Georgia Tech Procurement Assistance Center

Contractors must update EEO poster

By

Replacing the “EEO is the Law” poster is not optional.

The Equal Employment Opportunity Commission issued a new “Know Your Rights” poster, which updates and replaces the “EEO is the Law” poster.

The EEOC’s equal employment opportunity poster has long been a required poster for federal contractors, and the Office of Federal Contract Compliance Programs did not take long to alert contractors that this new poster is mandatory and must be displayed to applicants and employees.

Continue reading at: JD Supra

SBA scorecard shows federal government continues to prioritize small business contracting

By

The U.S. Small Business Administration (“SBA”) recently released its annual Procurement Scorecard, demonstrating the federal government’s continued prioritization of small business contracting and subcontracting. In 2021, the government awarded $154.2 billion dollars in federal prime contracts – an increase of $8.5 billion over the prior year – with at least an additional $72 billion in small business subcontracts – a decrease of $10.8 billion from the prior year. These subcontracting figures continue the trend from prior years, which may lead to increased scrutiny of small business subcontracting plans to reverse the perceived decline. (In 2020, small business subcontracting decreased by an estimated $7.9 billion). Overall, the government yet again exceeded the service-disabled veteran-owned small business goal of 3%, and more than doubled the small disadvantaged business goal of 5%, but continued to struggle to meet the 5% women-owned small business and 3% HUBZone small business goals. The SBA released these figures in its FY 2021 Small Business Procurement Scorecard, available here.

Continue reading at: JD Supra

The risk of organizational conflicts of interest

By

In the first two parts of this series, we have summarized what constitutes an Organizational Conflict of Interest (“OCI”) in government procurements and discussed OCIs’ importance in the bid protest arena.  But lest you think that, having passed the protest hurdle, you are now free from all harm caused by having an OCI, we now address potential post-award liability stemming from undisclosed and unmitigated OCIs.  Contractors found to have undisclosed and unmitigated OCIs, that either existed before award or arose thereafter, can face a variety of bad outcomes—contract termination, suspension or debarment, and liability for fraud under the False Claims Act (“FCA”). Recall that OCIs come in three forms:

  1. Unfair Competitive Advantage – when a contractor obtains confidential or proprietary government information not accessible to competitors
  2. Impaired Objectivity – when contract performance could affect a contractor’s other financial interests
  3. Biased Ground Rules – when a contractor helps design the statement of work or other solicitation requirements for a future procurement for which they ultimately submit a proposal

Continue reading at: JD Supra

The gap widens between COFC and GAO on late is late rule

By

We all know that failure to submit your bid proposal on time typically results in rejection.  But what if you submitted your proposal on time and the agency’s server rejects the submission without bothering to inform you?  And what if the basis for rejection was an undisclosed limitation within a server on email size?  Does such delay qualify as an exception to the “late is late” rule?  The answer depends on which forum you ask.

Continue reading at:  JD Supra

 

OMB releases guidance related to small business goals

By

The Office of Management and Budget (OMB) released guidance on December 2, 2021, implementing Executive Order 13985, “Advancing Racial Equity and Support for Underserved Communities through the Federal Government” (EO).  The EO directs agencies to readily make available federal contracting opportunities to all eligible vendors and to remove barriers preventing underserved individuals and communities from entering into procurement opportunities.

Additionally, President Biden has set a goal to increase the share of contracts awarded to small, disadvantaged businesses (SDBs) to 15% by 2025.  Below are five actions all federal agencies are instructed to take to help increase spending to government contractors in underserved communities.  Small businesses should be attentive to how these actions will result in new opportunities for them in 2022.

Continue reading at:  JD Supra

Are verbal agreements good enough for government contractors?

By

Long gone are the days of verbal agreements over a friendly handshake.  Now a contractor needs a written contract to ensure payment for services rendered.  However, what if no paperwork exists proving the client authorized additional work?  Can a contractor still get paid?  The answer is maybe.  If the contractor can find enough non-documentary evidence to show the person who verbally requested the work has actual authority to enter into contracts on behalf of the client, a contractor may be able to recover payment under an implied-in-fact contract.

What is an implied-in-fact contract?  Implied-in-fact contracts are based on the situation’s facts, circumstances or conduct of the parties involved, which creates an obligation between the two parties.  For example, if a contractor is paid for something each week but it is not in writing, the contractor may be able to claim they have a contract with the other party and a reasonable expectation that they will be paid for their service going forward.

In the below motion against the contractor’s appeal, the Marine Expeditionary Force Training and Experimentation Group within the U.S. Marines’ Advisor Training Cell (Client) motioned the Armed Services Board of Contract Appeals (ASBCA) for a summary judgment, essentially requesting the contractor’s appeal be thrown out.

Continue reading at: JD Supra

OMB issues guidance on impact of injunction on government contractor vaccine mandate

By

The Office of Management and Budget has quickly issued guidance on the impact of the recent federal court ruling enjoining the Biden Administration’s federal contractor vaccine mandate.  The guidance, as reported on the Safer Federal Workforce Task Force website, states for existing contracts that include Executive Order 14042 implementing language:

The Government will take no action to enforce the clause implementing requirements of Executive Order 14042, absent further written notice from the agency, where the place of performance identified in the contract is in a U.S. state or outlying area subject to a court order prohibiting the application of requirements pursuant to the Executive Order . . .

