Category: Regulatory Compliance and Ethics

DOD Finalizes Rule Concerning Domestic Content Preference

Samarth Barot and Shane M. Hannon 

Samarth Barot headshot image

On February 15, the Department of Defense (“DOD”) finalized a rule amending the Defense Federal Acquisition Regulation Supplement (“DFARS”) to supplement the Federal Acquisition Regulation (“FAR”) implementation of Executive Order 14005, addressing domestic preferences in DOD procurement. Defense contractors should be aware of the specific changes and ensure their sourcing and supply chain systems incorporate the updated requirements.

Background

As we discussed in prior posts, in January 2021 President Biden issued an executive order strengthening the Buy American Act’s (“BAA”) preference for domestic products and services in federal procurements. The executive order directed the FAR Council to consider proposing a rule to increase the BAA’s domestic content threshold for domestic end products.

The FAR Council then issued a final rule that increased the domestic content threshold for domestic end products (covered here). Previously, a product was considered a domestic end product if the cost of its components mined, produced, or manufactured in the United States exceeded 55 percent of the cost of all components. The FAR Council’s final rule increased that domestic content threshold to 60 percent and implemented a phased increase to 65 percent in 2024 and 75 percent in 2029. However, the rule also included a fallback threshold of 55 percent if (1) no end products exist that meet the new domestic content threshold or (2) such end products do exist but are unreasonably expensive. This fallback threshold will persist until 2030.

Continue reading “DOD Finalizes Rule Concerning Domestic Content Preference”

Starting December 4th, Contractors Must Rid Supply Chains of Covered Articles and Sources Subject to FASC Orders

Robyn N. Burrows ●

Effective December 4, 2023, a new interim rule will prohibit contractors from delivering or using covered articles and sources subject to exclusion or removal orders issued under the Federal Acquisition Supply Chain Security Act of 2018 (“FASCSA”). The rule is intended to eliminate certain technology from the federal supply chain that foreign adversaries might exploit to commit malicious cyber acts. The interim rule allows the executive branch through the Federal Acquisition Security Council (“FASC”) to exclude certain technologies and manufacturers from federal procurements and even to require removal of covered articles from federal or contractor information systems during performance.

The rule imposes a host of new obligations, including certification, monitoring, and reporting requirements. This post provides practical guidance on the rule and several compliance tips to help contractors prepare for the December deadline.

Background

Congress passed Section 202 of the FASCSA to protect the information and communications technology (“ICT”) supply chain against threats and vulnerabilities that may lead to data and intellectual property theft, damage to critical infrastructure, or national security harm. The Act established the FASC as an interagency council authorized to make recommendations for orders that would require the removal of covered articles from agency information systems (removal orders) or the exclusion of sources or covered articles from agency procurement actions (exclusion orders) (collectively referred to as “FASCSA orders”).

In August 2021, the FASC issued a final rule establishing procedures for recommending removal and exclusion orders. The FASC evaluates supply chain risk based on several non-exclusive factors and sends its recommendations to the Secretaries of Homeland Security and Defense and the Director of National Intelligence to consider when deciding whether to issue a FASCSA order. If a FASCSA order is issued, agencies are required to implement the exclusion or removal order.

Continue reading “Starting December 4th, Contractors Must Rid Supply Chains of Covered Articles and Sources Subject to FASC Orders”

Proposed Bill Would Bar Contractors from Conducting Business in Russia

Robyn N. Burrows

On March 21, 2022, Representative Carolyn B. Maloney (D-NY), Chairwoman of the House Oversight and Reform Committee, introduced the “Federal Contracting for Peace and Security Act” (H.R. 7185). In light of Russia’s military invasion of Ukraine, the proposed bill would prohibit federal agencies from contracting with companies operating in Russia. The Committee approved an amended version on April 6, and the bill will be sent to the House of Representatives for further consideration. If passed, the bill would have a significant impact on government contractors that continue to operate in Russia by terminating existing contracts and barring them from further contracting opportunities.

We provide below an overview of the key elements of the bill. We anticipate further clarifications as the bill proceeds through the legislative process. Contractors should closely monitor these developments as this legislation will likely pose challenges to companies seeking to quickly disentangle themselves from any ongoing Russian business.

