On December 27, 2020, the Economic Aid to Hard-Hit Small Businesses, Nonprofits, and Venues Act opened up the Paycheck Protection Program (“PPP”) to additional organizations and authorized a second draw of PPP loans.  The U.S. Small Business Administration (“SBA”) has issued guidance on changes to the original Program and new second draw loans, and the Program has been partially reopened for both first and second draw loans as of January 13, 2021.  Loans will initially only be available through community financial institutions, but SBA has indicated that additional lenders will once again be able to participate in the Program on January 15, 2021, with a full reopening scheduled for January 19, 2021.

Similar to the Program’s original rollout, a number of questions remain with respect to SBA’s implementation of the Act.  SBA is also delaying guidance on changes to loan forgiveness, which may once again place borrowers in the position of taking out loans without knowing whether they will be fully forgiven.  However, SBA has now been managing the Program for almost ten months, and borrowers will hopefully not be subject to the same level of policy shifts and reversals that was experienced during the Program’s original rollout.

The Act makes first and second draw loans available until March 31, 2021, but there is a good chance that all available funds will be allocated before that date.Continue Reading Paycheck Protection Program Expands and Offers Opportunity for Second Draw Loans

As the recent SolarWinds Orion attack makes clear, cybersecurity will be a focus in the coming years for both governmental and non-governmental entities alike.  In the federal contracting community, it has long been predicted that the government’s increased cybersecurity requirements will eventually lead to a corresponding increase in False Claims Act (FCA) litigation involving cybersecurity compliance.  This prediction may soon be proven true, as a December 2020 speech from Deputy Assistant Attorney General Michael Granston specifically identified “cybersecurity related fraud” as an “area where we could see enhanced False Claims Act activity.”  This post discusses recent efforts to use the FCA to enforce cybersecurity compliance — and, based on those efforts, what government contractors may expect to see in the future.
Continue Reading Cybersecurity and Government Contracting: False Claims Act Considerations

If your company delivers technical data to the Department of Defense, you should take a close look at the Federal Circuit’s decision issued yesterday in The Boeing Co. v. Secretary of the Air Force.

The Court acknowledged that contractors may retain ownership and other interests in unlimited rights data, and it held that they may take steps to put third parties on notice of those rights.  In particular, the Court held that, in addition to the standard legends required by the Defense Federal Acquisition Regulation Supplement (“DFARS”), contractors may also include a legend notifying third parties of the contractor’s retained rights.Continue Reading Technically Still Yours: Court Holds that Contractors May Mark Unlimited Rights Data with a Proprietary Legend

Just over a year after launching the Procurement Collusion Strike Force (“PCSF”), the U.S. Department of Justice’s Antitrust Division (“DOJ”) announced new measures to further its pursuit of antitrust and related crimes in government procurement, grant, and program funding.  These changes expand the PCSF’s enforcement capacity and signal DOJ’s enduring—and intensifying—commitment to the PCSF’s mission.

The PCSF has added 11 new national partners: the Department of Homeland Security Office of the Inspector General, the Air Force Office of Special Investigations, and nine new U.S. Attorneys.  As a result, the growing PCSF coalition now includes 29 agencies and offices, including U.S. Attorneys in 22 federal judicial districts; the Federal Bureau of Investigation; and Offices of Inspectors General at six federal agencies.  The PCSF also named the Antitrust Division’s Daniel Glad as the Strike Force’s first permanent director, solidifying the PCSF’s institutional role at DOJ.  Glad previously served as an Assistant Chief at the Antitrust Division’s Chicago Office.
Continue Reading Expansion of the Procurement Collusion Strike Force

As described in an earlier blog post, the Department of Defense (DoD) released an Interim Rule on September 29, 2020 that address DoD’s increased requirements for assessing whether contractors are compliant with the 110 security controls in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 (NIST 800-171).[1]  Under this new Interim Rule, DoD offerors must have a current assessment on file with DoD to document their compliance with NIST 800-171 before they can be eligible to be considered for award.  The Interim Rule specifically requires contractors to ensure that a summary score from an assessment conducted under DoD’s NIST 800-171 Assessment Methodology is submitted into a DoD enterprise application called the Supplier Performance Risk System (SPRS).[2]  We evaluate below how DoD may use the NIST 800-171 assessment scores in SPRS, as well as how updates to SPRS more generally are likely to impact contractors.
Continue Reading How is DoD Planning to Use the Supplier Performance Risk System (SPRS)?

