NIST Releases Fifth Revision of Special Publication 800-53

The National Institute of Standards and Technology (“NIST”) released on August 15, 2017 its proposed update to Special Publication (“SP”) 800-53. NIST SP 800-53, which was last revised in 2014, provides information security standards and guidelines, including baseline control requirements, for implementation on federal information systems under the Federal Information Systems Management Act of 2002 (“FISMA”). The revised version will still apply only to federal systems when finalized, but one of the stated objectives of the revised version is to make the cybersecurity and privacy standards and guidelines accessible to non-federal and private sector organizations for voluntary use on their systems.  Continue Reading

A Summary of the Recently Introduced “Internet of Things (IoT) Cybersecurity Improvement Act of 2017”

On August 1, 2017, a bipartisan group of Senators introduced legislation (fact sheet) that would establish minimum cybersecurity standards for Internet of Things (“IoT”) devices sold to the U.S. Government. As Internet-connected devices become increasingly ubiquitous and susceptible to evolving and complex cyber threats, the proposed bill attempts to safeguard the security of executive agencies’ IoT devices by directing executive agencies to include specified clauses in contracts for the acquisition of Internet-connected devices.

The bill’s provisions leverage federal purchasing power to improve the security of IoT devices by requiring, among other things, IoT device, software, and firmware providers to certify compliance with specified security controls and requirements relating to vulnerability patching and notification, unless such contractors otherwise satisfy one of three waiver requirements.

The bill also directs the Department of Homeland Security (“DHS”) to issue vulnerability disclosure guidance for government contractors; to amend federal statutes, specifically the Computer Fraud and Abuse Act (“CFAA”) and Digital Millennium Copyright Act (“DMCA”), to exempt certain “good faith” activities by cybersecurity researchers; and require all executive branch agencies to maintain an inventory of IoT devices active on their networks.

In addition, the statute would require the Director of the Office of Management and Budget (“OMB”) to issue guidelines to federal agencies consistent with the bill within 180 days of enactment.

The bill is summarized below. Continue Reading

Protecting Intellectual Property as Government R&D Funding Rises

The U.S. Government’s research and development (“R&D”) spending is on the rise.  For instance, the U.S. Government spent $139 billion in on R&D in FY 2015 and approximately $148 billion in FY 2016.  It is slated to spend as much as $154 billion on R&D in FY 2017.  With this funding comes great opportunities for commercial companies, government contractors, and grant recipients to receive funding to support cutting-edge research.  That said, before entering a contract, grant, cooperative agreement, or other type of funding agreement, entities should consider carefully the risks associated with using government funds to support research.  The most recent issue of Landslide (a publication of the American Bar Association’s Section of Intellectual Property Law) details these risks and provides an overview of measures that entities may take to benefit from government funding, while securing the greatest rights possible in any resulting data or inventions.  As discussed in the article, entities should take measures to segregate government-funded research, carefully vet requests for proposals to assess intellectual property clauses, and properly mark deliverables.  Additionally, entities should implement appropriate procedures to ensure inventions are timely disclosed to the government and title to such inventions is elected.  Entities considering accepting government funding and those already engaged in government-funded research would be well advised to consider these and the other topics discussed in the article.  The article can be found here.

Six Takeaways from President Trump’s Executive Order on Assessing Manufacturing and the Defense Industrial Base

[This article was originally published in Law360.]

On July 21, 2017 – and during “Made in America Week” – President Trump issued Executive Order 13806 on “Assessing and Strengthening the Manufacturing and Defense Industrial Base and Supply Chain Resiliency of the United States” (the “Manufacturing EO”).  The Manufacturing EO sets forth a policy stressing the importance of having a “healthy” domestic “manufacturing and defense industrial base and resilient supply chains” to meet “national security” needs.  This policy comes on the heels of President Trump’s April 2017 “Buy American and Hire American” Executive Order (the “Buy American EO”), which announced a policy and action plan to increase U.S. manufacturing capabilities by “maximiz[ing]” the Federal Government’s procurement of “goods, products, and materials produced in the United States.”

