Our Website Uses Cookies 

We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.

For more information, please contact us or consult our Privacy Notice.

Your binder contains too many pages, the maximum is 40.

We are unable to add this page to your binder, please try again later.

This page has been added to your binder.

Compliance Symposium: Cybersecurity, Subcontracts, Cost & Pricing Data, Audits

Date: Tuesday, September 15, 2020 10:00 AM - 12:00 PM

Susan B. Cassidy, Samantha Clark, and Ryan Burnette will present the "Update and Compliance Concerns: The New CMMC and Section 889" panel at the Compliance Symposium: Cybersecurity, Subcontracts, Cost & Pricing Data, Audits webinar on September 15, 2020.

This panel will address two of the most pressing supply chain issues facing government contractors today. First the panel will address the current status of DoD’s new Cybersecurity Maturity Model Certification (CMMC), including:

  • issues with the CMMC implementation timeline and DoD’s phased rollout approach;
  • the DFARS Cyber Rule requirement for self-assessment versus third party assessment under CMMC;
  • the expected role of the newly established CMMC Accreditation Body and certified independent third-party auditing organizations (C3PAOs)
  • status of the development of validation procedures used by C3PAOs to assess a contractor’s policies, documentation, and security control implementation;
  • cost allowability of increased security costs associated with the CMMC;
  • the potential for disproportional impact of CMMC on small businesses; and
  • the confluence of CMMC and the source selection process.

Next the panel will address the implementation of Section 889. Section 889(a)(1)(A) has been in effect since August 13, 2019 and prohibits the USG from acquiring certain telecommunications equipment/services from Huawei, ZTE, and others: “The head of an executive agency may not … procure or obtain or extend or renew a contract to procure or obtain any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.” Section 889(a)(1)(B) has been in effect since August 13, 2020 and implements the statutory prohibition on the head of an executive agency contracting with (including extending or renewing a contract) any “entity” that “uses” “covered telecommunications equipment or services as a substantial or essential component of any system or as a critical technology of any system.” Covered telecommunications equipment or services includes certain telecommunications equipment and services produced and provided by Huawei, ZTE, Hytera, Hikvision, and/or Dahua, and/or any subsidiaries or affiliates of the five entities. Our presentation will address issues such as:

  • key definitions;
  • how to conduct a “reasonable inquiry”;
  • how DoD and other agencies have been implementing the requirements;
  • how the statutory exceptions should be applied;
  • how the waiver process works and how companies should think about waivers; and
  • certification and reporting obligations.

For additional information click here.