Sharon R. Klein, Alex C. Nisenbaum, Karen H. Shin, Justin A. Chiarodo, and Michael Joseph Montalbano
Companies providing information technology products and services to U.S. government agencies are now required to notify such agencies of cyber incidents and meet specific cybersecurity standards. The executive order attempts to modernize the federal government’s cybersecurity defenses by “protecting federal networks, improving information-sharing between the U.S. government and the private sector on cyber issues, and strengthening the [United States]’ ability to respond to incidents when they occur.” The executive order is just one example of the Biden administration’s push to improve the nation’s data privacy and cybersecurity practices in response to the recent series of ransomware attacks.
On May 12, 2021, President Biden signed an executive order to bolster the federal government’s cybersecurity practices and contractually obligate the private sector to align with such enhanced security practices (“the Order”). The Order comes on the heels of a ransomware attack on Colonial Pipeline that occurred on May 6, 2021, which shut down the largest oil pipeline in the United States and disrupted supplies of gasoline, diesel, and jet fuel to the East Coast. This initiative to improve the security of the software supply chain also stems from the SolarWinds cyberattack that occurred last year. In the attack, Russian hackers used a routine software update that Texas-based SolarWinds Corp. provided to its customers to install malicious code, allowing the hackers to infiltrate nine federal agencies and about 100 companies.
Proposed amendments are expected soon from the Federal Acquisition Regulation (“FAR”) and the Defense Federal Acquisition Regulation Supplement (“DFARS”) that will increase compliance obligations for government contractors and their vendors, building on a string of supply chain and cybersecurity regulation in recent years (including Section 889’s prohibition on the use of certain Chinese telecommunications, new registration requirements in the Supplier Performance Risk System, and the Department of Defense’s Cybersecurity Maturity Model Certification program). We see the biggest impacts on government contractors, such as developers and users of software.
To read the full client alert, please click here.
Albert B. Krachman and Brooke T. Iley
Do not be surprised if, before the end of 2021, the federal government begins requiring contractors to certify or represent that their employees have received COVID vaccinations. The federal government has long conditioned contract awards on contractor compliance with emerging social policy mandates. This practice dates backs to the 1960s, when collateral social policy clauses began appearing in federal contracts. The National Emergency created by COVID-19 would appear ripe for a similar federal government action in federal contracting.
Several factors are converging in the United States which signal the potential for a COVID vaccine Certification or Representation. First, the supply issue should be mostly resolved by June 30, 2021. The Biden administration has committed to make enough vaccines available for every adult in the country by the end of May 2021. Second, the administration has been extremely active in making procurement law changes to conform to its policy objectives. Crafting an Executive Order on COVID Vaccines for federal contractor employees is clearly within the administration’s wheelhouse and target zone. Third, as reported in the March 8, 2021, Wall Street Journal, the largest employers in the country, across all sectors, are already engaged in large scale efforts to vaccinate their own employees. Fourth, while the law in this area is still evolving, the prevailing view is that, with certain exceptions, private employers are legally permitted to mandate their employees receive COVID vaccinations as a condition of continuing employment, subject to a variety of considerations related to employee legal, medical, and workplace accommodations. Finally, the federal government might find a federal contractor vaccine mandate a helpful leverage point in the evolving conflict with those states choosing to disregard COVID protections.
Continue reading “Will Federal Contractors Be Required to Certify Employee COVID Vaccinations?”
Merle M. DeLancey Jr.
During 2019 and 2020, states enacted fewer laws requiring drug manufacturers to disclose pricing and related information. Initially, the slowdown may have been due to federal actions to rein in drug prices through the Trump administration’s multiple executive orders. Thereafter, states were focused on responding to the pandemic and drug pricing was understandably placed on the back burner.
Circumstances have since changed. We now have a new president and administration, and the country is hopefully turning the corner on the COVID-19 pandemic. Inevitably, the federal government and states will again turn their focus to drug prices. While the Trump administration’s executive orders made for good public sound bites, they had little to no actual impact on drug prices. At the end of the day, most of the Trump administration’s initiatives never made it to the regulatory rulemaking phase and those that did were met with legal challenges.
