[This article was originally published in Law360.]

Amidst the whirlwind of M&A activity in the government contracts industry, a recent bid protest decision from the Government Accountability Office (GAO) highlights the importance of proper planning to protect prime contract proposals during M&A and other corporate transactions.  Last month, GAO denied a protest from ICI Services Corporation (ICI), which challenged the U.S. Navy’s decision to award a task order to Serco, Inc. (Serco) under the SeaPort Next Generation (SeaPort-NxG) vehicle.  Although ICI raised a “multitude of challenges,” GAO focused on what it considered the gravamen of ICI’s protest — that Serco was ineligible for award because it allegedly was not a complete successor-in-interest to the Naval Systems Business Unit (NSBU) of Alion Science and Technology Corporation (Alion).  Serco had acquired the NSBU from Alion in July 2019, and has been operating the NSBU in the several months since then.

For years, contractors have faced an amalgamation of protest decisions assessing the impact of transactions on proposals for new prime contracts.  The recent ICI decision provides some additional guidance and, more importantly, underscores GAO’s stated intent that its decisions not frustrate pending proposals merely because a corporate transaction has taken place or is expected to take place, but instead ensure that the procuring agency has reasonably considered the impact of the transaction and concluded that the resulting contract will be performed in materially the same way as described in the proposal.  In the absence clear guidance in the Federal Acquisition Regulation (FAR) on the treatment of bids in connection with a corporate transaction, GAO’s decision in ICI offers some clarity for contractors and a framework for agencies when assessing the impact of a transaction.  Although every transaction and proposal is unique, the ICI decision highlights some key considerations for contractors.
Continue Reading Buying a Business Without Losing the Pipeline: Further Guidance for Protecting Proposals

On November 9, 2021, the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body (AB) hosted a one hour Town Hall focused on CMMC Version 2.0.  Matthew Travis, CEO of the CMMC AB; Jesse Salazar, Deputy Assistant Secretary of Defense for Industrial Policy; David McKeown, Deputy Department of Defense (DoD) Chief Information Officer for Cybersecurity (DCIO(CS)) and DoD’s Senior Information Security Officer (SISO); and Buddy Dees, Director of CMMC, DoD gave prepared remarks and answered questions during the session.

According to Mr. Salazar, CMMC Version 2.0 has been in the making for the past 8 months, and takes into account the over 850 public comments DoD received regarding CMMC 1.0.  Mr. KcKeown explained that CMMC 1.0 may have been too broad and its requirements “too onerous” especially on small and medium sized contractors.  He described CMMC 2.0 — and its use of three levels rather than five levels in CMMC 1.0 — as being based on more of a risk based approach than the original CMMC because it is primarily focused on the type of data being protected.


Continue Reading CMMC Accreditation Body Hosts Town Hall Regarding CMMC 2.0

UPDATE: DoD withdraws the unpublished Advanced Notice of Proposed Rulemaking

On November 5, 2021, an Editorial Note was added to the Federal Register stating “An agency letter requesting withdrawal of this document was received after placement on public inspection. The document will remain on public inspection through close of business November 4, 2021. A copy of the agency’s withdrawal letter is available for inspection at the Office of the Federal Register.”   The reason for the Department of Defense withdrawal of the unpublished Advanced Notice of Proposed Rulemaking was not provided.
Continue Reading DoD Outlines Significant Changes to CMMC with Version 2.0

In a December 2020 speech, Deputy Assistant Attorney General Michael Granston warned that cybersecurity fraud could see enhanced enforcement under the False Claims Act (“FCA”).  On October 6, 2021, Deputy Attorney General Lisa Monaco announced that the Department of Justice (“DOJ”) would be following through on that warning with the launch of the DOJ’s Civil Cyber-Fraud Initiative.  The key component of the initiative is the use of the FCA against Government contractors and subcontractors that fail to comply with cybersecurity requirements, including information security standards and cyber incident reporting obligations, imposed by contract, statute, or regulation.

Under the FCA, the Government can recover treble damages and penalties from federal contractors and subcontractors that knowingly submit false claims for payment.  Notably, the FCA incentivizes private citizens (relators), including contractor employees, to file qui tam suits on behalf of the Government by guaranteeing them between 15 and 30 percent of the recovery.  DOJ stated that it intended to work with federal agencies, subject matter experts, and law enforcement partners on the Civil Cyber-Fraud Initiative.  Recently, Assistant Attorney General Brian Boynton confirmed that this initiative was also intended to incentivize relators and the aggressive relators’ bar to focus their attention on potential cybersecurity noncompliance as the basis for qui tam actions.