Continue reading “Proposed Bill Would Bar Contractors from Conducting Business in Russia”

Is Your Company Prepared for the New Cyber Incident Reporting Requirements?

Michael J. Montalbano

On March 11, 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022. The Law includes new reporting requirements for companies who experience cyber incidents or make ransomware payments.

Under the Law, covered entities that experience covered cyber incidents must report the incident to the Cybersecurity and Infrastructure Security Agency (“CISA”) within 72 hours after the covered entity reasonably believes that a covered cyber incident has occurred. Covered entities must also notify CISA within 24 hours of making a ransomware payment.

The new cyber reporting law tasks CISA with creating more precise definitions for who constitutes a “covered entity” and what constitutes a “cyber incident.” Even the general language of the statute, however, provides some guidance for companies.

Continue reading “Is Your Company Prepared for the New Cyber Incident Reporting Requirements?”

Beyond DOJ’s Blockbuster Year in FCA Recoveries, Whistleblower Activity and Investigations Continue

Elizabeth N. Jochum and Jennifer A. Short

Jennifer A. Short headshot image


The attention-grabbing headline from the Department of Justice’s (“DOJ”) annually released statistics on False Claims Act (“FCA”) settlements and judgments is that the government recovered more than $5.6 billion from FCA cases in fiscal year (“FY”) 2021. While this is the second largest annual recovery in FCA history and the largest since 2014, procurement fraud cases represented a substantially smaller percentage of the total recoveries than in years past. Healthcare resolutions dominated, accounting for more than five billion of the $5.6 billion in settlements and judgments. In previous years, healthcare matters have accounted for closer to two-thirds of the total recoveries, making last year’s outsized healthcare figure—driven by the blockbuster opioid settlements of late 2020[1]—an outlier.

Beyond the top-line dollar figures, the report shows that FCA activity continues at a healthy, if not fully robust, pace. The COVID-19 pandemic continues to impact qui tam filings; the number of new whistleblower suits dropped to 598 in FY 2021, a ten-year low. The number of DOJ-initiated matters remains higher than the near-term average, particularly in healthcare, but also in Department of Defense (“DOD”)-related cases. Contractors, healthcare providers, and others—especially those who received federal funding through pandemic aid programs—can anticipate that FCA investigations and resolutions will play out over the next several years.

Continue reading “Beyond DOJ’s Blockbuster Year in FCA Recoveries, Whistleblower Activity and Investigations Continue”

Expect GSA to More Closely Scrutinize Trade Agreements Act Compliance

Merle M. DeLancey Jr.

On January 21, 2022, the General Services Administration (“GSA”) Office of Inspector General (“OIG”) informed the Federal Acquisition Service (“FAS”) that ongoing monitoring by the OIG found that the FAS failed to properly monitor the sale of products for compliance with the Trade Agreements Act (“TAA”) during the COVID-19 response. Previously, in April 2020, GSA relaxed compliance with the TAA for a limited number of Federal Supply Classes (“FSCs”) to aid the government’s response to the COVID-19 pandemic. The applicable FSCs included those covering N95 masks, cleaners and disinfectants, disposable gloves, and hand sanitizers. After several extensions, the TAA exception policy expired on April 30, 2021.

The OIG identified two deficiencies in FAS’ implementation of the TAA exception policy. First, the OIG found that FAS failed to properly track the addition of non-compliant products to contracts. As a result, after expiration of the exception policy, there was no effective way for GSA to remove the non-compliant products from contracts. Second, the OIG found that GSA improperly permitted the addition of non-compliant products to GSA contracts. For example, some products that were added were unrelated to the government’s response to the pandemic; some products were added to GSA contracts prior to the effective date of the TAA exception policy; and, remarkably, in one case, a product was added to a contract that identified North Korea as its country of origin.

Continue reading “Expect GSA to More Closely Scrutinize Trade Agreements Act Compliance”

Affirmative Action Program Compliance Alert: OFCCP Online Contractor Portal

Merle M. DeLancey Jr.