Continue reading at:  JD Supra

CMMC 2.0 simplifies requirements but raises risks for government contractors

By

With the announcement of a revamped Cybersecurity Maturity Model Certification (known as CMMC 2.0), for the third time in five years, the U.S. Department of Defense (DOD) announced new, comprehensive cybersecurity standards for government contractors and subcontractors to ensure the protection of sensitive unclassified information, that is, Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).  By referring to the new cybersecurity standard as CMMC 2.0, the DOD implicitly recognizes the likelihood of future versions at an unknown cost to the Defense Industrial Base (DIB).

Nevertheless, version 2.0, which was released after a seven-month review by the Biden Administration, reflects the DOD’s assessment of the DIB’s concerns and reflects the DOD’s efforts to streamline and improve upon its earlier version after criticisms aimed at its cost and complexity.  Specifically, CMMC 2.0 collapses CMMC 1.0’s five tiers to three simplified tiers that are based on the cybersecurity framework implemented and that are devoid of additional CMMC-unique practices and processes.  CMMC 2.0 also will allow “annual self-assessment with an annual affirmation by DIB company leadership” for Level 1 and part of the new bifurcated Level 2 (formerly Level 3).  Otherwise, an independent third-party assessment or government-led assessment will be required.

Besides CMMC 2.0, contractors with CUI are also required to comply with Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7019 and 252.204-7020.  Collectively, these clauses require contractors to enter their compliance with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 into DOD’s Supplier Performance Risk System (SPRS).  DOD will identify medium- and high-risk contracts and perform independent assessments of contractor compliance with NIST SP 800-171 and whether a contractor’s compliance matches what it inputted into SPRS.  Contractors should also be mindful as to whether these disclosures match their prior acceptance of contracts with DFARS 252.204-7012, which required full compliance with NIST SP 800-171.

The return of self-assessment, which was the bedrock of the first DOD cybersecurity standards set out in DFARS 252.204-7012 and whose failure led to the development of CMMC 1.0., creates substantial risks to DIB companies and their leadership.  The U.S. Department of Justice (DOJ) recently announced a new Civil Cyber-Fraud Initiative that emphasized the use of the False Claims Act (FCA), 31 U.S.C. § 3729 et. seq., to bring civil action against government contractors who knowingly misrepresented their cybersecurity practices and protocols.  The FCA allows the government to recover treble damages and permits qui tam suits, which allow whistleblowers to receive a portion of the monies recovered by the government.  In addition, other regulatory agencies have brought enforcement actions for alleged false certifications concerning compliance with agency-required cybersecurity standards.  Thus, the risk of a DOJ investigation or a qui tam suit connected with a DIB company’s self-assessment affirmation is very real, and this announcement – coupled with self-certification options in CMMC 2.0 – should not been seen as a coincidence. Nevertheless, companies can reduce such risks with appropriate cybersecurity policies and a culture of compliance.

Continue reading at:  JD Supra

OFCCP launches contractor portal initiating AAP verification program

By

On December 2, 2021, OFCCP announced the launch of its new “Contractor Portal,” which “[c]overed federal contractors and subcontractors (“contractors”) must use … to certify, on an annual basis, whether they have developed and maintained an affirmative action program for each establishment and/or functional unit, as applicable.”

The Contractor Portal will also serve as a “secure portal for scheduled contractors to submit to OFCCP their Affirmative Action Program(s) during compliance evaluations.”

This development has been years in the making, initiated by a 2016 GAO report criticizing OFCCP for having no process for ensuring contractors were preparing their affirmative action programs (“AAPs”) annually, and comes over three years after former Director Craig Leen announced OFCCP’s intention to create an AAP verification program.

Continue reading at:  JD Supra

Changes coming to DOD’s Cybersecurity Maturity Model Certification under CMMC 2.0

By

On November 17, 2021, the U.S. Department of Defense (DOD) published an Advanced Notice of Proposed Rulemaking (ANPRM) previewing significant changes to its Cybersecurity Maturity Model Certification (CMMC) program.

The revamp, “CMMC 2.0,” promises a more streamlined and flexible system for defense contractors and their suppliers to comply with CMMC and DOD’s cybersecurity expectations, with practical changes coming into effect between 9 and 24 months from now.

CMMC 2.0 is DOD’s response to a months-long internal review spurred by more than 850 public comments in response to DOD’s September 2020 “CMMC 1.0” interim rule.  While DOD pursues the forthcoming rulemakings, it intends to suspend current CMMC piloting efforts and has stated it will not include CMMC requirements in DOD solicitations.

Contractors should continue, however, to adhere to the existing cybersecurity “assessments” framework, focusing on compliance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 controls and required Basic Assessments.

Continue reading at: JD Supra

Contracting News

Read More

Contracting Tips

Read More

GTPAC News

Read More

Georgia Tech News

Read More