Continue Reading DOJ Announces New Civil Cyber-Fraud Initiative

This blog continues Covington’s review of important deadlines and milestones in implementing the Executive Order on Improving the Nations’ Cybersecurity (E.O. 14028, or the “Cyber EO”) issued by President Biden on May 12, 2021.  Previous blogs have discussed developments under the Cyber EO in June 2021 and July 2021.  This blog focuses on developments affecting the EO that occurred during August 2021.

The Cyber EO requires federal agencies to meet several important deadlines in August 2021.  These deadlines are in the areas of enhancing critical software supply chain security, improving the federal government’s investigative and remediation capabilities, and modernizing federal agency approaches to cybersecurity.  In addition, the National Institute of Standards and Technology (“NIST”) took several significant actions related to supply chain security in August 2021, not all of which were driven by deadlines in the Cyber EO.  This blog examines the actions taken by federal agencies to meet the EO’s August deadlines as well as the NIST actions referred to above.


Continue Reading August 2021 Developments Under President Biden’s Cybersecurity Executive Order

The FAR explains that the Government must accept or reject work as “promptly as practicable after delivery.”  FAR 52.246-2(j).  But what if the contractor knows its work is not compliant, but has asked the agency for a deviation from the contract’s terms?  A recent decision from the ASBCA provides guidance on this tough but not uncommon issue.

Continue Reading Accepting What You Can’t Change: ASBCA Holds that an Agency Must Accept Non-Conforming Goods After Waiting to Consider a Deviation

Government contractors should take note of the Fifth Circuit’s June 30, 2021 decision in Taylor Energy Co. v. Luttrell, which reaffirmed that contractors can enjoy a broad immunity from third-party liabilities—known as “derivative sovereign immunity,” or “Yearsley immunity.” Yearsley immunity emanates from Yearsley v. W.A. Ross Const. Co., an 80-year-old Supreme Court decision, which established that a contractor is immune when (i) it performed acts pursuant to a valid authorization of Congress and (ii) the contractor did not exceed the scope of that authority.

In Taylor Energy, the court dismissed claims arising out of an oil spill containment project in the Gulf of Mexico. The basic claim in the suit was that the contractor failed to effectively remediate and contain the oil. The Fifth Circuit found that the government: (i) provided direction to the contractor through the statement of work, in the form of “goals” and specific contract deliverables and deadlines; and (ii) periodically met with the contractor and reviewed and approved the work during performance. Based on these core facts, the court held the contractor was immune. The court held that it was irrelevant that the statement of work was “barebones,” and that the contractor—rather than the government—designed certain elements of the remediation effort. Following the Fourth Circuit’s 2018 decision in Cunningham v. GDIT, the Taylor Energy decision is another appellate court victory for contractors in the wake of the Supreme Court reaffirming Yearsley’s core principles in Campbell-Ewald Co. v. Gomez.


Continue Reading Fifth Circuit Reaffirms Breadth of Yearsley Immunity For Government Contractors

On April 27, 2021, President Biden signed an Executive Order entitled “Increasing the Minimum Wage for Federal Contractors” that will raise the hourly minimum wage for federal contractors to $15.00 effective January 30, 2022.  This Executive Order builds on Executive Order 13658 (“Establishing a Minimum Wage for Contractors”), issued by President Obama in 2014, which first implemented an hourly minimum wage of $10.10 for covered federal contractors.[i]

Continue Reading Government Contractors Should Prepare Now for the $15 Per Hour Minimum Wage

On February 24, 2021, President Biden signed an Executive Order entitled “Executive Order on America’s Supply Chains” (the “Order”). Among other things, the Order is an initial step toward accomplishing the Biden Administration’s goal of building more resilient American supply chains that avoid shortages of critical products, facilitate investments to maintain America’s competitive edge, and

If your company delivers technical data to the Department of Defense, you should take a close look at the Federal Circuit’s decision issued yesterday in The Boeing Co. v. Secretary of the Air Force.

The Court acknowledged that contractors may retain ownership and other interests in unlimited rights data, and it held that they may take steps to put third parties on notice of those rights.  In particular, the Court held that, in addition to the standard legends required by the Defense Federal Acquisition Regulation Supplement (“DFARS”), contractors may also include a legend notifying third parties of the contractor’s retained rights.


Continue Reading Technically Still Yours: Court Holds that Contractors May Mark Unlimited Rights Data with a Proprietary Legend