Where Are We Going with Section 889 Part B?

Justin A. Chiarodo, Merle M. DeLancey, Jr., and Robyn N. Burrows







About two months have passed since the August 13, 2020, effective date of Part B of Section 889 of the FY 2019 National Defense Authorization Act. Part B, sometimes referred to as the Chinese telecommunications equipment ban, broadly prohibits the federal government from contracting with entities that use certain Chinese telecommunications (including video surveillance) equipment and services.

After the FAR Council published its July 10, 2020, Interim Rule, contractors, large and small, spent countless hours working to be able to certify compliance by August 13. This deadline was critical because the Interim Rule said that absent such a certification, a contractor was ineligible for future contract awards. That is, government agencies were prohibited from renewing or extending existing contracts with contractors unable to certify Part B compliance. Indeed, agencies were prohibited from issuing an order under an existing contract to a contractor that failed to certify compliance.

Yet, despite the Rule’s laudable policy goals, the government’s piecemeal and inconsistent implementation has placed government contractors in an untenable position. Continue reading “Where Are We Going with Section 889 Part B?”

New Department of Defense Regulations Clarify Contractors’ Responsibilities to Comply with NIST SP 800-171 and CMMC Requirements

Robyn N. Burrows and Michael J. Montalbano

On September 29, 2020, the Department of Defense (“DoD”) issued a long-awaited, interim rule to strengthen cybersecurity protections throughout the Defense Industrial Base. The new rule establishes how DoD will assess contractors under current cybersecurity regulations set out by the National Institute of Standards and Technology Special Publication 800-171 (“NIST Requirements”) and the newly established Cybersecurity Maturity Model Certification (“CMMC”) program. The interim rule goes into effect on November 30, 2020; although, as we have discussed in earlier posts, DoD will gradually roll out the CMMC over the next five years.

NIST Self-Assessment Requirements

The first part of the new rule applies to contracts that incorporate DFARS 252.204-7012, which requires contractors and subcontractors that have access to covered defense information to comply with the NIST Requirements. Under the new rule, these entities will need to conduct a “Basic” self-assessment of their compliance with the NIST Requirements, and submit the results of that assessment to DoD through the Supplier Performance Risk System (“SPRS”). Contractors will need to update this self-assessment every three years or sooner if required by a contract. Starting November 30, 2020, contractors will not be eligible for new contracts (including task orders and delivery orders) or for options on existing contracts, unless the self-assessment score is posted on SPRS. DoD expects that it will take 30 days from submission to have the self-assessment score posted on SPRS, so it is important for contractors to submit their assessment at least 30 days prior to the November 30, 2020 implementation date. Continue reading “New Department of Defense Regulations Clarify Contractors’ Responsibilities to Comply with NIST SP 800-171 and CMMC Requirements”

Part B Interim Rule Bans Contractors from Using Covered Technology Starting August 13th: 5 Steps for Meeting the Compliance Deadline

Justin A. Chiarodo, Merle M. DeLancey, Jr., and Robyn N. Burrows

We previously discussed key elements of the newly released interim rule (“the interim rule” or “the rule”) implementing Part B of Section 889 (“Part B”), which prohibits the federal government from contracting with entities that use certain Chinese telecommunications equipment. This post provides a more detailed analysis of the scope and application of the rule, as well as five compliance recommendations given the impending August 13th deadline.

Rule Applies to All Contracts Effective August 13, 2020

Part B applies to all solicitations, options, and modifications on or after August 13th, including contracts for commercial items, commercially available off-the-shelf (COTS) items, and contracts at or below both the micro-purchase and simplified acquisition thresholds. Like it did with respect to Part A, GSA intends to issue a Mass Modification requiring contractors to certify compliance with Part B. GSA has also released Q&As and FAQs to assist contractors with Part B implementation. The interim rule acknowledges that Part B will have a broad impact across contractors in a range of industries, including healthcare, education, automotive, aviation, and aerospace. The rule, however, does not apply to federal grant recipients (which are subject to a separate rulemaking). Continue reading “Part B Interim Rule Bans Contractors from Using Covered Technology Starting August 13th: 5 Steps for Meeting the Compliance Deadline”

