The Department of Defense has issued a memorandum providing guidance on contracting officer’s representative file review requirements and outlining best practices that contracting components should consider implementing.
According to the memo, when controlled unclassified information — a.k.a. CUI — is included in a requirement package, contracting officers, or COs, should assess the extent to which the requiring activity has met its responsibilities for submission of CUI contractor requirements.
DOD has called on COs to ensure that CUI-specific requirements are identified in the quality assurance surveillance plan and ensure that the training, handling and marking requirements on the contractor are tracked by the contracting officer’s representative, or COR, during contractor surveillance.
According to the document, COs should consider the department’s technical experience requirements for CORs who monitor a vendor’s cybersecurity services or accept cybersecurity deliverables. Within six months of contract award, COs should consider initial COR file reviews based on the contract’s value, risks and complexity.
“If any inadequacies are identified during the file review, communicating COR performance deficiencies must be within 30 days of each review to ensure timely corrective action,” the memo reads.
John Tenaglia, principal director of defense pricing and contracting at DOD, signed the memo on Monday.