Preparing for the Rollout of the Cybersecurity Maturity Model Certification: It Is All about the Timing

Michael Joseph Montalbano

The Department of Defense (“DoD”) is expected to begin rolling out the Cybersecurity Maturity Model Certification (“CMMC”) program later this year. As a brief refresher, the CMMC is a certification system implemented by DoD to protect Controlled Unclassified Information (“CUI”) and other sensitive contract information. There are five CMMC levels of ascending sophistication. The most common CMMC levels are expected to be Level 1 and Level 3. Level 1 will require contractors to put into place basic safeguarding practices to protect federal contract information. Level 3 will require contractors to put into place more stringent safeguarding practices that are designed to protect CUI. Contractors receive their CMMC after they pass an assessment by a CMMC Third Party Assessment Organization (“C3PAO”) or an individual assessor.

Although DoD will not fully implement the CMMC program until 2026, more and more contracts will require offerors to hold a CMMC demonstrating that their organizations have implemented the necessary cybersecurity controls. A nightmare scenario for any defense contractor is to find itself unable to compete for a lucrative DoD contract due to insufficient time to obtain the required CMMC before proposal deadlines. Fortunately, the Accreditation Body (“AB”) that is responsible for rolling out the CMMC program has provided estimated timelines for contractors seeking a CMMC. Continue reading “Preparing for the Rollout of the Cybersecurity Maturity Model Certification: It Is All about the Timing”

Recent and Possible Executive Orders on Drug Pricing: What You Need to Know

Merle M. DeLancey Jr.

On July 24, 2020, President Trump signed three Executive Orders aimed at lowering prescription drug costs and increasing patients’ access to life-saving medications. A fourth Executive Order was discussed, which could reduce the prices Medicare Part B pays for drugs based upon international prices, unless the pharmaceutical industry implements measures in the next 30 days. Leaving politics and rhetoric aside, below are the key facts regarding the Executive Orders.

First Executive Order: Access to Affordable Life-Saving Medications

The Order: Click here to view the Order.

Effective Date:  July 24, 2020

Purpose: Requires Federally Qualified Health Centers (“FQHCs”) to pass on the discounted prices they pay for insulin and epinephrine to low income patients. FQHCs are federally funded, community-based health care providers serving low income patients and underserved areas. Under the Health and Human Services’ (“HHS”) 340B Drug Discount Program, drug manufacturers charge FQHCs statutorily discounted prices, sometimes as low as $0.01, for drugs including insulin and epinephrine. But FQHCs are not required to pass on the discounted prices to their patients. This Executive Order requires FQHCs to make insulin and epinephrine available to their patients at the price paid by the FQHC. The FQHC is permitted to charge a minimal administration fee. Continue reading “Recent and Possible Executive Orders on Drug Pricing: What You Need to Know”

Part B Interim Rule Bans Contractors from Using Covered Technology Starting August 13th: 5 Steps for Meeting the Compliance Deadline

Justin A. Chiarodo, Merle M. DeLancey, Jr., and Robyn N. Burrows

We previously discussed key elements of the newly released interim rule (“the interim rule” or “the rule”) implementing Part B of Section 889 (“Part B”), which prohibits the federal government from contracting with entities that use certain Chinese telecommunications equipment. This post provides a more detailed analysis of the scope and application of the rule, as well as five compliance recommendations given the impending August 13th deadline.

Rule Applies to All Contracts Effective August 13, 2020

Part B applies to all solicitations, options, and modifications on or after August 13th, including contracts for commercial items, commercially available off-the-shelf (COTS) items, and contracts at or below both the micro-purchase and simplified acquisition thresholds. Like it did with respect to Part A, GSA intends to issue a Mass Modification requiring contractors to certify compliance with Part B. GSA has also released Q&As and FAQs to assist contractors with Part B implementation. The interim rule acknowledges that Part B will have a broad impact across contractors in a range of industries, including healthcare, education, automotive, aviation, and aerospace. The rule, however, does not apply to federal grant recipients (which are subject to a separate rulemaking). Continue reading “Part B Interim Rule Bans Contractors from Using Covered Technology Starting August 13th: 5 Steps for Meeting the Compliance Deadline”

Our Clarion Call: Join Us in the ABA’s 21-Day Racial Equity Habit Building Challenge

Dominique L. Casimir and Justin A. Chiarodo

This will not be a typical Government Contracts Navigator post. But it concerns an issue as important to the government contracts bar as any new law, regulation, or judicial decision. We all have stories about how we came to practice in this vibrant field, which plays such a critical role in protecting our nation and advancing the public policies of the United States—including due process, fair competition, and equal opportunity. But we cannot ignore the reality that the great diversity of the government contracts law practice is not well-reflected in our bar of practitioners.

