NISPOM Conforming Change 2: What You Need to Know

Justin A. Chiarodo and Philip Beshara

Justin A. Chiarodo CC2030E479B404E304DCCE7B55CFAC26The government recently issued long-awaited amendments to the National Industrial Security Program Operating Manual (“NISPOM”).  The amendments, known as Conforming Change 2, are targeted at combating insider threats and impose several new requirements warranting immediate action by contractors holding facility clearances.

There are four key elements to Change 2: (1) a mandated Insider Threat Program (“ITP”); (2) new cyber incident reporting requirements; (3) newly defined NISPOM components; and, (4) an updated standard for foreign-owned or controlled companies seeking access to proscribed information.  We summarized these changes and provide implementation suggestions below.

I. Insider Threat – Mandated Insider Threat Program

Change 2 requires cleared contractors to have a written Insider Threat Program plan no later than November 30, 2016.  The ITP must detect, deter, and mitigate insider threats consistent with the ITP requirements currently imposed on executive branch agencies (as set forth in Executive Order 13587 and the National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs). Continue reading “NISPOM Conforming Change 2: What You Need to Know”

Coming to a Government Contract Near You: Mandatory Information Safeguarding Requirements

Justin A. Chiarodo,  Philip E. Beshara, and Heather L. Petrovich

The government recently finalized a sweeping amendment to the Federal Acquisition Regulation (“FAR”) that will impose basic information system safeguarding requirements on many federal acquisitions, marking the latest in the continuing government effort to regulate and enhance cybersecurity protections in the industry. The Final Rule, effective June 15, 2016, imposes fifteen basic safeguarding requirements for contractors with information systems containing information provided by, or generated for, the government under a federal contract.

Though many contractors likely maintain information security standards that meet or exceed the new rule, they should confirm their compliance status by assessing these requirements against their current cybersecurity compliance program (to help mitigate the risk of a breach of contract claim or more serious enforcement action). This should include confirming that the requirement is flowed down to subcontractors where appropriate. Continue reading “Coming to a Government Contract Near You: Mandatory Information Safeguarding Requirements”

Supreme Court to Hear Important False Claims Act Case

Adam Proujansky

Lasproujanskyt week, the Supreme Court granted certiorari to resolve an important issue for government contractors that has split the lower courts:  what standard governs whether a court should dismiss a False Claims Act (“FCA”) lawsuit
brought against a government contractor by a private qui tam relator because the relator violated the FCA seal requirement.

The FCA sets forth a number of procedural requirements for a qui tam action, including that a relator’s complaint “shall be filed in camera, shall remain under seal for at least 60 days, and shall not be served on the defendant until the court so orders.” 31 U.S.C. § 3730(b)(2).  This seal requirement gives the Government a chance to investigate the claim and determine whether to intervene in the qui tam action and/or bring criminal charges against the defendant, and prevents reputational harm to the defendant while the investigation takes place.  Although the statute provides that the complaint shall remain under seal for at least 60 days, the time may be extended, and the complaint often remains under seal for months or even years.  During this potentially lengthy sealing period, relators sometimes intentionally or inadvertently violate the seal and disclose the lawsuit.  When this happens, defendants invariably move for dismissal of the qui tam action for violation of this statutory requirement. Continue reading “Supreme Court to Hear Important False Claims Act Case”

Human Trafficking Regulations to be Updated to Define “Recruitment Fees”

Justin A. Chiarodo and Stephanie M. Harden

Justin A. Chiarodo Stephanie Marie ZechmannIn the latest regulatory action targeted at human trafficking, the Federal Acquisition Regulatory Councils (“FAR Councils”) on May 11, 2016 issued a proposed rule to include a sweeping new definition of the term “recruitment fees.” The proposed definition would cover nearly any conceivable charge related to recruiting, hiring, and onboarding of employees, no matter the location of the employee, the skill level of the job, or customary business practices in the industry. Contractors should pay close attention, given that the rule also makes them responsible for recruitment fees collected by third parties, including subcontractors at all tiers, recruiters, and staffing firms.

