Gov't Contracting Policies To Watch In 2023: A Midyear Report

Bob Huffman and Susan Cassidy’s commentary was included in a Law360 article examining government contracting policies to watch in 2023.

Speaking about the September memorandum from the White House requiring contractors to attest that any new or updated software they sell to agencies is National Institute of Standards and Technology (NIST) compliant, Susan said, "I think this reflects the government's evolving realization that they want more understanding about the commercial products they're using, in addition to the bespoke products ... about what they're buying and what is in what they're buying.”

Another policy contractors should watch is the Office of Management and Budget’s new deadline for collecting critical software attestations, which will be three months after the form is finalized for critical software, and six months for other software.

According to Bob, despite related memoranda from the OMB, there are still important questions regarding how the attestation requirements will be applied, and who they will apply to. "What is a software producer? I don't believe that term is defined in either of the OMB memos. And then, of course, [is] the question of what is 'software'? Both memos use a very broad, but somewhat ambiguous description of software. And then what is a software 'end product' in the context of the definition of software?"

Also left unclear is how software attestations will be collected by agencies and what they will do with the information they collect. Clarity on those important issues might have to wait for a related Federal Acquisition Regulatory (FAR) Council rule, also due later this year, Susan added.