The events of recent weeks have led us to think hard about we what can do to help achieve greater racial diversity in our practice area. As lawyers, we typically solve the most complex problems we face by developing creative teams whose members are open to learning, collaborating, and communicating. That is why, as a practice group, we’ve jumped at the chance to participate in the ABA Section of Public Contract Law’s 21-Day Racial Equity Habit Building Challenge (the “21-Day Challenge”). We believe that the 21-Day Challenge gives us an opportunity to learn, collaborate, and communicate with one another on one of the most pressing and important challenges in our professional lives: creating and maintaining a diverse and inclusive government contracts bar. Our practice group is “all in,” and we invite you to join us as we answer the ABA Section of Public Contract Law’s invitation to participate in the 21-Day Challenge. Continue reading “Our Clarion Call: Join Us in the ABA’s 21-Day Racial Equity Habit Building Challenge”

Stars III: Critical Proposal Issues Addressed by Industry Experts

On July 21, 2020, Blank Rome Government Contracts Partner Albert B. Krachman presented a webinar with PW Communications, Inc. Founder and CEO Phyllis Orenstein Bresler to address the recently released GSA STARS III Solicitation, a Multiple Award, IDIQ contract to provide information technology (“IT”) services and IT services-based solutions. The webinar addressed issues that potential offerors should consider when formulating a compliant, well-written, and compelling proposal response. The contract ceiling for STARS III is $50 billion over five years, with the potential to grow.

The recent cancellation of the Alliant 2 Small Business Contract positions STARS III as one of the premier acquisition vehicles for federal IT acquisitions.

The webinar:

  • Identified opportunity areas, risk issues, RFP ambiguities, open questions, and key concepts.
  • Addressed Solicitation Sections L and M and presented lessons learned from the trenches.

Click here to view a recording of the webinar, and here to view the presentation slides.

Newly Released Interim Rule Implementing Part B of Section 889

Justin A. Chiarodo, Merle M. DeLancey Jr., and Robyn N. Burrows

On July 10, the government issued the    long-awaited Interim Rule implementing Part B of Section 889 (here is a link to the pre-publication version, with the official version soon to follow). Part B prohibits the federal government from contracting with entities that use certain Chinese telecommunications equipment (previously discussed in our blog posts here and here). The Interim Rule is 86 pages and addresses issues related to compliance with Part B, as well as clarifying aspects of Part A.

These are the key points federal contractors need to know:

  • Effective Date: The effective date remains August 13, 2020. The ban applies to solicitations, options, and modifications on or after August 13. However, as we previously discussed, the Department of Defense may allow its contractors more time to comply, despite the statutory deadline.
  • Required Representation: An offeror must represent that, after conducting a reasonable inquiry, it does/does not use covered telecommunications equipment/services.
    • “Reasonable inquiry” means an inquiry designed to uncover any information in the entity’s possession about the identity of the producer or provider of covered telecommunications equipment or services used by the entity. An internal or third-party audit is not required.
  • Scope of “Use”: Applies to the contractor’s use of covered technology, regardless of whether it is used to perform a federal contract. Thus, a contractor’s commercial operations are included.
  • Affiliates/Subsidiaries: The required representation is not applicable to affiliates or subsidiaries at this time. The FAR Council is considering whether to expand the scope of the representation/prohibition to cover an offeror’s domestic affiliates, parents, and subsidiaries. If expanded, it would be effective August 13, 2021.
  • Subcontractors: The ban and required representation are not applicable to subcontractors at this time. The ban only applies at the prime contractor level and does not include a flow down obligation.
  • Detailed Waiver Process: The Interim Rule includes a detailed and complex process for seeking a waiver (really a two-year delayed application).
  • Suggested Compliance Steps: The Interim Rule suggests contractors adopt a “robust, risk-based compliance approach” to include educating personnel on the ban and implementing corporate enterprise tracking to identify covered equipment/services.

