Skip to content

Menu

LexBlog, Inc. logo
NetworkSub-MenuBrowse by SubjectBrowse by PublisherJoin the NetworkGet StartedSubscribeSupport
Contact Us
Search
Close

Cybersecurity and acquisition reforms in the FY 2016 National Defense Authorization Act

By Charles Fleischmann on January 6, 2016
Email this postTweet this postLike this postShare this post on LinkedIn
151211-D-HV319-001

The National Defense Authorization Act for Fiscal Year 2016 [pdf], signed into law just before Thanksgiving, authorizes $607 billion for Department of Defense activities in FY 2016. It also implements a number of acquisition reforms intended to enhance the Government’s cybersecurity efforts and streamline the various acquisition regulations.  Here we break down some of the key acquisition provisions:

  • Rapid acquisition authority for cyber attacks. Section 803 of the 2016 NDAA expands the DoD’s ability to employ rapid acquisition procedures established under the 2003 NDAA to enhance its ability to respond to combat emergencies and urgent operational needs. Under Section 803, rapid acquisition procedures may now be used to acquire “needed offensive or defensive cyber capabilities, supplies, and associated support services” to respond to a cyber attack that “has resulted in critical mission failure, the loss of life, property destruction, or economic effects.” The term “cyber attack” is broadly defined as including any “deliberate action to alter, disrupt, deceive, degrade, or destroy computer systems or networks or the information or programs” in those systems. Acquisitions made pursuant to this authority are subject to an aggregate limit of $200 million in each fiscal year.
  • U.S. Cyber Command acquisition authority and liability protection for cybersecurity contractors. In addition to expanding DoD’s rapid acquisition authority to deal with cyber attacks, Section 807 of the NDAA provides new limited acquisition authority for the Commander of the United States Cyber Command (CYBERCOM). The Commander is authorized to procure “cyber operations-peculiar equipment and capabilities,” subject to an annual limit of $75 million for each fiscal year from 2016 through 2021. Section 1647 of the NDAA also requires the evaluation of cyber vulnerabilities of all major DoD weapons systems by the end of 2019. Section 1641 of the NDAA provides enhanced liability protection for reporting cyber incidents for both “cleared” and “operationally critical” contractors, so long as there is no willful misconduct.

  • Streamlining acquisition regulations. Another major thrust of the 2016 NDAA was streamlining the acquisition process and eliminating redundant and duplicative requirements. Section 809 of the NDAA requires that the Secretary of Defense establish a nine-member advisory panel consisting of experts in acquisition and procurement policy, the objective of which is to review the DoD’s acquisition regulations and provide recommendations for streamlining the procurement process. The panel has 2 years to provide a final report of its recommendations and must provide interim reports at the 6-month and 18-month marks.
  • Cost overrun penalty. The 2016 NDAA also emphasizes the need to monitor costs on major defense acquisition programs and to hold the DoD accountable for cost overruns. Under section 828 of the NDAA, beginning in FY 2015, the Secretary of each military department “shall pay a penalty for cost overruns” experienced on certain major defense acquisition programs.  Cost overruns are defined as the difference between the current program acquisition cost and the program acquisition cost shown in the original baseline estimate.  The penalty for cost overruns in a given fiscal year is 3% of the cumulative amount of overruns on all of the covered major defense acquisition programs for the respective military department.
  • Other acquisition provisions of note. Section 816 of the NDAA raises the special emergency procurement threshold from $250,000 to $750,000 for purchases inside the U.S., and from $1 million to $1.5 million for purchases outside the U.S. Additionally, section 867 of the NDAA allows small businesses to better compete for large contracts by requiring that more weight be given to the past performances of teams and joint ventures. Congress also considered increasing several other acquisition thresholds, but those changes were omitted from the language that became law.

Related entries—

Six contracting policy changes in the FY 2015 National Defense Authorization Act (Dec. 15, 2014)

Procurement reforms in the FY 2014 National Defense Authorization Act (Jan. 12, 2014)

DoD’s new cybersecurity rules on unclassified “controlled technical information” (Jan. 8, 2014)

A look at the whistleblower protections in the 2013 NDAA (Mar. 17, 2013)

More contractor oversight in the 2012 National Defense Authorization Act (Dec. 23, 2011)

Photo of Charles Fleischmann Charles Fleischmann

Charles provides legal counsel to businesses and executives facing government investigations and also assists companies with their compliance needs prior to the government becoming involved. Charles has represented clients before the Department of Justice, Federal Bureau of Investigation, Congress and other regulatory and

…

Charles provides legal counsel to businesses and executives facing government investigations and also assists companies with their compliance needs prior to the government becoming involved. Charles has represented clients before the Department of Justice, Federal Bureau of Investigation, Congress and other regulatory and enforcement agencies. In addition, he advises clients regarding corporate compliance and tailored training on issues including cyber security, data privacy, the Foreign Corrupt Practices Act and campaign finance compliance. Finally, Charles also assists companies conducting internal investigations.

Read more about Charles FleischmannEmail
Show more Show less
  • Posted in:
    Government Contracts
  • Blog:
    The Contractor's Perspective
  • Organization:
    Husch Blackwell LLP
  • Article: View Original Source

Call us at 1-800-913-0988 or email sales@lexblog.com.

Facebook LinkedIn Twitter RSS
  • About LexBlog
  • The Field We Built
  • Our Beliefs
  • Our Team
  • Contact LexBlog
  • Disclaimer
  • Editorial Policy
  • Terms of Service
  • Get Started
  • Publishing Solutions
  • Compass
  • Submit a Request
  • Support Center
  • System Status
Copyright © 2026, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo