Current Trends in DOD Acquisition
On June 26th join WPI, the NCMA WI Chapter, and James Hasik for a webinar on current trends in DOD acquisition.   Mr. Hasik is a senior fellow at the Center for Government Contracting in the School of Business at George Mason University, and a senior fellow at the Scowcroft Center on Strategy and Security at the Atlantic Council. Since September 2001, he has been studying global security challenges and the economic enterprises that provide the tools to address them.
His blog can be found at: .
In this webinar James Hasik will talk about 3 trends within the US Department of Defense that relate to investing in the Human Capital of Acquisition:
* The pricing of intellectual capital 
* The "middle tier" authorities of the 2017 NDAA 
* The USAF's Kessel Run group.
Join us for this exceptional opportunity to learn from a very insightful, thought-provoking and engaging national researcher.

6 Tips for Successful Joint Venture Agreements

Overview of the FAR
Learn More
Cybersecurity: Protect Your Company from Major Threats
Eau Claire
Learn More

2nd Annual Building Your Business - Developing the Tools for Growth & Success for Native & Tribal Small Businesses
Hales Corners
Learn More

Acquisition Hour: 6 Tips for Successful Joint Venture Agreements

On June 19th, dial in for this webinar that will cover the ins-and-outs of joint venture agreements and identify key tips for ensuring that your joint venture agreements work for you.
The webinar will cover:
  • How to find the right JV partner
  • The various ways of structuring the JV
  • The most important elements of the JV agreement
  • What to be aware of if something goes wrong during the JV relationship
The presenter will be Steven Neeley, Partner, in the Washington, D.C. office of Husch Blackwell

Marketplace, October 23-24, 2019
Awards have been expanded to include Wisconsin based minority, woman and service-disabled veteran-owned businesses certified by any of the following:  
  • State of Wisconsin Supplier Diversity Program (MBE, WBE, DVB)
  • State of Wisconsin Unified Certification Program -DBE (WisDOT, Milwaukee County, Dane County, City of Madison)
  • North Central Minority Supplier Diversity Council (NCMSDC)
  • Women's Business Enterprise Council (WBENC)
  • U.S. Veteran Administration (Vets First Verification Program)

Federal Acquisition Regulation (FAR) Website
The official electronic location of the Federal Acquisition Regulation (FAR) is at  Many contractors have used the USAF website, to access the FAR.  If you are one of those businesses, please note that the USAF website will be transitioned to the GSA's site by September 20, 2019.  Acquisition professionals and contractors will have a single website at to access and search the Federal Acquisition Regulation (FAR) and supplemental regulations.  For additional assistance or information, please contact Carol Murphy at or at 414-270-3600.
Employee Recruitment Fees
The Federal Acquisition Regulation (FAR) prohibits contractors and their subcontractors from charging employees or potential employees recruitment fees.  Employers can still pay recruitment fees, however, costs cannot be borne by the employee.  A new rule, dated January 22, 2019, added a standardized definition of "recruitment fees" to FAR subpart 22.17 and the associated clause 52.222-50, identifying the types of fees that contractors, subcontractors, and their employees or agents are prohibited from charging under the Government policy on combating trafficking in persons.  Recruitment fees include, but are not limited to, charges for testing and training, regardless of how they are imposed or collected.  Charging for visas and security clearance checks are also banned.  This rule applies to all entities that are contractors or subcontractors on US Government contracts.  For additional assistance or information, please contact Carol Murphy at or at 414-270-3600. is moving  
On June 14, 2019 is moving here and will be called Wage Determinations. You can see the transition video here: . NOTE: is not the authoritative source for WDs until after June 13. Contact Kim Garber at if you have questions regarding the transition.   
13th Annual Wisconsin Government Opportunities  
Business Conference (GOBC)
In Partnership with Volk Field ANG and Fort McCoy   
The 13th Annual Wisconsin Government Opportunities Business Conference (GOBC), previously the Volk Field/Fort McCoy Small Business Conference, is scheduled for July 30th and 31st at Volk Field in Camp Douglas, Wisconsin. Businesses from the Midwest will have the opportunity to participate in two days of technical training with a focus on Infrastructure Opportunities, Information Security, Manufacturing and Teaming.
Attendees will have the opportunity to hear from and meet with regional experts, leaders of the community, potential customers and potential partners. All businesses including Small, Large, Disadvantaged, HUBZone, Minority-Owned, Woman-Owned, Veteran-Owned and Service-Disabled Veteran-Owned firms will benefit from this event.

