This is the eighth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the second, third, fourth, fifth, sixth, and seventh blogs described the actions taken by various government agencies to implement the EO from June through November 2021. This blog summarizes the key actions taken to implement the Cyber EO during December 2021.  Although the actions described below implement different sections of the Cyber EO, each of them portends further actions in February 2022 that are likely to impact government contractors, particularly those who provide software products or services to federal government agencies.

Continue Reading December 2021 Developments Under President Biden’s Cybersecurity Executive Order

The Department of Defense (DoD) released key documentation relating to Cybersecurity Maturity Model Certification (CMMC) 2.0 over the past several weeks, including (1) a CMMC 2.0 Model Overview document, (2) CMMC Self-Assessment Scopes for Level 1 and 2 assessments/certifications, (3) CMMC Assessment Guides for Level 1 and 2 attestations/certifications, and (4) the CMMC Artifact Hashing

Addressing climate change has been a priority for President Biden since his first day in office.  On December 8, 2021, President Biden continued that focus by issuing Executive Order (EO) 14057, Catalyzing Clean Energy Industries and Jobs Through Federal Sustainability, which includes a number of requirements directed at introducing sustainability to federal acquisitions.

This most recent EO announces an administration policy to achieve net-zero emissions from federal procurement by 2050 and comes on the heels of the public comment period extension to January 13, 2022 in response to EO 14030, Climate-Related Financial Risk.  Although the administration will likely be rolling out additional sustainability requirements in the coming months, contractors currently have an opportunity to help shape an initial requirement that may end up effectively establishing an environmental, social, and governance or “ESG” reporting requirement.
Continue Reading Contractors Have an Opportunity to Help Shape ESG Requirements

On December 27, 2020, the Economic Aid to Hard-Hit Small Businesses, Nonprofits, and Venues Act opened up the Paycheck Protection Program (“PPP”) to additional organizations and authorized a second draw of PPP loans.  The U.S. Small Business Administration (“SBA”) has issued guidance on changes to the original Program and new second draw loans, and the Program has been partially reopened for both first and second draw loans as of January 13, 2021.  Loans will initially only be available through community financial institutions, but SBA has indicated that additional lenders will once again be able to participate in the Program on January 15, 2021, with a full reopening scheduled for January 19, 2021.

Similar to the Program’s original rollout, a number of questions remain with respect to SBA’s implementation of the Act.  SBA is also delaying guidance on changes to loan forgiveness, which may once again place borrowers in the position of taking out loans without knowing whether they will be fully forgiven.  However, SBA has now been managing the Program for almost ten months, and borrowers will hopefully not be subject to the same level of policy shifts and reversals that was experienced during the Program’s original rollout.

The Act makes first and second draw loans available until March 31, 2021, but there is a good chance that all available funds will be allocated before that date.


Continue Reading Paycheck Protection Program Expands and Offers Opportunity for Second Draw Loans

Late last year, a spokesman for the Department of Defense announced without fanfare that the agency would increase audits of certified cost or pricing data under the Truth in Negotiations Act (“TINA”).  While the full effect of that enhanced focus on TINA compliance remains to be seen, a recent decision by the Armed Services Board of Contract Appeals (“ASBCA”) provides helpful guidance for navigating upcoming TINA audits and defending against defective pricing claims, particularly in situations involving an on-going program where documents contain both facts and judgmental estimates.

Continue Reading With Potential New TINA Audits on the Horizon, the ASBCA Provides a Helpful Primer on Defending Against Defective Pricing Claims

Two notices recently published in the Federal Register indicate the Federal Emergency Management Agency (“FEMA”) intends to exercise Defense Production Act (“DPA”) authority in novel ways during the current coronavirus pandemic.

On May 12th, FEMA announced that it plans to invoke DPA authority which permits the President to consult with representatives of industry, business, financing, agriculture, labor, and other interests in order to enter into voluntary agreements or plans of action to help provide for the national defense.

The following day, FEMA published the Emergency Management Priorities and Allocations System (“EMPAS”) regulations governing FEMA’s use of DPA priorities and allocations authority — which, as we’ve previously covered on several occasions, permit the executive branch to require private companies to prioritize its orders and allocate resources in the private sector as needed to promote the national defense.  FEMA included a new concept of third-party rated orders in its version of DPA regulations.
Continue Reading FEMA Continues to Push Defense Production Act Authority On Several Fronts

As the fallout from COVID-19 continues, federal contractors in every industry are seeing significant impacts on their ability to perform, ranging from scheduling delays to supply chain interruptions and increased costs of performance.  We previously addressed the rules and regulations governing excusable delays, which permit a contractor to avoid default if a failure to perform arises from causes beyond its control.  This next post addresses key FAR provisions that may entitle a contractor to a price adjustment or other recovery due to changes in contract requirements as a result of the pandemic.

Continue Reading Can I Recover the Added Costs of Work Caused by COVID-19?

Earlier this month, the Government Accountability Office (“GAO”) sustained a bid protest challenging the agency’s decision to exclude the protester from consideration based on a potential organizational conflict of interest (“OCI”).  The GAO decision serves as a reminder that an offeror that is excluded from a competition on the basis of a perceived OCI can challenge that decision in a protest before GAO.  And although GAO will give the agency a fair amount of deference, it will nonetheless sustain a protest where it concludes that the agency’s decision was unreasonable.

Continue Reading In Archimedes Bid Protest, Government Contractor Takes on Herculean Task of Challenging the Agency’s OCI Determination, and Wins

On April 24, 2018, the Department of Defense (DoD) issued a Notice and Request for Comment on draft guidance that DoD proposes for assessing contractors’ System Security Plans (SSPs) and their implementation of the security controls in NIST Special Publication (SP) 800-171. This includes assessments as part of source selection decisions and during contract performance. DFARS 252.204-7012 requires defense contractors to provide “adequate security” for networks where covered defense information (CDI) is processed, stored, or transmitted. Adequate security means, “at a minimum,” implementing NIST SP 800-171. To demonstrate implementation or planned implementation of the security controls in NIST SP 800-171, contractors must describe in a SSP how the security requirements have been implemented and develop plans of action and milestones (POA&M) that describe how any unimplemented security requirements will be met.
Continue Reading Draft DoD Guidance on SSPs and NIST SP 800-171 – Impact on Bid Protests and Ongoing Contract Performance

GSA recently announced it is supporting an Inspector General investigation into alleged, third-party fraudulent activity in the System for Award Management (“SAM”). The GSA announcement suggests that fraudulent SAM accounts may have been used to divert certain federal payments to unauthorized bank accounts. The announcement does not elaborate on the scope of potentially impacted entities or the amount of misdirected payments at issue. GSA has advised impacted entities to validate their SAM registration and confirm their financial information. Although GSA has indicated it has or will reach out to impacted entities, contractors would be well advised to confirm independently the accuracy of their current SAM registration.

Continue Reading Fraudulent SAM Accounts Lead to More Complicated SAM Registration Requirements