether the contract is already funded, whether the work is considered “essential,” and whether the contractor requires access to federal facilities or approvals from non-essential federal employees, among other considerations. Contractors can minimize the effect of the shutdown by reviewing their

The end of the federal fiscal year is rapidly approaching with no compromise in sight. Unless an appropriations bill or continuing resolution is passed by Congress before Oct. 1, a lapse in appropriated funds will occur, causing a government shutdown. Shutdowns are inevitably disruptive for federal contractors, but the impact will vary depending on whether the contract is already funded, whether the work is considered “essential,” and whether the contractor requires access to federal facilities or approvals from non-essential federal

Almost a year to the day after the Build America Buy America Act (BABA) became law, the federal Office of Management and Budget (OMB) has published its “Final Guidance for Grants and Agreements” intended to implement BABA’s domestic content preference requirements (88 FR 57750, Aug. 23, 2023). BABA and Prior OMB Guidance BABA was enacted last August as part of the Infrastructure Investment and Jobs Act (IIJA) (see sections 7091-70927, Pub. L. 117-58, 135 Stat 429). It imposes Buy America preferences for

It is not any exaggeration to say that mentor-protégé joint ventures (MPJVs) have taken over the world of set-aside Government-Wide Acquisition Contracts (GWACs). For example, late last year it was reported that the initial award list for CIOSP4 small business was entirely or mostly comprised of mentor-protégé joint ventures.[1] As a result, there is growing sentiment that using an MPJV is now required to win a seat on large, set-aside vehicles. This understanding has been reinforced by the recent changes

The U.S. Department of Defense (DoD) recently issued a proposed amendment to the Defense Federal Acquisition Regulation Supplement (DFARS) that tightens “Buy American” thresholds for DoD procurements. The Proposed Rule supplements and largely mirrors the Federal Acquisition Regulation (FAR) implementation of President Joe Biden’s Executive Order (E.O.) 14005, “Ensuring the Future is Made in All of America by All of America’s Workers,” while incorporating several DoD-unique requirements. Most importantly, the Proposed Rule introduces the following changes: Increases the Domestic Content Threshold.

The White House Office of Management and Budget (OMB) issued a Proposed Rule and Notification of Proposed Guidance to federal agencies earlier this year regarding the implementation of the Build America, Buy America Act (BABA), which imposes a government-wide preference for domestically produced iron and steel, manufactured products, and construction materials in federal infrastructure projects. The Proposed Rule builds upon the White House guidance for BABA released in April 2022. Although confusingly styled as “guidance,” the Proposed Rule proposes definitions

The challenge posed to Department of Defense (DOD) contractors of complying with ever-shifting cybersecurity regulations and guidance continues unabated. On July 26, 2022, the Cyber Accreditation Body (Cyber AB) published a highly anticipated “Pre-Decisional Draft V1.0” of the Cybersecurity Maturity Model Certification (CMMC) Assessment Process (Draft CAP), which provides the procedures and guidance for CMMC Third-Party Assessment Organizations (C3PAOs) conducting official CMMC third-party assessments of organizations seeking certification (OSCs). The Cyber AB, formerly known as the CMMC Accreditation Body, is

On November 17, 2021, DoD published a notice of proposed rulemaking in the Federal Register, which formally announced the launching of the Cybersecurity Maturity Model Certification (CMMC) 2.0 framework. Among other things, version 2.0 streamlines the framework from 5 levels to 3 levels, scales back the requirement that all 300,000 contractors within the defense industrial base (DIB) obtain third party certification, and provides DoD additional flexibility by allowing for the limited use of Plans of Action & Milestones (POA&Ms) and

On November 4, 2021, the U.S. Department of Defense (DoD) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) announced Version 2.0 of the highly publicized Cybersecurity Maturity Model Certification (CMMC). This updated version seeks to simplify the model and reduce compliance costs by streamlining the program and scaling back the requirement that all defense contractors obtain third-party certification of their cybersecurity capabilities. Under CMMC 2.0, contractors at the lower CMMC levels will be allowed to self-certify.

On September 24, 2021, the Safer Federal Workforce Task Force issued COVID-19 Workplace Safety: Guidance for Federal Contractors and Subcontractors (the “Guidance”). This highly anticipated Guidance outlines the Covid-19 protocols for government contractors that were announced on September 9 in Executive Order 14042 (Executive Order on Ensuring Adequate COVID Safety Protocols for Federal Contractors) (“Order”), which was covered in a recent M&S Industry Alert. These new protocols will be enforced through a contract clause that must be included in all

On September 9, 2021, President Biden issued an Executive Order on Ensuring Adequate COVID Safety Protocols for Federal Contractors (“Order”). The Order seeks to “promote economy and efficiency in procurement” by requiring compliance with new COVID-19 protocols, which will be announced on September 24. The Order was issued on the same day as the President’s widely-covered speech announcing vaccine mandates for federal employees and businesses with 100 or more employees (see companion blog post, available here). Accordingly, although the Order

Maximizing the use of goods, products, and materials produced in the United States under the Buy American Act (BAA) is a bipartisan issue. In our previous post, “Ensuring the Future is Made in All of America by All of America’s Workers” (located here) we wrote about Executive Order 14005, signed by President Biden on January 25, 2021.  Among other things, EO 14005 directs the Federal Acquisition Regulatory Council (FAR Council) to consider proposing a rule that increases the thresholds for

On January 25, 2021, President Biden issued an Executive Order on Ensuring the Future Is Made in All of America by All of America’s Workers. The order is part of his “Build Back Better Recovery Plan” to strengthen American manufacturing and has potentially far-reaching effect. The order will tighten the federal government’s requirements to buy American products, support American jobs and rationalize the enforcement of the country’s patchwork of “Made in America” laws. Companies that supply goods and services to the