Cybersecurity Capability Model Certification(CMMC) - announced May 2019 by DOD 
This certification is intended to be a single standard for all DoD contracts in the very near future (2020-2021). The issue is that the current measures required by DAFRS 252.204-7012 do not seem to be preventing the loss of sensitive technical data. Companies self-attest that they are compliant but without inspections and certification by a third-party, the effectiveness of these programs cannot be measured and the result of these efforts is unknown. The loss of sensitive data creates a threat to our national security and places our armed forces at greater risk. The loss (the theft) of our scientific data, technology and TDP's helps our adversaries who use it to create advanced weapons systems and strengthen their overall military capabilities. In short, they know what we know. Their weapons systems can do what ours can do and they achieve this capability without expending the time, effort and resources to make these discoveries. It's a very real short-cut that is likely changing the balance of power on the battlefield.
At this time there is very little information available concerning what the CMMC will entail. Indications are that the certification will be just that a certification. Any defense contractor will be required to implement the program as required, undergo an inspection and achieve certification to be eligible for DoD contracts. Companies that fail to rigorously pursue and maintain their program will likely face more severe consequences if there is a cyber incident than a company that has an incident but has made every effort to create the strongest possible program.
It is also speculated, that because these new requirements are being specified that costs associated with these efforts will be allowable.
Over the past year there have been several articles/reports related to this topic. Many have identified DoD supply chain as a "weak link" the "soft underbelly." These type of articles seem to point in the direction that something has to be done. A change is needed. Two other indicators that changes will be occurring in the near future are first, this initiative is being led by Katie Arrington, Special Assistant to the Assistant Secretary of Defense for Acquisition. Ms. Arrington reports to Ellen Lord, Under Secretary of Defense for Acquisition and Sustainment. So this effort has significant visibility and attention. The second indicator, as reported this week in Inside Defense ( is that "House authorizers want more information from the Defense Department on efforts to secure the defense industrial base from cyber threats and protect technology critical to national security, as lawmakers are concerned the department is not synchronizing its activities." DoD will be required to submit a report by May 2020. Given that the roll-out of the CMMC is estimated to be sometime in 2020-2021, the roll-out may be tied to the May report and may be presented as a pro-active measure.
Naturally the business question is - will it be worth my time and effort to pursue certification under the CMMC? What will be my ROI? Every company needs to ask this question but first should develop their go / no-go criteria. One question, that needs to be answered is - in today's world market with a very dynamic cyber environment, can you afford not to develop and implement a robust and evolving cyber-security posture and systems. What do your commercial customers think/require? Something else to consider is what impact such a certification may have upon DoD's Industrial Base. Will it shrink or expand? As a result will there be more or less opportunities? Another article published by Inside Defense mentions that "The House Armed Services seapower and projection forces subcommittee is seeking information from the Navy about the industrial base's ability to achieve the service's current goal of a 355-ship fleet." While the growth of the fleet can be viewed as one measure of contracting opportunities for Defense Contractors, the 2020 defense policy bill that was adopted on June 4, 2019 "would mandate the Navy secretary present a report detailing how the service "plans to manage the need to grow the shipbuilding workforce as it builds to a 355-ship Navy." Needing to grow the workforce can also be viewed as a measure of future opportunity for interested, capable, prepared and responsible companies.
WPI will continue to monitor these evolving changes and will provide updates. We would also ask all our readers to share feedback with us as you see, hear or come-across articles or other information related to cyber policies and/or CMMC. If you would like to share information on these or related topics please use our infosec mailbox -
The National Security Agency (NSA) has released a cybersecurity advisory for CVE-2019-0708-a vulnerability dubbed BlueKeep. Although Microsoft has issued a patch, potentially millions of machines are still unpatched and remain vulnerable.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review NSA's news release and advisory, Microsoft Security Response Center's " A Reminder to Update Your Systems to Prevent a Worm", and Microsoft Customer Guidance for CVE-2019-0708.
CISA recommends patching the affected operating systems:
DOD SBIR Announcement 
DODs Broad Agency Announcements (BAA) for SBIR19.2 and STTR 19.B are open - announcements close July 1 2019