The Department of Defense (“DoD”) has issued two Class Deviations that provide defense agencies with greater flexibility when procuring in times of crisis. These Class Deviations allow for the use of simplified acquisition procedures and excuse certain procurement obligations when DoD is responding to a cyber-attack or providing relief in support of domestic or international disasters.

On November 8, 2017, DoD issued Class Deviation 2018-O0001, which expands the types of procurements treated as commercial item acquisitions and exempts acquisitions in support of cyber-attacks, international disaster assistance, and “emergency or major disaster” relief from requirements to (i) comply with item unique identification, (ii) receive two offers, and (iii) limit the use of time and materials contracts. This Class Deviation also delegates authority for determinations relating to these acquisitions from the Secretary of Defense to the various heads of contracting activities within DoD.

There appears to be a typographical error in the attachment accompanying the November 8, 2017 Class Deviation memorandum. FAR section 12.102 permits agencies to treat acquisitions “used to facilitate defense against or recovery from nuclear, biological, chemical, or radiological attack” as an acquisition of commercial items. In the Class Deviation, DoD expands this exception to include defense against cyber-attacks. However, section 212.102 in the attachment leaves off the key phrase “as an acquisition of commercial items.” From context, however, it appears this is what DoD intended.

This Deviation is a follow-up to Class Deviation 2017-O0007, which implements amendments to 41 U.S.C. § 1903 imposed by sections 816 and 1641 of the National Defense Authorization Act (“NDAA”) of 2017. Section 816 increased the micro-purchase threshold (from $5,000 to up to $30,000) and the simplified acquisition threshold (from $150,000 to up to $1.5 million) for acquisitions that “facilitate international disaster assistance or in support of response to an emergency or major disaster.” Section 1641 incorporated cyber-attacks as an additional basis for special emergency procurement authority. These changes also authorize DoD to add cyber-attacks, international disasters, and emergency or major disasters as grounds for procuring up to $13 million in commercial items under simplified acquisition processes pursuant to FAR 13.5.

Together, these changes provide DoD, and it contractors, with greater flexibility to respond to emergencies and times of crisis and subjects contractors to reduced procurement obligations when time is of the essence.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Susan B. Cassidy Susan B. Cassidy

Susan is co-chair of the firm’s Aerospace and Defense Industry Group and is a partner in the firm’s Government Contracts and Cybersecurity Practice Groups. She previously served as in-house counsel for two major defense contractors and advises a broad range of government contractors…

Susan is co-chair of the firm’s Aerospace and Defense Industry Group and is a partner in the firm’s Government Contracts and Cybersecurity Practice Groups. She previously served as in-house counsel for two major defense contractors and advises a broad range of government contractors on compliance with FAR and DFARS requirements, with a special expertise in supply chain, cybersecurity and FedRAMP requirements. She has an active investigations practice and advises contractors when faced with cyber incidents involving government information. Susan relies on her expertise and experience with the Defense Department and the Intelligence Community to help her clients navigate the complex regulatory intersection of cybersecurity, national security, and government contracts. She is Chambers rated in both Government Contracts and Government Contracts Cybersecurity. In 2023, Chambers USA quoted sources stating that “Susan’s in-house experience coupled with her deep understanding of the regulatory requirements is the perfect balance to navigate legal and commercial matters.”

Her clients range from new entrants into the federal procurement market to well established defense contractors and she provides compliance advices across a broad spectrum of procurement issues. Susan consistently remains at the forefront of legislative and regulatory changes in the procurement area, and in 2018, the National Law Review selected her as a “Go-to Thought Leader” on the topic of Cybersecurity for Government Contractors.

In her work with global, national, and start-up contractors, Susan advises companies on all aspects of government supply chain issues including:

  • Government cybersecurity requirements, including the Cybersecurity Maturity Model Certification (CMMC), DFARS 7012, and NIST SP 800-171 requirements,
  • Evolving sourcing issues such as Section 889, counterfeit part requirements, Section 5949 and limitations on sourcing from China
  • Federal Acquisition Security Council (FASC) regulations and product exclusions,
  • Controlled unclassified information (CUI) obligations, and
  • M&A government cybersecurity due diligence.

Susan has an active internal investigations practice that assists clients when allegations of non-compliance arise with procurement requirements, such as in the following areas:

  • Procurement fraud and FAR mandatory disclosure requirements,
  • Cyber incidents and data spills involving sensitive government information,
  • Allegations of violations of national security requirements, and
  • Compliance with MIL-SPEC requirements, the Qualified Products List, and other sourcing obligations.

In addition to her counseling and investigatory practice, Susan has considerable litigation experience and has represented clients in bid protests, prime-subcontractor disputes, Administrative Procedure Act cases, and product liability litigation before federal courts, state courts, and administrative agencies.

Susan is a former Public Contract Law Procurement Division Co-Chair, former Co-Chair and current Vice-Chair of the ABA PCL Cybersecurity, Privacy and Emerging Technology Committee.

Prior to joining Covington, Susan served as in-house senior counsel at Northrop Grumman Corporation and Motorola Incorporated.