Letter to DOD: Interim Rule, Defense Federal Acquisition Regulation Supplement: Network Penetration Reporting and Contracting for Cloud Services
The U.S. Small Business Administration’s Office of Advocacy (Advocacy) submits the following comments in response to the Department of Defense’s interim final rule, “Defense Federal Acquisition Regulation Supplement: Network Penetration Reporting and Contracting for Cloud Services (DFARS Case 2013-D018).”[1] Advocacy believes DOD has underestimated the substantial number of small businesses affected by this rulemaking and the significant economic impact of compliance. Advocacy recommends that DOD include small businesses serving as prime contractors and as subcontractors in their estimation of the number of impacted small entities. Advocacy also recommends that DOD consider alternatives, such as collaborating with universities or other organizations to provide low-cost cybersecurity services to small businesses, or providing a one-time subsidy to small businesses to help cover the cost of initial consultations with third-party vendors.