Newly Released Interim Rule Implementing Part B of Section 889

Justin A. Chiarodo, Merle M. DeLancey Jr., and Robyn N. Burrows

On July 10, the government issued the    long-awaited Interim Rule implementing Part B of Section 889 (here is a link to the pre-publication version, with the official version soon to follow). Part B prohibits the federal government from contracting with entities that use certain Chinese telecommunications equipment (previously discussed in our blog posts here and here). The Interim Rule is 86 pages and addresses issues related to compliance with Part B, as well as clarifying aspects of Part A.

These are the key points federal contractors need to know:

  • Effective Date: The effective date remains August 13, 2020. The ban applies to solicitations, options, and modifications on or after August 13. However, as we previously discussed, the Department of Defense may allow its contractors more time to comply, despite the statutory deadline.
  • Required Representation: An offeror must represent that, after conducting a reasonable inquiry, it does/does not use covered telecommunications equipment/services.
    • “Reasonable inquiry” means an inquiry designed to uncover any information in the entity’s possession about the identity of the producer or provider of covered telecommunications equipment or services used by the entity. An internal or third-party audit is not required.
  • Scope of “Use”: Applies to the contractor’s use of covered technology, regardless of whether it is used to perform a federal contract. Thus, a contractor’s commercial operations are included.
  • Affiliates/Subsidiaries: The required representation is not applicable to affiliates or subsidiaries at this time. The FAR Council is considering whether to expand the scope of the representation/prohibition to cover an offeror’s domestic affiliates, parents, and subsidiaries. If expanded, it would be effective August 13, 2021.
  • Subcontractors: The ban and required representation are not applicable to subcontractors at this time. The ban only applies at the prime contractor level and does not include a flow down obligation.
  • Detailed Waiver Process: The Interim Rule includes a detailed and complex process for seeking a waiver (really a two-year delayed application).
  • Suggested Compliance Steps: The Interim Rule suggests contractors adopt a “robust, risk-based compliance approach” to include educating personnel on the ban and implementing corporate enterprise tracking to identify covered equipment/services.

Regulators are still seeking feedback from industry, which suggests the government’s willingness to incorporate changes in a final rule. But prime contractors need to act now. In the next 30 days, prime contractors need to determine through a “reasonable inquiry” whether they use covered equipment, regardless of whether that use relates to performance of a federal contract. To demonstrate a reasonable inquiry, contractors should memorialize all steps taken and decisions made in performing the inquiry.

A more detailed analysis is forthcoming. In the meantime, if you have any questions regarding compliance, please contact one of Blank Rome’s Government Contracts practice group attorneys for guidance.

What Does a Potential One-Year Delay for Part B of Section 889 Mean for Your Compliance Efforts?

Justin A. Chiarodo, Merle DeLancey Jr., and Robyn N. Burrows

In remarks to Congress and statements this week, the Department of Defense (“DoD”) announced that it is considering a one-year delay for full implementation of Part B of the Section 889 ban (we previously summarized the ban, which prohibits the government from contracting with entities using certain Chinese telecommunications equipment, here). The ban is currently scheduled to go into effect on August 13, 2020. What does this welcome development mean for contractors? We think it warrants prioritizing near-term compliance efforts to high-risk areas, pending forthcoming rulemaking that will provide needed specifics on the way forward.


During June 10 remarks before the House Armed Services Committee, Undersecretary for Acquisition and Sustainment Ellen Lord expressed the DoD’s full support for the intent of Section 889, but admitted she is “very concerned” about being able to accomplish Part B implementation by August 13. As to whether the DoD can meet the current timeline given COVID-19 disruptions and the lack of an interim rule, Ms. Lord acknowledged that “we need more time” for contractors to comply.