On October 21, 2020 the Department of Labor’s Office of Federal Contract Compliance Programs (“OFCCP”) published a Request for Information (“RFI”) seeking voluntary submissions of workplace diversity and inclusion training information and materials from federal contractors, federal subcontractors, and their employees. The RFI was published pursuant to Executive Order 13950, Combating Race and Sex Stereotyping (“EO”) issued on September 22, 2020, which prohibited certain “divisive concepts” in workplace trainings and instructed OFCCP to solicit information from federal agencies and contractors about the content of their training programs.  The EO also directed OFCCP to establish a hotline to investigate complaints received under the EO, as well as Executive Order 11246. The hotline, and a corresponding email address, were established on September 28, 2020. We provided a full description and explanation of the requirements of the EO here.

Under the new RFI, contractors may submit comments and other information to OFCCP by December 1, 2020, but any submission of information is strictly voluntary.  As discussed below, prior to making any submission, contractors should consider carefully the nuances of the EO and RFI and the potential implications of making a voluntary submission.Continue Reading Department of Labor Requesting Information on Federal Contractor Workplace Diversity Training

Under the False Claims Act’s (“FCA”) first-to-file bar, “no person other than the Government may intervene or bring a related action based on the facts underlying the pending action.”  But can a relator amend her complaint to add, remove, or substitute relators without violating the first-to-file bar?  Recently, the Third
Continue Reading Third Circuit Addresses the Scope of the FCA’s First-to-File Bar

On September 29, 2020, the Department of Defense (DoD) released an interim rule that industry hoped would provide clear guidance with regard to DoD’s implementation of its Cybersecurity Maturity Model Certification (CMMC) framework.  The vast majority of the rule focuses on DoD’s increased requirements for confirming that contractors are currently in compliance with all 110 security controls in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 (NIST 800-171).  The interim rule also includes a clause for adding CMMC as a requirement in a DoD contract, but the clause fails to address many of the questions that industry has with regard to implementation of the CMMC program.  The rule becomes effective November 30, 2020.  We have written previously on NIST 800-171 and the CMMC here and here respectively.

DoD has been focused on improving the cyber resiliency and security of the Defense Industrial Base (DIB) sector for over a decade.  The Council of Economic Advisors estimates that malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016.  The interim rule is one of multiple efforts by DoD focused on the broader supply chain security and resiliency of the DIB and builds on existing FAR and DFARS clause cybersecurity requirements.  Increasing security concerns coupled with recent high-profile data breaches have led DoD to move beyond self-certification to auditable verification systems when it comes to protecting sensitive Government information.Continue Reading Department of Defense’s Interim Rule Imposes New Assessment Requirements But is Short on Detail on Implementation of CMMC

On September 22, 2020, President Trump issued the Executive Order on Combating Race and Sex Stereotyping (“EO”) establishing requirements aimed at “promoting unity in the Federal workforce,” by prohibiting workplace training on “divisive concepts,” including “race or sex stereotyping” and “race or sex scapegoating” as newly-defined in the EO.  The EO is broadly applicable to executive departments and agencies, Uniformed Services, Federal contractors, and Federal grant recipients.  The EO expands on a letter issued in early September by the Director of the Office of Management and Budget (“OMB”) that directed all agencies to begin to identify contracts or other agency spending on trainings that include “critical race theory,” “white privilege,” or “un-American propaganda,” in an effort to ensure “fair and equal treatment of all individuals in the United States.”

Following the EO, on September 28, 2020, OMB issued a Memorandum for the Heads of Executive Departments and Agencies (the “Memo”) with additional guidance aimed at assisting agencies in identifying diversity and inclusion trainings for agency employees that may be subject to the EO.  The Memo suggests that agencies conduct keyword searches of training materials for specific terms, such as “intersectionality,” “systemic racism,” and “unconscious bias.”  Although the Memo primarily explains the terms of the EO, it also provides additional insight concerning the breadth of agency trainings that may ultimately be considered to violate the terms of the EO, which are described below.

Although the EO is likely to be subject to legal challenge (as more fully discussed below), federal contractors, including subcontractors and vendors, could be subject to the compliance requirements outlined below as soon as November 21, 2020.
Continue Reading President Trump Issues Executive Order Prohibiting “Divisive Concepts” in Federal Contractor Trainings

On August 13, 2020, the Office of Management and Budget (OMB) released new revisions to its Guidance for Grants and Agreements set forth under 2 CFR (commonly referred to as the Uniform Guidance).  The Uniform Guidance governs the terms of federal funding issued by agencies, including grants, cooperative agreements, federal
Continue Reading New Section 889 Restrictions Included in Updated Uniform Guidance Regulations from the Office of Management and Budget