Recognizing the far-reaching consequences the rule will have, the FAR Councils have flagged key open questions for contractors to comment upon. Given the potential sweeping change, contractors should think carefully about how the proposed rule will impact their hiring practices. Continue reading “Human Trafficking Regulations to be Updated to Define “Recruitment Fees””

DOL’s Proposed Rule on Paid Sick Leave for Federal Contractors Will Significantly Increase Costs and Contract Administration Requirements for Contractors

Christian N. Curran


In February the Department of Labor (“DOL”) published a proposed rule implementing the mandate of Executive Order 13706 to require that all federal contractors provide paid sick leave to their employees.  The rule will significantly impact government contractors.  DOL estimates that the rule will require the provision of paid sick leave to over 800,000 contractor employees, over half of which currently have no such benefits at all.  The rule will also require extensive recordkeeping and related tracking efforts for compliance and reporting purposes which will significantly increase administrative burdens for contractors at substantial cost.  The proposed rule will apply to all contracts solicited or awarded after January 1, 2017.  The key provisions of the proposed rule are as follows.

  • Amount of Sick Leave: The rule requires that one hour of sick leave be provided for every thirty hours of work on covered contracts, for a minimum total of 56 hours per year.
  • Covered Contracts: The proposed rule would apply to several categories of contracts, including construction contracts covered by the Davis-Bacon Act, service contracts covered by the Service Contract Act, concessions contracts, and contracts regarding federal property or lands and relating to services for federal employees, dependents, or the public.

Continue reading “DOL’s Proposed Rule on Paid Sick Leave for Federal Contractors Will Significantly Increase Costs and Contract Administration Requirements for Contractors”

Kingdomware Technologies, Inc. v. United States May Have Profound Impacts on Veterans Affairs Procurements

Lyndsay A. Gorton 

Lyndsay A. GortonLate last month, the Supreme Court heard oral arguments in Kingdomware Technologies, Inc. v. United States, which concerns the extent to which the Veterans Benefits, Health Care, and Information Technology Act of 2006 (“Veterans Act of 2006”) limits the ability of the Department of Veterans Affairs (“VA”) to use contracting vehicles like the Federal Supply Schedule (“FSS”).  The ruling may have a major impact on VA procurements and warrants close attention from contractors serving the VA.

The Veterans Act of 2006 requires the VA to award contracts to Veteran-Owned Small Businesses (“VOSB”) and Service-Disabled Veteran-Owned Small Businesses (“SDVOSB”) where a contracting officer “has a reasonable expectation that two or more small business concerns owned and controlled by veterans will submit offers and that the award can be made at a fair and reasonable price that offers best value to the United States.” (This is often referred to as the “Rule of Two.”) In 2012, Kingdomware Technologies, Inc. (“Kingdomware”) successfully protested to GAO that the Rule of Two prevented the VA from making an FSS award to a non-VOSB.  The VA declined to follow GAO’s recommendation.  Kingdomware continued to press its case at the Court of Federal Claims, but both the court and Federal Circuit sided with the VA. Continue reading “Kingdomware Technologies, Inc. v. United States May Have Profound Impacts on Veterans Affairs Procurements”

Supreme Court to Resolve Circuit Split, Decide Viability of Plaintiff-Friendly Implied Certification Theory for FCA Liability

Daniel Broderick

BroderickDWith the filing of relators’ brief in United Health Services, the Supreme Court is one step closer to resolving one of the most controversial issues in False Claims Act (“FCA”) jurisprudence:  whether “implied certification” is a valid liability theory under the FCA.

Under the implied certification theory, the plaintiff may allege that, by submitting any claim for payment to the government, a contractor impliedly certifies compliance with all applicable statutory, regulatory, and contractual requirements.  Thus, under this theory, even where the contractor provided all of the goods and services for which it seeks payment, the government is allegedly wronged because it would not have paid for the items or service if it was aware of the contractor’s noncompliance with these other requirements.

Because the FCA makes it unlawful to knowingly submit a false or fraudulent claim for payment to the government—and imposes treble damages plus civil penalties ranging from $5,500 to $11,000 per claim—plaintiffs  are strongly incentivized to assert the “implied certification” theory, which does not require the more difficult showing of an express false statement.  Not surprisingly, the aggressive use of the implied certification theory has contributed to much of the recent increase in government enforcement actions and billions of dollars in recovery, including by settlements designed to avoid the legal uncertainty and the potentially significant damages and penalties under the FCA.  The Supreme Court agreed in December to hear the case to resolve a circuit split as to whether implied certification is viable. Continue reading “Supreme Court to Resolve Circuit Split, Decide Viability of Plaintiff-Friendly Implied Certification Theory for FCA Liability”