The Department of Defense (DOD) released a proposed rule on August 15 that would inject the Cybersecurity Maturity Model Certification (CMMC) program requirements into the contracting process. CMMC aims to verify if defense contractors follow cybersecurity standards—crucial for protecting sensitive but unclassified information. Contractors should aim to understand whether they may be required to meet CMMC requirements well before the solicitation.
The proposed Defense Federal Acquisition Regulation Supplement (DFARS) rule lays out a three-year-long “phased rollout” of the CMMC requirements. “The rollout is intended to minimize both the financial impacts to the industrial base, especially small entities, and disruption to the existing DOD supply chain,” it states.
ACEC has concerns about the implications for digital delivery, the impacts of flow-down processes in teaming to form the most qualified offer for Brooks Act (Qualifications-Based Selection) contracts, and the protestable grounds for a self-assessment at contract award, as well as the procedures for notifying the contracting officer within 72 hours of discovering a cybersecurity incident.
On October 15, ACEC submitted comments on the proposed DFARS rule to implement contract requirements. In October, the DOD released the final rule for the CMMC program, containing hundreds of changes to CFR Part 32. CMMC could be a foundational requirement for A/E companies looking to do business with the DOD. ACEC plans additional feedback and educational sessions prior to CMMC language appearing in DOD solicitations, as soon as early 2025. For more information on the CMMC program, visit: https://bit.ly/40lup1p. Please share your thoughts with the Federal Agencies & Procurement Advocacy Committee, staffed by the new ACEC Vice President for Federal & International Programs Bradley Saull at bsaull@acec.org.
Earlier in 2024, both the Senate and House of Representatives passed Water Resources Development Act (WRDA) bills with overwhelming bipartisan support and were working to negotiate a final bill to send to the president’s desk before the end of 2024. The House bill passed by a vote of 359-13 on July 22, and the Senate followed by passing a WRDA bill unanimously in that chamber by a voice vote on August 1.
The ACEC-backed WRDA bill authorizes flood control, navigation, hurricane and storm damage reduction, and ecosystem restoration projects of the U.S. Army Corps of Engineers and is typically enacted every two years. The bills passed by both houses of Congress build on previous WRDA laws, with some differences. The Senate bill, named after the retiring Chairman of the Senate Environment & Public Works Committee, Tom Carper (D-Del.), authorizes 13 new or modified construction projects and 83 new feasibility studies. The House bill authorizes 12 projects and 161 new feasibility studies.
Both the House and Senate bills include provisions to improve the transparency of environmental reviews and improve project delivery for Army Corps projects. Specifically, the House bill requires the Army Corps to track NEPA documents through an online permitting dashboard, and the Senate bill requires timely updates to the Army Corps’ “permit finder.” ACEC supports improving the Army Corps’ processes for permitting and project delivery, which will help reduce delays in the time it takes to complete Corps projects.
Notably, the House WRDA bill also reauthorizes the Federal Emergency Management Agency’s National Dam Safety Program through 2028. ACEC supported the inclusion of this important reauthorization in the WRDA bill, which will ensure that funding remains available to reduce the risks associated with a dam failure across the country.
ACEC continues to support the enactment of WRDA laws every two years to ensure the timely authorization of Army Corps studies and projects. ACEC will continue to engage with Congress as both chambers work to get WRDA 2024 over the finish line.
For legislative news, visit ACEC’s Last Word blog online at www.acec.org.