NDAA; National Defense Authorization Act

This past March marked the beginning of a more fulsome required debriefing process for defense contracts.  The Director of Defense Procurement and Acquisition Policy (“DPAP”) issued a class deviation memorandum, effective March 22, 2018, requiring contracting officers to: (1) provide unsuccessful offerors an opportunity to submit additional questions within two days after receiving a debriefing; and (2) hold the debriefing open until the agency delivers written responses.  The class deviation implements Section 818 of the National Defense Authorization Act for Fiscal Year 2018 (“NDAA”).
Continue Reading Any Questions? : Department of Defense Implements FY 2018 NDAA Requirement for Post-Debriefing Q&A Process

On May 4, the Labor Department and Federal Acquisition Regulatory (“FAR”) Council submitted to the White House Office of Management and Budget (“OMB”) their final versions of regulations and guidance (respectively) implementing Executive Order 13673, entitled “Fair Pay and Safe Workplaces” (“FPSW Order”).  The FPSW Order, which requires contractors bidding on government contracts to disclose past violations of any one of at least 14 federal labor laws and their state law counterparts, has been met with harsh criticism from contractors and members of congress since its July 2014 issuance by President Obama.  (See our blog post here for more analysis of the proposed regulations implementing the Order.)  The most recent attack occurred just one week prior to the Labor Department and FAR Council submissions: the House Armed Services Committee adopted an amendment that would exempt the entire Department of Defense (“DOD”) from the FPSW Order.
Continue Reading Battle over “Blacklisting” Order: Obama Administration Moves Forward with Fair Pay Order as House Members Attempt to Exempt DOD

As Congress considers the FY2016 National Defense Authorization Act (NDAA) this week, political enthusiasts can look forward to plenty of minor dramas playing out on the House floor and in Senate committee rooms.  Small businesses might be more excited about a provision of the NDAA that is unlikely to make the headlines: the prospect of a five-year extension of the popular Rapid Innovation Program.

The Rapid Innovation Program was created five years ago as “a collaborative vehicle for small businesses to provide the department with innovative technologies that can be rapidly inserted into acquisition programs that meet specific defense needs.”  Each year, Department of Defense agencies identify pressing operational requirements and publish them in a broad agency announcement.  Interested bidders offer white papers, which Department representatives evaluate on a “go” or “no-go” basis.  Offerors whose white papers receive a “go” rating are invited to submit full proposals for further evaluation and decision.  The program offers funding of up to $3 million over two years.  From FY2011 to FY2015, the GAO estimates that the government will have signed contracts for 435 projects, representing more than $1.3 billion. 
Continue Reading Extending the Rapid Innovation Program

Following Obama’ s February 13, 2015 Executive Order to promote the sharing of cybersecurity risks and incidents between the federal government and the private sector, Congress has introduced a slew of information-sharing legislation.  Such legislation includes the Cybersecurity Information Sharing Act of 2015 (“CISA”), which was marked up and approved 14-1 by the Senate Intelligence Committee in a closed session on March 12.

CISA, which has been met with some criticism in the press, provides for the promulgation of policies and procedures for the voluntary sharing of “cyber threat indicators” among the federal government and the private sector.  The bill defines “cyber threat indicators” as “information necessary to describe or identify –

  • malicious reconnaissance . . .;
  • a method of defeating a security control or exploitation of a security vulnerability;
  • a security vulnerability;
  • a method of causing a user with legitimate access to an information system . . . to unwittingly enable the defeat of a security control or exploitation of a security vulnerability;
  • malicious cyber command and control;
  • the actual or potential harm cause by an incident . . .; or
  • any other attribute of a cybersecurity threat.”

As currently drafted, CISA would apply to contractors in two ways:Continue Reading Controversial Cyber Information Sharing Bill May Impact Government Contractors