Following the undersecretary’s testimony, the DoD announced that it is considering adding contract language giving its suppliers an additional year to reach full compliance with Part B. Though not final, the DoD’s proposed delay could relieve DoD contractors from full compliance with the impending August deadline. We anticipate this approach would be similar to the phase-in period for compliance with the Defense Federal Acquisition Regulation Supplement Safeguarding and Cyber Incident Reporting clause. It is not yet clear whether the Office of Management and Budget, which currently has the draft interim rule for Part B, will incorporate a delayed implementation into that forthcoming rule.

The DoD also signaled that it is poised to advocate for a more risk-based approach to Part B implementation and rulemaking. During her testimony, Ms. Lord expressed concern with the “unintended consequences” of a minor infraction several layers deep within the supply chain potentially shutting down major portions of the defense industrial base by disqualifying key prime contractors from doing business with the federal government. The DoD suggested that the use of a risk-based approach may be useful to achieve effective implementation. The DoD’s consideration of a risk-based approach indicates that it is equally concerned about its contractors’ ability to comply with a strict application of Part B.

How DoD’s Announcements Inform Compliance Efforts with Part B

Without an interim rule and with less than two months before the statutory August deadline, how should contractors begin implementing Part B? Given the DoD’s recent comments suggesting a risk-based approach, contractors should consider adjusting their Part B implementation efforts using a risk assessment framework, prioritizing high-risk areas. That is, contractors should identify the extent to which telecommunications or video surveillance equipment is used to support government contracts, the nature of that work, and the frequency with which the technology is used.

The nature of the product’s telecommunication function also informs its risk potential. For example, computers, routers, phones, and network equipment can generally be considered a higher priority area than technology that, although technically subject to the ban, presents a moderate to low cybersecurity risk, depending on the nature and frequency of use (e.g., HVAC systems, fax machines, copiers, scanners).

Contractors should also communicate with key suppliers to ensure that they are aware of the rule and are similarly working to prepare for Part B.

Although the DoD’s statements are welcome news—and reflect that the government is mindful of the challenges presented by the ban—the DoD remains committed to Section 889 and contractors should proceed accordingly.

Despite Court’s Ruling, Questions Remain Regarding the Automatic Stay Deadline for Bid Protests Following Enhanced Debriefings

Luke W. Meier and Robyn N. Burrows

Enhanced Department of Defense (“DoD”) debriefings have been heavily utilized in recent years, but there remains uncertainty, and differing interpretations, regarding the point at which an offeror receiving an enhanced debriefing is “on the clock” for purposes of obtaining an automatic stay of performance. In NIKA Techs., Inc. v. United States, No. 20-299C (Fed. Cl. Apr. 16, 2020), the Court of Federal Claims (“COFC”) recently held that, on its facts, the filing period for obtaining an automatic stay did not begin to run until after the two-day window for submitting supplemental questions has passed—even though the offeror submitted no supplemental questions. Potential protesters must understand, however, that NIKA does not provide the safe harbor that some have read in its holding, and it remains essential to understand the agency’s position regarding debriefing closure before planning to protest more than five days after the initial debriefing event.

Timelines Rules for Debriefings

To be timely, protests at the Government Accountability Office (“GAO”) must be filed no later than 10 days after the basis for the protest was known or should have been known—unless the protester requests a required debriefing, in which case the protest must be filed within 10 days after the debriefing date. To obtain an automatic stay of performance under the Competition in Contracting Act (“CICA”), however, a protester cannot wait the full 10 days. The protest must be filed within five days after the “debriefing date.”

The debriefing process is slightly more complex for DoD procurements. Section 818 of the National Defense Authorization Act for FY 2018 established enhanced post-award debriefing rights for protesters, requiring that agencies provide disappointed bidders an opportunity to submit additional questions within two business days after receiving the post-award debriefing.  The agency has five days to respond, and the debriefing period is not considered closed until the agency “delivers to a disappointed offeror the written responses” to any supplemental questions.  31 U.S.C. § 3553(d)(4)(B). Thus, to obtain an automatic stay of performance, the protest must be filed within five days after receiving the agency’s response to the supplemental questions.