Beginning February 1, 2022, contractors and subcontractors required to maintain affirmative action plans (“AAPs”) can register for access to a new secure online contractor portal. The portal was developed and will be monitored by the Office of Federal Contract Compliance Programs (“OFCCP”). OFCCP has been working on an information and verification process for three years. In August 2021, the Office of Management and Budget approved OFCCP’s use of the portal. The portal provides contractors a secure method of (i) annually certifying compliance with AAP requirements and (ii) submitting AAPs to OFCCP during audits or compliance evaluations.

Executive Order 11246 and Section 503 of the Rehabilitation Act of 1973 require contractors and subcontractors that hold a contract valued at $50,000 or more and employ 50 or more employees to comply with equal employment and affirmative action requirements. This includes developing and maintaining written AAPs. Currently, only services and supply contractors, not construction contractors, are required to certify compliance.

Continue reading “Affirmative Action Program Compliance Alert: OFCCP Online Contractor Portal”

CMMC 2.0 Brings Much Needed Relief to the Defense Industrial Base

Michael J. Montalbano

In response to more than 850 public comments, the Department of Defense (“DOD”) has decided to significantly revamp the Cybersecurity Maturity Model Certification (“CMMC”) program. On November 4, 2021, DOD announced that it was replacing the current CMMC program with CMMC 2.0, which is expected to significantly reduce the regulatory burden on companies in the Defense Industrial Base (“DIB”). DOD made three significant changes through the new CMMC 2.0 program:

Reduces the number of CMMC levels. As we explained in earlier posts, CMMC 1.0 originally had five CMMC levels of ascending sophistication. CMMC 2.0 now only has three levels:

      • CMMC 2.0 Level One: This level will apply to most DIB companies and requires compliance with 17 basic cyber hygiene practices.
      • CMMC 2.0 Level Two: This level applies to DIB companies who will receive controlled unclassified information (“CUI”) and is expected to align with the requirements under NIST SP 800-171. Notably, DOD already requires most DIB companies receiving CUI to comply with NIST SP 800-171 through the cybersecurity DFARS clause 252.204-7012.
      • CMMC 2.0 Level Three: DOD is still developing the requirements for this level, but we expect that this level will apply to only the most sensitive and high-risk DOD projects.
Continue reading “CMMC 2.0 Brings Much Needed Relief to the Defense Industrial Base”

State Vaccine Mandate Bans: What Are Federal Contractors to Do?

Justin A. Chiarodo and Stephanie M. Harden

Stephanie Harden's Headshot Photo

Texas Governor Greg Abbott just raised the stakes in the inevitable tide of litigation about President Biden’s COVID-19 vaccine mandates by issuing an Executive Order banning vaccine mandates in Texas. We expect other states to follow suit. This raises important questions for federal contractors, who are working against the clock to ensure compliance with the new vaccine mandate applicable to most federal contracts by December 8, 2021 (see our most recent blog post about the details of the mandate, Government Contractor Vaccine Mandate FAQ: Status of Class Deviations and Accommodations Process).

Continue reading “State Vaccine Mandate Bans: What Are Federal Contractors to Do?”

Breaking Down the COVID-19 Safety Guidance for Government Contractors and Subcontractors: What We Know, What We Don’t, and What’s Next

Justin A. Chiarodo and Albert B. Krachman


Answering some questions and raising others, the Safer Federal Workforce Task Force issued its highly anticipated COVID-19 Workplace Safety: Guidance for Federal Contractors and Subcontractors on Friday, September 24. The Guidance follows the president’s September 9, 2021, Executive Order (“EO”), which we summarized in FAQ: Government Contractor COVID Safeguards Executive Order.

In short: a broad vaccine mandate for employees of government contractors is coming. But the exact details on application, exemptions, and compliance remain unclear. New rules due by October 8, 2021, should better address those questions. Adding to this uncertainty, the Guidance encourages individual agencies to issue their own (potentially broader) guidance. That said, we can infer a lot from Friday’s guidance.

Continue reading “Breaking Down the COVID-19 Safety Guidance for Government Contractors and Subcontractors: What We Know, What We Don’t, and What’s Next”