The BDO GovCon Week Ahead - December 2021
December 21, 2021
Cybersecurity Requirements are Whittled Down in the Latest Version of the NDAA: In early December 2021, the latest version of the National Defense Authorization Act (NDAA) was released after House and Senate negotiations took place, and many cybersecurity requirements ended up not making the cut. This includes several provisions that called for efforts to promote U.S. superiority in the global information environment, to improve internal security, e.g., next generation encryption needs, and most of the proposed outreach programs that would have required more information sharing both within the U.S. cybersecurity community and with other major players across the globe.
One very notable omission was a provision meant to establish a Cyber Incident Review Office (CIRO) (section 1535 of the House bill dated October 18, 2021). This would have required many private entities to start submitting reports, some within 24-72 hours, on their cybersecurity incidents to CIRO. While the language did include many limiters trying to narrow down which private entities would be considered “covered entities” and what type of incidents would be considered “covered cybersecurity incidents”, it would still have created yet another new process that adds burden to those operating in this industry. Further, and even more concerning, was the plethora of language surrounding who CIRO would be able to share your reported information with. There were some protections included, but it ultimately would have been at the discretion of CIRO, if they felt it was justified in order to support the nation’s security. That could have meant that Government agencies and, maybe, even other private entities would know if you had security vulnerabilities. It did not speak to whether these reports could be used for Government agencies to evaluate companies seeking Federal awards, or how active Federal awards could be affected, but even if it wasn’t that far-reaching, a company’s reputation would likely suffer substantial damage.
While this provision has missed the window for inclusion in the NDAA, many members of Congress are still dedicated to getting similar cybersecurity reporting requirements passed soon.
For more information, please click this link and this link.
Federal Judge Rules Against the Vaccine Mandate for Federal Contractors: On December 7th, a Federal judge in Georgia issued a stay, which bars the enforcement of the Federal contractor vaccine mandate. This ruling came from a lawsuit from multiple contractors across seven different states, with one of the contractors doing business nationwide, thus the stay impacts enforcement across all 50 states. The judge wrote that the White House had exceeded its authorization in issuing the mandate and stated that, “even in times of crisis this Court must preserve the rule of law and ensure that all branches of government act within the bounds of their constitutionally granted authorities.”
As such, the Government is currently not able to enforce the Federal contractor vaccine mandate, which was announced in Executive Order (EO) 14042 on September 9th. Federal agencies have been working to notify contractors that they will not be enforcing the mandate until the stay is lifted. Therefore, prime contractors and subcontractors are not currently required to adhere to or flowdown the vaccine mandate, as described in the Safer Task Force Guidance, and are still be eligible for new contracts, even if they have not agreed to follow FAR deviation clause 52.223-99, Ensuring Adequate COVID-19 Safety Protocols for Federal Contractors in Multiple Award or Federal Supply Schedule Contracts for Products and Services.
This ruling comes a week after the November 30th ruling by a Kentucky Federal judge, who issued a preliminary injunction against the vaccine mandate. However, that decision only affected contractors in Kentucky, Ohio, and Tennessee, while the December 7th ruling affects all states.
For more information, please click this link.
Small Disadvantaged Businesses to Get a Boost: The White House announced further reforms to the Federal procurement process putting Small Disadvantaged Businesses (SDBs) at the forefront of the Federal marketplace. These reforms will increase the spending goal from 5 percent to 11 percent of money going to SDBs for Fiscal Year 2022, and then increasing it further to 15 percent by 2025. This new goal translates to a $100 billion share of contracts going to SDBs over the next five years.
The trend of fewer new small businesses entering the Federal procurement space over the past decade, is directly at odds with this administration’s equity goals, jeopardizing the diversity and resilience of the Federal supplier base. To reverse these declining numbers, Federal agencies were tasked to find ways to make it easier for new suppliers, especially small businesses, to join the Federal marketplace. As a powerful transparency and management tool, beginning with FY 2020 data, the Small Business Administration (SBA) started releasing disaggregated Federal contracting data by race and ethnicity, with the goal of advancing racial equity and support for all SDBs including new small businesses entrants.
These tools and reforms reinforce the President’s Day One executive order (EO), directing Federal agencies to make contracting opportunities void of barriers and available to SDBs. Goals for other socio-economic categories of small business, including women-owned small businesses (WOSB), service-disabled veteran owned small businesses (SDVOSB) and HUBZone businesses will also be updated in the near future. So, stay tuned to the BDO GovCon Week Ahead for news impacting small businesses and steps taken to make Federal awards more accessible and well-distributed.
For more information, please click this link and this link.