Regulators are still seeking feedback from industry, which suggests the government’s willingness to incorporate changes in a final rule. But prime contractors need to act now. In the next 30 days, prime contractors need to determine through a “reasonable inquiry” whether they use covered equipment, regardless of whether that use relates to performance of a federal contract. To demonstrate a reasonable inquiry, contractors should memorialize all steps taken and decisions made in performing the inquiry.

A more detailed analysis is forthcoming. In the meantime, if you have any questions regarding compliance, please contact one of Blank Rome’s Government Contracts practice group attorneys for guidance.

Tricare Providers Are Not Federal Subcontractors

Merle M. DeLancey, Jr.

The Office of Federal Contract Compliance Programs (“OFCCP”) ended a long-running controversy by issuing a final rule stating that healthcare providers participating in the TRICARE military healthcare program are not federal subcontractors. TRICARE provides healthcare benefits to uniformed service members, retirees, and their families. In its final rule, the OFCCP, which enforces anti-discrimination laws as to government contractors, states that it does not have authority to enforce regulatory obligations in Executive Order 11246, Section 503 of the Rehabilitation Act of 1973, and the Vietnam Era Veterans’ Readjustment Assistance Act of 1974, including affirmative action obligations, with respect to TRICARE providers.

Controversy regarding the status of TRICARE providers as potential federal subcontractors began in 2007 when OFCCP first asserted its authority over an Orlando, Florida, hospital serving TRICARE beneficiaries. Years of litigation ensued. In 2011, Congress sought to resolve any confusion by including a provision in the National Defense Authorization Act for Fiscal Year 2012 barring the OFCCP from asserting jurisdiction over a healthcare provider based on TRICARE participation.

Notwithstanding Congress’ clear intent to foreclose OFCCP’s further assertions of jurisdiction based solely on TRICARE, the agency continued its enforcement efforts. Eventually, perhaps seeing the writing on the wall, in 2014, the agency implemented a five-year moratorium on enforcement actions against TRICARE providers. In 2018, OFCCP extended the moratorium an additional two years during which, in November 2019, the agency initiated a proposed rulemaking leading to its final rule issued earlier this month.

The OFCCP’s final rule makes clear, for now, that TRICARE providers are not required to comply with certain employment protections involving race, sex, and other characteristics, including implementing affirmative action plans. In the final rule, the agency states that even if it had authority over TRICARE providers, it would grant a national interest exception for the providers.

According to the agency, the final rule gives certainty to more than 87,000 healthcare providers regarding their legal obligations and aims to improve access to medical care for veterans and their families, increase cost savings for TRICARE providers, and allocate the agency’s limited resources more efficiently.

The final rule only applies to healthcare providers under the TRICARE program. To the extent a healthcare provider has a separate federal prime contract or subcontract, it is still subject to the agency’s rules and regulations. Thus, if you are a TRICARE provider, you can breathe a sigh of relief but you must remain vigilant regarding direct contracts with other federal agencies and, more importantly, scrutinize whether subcontracts involving federal healthcare programs, other than TRICARE, could nonetheless make you a federal subcontractor subject to OFCCP’s rules and regulations and other Federal Acquisition Regulations. Our previous guidance in this area can be found in our blog post, Who Is a Subcontractor under a Federal Government Contract? 

Recovering COVID-19 Costs Where Section 3610 of the CARES Act Does Not Apply

Stephanie M. Harden

The financial relief offered to contractors under Section 3610 of the Coronavirus Aid, Relief, and Economic Security Act (“CARES Act”) is limited to contractors who: 1) cannot perform work at their approved sites due to site closures, and 2) cannot telework. For contractors that do not meet these two conditions, the traditional Request for Equitable Adjustment (“REA”) and claims processes are still available and may permit recovery of some cost increases due to COVID-19.

Below we provide a brief refresher of key considerations for contractors considering COVID-related REAs or claims. Of course, the particular facts and terms of each contract will ultimately determine whether cost increases are recoverable.

What Types of Costs May Be Recovered?

