The BDO GovCon Week Ahead - August 2021

August 30, 2021

Genius is 1% Inspiration and 99% Perspiration: The Small Business Administration (SBA) has begun taking steps to make the current administrations goals of increasing Federal spending with small, disadvantaged business a reality. In early 2021, President Biden and his team released goals to increase spending by 50 percent over the next five years, and the SBA isn’t wasting any time, trying to meet those goals.
 
SBA is holding regular meetings with the White House’s Domestic Policy Council and the Office of Management and Budget (OMB) Deputy Director for Management to ascertain how it can help facilitate a more diverse supply chain. While the overall small business spend exceeded goals for Government fiscal year (GFY) 2020, SBA has noted that the number of business participating in Federal contracts is decreasing and that the Government is still falling short of its women-owned and Historically Underutilized Business Zones (HUBZone) small business goals.
 
SBA is hoping to piggy-back on the recent Buy American and supply chain security executive orders, and is establishing a new manufacturing hub to help smaller companies bid on Government contracts. These efforts, combined with several others, are just a few being taken by the Government to get small, disadvantaged business spend back to where it was more than 10 years ago.

For more information, please click this link.

Traveling in 2022? Don’t Expect Big Per Diem Bumps: Have you traveled for work or do you plan to soon?  If so, you are likely very familiar with the General Services Administration’s (GSA) lodging and meals and incidental expenses (M&IE) per diem rates for travel. These rates are used by Federal agencies and contractors alike to determine reasonableness and allowability of costs incurred when traveling for work-related functions.
 
In the wake of the fallout of the COVID-19 pandemic, GSA has elected to slightly increase the base daily allowances from $151 per day in 2021 to $155 per day in 2022.
 
These per diem rates are calculated based on average daily rate (ADR) data from the lodging industry and is set by the GSA annually.  During the COVID pandemic and subsequent restrictions, the ADR dropped sharply in 2020 and 2021. Due to this, GSA has elected to freeze 2022 base lodging rates at the current 2021 level of $96 per night. Conversely, GSA has decided to bump the M&IE range to $59-$79 from its current $55-$76 range.
 
As traveling continues to ramp up, it is expected that travel will continue to rise in 2022, Federal contractors should be aware of new per diem guidelines to help more accurately budget future travel and ensure employees are aware of what they are able to spend.

For more information, please click this link.

Seriously Cyber: A white house memo released August 10, 2021 is calling on Federal agencies to take a serious look at their current cybersecurity systems. The memo, authored by the Office of Management and Budget (OMB) Acting Director Shalanda Young, stems from the President’s May 12, 2021 executive order (EO) on improving the nation’s cybersecurity. In response to the EO, which laid groundwork for several directives, including identifying and securing critical software, the National Institute of Standards and Technology (NIST) defined critical software as “any software that has, or has direct software dependencies upon, one or more components with at least one of these attributes: is designed to run with elevated privilege or manage privileges; has direct or privileged access to networking or computing resources; is designed to control access to data or operational technology; performs a function critical to trust; or, operates outside of normal trust boundaries with privileged access.”
 
The order to agencies comes as malicious cyber-attacks seem to be increasing at an exponential pace. “The United States faces increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and, ultimately, the American people’s security and privacy. The Government must improve its efforts to detect, identify, deter, protect against, and respond to these campaigns and their perpetrators. This includes partnering with the private sector to ensure that products continuously evolve to secure against a dynamic threat environment”, the memo states.
 
Agencies are tasked to identify all critical software components in use or in the process of acquisition within 60 days of the memo’s issuance. Additionally, within one-year agencies must implement the security measures designated by NIST for all categories of critical software included in the initial phase, and one year to incorporate subsequent security measures for each guidance update from NIST.

For more information, please click this link.

---

August 16, 2021

White House Disappointed in $50M TMF Appropriation: Congress approved the largest appropriations-based addition to the Technology Modernization Fund (TMF) since its inception, but the White House says it was hoping to get more. In early 2020, the TMF received a $1 billion boost as part of the second COVID-19 stimulus package. The fund serves as a central pool from which agencies can apply for loans to upgrade their legacy IT systems, which are often much needed.
 
The $1 billion cash infusion was a special event for the fund, designed to boost its ability to help agencies meet critical, timely technology needs, including tools needed to respond to the pandemic and remediate multiple major cybersecurity events. The Biden administration sought to keep the IT upgrade momentum rolling by requesting another $500 million, but the final bill from the House Appropriations Committee included only $50 million, which is 10 times less than the White House was hoping for.
 
The Office of Management and Budget released a statement following the announcement, stating that while the injection of $1 billion was a nice start, agencies have already requested more than twice that amount. “The administration appreciates the funding provided in the bill for the TMF and urges Congress to provide the full $500 million requested in the FY 2022 budget, which would support a more rapid transition of legacy systems and the adoption of more secure commercial technology,” the statement reads. “With $1 billion in seed funding appropriated through the American Rescue Plan Act of 2021, the TMF Board has received more than 100 proposals from agencies totaling over $2.1 billion in requested funds, far exceeding the amount of resources available.”
 
The Financial Services and General Government bill now moves to the full House as part of a seven-bill minibus appropriations package. Contractors involved in the IT space should continue to monitor the bill’s trajectory as additional opportunities could emerge if more funds are appropriated.

For more information, please click this link.