December 13, 2021
Job Security for Employees on Follow-On Contracts under Resurrected Executive Order: Executive Order (EO) 14055, Nondisplacement of Qualified Workers Under Service Contracts, issued on November 18, 2021, requires that Federal agencies ensure that successor contractors make good faith offers to predecessor employees who performed successfully on the preceding contract. The main difference between this EO and the EO on nondisplacment of qualified workers issued under the prior administration is that the prior EO only applied to successor contracts that were performed at the same location. This EO goes further and gives flexibility in removing this requirement.
Contracts and solicitations subject to the Service Contract Act (SCA) will be required to “include a clause that mandates that the awardee offer employment to qualified workers on the predecessor contract.” One of the goals of this EO is to ensure that the work force on the new award is experienced and familiar with the Federal government’s requirements. This will also help the administration achieve their equity goals as many SCA “workers are disproportionately women and workers of color. To facilitate the implementation of the EO requirements, the predecessor contractor is “required to provide a list of service employees working on the contract over the last month of contract performance to the contracting officer.” This list would then be used to afford a right of first refusal to those service employees.
The Department of Labor (DOL) has 180 days to issue final regulations implementing the requirements at which point the FAR council is directed to amend the Federal Acquisition Regulation (FAR) accordingly.
For more information, please click this link and this link.
Definitely, Maybe: The Federal Contractor Vaccine Mandate’s Gray Areas: Recently, a large defense contractor announced that it would not require its employees to be vaccinated, as their contract is for the purchase of products, not services. Currently, the military has deemed that only service and military construction contracts are covered under the Executive Order (EO) 14042 (Sections 5(a)(i) and (ii)) and the Office of the Secretary of Defense (OSD) guidance. The military plans to implement a product service coding system that will be assigned to each contract- contracts designated with “service” codes will be modified to include the vaccine requirement clause and contracts designated with “supply” codes will not.
On December 5, 2021, the Department of Defense (DoD) started collecting weekly data reports from Federal contractors, regarding refusals to incorporate the contract clause implementing the vaccine mandate requirements, when required. This data will be collected on contracts worth more than $10 million to determine whether the refusals will impact mission readiness significantly, and the DoD will also be monitoring whether the vaccine mandate requirements will lead to a decrease in available vendors.
Georgia, Kentucky, Ohio, and Texas have issued injunctions, with their courts finding that EO 14042 exceeds the White House’s authority. These injunctions will prevent the Government from enforcing the vaccine mandate for now. Readers can stay tuned to the BDO GovCon Week Ahead for the latest vaccine mandate news and its implications on Federal contractors.
For more information, please click this link and this link.
Defense Policy Bill Likely Pushed to 2022: On Monday November 29, 2021, a Senate motion to end debate on the fiscal year 2022 National Defense Authorization Act (NDAA) failed by a vote of 41-51. The bill authorizes the Department of Defense (DoD) activities for the Government’s Fiscal Year and sets new policy and priorities for the DoD. Typically, Congress aims to come to terms and pass the annual authorization bill by the end of the calendar year, and it is likely the bill will be pushed back to 2022.
The failed motion needed 60 ayes to set up a vote for final passage, with all Republicans and 5 Democrats voting against the procedural step forward. Some Republicans said they were rejecting the process, not the bill itself, and complained that they did not have enough time to debate the bill and have an open amendment process. “We’re not delaying national security,” Sen. Jim Inhofe, R-Okla., the ranking member of the Senate Armed Services Committee, said after the bill was rejected. “This is the opposite. We are demanding that we show, through open and robust debate, that our men and women in uniform are our priority.”
While some are disappointed about the result and the delay, it is not the first time NDAA has been pushed to the following calendar year. The bill is also not considered critical to the operations of the DoD, as many departments operate routinely without an annual authorization bill and Todd Harrison, the director of defense budget analysis at the Center for Strategic and International Studies emphasized that the “DoD can operate just fine without an authorization bill”. Although the bill is necessary for the authorization of policies and priorities, it does not actually disburse any money. The appropriations bill is what funds the department, and blurred lines between authorization and funding bills means that appropriations legislation sometimes also order reports or set policy. Although the timeline is uncertain, Congress will likely reconcile their differences on the bill and be signed into law, as the annual NDAA has been approved every year for the past six decades.
For more information, please click this link.
December 6, 2021
Keeping Up with Constantly Fluctuating Cybersecurity Requirements: There is no agency, company, or individual in the government contracting space that is not affected by cybersecurity. The market is saturated with messages of its urgent importance and of the constant need for an overhaul of federal cybersecurity practices. In 2021, we have seen a cybersecurity executive order from the White House, increased requirements issued by the National Institutes of Standards and Technology) and a draft zero trust strategy released by the White House’s Office of Management and Budget. Requirements are arriving rapidly and from all different types of authority, which have their own agendas, and companies need to be prepared to continuously monitor and implement the impending flurry of security changes coming their way.
