Skip to content

U.S. Supply Chains

President Biden recently signed bipartisan legislation reinforcing anti-human trafficking prohibitions. The End Human Trafficking in Government Contracts Act of 2022 builds on the existing anti-human trafficking framework at Federal Acquisition Regulation (“FAR”) § 52.222-50 (Combatting Trafficking in Persons) by requiring agencies to refer contractor reports of potential human trafficking activity directly to an agency suspension and debarment official (“SDO”).  Prior to this legislation, contractors have been required to notify their contracting officer and the agency inspector general upon receiving “[a]ny credible information” that a human trafficking violation had occurred.  See FAR § 52.222-50(d)(1).  Now agencies will be required to refer these reports to their SDOs, creating additional risk for contractors that disclose potential violations. 

This legislation – which passed Congress unanimously – demonstrates the federal government’s ongoing focus on anti-human trafficking matters – a focus that has been shared across presidential administrations.  For instance, in 2015, President Obama significantly expanded the FAR’s anti-human trafficking prohibitions, and in 2019, President Trump sought to undertake a comprehensive review of the government’s anti-trafficking efforts and released a list of “best practices” to guide contractors.  President Biden now joins this ongoing, bi-partisan effort to increase government contractors’ focus on human trafficking by signing the recently-passed legislation.

Despite the federal government’s longstanding efforts to prevent human trafficking in its supply chain, many questions remain concerning how to comply with the requirements.  Below are three of the most common questions we encounter in applying the FAR’s anti-human trafficking provision:Continue Reading New Law Increases Government Scrutiny of Contractor Compliance with Anti-Trafficking Provisions

On September 8 and 9, top trade officials of the United States and the other Indo-Pacific Economic Framework (“IPEF” or “Framework”) partner countries—Australia, Brunei Darussalam, Fiji, India, Indonesia, Japan, Republic of Korea, Malaysia, New Zealand, Philippines, Singapore, Thailand and Vietnam—launched formal negotiations in Los Angeles.

This marked the first in-person ministerial-level meeting since the IPEF launched on May 23, 2022 and follows three informal meetings since May 2022, the latest event being the virtual ministerial on July 26-27, discussed in detail in our previous post.

The Los Angeles ministerial involved intensive discussions on what to include in the scope of the Framework. Ultimately, the IPEF partners reached consensus on ministerial statements for each of the four IPEF framework pillars: Trade, Supply Chain, Clean Economy, and Fair Economy. All 14 IPEF partners have joined three of the pillars, and 13 joined the fourth—with just India opting out of the Trade pillar. While this near unanimous support for the four pillars is certainly a positive sign, the real work begins now.

This blog post summarizes how the ministerial statements characterize the four pillars and outlines next steps for the Framework and key remaining questions.

Takeaways from the Ministerial Statements

The ministerial statements confirmed the four pillars of negotiation and provided added clarity on the scope and content of each pillar. While the statements add little to the substance, they indicate a political commitment among the partners to the Framework.Continue Reading IPEF Partners Adopt Ministerial Statement and Negotiation Objectives

This is the tenth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the secondthirdfourthfifthsixthseventheighth, and ninth blogs described the actions taken by various Government agencies to implement the EO from June 2021 through January 2022, respectively.

This blog summarizes key actions taken to implement the Cyber EO during February 2022.  As with steps taken during prior months, the actions described below reflect the implementation of the EO within the Government.  However, these activities portend further actions in March 2022 that are likely to impact government contractors, particularly those who provide software products or services to government agencies.

NIST Publishes Guidance to Federal Agencies on Practices to Enhance Supply Chain Security When Procuring Software

Section 4(e) of the Cyber EO requires the National Institute of Standards and Technology (NIST) to publish guidelines on practices for software supply security for use by U.S. Government acquisition and procurement officials.  Section 4(k) of the EO requires the Office of Management and Budget, within 30 days of the publication of this guidance (or March 4, 2022), to “take appropriate steps to require that agencies comply with such guidelines with respect to software procured after the date of the EO.  Section 4(n) of the EO states that within one year of the date of the EO (or May 12, 2023), the Secretary of Homeland Security…shall recommend to the FAR Council contract language requiring suppliers of software available for purchase by agencies to comply with, and attest to complying with, any requirements issued pursuant to subsections (g) through (k) of this section.”

NIST issued the Supply Chain Security Guidance called for by Section 4(e) of the EO on February 4, 2022.  The Supply Chain Security Guidance states that it “provides recommendations to federal agencies on ensuring that the producers of software they procure have been following a risk-based approach for secure software development throughout the software life cycle,” and that “[t]hese recommendations are intended to help federal agencies gather the information they need from software producers in a form they can use to make risk-based decisions about procuring software.”  The scope of the Supply Chain Security Guidance is expressly limited to “federal agency procurement of software, which includes firmware, operating systems, applications, and application services (e.g., cloud-based software), as well as products containing software.”  The Guidance further provides that “the location of the implemented software, such as on-premises or cloud-hosted, is irrelevant,” and also excludes open source software and software developed by federal agencies.  However, open-source software that is bundled, integrated, or otherwise used by software purchased by a federal agency is within the scope of the Guidance.

The Supply Chain Security Guidance defines minimum recommendations for federal agencies as they acquire software or a product containing software:

  1. Use the Secure Software Development Framework (SSDF) terminology and structure to organize communications about secure software development requirements.
  2. Require attestation to cover secure software development practices performed as part of processes and procedures throughout the software life cycle.
  3. Accept first-party attestation of conformity with SSDF practices unless a risk-based approach determines that second or third-party attestation is required.
  4. When requesting artifacts of conformance, request high-level artifacts.

Continue Reading February 2022 Developments Under President Biden’s Cybersecurity Executive Order


Continue Reading Biden Administration 100-Day Supply Chain Assessment: Insights for Pharmaceutical Manufacturers

The American Rescue Plan, signed into law last month, includes $1.9 trillion in economic stimulus, healthcare, and related funding.  And just last week the Biden administration released an infrastructure proposal, the American Jobs Plan, that includes $2.3 trillion in transportation, connectivity, power, and other critical infrastructure investments.Contractors are


Continue Reading U.S. Senators Propose Trade-Pact Waivers Amidst Focus on Domestic Preference Laws

On February 24, 2021, President Biden signed an Executive Order entitled “Executive Order on America’s Supply Chains” (the “Order”). Among other things, the Order is an initial step toward accomplishing the Biden Administration’s goal of building more resilient American supply chains that avoid shortages of critical products, facilitate investments to
Continue Reading President Biden Directs Broad Review of America’s Supply Chains