The Manufacturing EO calls for a sweeping review and assessment of the strengths and weaknesses of the defense industrial base (“DIB”) and supply chains, and cites the need for the United States “to surge in response to an emergency.”  This review stems from the Administration’s stated conclusion that the “manufacturing capacity and defense industrial base of the United States have been weakened by the loss of factories and manufacturing jobs.”  Although a report on this review is not due until April 2018, the Manufacturing EO’s underlying policies and reporting requirements offer contractors an important glimpse into the Trump Administration “America First” vision and potential impacts on federal procurement.

Continue Reading

Senate Committee Directs DoD to Reduce Drug Prices

In its Report on the National Defense Authorization Act for Fiscal Year 2018, the Senate Armed Services Committee (the “Committee”) included an “Item of Special Interest” directing the DoD to exercise its rights under the Bayh-Dole Act “to authorize third parties to use inventions that benefited from DOD funding whenever the price of a drug, vaccine, or other medical technology is higher in the United States” as compared to prices in foreign countries.  This directive does not have the force of law, and was included as an item of special interest after an amendment to incorporate the clause into the NDAA failed.  However, it represents an example of efforts to use the Bayh-Dole Act to influence drug product pricing.  Continue Reading

Department of State Releases 2017 TIP Report

The Department of State has released its 2017 Trafficking in Persons (“TIP”) Report.  As with prior versions of the annual report, the State Department reviewed efforts made by more than 180 countries to address the minimum Prosecutorial, Protective, and Preventative standards necessary for effective anti-trafficking measures, as these standards are outlined in the United States’ Trafficking Victims Protection Act (“TVPA”).

The release of the report is notable because it can directly impact contractors’ diligence obligations for supply chain review under the Federal Acquisition Regulation (“FAR”) Human Trafficking Rule (located at FAR § 52.222-50).  As we have highlighted in previous articles, for those contractors required to submit compliance plans to the government, such plans should be appropriately shaped to the “nature and scope of activities to be performed for the Government . . .  and the risk that the contract or subcontract will involve services or supplies susceptible to trafficking in persons.”  See FAR § 52.222-50(h)(2)(ii).  Additionally, as set forth in a recent proposed memorandum, which remains the clearest articulation of the government’s views on supply chain diligence obligations to date (covered in a prior post), contractors are expected to take steps to “identify high-risk portions of [their] supply chain[s].”

Continue Reading

Predictability of Outcomes in Discovery Disputes at CBCA Improves During its First Ten Years

In recognition of the decennial anniversary of the U.S. Civilian Board of Contract Appeals (“Civilian Board”), we set out to determine notable trends in Civilian Board practice. Among other things, we identified a recent marked increase in the number of published decisions containing substantial discussions of discovery issues – more than half of the 24 decisions we identified and reviewed were issued in or after 2014. Through the publication of these decisions, the Board has provided important guidance to practitioners who may face the same (or similar) discovery issues in the future. We believe that this trend toward publication should generally result in greater predictability of outcomes in discovery disputes, and therefore should facilitate the resolution of potential discovery disputes more efficiently.

Earlier this month we published an article about this very topic in the Board of Contract Appeals Bar Journal. In our article, we focused our analysis primarily on three interesting decisions that pit statutory requirements related to the disclosure/production of information – the Privacy Act, the Inspector General Act, and the Freedom of Information Act – against the bounds of permissible discovery at the Civilian Board. These three decisions should provide a relatively high degree of outcome predictability in similar cases because of the rigid statutory requirements at issue.

In addition to the link to a PDF of the article above, the full text of the article is available below. Continue Reading

Key Takeaways from Trump Administration Memo on Buy American Laws

[This article also was published in Law360.]

On June 30, 2017, Commerce Secretary Ross and OMB Director Mulvaney issued a Memorandum to Federal agencies regarding the “assessment and enforcement of domestic preferences in accordance with Buy American Laws,” which includes the Buy American Act (“BAA”). Although the Memorandum purports to provide guidance to help agencies implement the vision expressed in President Trump’s April 2017 Buy American Executive Order (E.O. 13788), which we previously analyzed, the Memorandum focuses mostly on what agencies must include in the reports that they are required, under Section 3 of the Executive Order, to submit to the Commerce Department and OMB by September 15. It also offers some clues for contractors about how the Trump Administration plans to implement its “buy American” vision. Continue Reading

GAO: “Reasoned Judgment” Required When Establishing Competitive Range

On May 19, 2017, the U.S. Government Accountability Office (“GAO”) sustained a protest filed by Pinnacle Solutions, Inc. (“Pinnacle”) challenging its exclusion from the competitive range in NASA procurement for aircraft logistics, integration, configuration management, and engineering services.  GAO concluded that NASA had unreasonably evaluated and assigned weaknesses to Pinnacle’s proposal and, as is relevant here, excluded Pinnacle from the competitive range based on “unreasoned distinctions[.]”