It is difficult to predict the expectations for government contractors. In the past, the burden has simply fallen to them to understand complex regulations and implement even more complex policies and procedures to ensure compliance, but this route has always had inherent risks. These risks include misunderstanding the requirements, companies erroneously representing that they are compliant, and even forcing companies (especially small businesses) to stop pursuing government work because they don’t want to implement the security infrastructure required. If the government wants to ensure that all their efforts to overhaul cybersecurity really make our nation safer and avoid those pitfalls, they may need to do more this time around.
Several ideas and recommendations for implementation are being proposed that could help address that concern. One is attestation technology which takes a snapshot of a company’s current security system and provides a report of that system against a set of expected policies and measurements. In order to do business with the government, companies will have to allow an agency or third party to periodically subject their system to this type of verification. Another push is to have the government provided remediation assistance resources available to contractors. So, while they may not be able to do an initial assessment or make a representation on contractors’ behalf, they could still help in the event of a breach or when a deficiency happens to be identified. There have also been discussions surrounding information sharing, which could require agencies and companies to report practices, breaches and trends to a committee, which would in turn create a common tool set for contractors to use to combat their own company’s risks.
These implementations would not only help companies understand their cybersecurity responsibilities, but also help ensure that compliance is occurring. It may be difficult to implement without being overly intrusive on companies, but it could be the only way the government can assure the nation’s security.
For more information, please click this link, this link and this link.
DOL to Increase Minimum Wage on Federal Contracts: On Monday, Nov. 22, 2021, the Department of Labor (DOL) announced its final rule to implement Executive Order (EO) 14026 to increase the hourly minimum wage to $15 for employees on federal contracts. EO 14026, originally signed by President Biden on April 27, 2021, will take effect on Jan. 30, 2022, and applies to “any new contract; new contract-like instrument; new solicitation; extension or renewal of an existing contract or contract-like instrument; and exercise of an option on an existing contract or contract-like instrument." The EO also stipulates that there will be an annual increase to this rate starting Jan. 1, 2023.
In addition to raising the hourly minimum wage, the rule aims to eliminate the tipped minimum wage as part of a three-year plan. On Jan. 30, 2022, the tipped minimum wage will become $10.50; on Jan. 1, 2023 this will become 85% of the 2023 hourly minimum wage; and on Jan. 1, 2024 (and each following year) the tipped minimum wage will be equal to the minimum wage on federal contracts.
The 37% increase of the minimum wage from $10.95 to $15 does seem like a large increase, and President Biden and the DOL believe these new wages will benefit not just the workers. Wage and Hour Division Acting Administrator Jessica Looman said, “The final rule adds value for taxpayers by boosting worker productivity and reducing employee turnover and absenteeism. It also allows federal contractors to retain top talent and reduce recruiting and training costs.” This is being portrayed as a rule intended to help everyone, but it is unclear how this increase will affect contractors and their ability to afford these wage increases.
For more information, please click this link, this link and this link.
Performance Rating Rule: An SBA Proposal to Help Small Businesses Compete for Prime Contracts: Aimed at addressing concerns by small business vendors’ absence of data to demonstrate past performance necessary for federal prime contact awards, the Small Business Administration (SBA) has proposed a Performance Rating Rule that would offer two options for small businesses to request ratings of their previous work performance. As previous first-tier subcontractors or joint venture members, small businesses would be able to request ratings for this work, which would help eliminate the conundrum of being unable to get a prime contract without experience and being unable to get the experience without a prime contract. The proposed rule provides new avenues that assess small businesses’ performance on work they have done, even if it isn’t on a federal prime contract.
SBA is seeking public comments on the proposed Performance Rating Rule. Specifically, it is seeking feedback on whether small business subcontractors have been negatively impacted in competing for prime contracts due to lack of a past performance rating(s) and on whether to prescribe a time frame within which the subcontractor must make a request to the prime contractor for a rating under the proposed rule. Comments are due on or before Jan. 18.
The proposed rule would expand the opportunities for small businesses to establish past performance and, if adopted, will help level the playing field for many small businesses. However, this rule will also require additional time and effort on the part of prime contractors if they are required to start providing these types of records to all their subcontractors. Stay tuned to the GovCon Week Ahead for updates, and we highly recommend that you submit your comments and feedback about the proposed rule and implications to our readers on both the prime and subcontract side.
For more information, please click this link and this link.
SHARE