Costs stemming from COVID-19 may be recoverable under several Federal Acquisition Regulation (“FAR”) clauses:

  • The Changes Clause (g., FAR 52.243-1): A wide array of costs may fall under the Changes clause, such as costs stemming from government direction to alter or stagger work hours, provide additional personnel, use more costly procedures, use procedures requiring additional training for personnel, provide personal protective equipment, or perform additional cleanings. A recent Department of Defense Memorandum is instructive as to how such costs are likely to be viewed, advising that contracting officers should consider whether such costs are “reasonable to protect the health and safety of contract employees as part of the performance of the contract.”
  • The Stop Work Order Clause (FAR 52.242-15): Costs stemming from the government’s direction to stop work will generally be recoverable under this clause. As discussed in our previous blog post, this may include the cost of “idle time” where employees are unable to access work sites, potentially providing some relief to contractors who are not covered by Section 3610 of the­ CARES­­ Act. Arguably, this clause should cover situations in which employees cannot work due to government-required quarantine procedures or government-caused delays, even if the work site is technically open—though this remains an open issue.
  • The Government Delay of Work Clause (FAR 52.242-17): Where the government causes a delay, the costs stemming from such a delay, such as increased material costs, may be recoverable under this clause.

Notably, while the Excusable Delays clause (e.g., FAR 52.249-14) excuses a contractor’s failure to perform for reasons including “epidemics” and “quarantine restrictions,” this clause does not provide financial relief, but rather, provides a basis for excusing what might otherwise give rise to a termination for default.

What Is the Difference between an Equitable Adjustment and a Claim?

A claim is a formal written demand subject to the detailed procedures set forth in the Contract Disputes Act (“CDA”). Once a claim is made, the Contracting Officer must issue a final decision within 60 days (or, for claims over $100,000, provide a firm date by which a final decision will be issued), which may be appealed to the Boards of Contract Appeals or the Court of Federal Claims. Claims must include a “sum certain”—i.e., the amount of damages being claimed—and claims of $100,000 or more must be certified by the contractor as current and accurate.

An REA is generally considered less adversarial than a claim and is not subject to a formal disputes process. There is no set timeline for resolution of an REA; however, if an REA is not resolved satisfactorily, it can be converted into a claim.

In the context of COVID-related costs, there are advantages and disadvantages of both options.  The less formal REA process provides agencies more leeway as they work to coordinate internally on how to address costs relating to COVID-19, which may ultimately be to the benefit of contractors. However, the claims process puts the government “on the clock” and, thus, may result in a faster response. Note that contractors are entitled to interest that accrues while a claim is pending, but not while an REA is pending. As for legal costs, they are allowable when incurred to support an REA, but are unallowable when incurred in support of a claim.

Timing Considerations

Whether a contractor ultimately submits a request for equitable adjustment or claim, it must notify its Contracting Officer of the delay, disruption, or right to an adjustment, with different deadlines depending upon which clause applies. For example:

  • FAR 52.242-15 (Stop Work Order Clause) requires contractors to assert their right to an adjustment within 30 days after the end of the period of work stoppage;
  • FAR 52.242-17 (Government Delay of Work) requires contractors to notify the Contracting Officer within 20 days of the act or failure to act giving rise to the delay; the contractor must also assert the amount of the claim in writing as soon as practicable after the termination of the delay or interruption, but not later than the day of final payment under the contract; and,
  • FAR 52.243-1 (Changes) requires the contractor to assert its right to an adjustment within 30 days from the date of receipt of a written change order. There is an exception “if the Contracting Officer decides that the facts justify it,” where the request is made before final payment of the contract.

Claims are also subject to a six-year statute of limitations.

As COVID-19 issues permeate virtually all aspects of commerce nationally and internationally, we stand ready to help. Blank Rome’s Coronavirus (“COVID-19”) Task Force includes interdisciplinary resources across every business sector.

Adapting JV Proposal Strategies after GAO Downgrade Ruling

Albert B. Krachman

A recent U.S. Government Accountability Office decision involving a Small Business Administration-approved small business joint venture, or JV, suggests that JVs between large and small firms should adjust their proposal strategies to avoid downgrades on past performance when the small business JV member, and the JV itself, lack relevant past performance.

