NASA holds contractors to safety, security rules

NASA holds contractors to safety, security rules

By Tony Lee Orr

GCN Staff

NASA contractors will be cashing smaller checks if they fail to maintain safety and security standards under a new contracting rule.

The interim rule, proposed in July of last year, took effect July 13. It revises the NASA Federal Acquisition Regulation Supplement.

Unless comments convince the NASA FAR Council otherwise, the rule will become final in four months, said James A. Dolvin, a NASA procurement analyst.

The amendment requires potential contractors to include risk management plans in their bids whenever the value of a resulting contract is expected to exceed $5 million. In addition, the rule lets contracting officers require vendors to file risk management plans whenever they deem appropriate.

Safety first

The rule gives NASA the right to deny payment to a contractor for any evaluation period during which there is a major security breach or safety failure.

The rule defines a major breach as the compromise of classified information, the illegal transfer of technology, a compromise or denial of information technology services, and any theft, damage or loss to the agency of more than $250,000.

No contracts have been let under the rule, said Jeff Cullen, a NASA procurement analyst. Several contracts that would be affected by the interim rule are working their way through the buying process, he said.

NASA acknowledged in the rule proposal that risk cannot be completely avoided in any project, but because risk is inevitable it must be managed aggressively.

Dolvin noted that critics have said the measure goes against acquisition reform.

'It kind of does,' he said. 'But we need to highlight risk and make sure that risk is given full consideration.'

The Council of Defense and Space Industry Associations of Washington last year slammed the original proposal. In comments sent to NASA, the council called the rule expensive to contractors and intrusive on the part of the space agency.

'Although risk management is an ongoing contractor concern and process that it voluntarily imposes on itself on each program, the proposed rule adds unnecessary bureaucracy and rigidity to the process by imposing additional reporting requirements on the contractor and introducing unprecedented oversight and surveillance by NASA personnel,' the council said.

Under the rule, subcontractors with the potential to earn more than $500,000 also must meet risk management standards set by NASA contracting officers.

Easier rules

The council balked at both the $5 million threshold for contractors and the $500,000 amount for subcontractors. It has urged the space agency to raise the threshold to $100 million for prime contractors and $10 million for subcontractors.

The letter also recommended that NASA strike the clause allowing contracting officers to make risk management requirements whenever they deem necessary.

NASA agreed to let vendors incorporate risk management plans throughout a bid, rather than require that bidders file separate proposals, Dolvin said.

The space agency also took into consideration the association's argument on some safety issues, removing some types of incidents for which a contractor would be penalized, he said.

To view the rule online, go to www.access.gpo.gov. NASA will accept comments through Aug. 14. Statements can be sent via e-mail to jdolvin@mail.hq.nasa.gov.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above