Taking “Buy American” Even FARther: Earlier this month, the Federal Acquisition Regulation (FAR) Council published a proposed rule to update the FAR and implement Executive Order (EO) 14005, “Ensuring the Future Is Made in All of America by All of America’s Workers.” The EO, published on Jan. 25, 2021, was intended to promote the purchase of domestic goods to grow the domestic supply chain and ensure that America’s workers thrive. Specifically, the proposed rule would implement the following:

• An increase to the current domestic content threshold, a plan for gradual increases to that threshold, and an alternate threshold for products that meet certain exceptions.
• An increase to the price preference weighting for domestic products that are “critical” or comprised of critical components.
• An additional domestic content reporting requirement for contractors, post-award.

The FAR Council also requested comments and feedback on several questions and recommendations on other topics relating to the proposed rule. The Made in America Office and FAR Council are holding a public meeting on Aug. 26, 2021 from 9 a.m. to 3 p.m. EDT, and interested parties need to register by end of day, Aug. 16, 2021. Comments are due Sept. 28, 2021 to be considered in writing the final rule.

For more information, please click this link and this link.

CISA Needs Your Help with its New Public-Private Partnership: To bolster cybersecurity planning, threat analysis, and defensive operations, the Cybersecurity and Infrastructure Security Agency (CISA) is partnering with cloud providers, cyber companies, and various other private sector partners to establish the Joint Cyber Defense Collaborative.
 
According to CISA director Jen Easterly, the federal agencies and companies participating in this collaboration will work together to “share insights” and “create a common operating picture, a shared situational awareness of the threat environment, so that we understand it better to develop whole-of-nation comprehensive cyber defense plans to deal with the most significant threats to the nation to include significant threats to our critical infrastructure.” This group will also be tasked with exercising cyber defense initiatives and putting those plans into operation. The inception of this collaboration follows the government’s emboldened approach to combat increasing cyber threats following various high-profile hackings, including that of the Colonial Pipeline and Solar Winds.
 
Early participants in this collaboration include tech juggernauts like Amazon Web Services, AT&T, CrowdStrike, Mandiant, Google Cloud, Microsoft, Lumen Technologies, Palo Alto Networks and Verizon. In addition to these industry partners and various federal agencies, the collaboration will work with other partners including state and local governments, private sector entities, and owners and operators of critical information systems.
 
The inception of the Joint Cyber Defense Collaborative presents a multitude of opportunities to current and prospective contractors. As this group continues to grow and expand, it can be expected that it will require input and support across various sectors and industries. As the group begins to exercise its cyber defense initiatives and putting those plans into operation, it will certainly require support from the contracting community.

For more information, please click this link.

---

August 9, 2021

Have You Picked a Date, Yet? What are questions commonly asked when announcing engagements, moves, and the transition away from using data universal numbering system (D-U-N-S) numbers to identify entities doing business with the government?
 
D-U-N-S numbers, created and assigned by Dun & Bradstreet for decades, are nine-digit numbers used to identify an entity. Almost three years after issuing a solicitation to potential vendors, the General Services Administration (GSA) has announced that the transition to 12-digit alpha-numeric unique entity ID (UEI) numbers will be final by April 4, 2022.
 
UEI numbers can currently be seen in the GSA System for Award Management (SAM), and entities that are not required to maintain representations and certifications in SAM will be able to request a UEI as early as October 2021. Federal agencies and entities that operate and maintain systems that use the D-U-N-S numbers will need to have completely transitioned over to the 12-digit numbers by April 2022.

For more information, please click this link.

Not Throwing Away My Shot: On July 29, 2021, the White House issued a policy requiring federal employees and contractors working on-site to attest to their vaccination status, and if they have not been vaccinated or refuse to complete the attestation, they are subject to travel restrictions, social distancing, being tested for COVID as much as twice per week, and mask requirements.
 
This policy doubles down on the government’s efforts to prevent further spread of the virus and the notorious delta variant. Earlier in the week, the Office of Management and Budget (OMB) re-implemented mask requirements for federal employees and contractors working on-site, in geographic areas with substantial or high community transmission, regardless of vaccination status. The Department of Homeland Security  has already issued guidance requiring masks for all on-site employees and contractors and the Department of Veterans Affairs is requiring vaccines for all health care workers and masks for on-site employees and contractors in substantial or high community transmission areas.
 
While the government considers a broader vaccine mandate, OMB is strongly recommending that agencies proactively communicate with their workforces and encourage everyone to get vaccinated.

For more information, please click this link and this link.

2022 NDAA to Address Department of Defense (DoD) Supply Chain Security: The House’s Defense Critical Supply Chain Task Force spent three months analyzing how the DoD can shore up its supply chain, considering events such as the semiconductor shortage and prohibition on Chinese telecommunications equipment. The result of six legislative proposals will likely be included in the 2022 National Defense Authorization Act (NDAA) as amendments.
 
The proposed steps include the following:

• Reducing reliance on adversaries for resources and manufacturing.

• Establishing a coalition for workforce improvement.

• Leaning on the National Technology and Industrial Base group.

• Working with the Departments of Energy and Interior to procure rare earth elements.

• Creating DoD-wide risk assessment strategies and systems.

• Acquiring commercially available supply chain mapping tools.

The 2022 NDAA will resume its path toward becoming law when the House and Senate return from their summer recess in September 2021. Stay tuned to the BDO GovCon Week Ahead for updates on the NDAA and which supply chain proposals make the final cut.

For more information, please click this link.