Only a month in, the Biden administration has issued multiple executive orders and memoranda reversing prior executive orders and freezing pending regulations and enforcement policies with respect to existing regulations. After a brief discussion of what we have seen in the early days of the Biden administration in terms of drug pricing, this article reviews new and existing state laws requiring drug manufacturers to report pricing and other information. Thereafter, we again question the efficacy of the state price transparency efforts and what manufacturers should be doing in terms of compliance.
To read or download the full client alert, please click here.
Merle M. DeLancey Jr. and Craig Stetson*
This is the first in a series of blog posts concerning the audits and investigations related to the contracts and grants awarded, and relief funds provided, in response to the COVID-19 pandemic. As of February 2021, pursuant to the Coronavirus Aid, Relief, and Economic Security Act (“CARES Act”), which created the Paycheck Protection Program (“PPP”) and supplemental funding such as the Families First Coronavirus Response Act, the United States government has made available an estimated four trillion dollars in relief funds to businesses and individuals, and the Biden administration is proposing roughly two trillion dollars more.
In addition to the relief funds, the Government has easily awarded more than billions in pandemic-related contracts for everything from vaccines to PPE to hand sanitizers. These levels of funding and spending are unprecedented and have been made at breakneck speed (for the government). Based on these factors and lessons from the past, audits of relief recipients and contractors to confirm appropriate use of government funds are inevitable. And the government has said as much. Of course, if an audit reveals potential wrongdoing or malfeasance, relief recipients and contractors should expect follow-on investigations and enforcement activity.
This first post identifies the myriad of entities that are or will be reviewing—and potentially investigating—relief recipient and contractor representations made to obtain, and subsequent use of, government funds.
Continue reading “COVID Audits and Investigations: The Enforcers”
Merle M. DeLancey Jr.
The Trump administration issued numerous Executive Orders seeking to rein in drug prices. (See Recent and Possible Executive Orders on Drug Pricing: What You Need to Know – Government Contracts Navigator and Administration Issues Executive Order Tying Medicare Drug Costs to International Prices – Government Contracts Navigator.) While the Executive Orders made for good sound bites, none of them actually impacted drug prices. At the end of the day, most of the Trump administration initiatives never made it to the regulatory rulemaking phase, and those that did were met with legal challenges. Since then, in less than a month since taking office, the Biden administration has issued multiple Executive Orders and memoranda reversing the Trump-era Executive Orders and freezing pending regulations and enforcement policies with respect to existing regulations. Beginning on its first day, the Biden administration took action impacting drug prices and potentially signaled, directly or indirectly, the polices we may see over the next four years. The new administration’s actions have continued at a rapid pace. Continue reading “Biden Administration Already Impacting Drug Prices”
Merle M. DeLancey Jr.
Protection of the workforce is a major focus of the Biden Administration. Rather than attempting to pass new legislation or amend existing statutes, the path of least resistance in the short term appears to be the use of executive orders to implement or, as here, rescind Trump Administration Executive Orders and put into effect many of the same policies as the Obama Administration. The starting point for the Biden Administration is to take the steps to implement rules with respect to the federal workforce and the workforce performing federal government contracts.
One of President Biden’s first actions in office was to direct federal government agencies to start the work to permit implementation of certain changes within the first 100 days of the administration through further executive action. These initiatives most likely will include an increased federal contractor minimum wage, requirements to offer employment to employees of an incumbent contractor, perhaps requiring contractors to disclose labor violations when seeking federal contracts, and increased Service Contract Act (“SCA”) enforcement.
Continue reading “Biden Administration Prioritizing Federal Contractor Workforce Protections”
- President Biden’s Executive Order 14003 on Protecting the Federal Workforce issued on January 22, among other requirements, directed the Office of Management and Budget to make recommendations regarding establishing a $15 minimum wage for federal employees and federal contractors and subcontractors (the current federal contractor minimum wage is $10.95) and to provide employees with emergency paid leave.
- President Biden’s Executive Order 13985 on Advancing Racial Equity and Support for Underserved Communities Through the Federal Government issued on January 20 revoked President Trump’s controversial Executive Order prohibiting certain types of workplace diversity trainings for federal government contractors.
Albert B. Krachman
With apologies to Paul Simon, this is Part 1 of a series of articles on the many ways contractors can lose awards on federal contracts. These cautionary tales should inform anyone in a contractor organization with responsibility for authorizing, preparing, or negotiating competitive federal proposals.