Calculating Debriefing Date for Enhanced Debriefings

But what happens if an offeror submits no follow-up questions after the initial debriefing? To date, most agencies have taken the position that the debriefing is closed unless the offeror avails itself of the opportunity to submit follow-up questions, triggering the extra time for one more agency response. Thus, contracting officers often advise offerors, as in NIKA, that the agency “will consider the debriefing closed if additional questions are not received within (2) business days.” NIKA, No. 20-299C, at *1. Until recently, protesters have lacked guidance on how to properly interpret the applicable debriefing date when no additional questions are submitted, and in some cases have had to come up with supplemental questions if only for the sake of ensuring the ability to have additional time to prepare their protest and still obtain an automatic stay.

COFC Addresses Timeliness Rules for Enhanced Debriefings

In NIKA, the Army Corps of Engineers (“Corps”) had provided the offeror a written debriefing on March 4, 2020, and included an option for submitting additional questions within two business days. On March 7, 2020, NIKA informed the Corps that it had no further debriefing questions. NIKA then filed a post-award protest with the GAO on March 10, 2020, seeking an automatic stay of performance. The Corps denied the protester’s request for a stay, claiming the date for a timely filing would have been March 9, 2020 (i.e., five days after the March 4 debriefing date). The protester argued that the “debriefing date” included the two-day window following receipt of the March 4 debriefing letter in which the protester had an opportunity to submit questions, meaning the clock for a CICA stay did not start until March 6.

The court found in favor of the protester’s argument, holding that the debriefing process included the two-day period to submit additional questions. The court explained that, although the language in 31 U.S.C. § 3553 did not expressly define debriefing as including these two extra days, it clearly included the possibility of a debriefing process lasting more than one day. The court further interpreted the agency’s statement that it would “consider the debriefing closed if additional questions are not received within (2) business days” as a commitment to keep the debriefing open through that two-day period—regardless of whether any questions were asked.  That may have been the opposite of what the agency actually intended to communicate. In the court’s view, however, the agency’s communications meant that the debriefing closed at the end of a potentially multi-day debriefing process rather than a singular date. Here, the process ended when the protester chose not to submit further questions at the end of the two-day period.

The holding in NIKA should not be viewed as a guarantee that potential protesters will always get the extra two days even if they submit no questions, however. Though the court interpreted the underlying statutes and regulations as providing the additional two-day window, it also implicitly limited its holding by pointing to the language of the agency’s letter, which suggested an open debriefing through the two-day period for questions. NIKA left open the possibility that the two-day extension might not apply if the agency’s communications stated more clearly that the debriefing was considered closed, as of that time, unless further questions were submitted. It also left unanswered whether the court’s holding would apply to an offeror that immediately notifies the agency that it will not submit additional questions, rather than waiting the full two-day period before providing such notification (as NIKA did).

Conclusion

While NIKA provides some insight, it is still important that potential protesters proceed with caution. In any case where an offeror plans to protest and believes the CICA clock is running from a date later than the debriefing itself, the offeror should confirm that understanding with the agency in writing. Without such assurances, and without submitted follow-up questions, an offeror must assume that the clock has started from the end of the debriefing, not the end of the two-day window.

For Part B of Section 889, Is Compliance by August 13, 2020, Realistic?

Merle M. DeLancey Jr., Justin A. Chiarodo, and Robyn N. Burrows

On March 10, 2020, the Department of Commerce extended the deadline for U.S. companies to stop doing business with Huawei Technologies Co. Ltd. and its non-U.S. affiliates. The deadline has been extended multiple times and is now May 15, 2020. Under the extension, U.S. businesses can continue to work with Huawei on the operation of existing networks and mobile services, including cybersecurity research considered critical for network reliability.