The RFP contemplated the evaluation of proposals on two non-price factors: Mission Suitability and Past Performance.  The Mission Suitability factor consisted of three subfactors, Management Approach, Technical Approach, and Safety & Health Approach which were allocated point values of 700, 150, and 150 points, respectively.  Per the source selection plan, the points corresponded to adjectival ratings: an Excellent was worth 91-100 percent of the points, a Very Good was worth 71-90 percent of the points, a Good was worth 51-70 percent of the points, a Fair was worth 31-50 percent of the points, and a Poor was worth 0-30 percent of the points.

NASA received three proposals in response to the RFP.  Pinnacle’s proposal fell between the two others (identified as Offerors A and B).  Pinnacle received a 439 out of a total of 1000 points on the Mission Suitability factor.  Within the subfactors, Pinnacle’s Management Approach and Technical Approach were both rated Fair, receiving 266 points and 68 points, respectively.  Its Safety & Health Approach was rated Good and received 105 points.  Pinnacle was also assessed three strengths, one significant weakness, and eight weaknesses under the Management Approach subfactor, two weaknesses under the Technical Approach subfactor, and a strength and weakness under the Safety & Health subfactor.  Under the Past Performance factor, Pinnacle was found to merit Moderate Confidence.  Pinnacle’s probable cost was determined to be $180.6 million, approximately $10 million less than that of Offeror A, the most expensive offeror.

In establishing the competitive range, the agency excluded Pinnacle, purportedly because it had not received any significant strengths under the management approach or technical subfactors and it was “highly unlikely” that Pinnacle would be able to significantly improve its proposal after discussions.  In contrast, Offeror A, despite having a higher probable cost, was included in the competitive range.  Offeror A’s proposal had received 719 points for the Mission Suitability factor, 280 more than Pinnacle.  In reaching its decision, the agency noted that Offeror A was the “most highly rated” proposal because it had received very good adjectival ratings and a past performance rating of Moderate Confidence.  The agency determined that discussions with Offeror A were needed to address weaknesses and provide price clarifications.

In its protest, Pinnacle argued that the weaknesses assigned to its proposal were unreasonable, that NASA ignored strengths in Pinnacle’s Management Approach, and that Pinnacle should have been included in the competitive range.  GAO agreed, finding that NASA had conducted an unreasonable evaluation of Pinnacle’s proposal, and applied unstated evaluation criteria.

Significantly here, GAO also found that the Agency’s competitive range determination was unreasonable because it was based entirely upon the differences in point scores and adjectival ratings between the offerors.  GAO criticized NASA for failing to “look behind the scores or adjectival ratings, and . . . document a reasoned consideration of the actual evaluation findings or their basis in the proposals.”  In the absence of such consideration, GAO concluded that NASA had acted unreasonably in making a “blanket” determination that Pinnacle’s proposal would not benefit from discussions.

In reaching this decision, GAO reiterated that, while an agency may eliminate a proposal that is not among the most highly rated or does not have a reasonable prospect of award, the agency “may not exclude a technically acceptable proposal from a competitive range without meaningful consideration of the cost or price of the proposal to the government.”  Of note, GAO reiterated that “reasoned judgment” is required to exclude a proposal from the competitive range, and the decision cannot be based on “unreasoned distinctions” like point scores and “unfounded speculation” about the benefit of discussions.

Offerors should take heart from GAO’s decision.  GAO clarified that an agency cannot exclude an offeror from the competitive range without careful consideration of the substantive merits of the proposal, including an evaluation of cost.  Going forward, offerors who have been excluded from the competitive range should make sure to review their debriefings carefully to determine if the agency has met its burden.