Background

Proposing on a set-aside contract as an SBA-approved JV between a small and large business has been an effective strategy for many years. A basic assumption of this approach—and a primary motivation for using a JV structure—has been that an agency evaluating the JV’s past performance would normally look at the combined past performance of the JV members.

In many respects, this evaluation assumption has been a main motivation for using the JV structure, in contrast to a prime-subcontractor structure.

Typically, the large business JV member will have greater and more relevant past performance than the small business. The thinking had been that the JV structure would allow both members to leverage the large JV partner’s past performance for evaluation purposes by imputing the large business’ past performance to the JV.

However, the recent GAO bid protest decision in ProSecure LLC calls this assumption into doubt, suggesting the need for adjustments to proposal strategies for large and small firms in JVs or that plan to use JVs.

To read the full article, please click here.

“Adapting JV Proposal Strategies after GAO Downgrade Ruling,” by Albert B. Krachman was first published in Law360 on June 17, 2020.

What Does a Potential One-Year Delay for Part B of Section 889 Mean for Your Compliance Efforts?

Justin A. Chiarodo, Merle DeLancey Jr., and Robyn N. Burrows

In remarks to Congress and statements this week, the Department of Defense (“DoD”) announced that it is considering a one-year delay for full implementation of Part B of the Section 889 ban (we previously summarized the ban, which prohibits the government from contracting with entities using certain Chinese telecommunications equipment, here). The ban is currently scheduled to go into effect on August 13, 2020. What does this welcome development mean for contractors? We think it warrants prioritizing near-term compliance efforts to high-risk areas, pending forthcoming rulemaking that will provide needed specifics on the way forward.


During June 10 remarks before the House Armed Services Committee, Undersecretary for Acquisition and Sustainment Ellen Lord expressed the DoD’s full support for the intent of Section 889, but admitted she is “very concerned” about being able to accomplish Part B implementation by August 13. As to whether the DoD can meet the current timeline given COVID-19 disruptions and the lack of an interim rule, Ms. Lord acknowledged that “we need more time” for contractors to comply.

Following the undersecretary’s testimony, the DoD announced that it is considering adding contract language giving its suppliers an additional year to reach full compliance with Part B. Though not final, the DoD’s proposed delay could relieve DoD contractors from full compliance with the impending August deadline. We anticipate this approach would be similar to the phase-in period for compliance with the Defense Federal Acquisition Regulation Supplement Safeguarding and Cyber Incident Reporting clause. It is not yet clear whether the Office of Management and Budget, which currently has the draft interim rule for Part B, will incorporate a delayed implementation into that forthcoming rule.

The DoD also signaled that it is poised to advocate for a more risk-based approach to Part B implementation and rulemaking. During her testimony, Ms. Lord expressed concern with the “unintended consequences” of a minor infraction several layers deep within the supply chain potentially shutting down major portions of the defense industrial base by disqualifying key prime contractors from doing business with the federal government. The DoD suggested that the use of a risk-based approach may be useful to achieve effective implementation. The DoD’s consideration of a risk-based approach indicates that it is equally concerned about its contractors’ ability to comply with a strict application of Part B.

How DoD’s Announcements Inform Compliance Efforts with Part B

Without an interim rule and with less than two months before the statutory August deadline, how should contractors begin implementing Part B? Given the DoD’s recent comments suggesting a risk-based approach, contractors should consider adjusting their Part B implementation efforts using a risk assessment framework, prioritizing high-risk areas. That is, contractors should identify the extent to which telecommunications or video surveillance equipment is used to support government contracts, the nature of that work, and the frequency with which the technology is used.

The nature of the product’s telecommunication function also informs its risk potential. For example, computers, routers, phones, and network equipment can generally be considered a higher priority area than technology that, although technically subject to the ban, presents a moderate to low cybersecurity risk, depending on the nature and frequency of use (e.g., HVAC systems, fax machines, copiers, scanners).

Contractors should also communicate with key suppliers to ensure that they are aware of the rule and are similarly working to prepare for Part B.

Although the DoD’s statements are welcome news—and reflect that the government is mindful of the challenges presented by the ban—the DoD remains committed to Section 889 and contractors should proceed accordingly.