Like a prize-winning recipe, the ingredients for losing an award are well known: one part carelessness, a pinch of greed, and some lack of attention to detail. Throw in a dash of procrastination, a late proposal revision, and then garnish it with an 11th-hour e-mailing of your proposal. Voila—you have cooked up a complete waste of proposal resources!
We kick off this series with a story of an incumbent contractor who lost a billion-dollar follow-on contract by failing to contractually secure the services of a key person designated in the proposal.
Continue reading “Fifty Ways to Lose Your Federal Contract Award – Part 1: Failing to Secure Your Key Person Supply Chain”
Justin A. Chiarodo, Merle M. DeLancey, Jr., and Robyn N. Burrows
About two months have passed since the August 13, 2020, effective date of Part B of Section 889 of the FY 2019 National Defense Authorization Act. Part B, sometimes referred to as the Chinese telecommunications equipment ban, broadly prohibits the federal government from contracting with entities that use certain Chinese telecommunications (including video surveillance) equipment and services.
After the FAR Council published its July 10, 2020, Interim Rule, contractors, large and small, spent countless hours working to be able to certify compliance by August 13. This deadline was critical because the Interim Rule said that absent such a certification, a contractor was ineligible for future contract awards. That is, government agencies were prohibited from renewing or extending existing contracts with contractors unable to certify Part B compliance. Indeed, agencies were prohibited from issuing an order under an existing contract to a contractor that failed to certify compliance.
Yet, despite the Rule’s laudable policy goals, the government’s piecemeal and inconsistent implementation has placed government contractors in an untenable position. Continue reading “Where Are We Going with Section 889 Part B?”
Michael Joseph Montalbano
The Department of Defense (“DoD”) is expected to begin rolling out the Cybersecurity Maturity Model Certification (“CMMC”) program later this year. As a brief refresher, the CMMC is a certification system implemented by DoD to protect Controlled Unclassified Information (“CUI”) and other sensitive contract information. There are five CMMC levels of ascending sophistication. The most common CMMC levels are expected to be Level 1 and Level 3. Level 1 will require contractors to put into place basic safeguarding practices to protect federal contract information. Level 3 will require contractors to put into place more stringent safeguarding practices that are designed to protect CUI. Contractors receive their CMMC after they pass an assessment by a CMMC Third Party Assessment Organization (“C3PAO”) or an individual assessor.
Although DoD will not fully implement the CMMC program until 2026, more and more contracts will require offerors to hold a CMMC demonstrating that their organizations have implemented the necessary cybersecurity controls. A nightmare scenario for any defense contractor is to find itself unable to compete for a lucrative DoD contract due to insufficient time to obtain the required CMMC before proposal deadlines. Fortunately, the Accreditation Body (“AB”) that is responsible for rolling out the CMMC program has provided estimated timelines for contractors seeking a CMMC. Continue reading “Preparing for the Rollout of the Cybersecurity Maturity Model Certification: It Is All about the Timing”
Justin A. Chiarodo, Merle M. DeLancey, Jr., and Robyn N. Burrows
We previously discussed key elements of the newly released interim rule (“the interim rule” or “the rule”) implementing Part B of Section 889 (“Part B”), which prohibits the federal government from contracting with entities that use certain Chinese telecommunications equipment. This post provides a more detailed analysis of the scope and application of the rule, as well as five compliance recommendations given the impending August 13th deadline.
Rule Applies to All Contracts Effective August 13, 2020
Part B applies to all solicitations, options, and modifications on or after August 13th, including contracts for commercial items, commercially available off-the-shelf (COTS) items, and contracts at or below both the micro-purchase and simplified acquisition thresholds. Like it did with respect to Part A, GSA intends to issue a Mass Modification requiring contractors to certify compliance with Part B. GSA has also released Q&As and FAQs to assist contractors with Part B implementation. The interim rule acknowledges that Part B will have a broad impact across contractors in a range of industries, including healthcare, education, automotive, aviation, and aerospace. The rule, however, does not apply to federal grant recipients (which are subject to a separate rulemaking). Continue reading “Part B Interim Rule Bans Contractors from Using Covered Technology Starting August 13th: 5 Steps for Meeting the Compliance Deadline”