The BDO GovCon Week Ahead - March 2023

The BDO GovCon Week Ahead - March 2023

March 20, 2023

Small Businesses are Entitled for Accelerated Payments in 15 Days – Final Rule Issued by DoD, GSA and NASA

The Department of Defense (DoD), the General Services Administration (GSA), and the National Aeronautics and Space Administration (NASA) issued a final rule on February 14, 2023, to provide for accelerated payments to small business government contractors and subcontractors. The rule, which will be effective from March 16, 2023, requires federal agencies to establish an accelerated payment date to pay small business contractors within 15 days after receiving a proper invoice if the contract does not include a specific payment date or term. In addition, contractors who subcontract with small businesses must make accelerated payments to subcontractors within 15 days after receipt of a proper invoice and (1) a specific payment date is not established by contract; and (2) the contractor agrees to make accelerated payments without further consideration from or fees charged to the subcontractor. 

Expected results of this rule include improving the cash flow and access to the Federal marketplace for small businesses. In order to benefit the greatest number of small businesses, the Federal Acquisition Regulatory Council (FAR Council) has determined that the rule will apply to contracts including those at or below the Simplified Acquisition Threshold (SAT) and Commercial Products or Commercial Services, including Commercially Available Off-the-Shelf (COTS) items. 

The rule also aligns FAR with Small Businesses Administration (SBA) regulations in several areas  including (i) the timing of determination of size status for multiple award contracts; (ii) the implementation of the “ostensible subcontractor rule” as grounds for socioeconomic status protest; (iii) prevention of exercise of options by contracting officers past the fifth year of long term 8(a) contracts if the contractor no longer qualifies for the 8(a) program; and (iv) defining the small business size standard for information technology value added resellers (VARs) under NAICS code 541519 as 150 employees, down from the previous 500 employee standard. 

For more information, visit: 


March 13, 2023

GAO Protest Highlights the Importance of Compliance and Burden of Proof

In the world of government contracting, the selection of a contractor who has employed ex-agency personnel might raise doubts about potential organizational conflicts of interest (OCI) because such individuals may be privy to private information that may provide a competitive advantage.  However a decision by the Government Accounting Office (GAO) in a recent bid protest highlights how difficult it may be for a protester to show this advantage. 

In B-420881 Cybermedia Technologies, Cybermedia challenged the award of a task order by the Department of Defense Counterintelligence and Security Agency (DCSA) to The Prospective Group alleging that DCSA failed to assess and mitigate an OCI arising from the awardee’s principal subcontractor which had hired five former agency officials.  Cybermedia asserted that the individuals provided Prospective with access to competitively useful information that provided Prospective an unfair advantage.  DCSA asserted that four of the five individuals left the agency prior to the start of planning of the request for proposal (RFP) for the task order and that the fifth individual was hired by the subcontractor after Cybermedia and Prospective had submitted their proposals.  The GAO in its decision found that the protester had furnished only unfounded suspicions about unspecified proprietary information and that “hard facts”, not speculation, must be present to show an unfair advantage.  These facts must include whether an individual had access to non-public information that was not available to other firms and whether the information was competitively useful.  

In summary, protesters must provide concrete evidence to show that the contractor has an actual or potential conflict of interest that would prevent it from providing impartial advice or services. This can be a difficult standard to meet but is essential to ensure fair competition in government contracting.  Please access GAO’s decision below for more information.


March 6, 2023

An Evolving Cybersecurity Landscape Sparks Changes to Guidance

The National Institute of Standards and Technology (NIST) Cybersecurity Framework (“CSF” or “Framework”) was developed in 2014, and later updated in 2018, in response to increased cybersecurity risk to the nation’s critical infrastructure. Once again, NIST is seeing the need to modify the framework to combat the most prevalent cyber risks and is adding another pillar of guidance to create CSF 2.0. 

NIST plans to add “Govern” to the current framework that already features Identify, Protect, Detect, Respond, and Recover. Govern will be a cross-sectional pillar that informs the other framework sections about the evaluation of cybersecurity risk, determination of cybersecurity roles and responsibilities, and establishment of cybersecurity policies and procedures. The update aims to emphasize the importance of risk management and continuous monitoring of regulatory requirements within your organization.

In this update NIST identifies a “Call to Action” singling out ways in which the community can contribute to improvements to CSF 2.0 and associated resources:

  1. Share International Resources 
  2. Provide Mappings
  3. Share additional example profiles for specific sectors, threats, and use cases,
  4. Submit CSF Resources - These can include approaches, implementation guides, mappings, case studies, tools, and others.
  5. Share Success Stories
  6. Share Use of the CSF in Measuring and Assessing Cybersecurity
  7. Comment on Performance Measurement Guide for Information Security

In addition to the change in framework structure, CSF 2.0 will include additional guidance on supply chain management risk and impact. Contractors whose supply chain operations utilize third-party organizations, outsourcing, and new supply chain technology will be expected to enhance risk assessment strategy that could include the implementation, or appointment, of a team to mitigate that risk.

Among the already discussed updates, NIST plans to:

  • Keep guidance broad so that it does not limit the application across sector, industry, business line.
  • Provide contractors examples for ways in which the framework could be implemented.
  • Provide additional resources that help contractors measure cybersecurity risk. This will include ways that other contractors have performed assessment and mitigation.

Although the CSF 2.0 has not been finalized, it has garnered a positive response throughout the cybersecurity community and should be on your organizations’ radar.