Huawei was added to the Commerce Department’s Bureau of Industry and Security “Entity List” in May 2019. The Entity List includes foreign entities who have engaged in activities sanctioned by the State Department and activities contrary to U.S. national security and/or foreign policy interests.

In addition to the extension, the Commerce Department is seeking public comments through March 25, 2020, regarding the continuing need for, and scope of, possible future extensions concerning Huawei. The multiple extensions and new request for public comments are intended to allow time for companies and persons to shift from Huawei or its affiliates to alternative sources of equipment, software, and technology. Continue reading “For Part B of Section 889, Is Compliance by August 13, 2020, Realistic?”

Five Steps to Take to Prepare for Part B of the Section 889 Ban

Merle M. DeLancey Jr., Justin A. Chiarodo, and Robyn N. Burrows

Part B of Section 889 takes effect August 13, 2020. The ban prohibits the federal government from contracting with any “entity that uses” telecommunications and video surveillance products or services from Huawei Technologies Company Ltd. (Huawei) and four other Chinese entities, including their affiliates and subsidiaries (we’ve previously covered Section 889 here and here). This post examines recent industry feedback during a public meeting with the Department of Defense (“DoD”) and provides five compliance recommendations pending forthcoming rulemaking.

On March 2, 2020, DoD held a public meeting on Part B. Several trade associations gave feedback, and raised five major concerns: 1) the broad scope of the rule; 2) the inability of many contractors to meet the August 2020 compliance deadline; 3) whether the rule will apply outside the United States; 4) whether the term “use” would include a reseller’s commercial sales of prohibited products, thus precluding a supplier from contracting with the federal government; and 5) whether the “entity” subject to the ban includes only the legal entity executing the contract with the federal government, or also its affiliates and subsidiaries. Unfortunately, DoD did not indicate when an interim rule might issue. Continue reading “Five Steps to Take to Prepare for Part B of the Section 889 Ban”

Are You Prepared to Comply with the Fast Approaching Prohibition on the Use of Banned Telecommunications Equipment?

Merle M. DeLancey Jr., Justin A. Chiarodo, and Robyn N. Burrows

Background      

Section 889 of the 2019 National Defense Authorization Act (“NDAA”) imposed major new supply chain restrictions on the use of “covered” telecommunications products and services from Huawei Technologies Company Ltd. and several other Chinese entities and their affiliates.

Part A of Section 889 became effective in August 2019 and bans companies from providing covered technology to the Federal Government. Under Part A, a company cannot sell any product or provide any service to the government that uses covered technology. Compliance with Part A requires contractors to flow down the prohibition to subcontractors. Continue reading “Are You Prepared to Comply with the Fast Approaching Prohibition on the Use of Banned Telecommunications Equipment?”

A DoD New Year’s Resolution: No More Chinese (and Possibly Russian) Products and Services in Support of Key Missions

Justin A. Chiarodo and Robyn N. Burrows

A very Happy New Year to our GovCon Navigator readers! Further expanding recent supply chain restrictions across federal procurement, the Department of Defense (“DoD”) issued an interim rule prohibiting DoD from procuring equipment or services from certain Chinese entities (and possibly Russian) if used to carry out DoD nuclear deterrence or homeland defense missions. The rule builds on the Section 889 supply chain restrictions we previously covered in a prior blog post.

What should contractors do now given the interim rule is already in effect? Contractors should first evaluate their existing contract portfolios for covered missions and take immediate steps to eliminate all covered products from their supply chain (and find alternate sources of supply). If the rule might impact contract performance, you should be prepared to address this with the appropriate counterparty. And given the requirement for compliance certifications that mirror Section 889, contractors should also harmonize monitoring and compliance with their existing supply chain compliance programs. Among other things, this should address the requirement to obtain compliance certifications from downstream subcontractors and suppliers.

Read on for the specifics. Continue reading “A DoD New Year’s Resolution: No More Chinese (and Possibly Russian) Products and Services in Support of Key Missions”