Friday Flash 03/17/23

March 16, 2023

Four Reasons to Register Now for the Spring Training Conference!

We’re less than two months away from the 2023 Spring Training Conference – Procurement Watchwords for 2023, which will take place on May 2-3 in Falls Church, VA! As the date approaches, the Coalition would like to share four reasons why you and your colleagues won’t want to miss out on this year’s event, which promises to deliver an experience packed from top to bottom with the most valuable content for federal contracting professionals.

To register for the conference, click here. Click here to reserve your discounted hotel room.

An Agenda Valuable to the Whole Procurement Community!

Government-wide Focus, May 2

We are confident that this year’s Spring Training Conference agenda will be beneficial to all government acquisition professionals across an expansive range of industries. The conference focuses on four procurement watchwords: Market Continuity, Cybersecurity, Supply Chain Security, and Sustainability. The first day covers governmentwide policies and programs from agencies including DoD, GSA, NASA, and more. The importance of the procurement watchwords will be highlighted during our plenary sessions, which feature panels focused on the latest initiatives from GSA Federal Acquisition Service (FAS) executives, the impacts of cybersecurity developments like CMMC 2.0 and FedRAMP authorization, supply chain security policies, and how sustainability requirements will serve as a performance measure for government contractors. In the afternoon, we have nine total Market Continuity Panels covering:

NASA SEWP VI
OASIS+
Alliant 3
Other Transaction Authorities
GSA’s Office of the Future and more

Healthcare Day, May 3

On the second day, the focus of the conference shifts to healthcare procurement. We are thrilled to have two back-to-back panels of VA leadership join us in the morning from the VA’s Office of Acquisition, Logistics, and Construction (OALC) and the Veterans Health Administration (VHA). During lunch, there will be a special presentation on how sustainability requirements will impact federal healthcare contractors. Before we head into the Market Continuity Panels, we will learn about healthcare technology systems and medical supply chain efforts during the Cyber and Supply Chain Security Panel. Attendees will then have a selection of six total Market Continuity Panels to choose from, including:

VA Medical/Surgical Prime Vendor (MSPV) Program
Medical Device Cybersecurity,
VA Pharmacy Benefits Management (PBM)
DHA and DLA Pharmaceuticals
DLA MSPV and ECAT, and
VA Prosthetics

Find out more about the sessions offered during the two-day conference, as well as which guest speakers we have invited, by viewing the draft agenda here.

New Table Opportunities to Ask Your Questions to Government!

During the 2022 Spring Training Conference, we introduced the GSA Multiple Award Schedule (MAS) and VA Federal Supply Schedule (FSS) “Ask the PMO” Tables which allowed for attendees to sit down with program managers from GSA and the VA during one-on-one meetings to discuss any questions they have related to the Schedules. We are excited to announce that due to increased demand, not only will these “Ask the PMO” tables return to the Spring Training Conference, but we also have added three brand new opportunities for interested attendees to discuss GSA and VA programs with agency representatives. On May 2, joining the Ask the MAS Table will be the Pricing Tools Table and the Med/Surg Supply BPAs Table. The Pricing Tools Table gives attendees the chance to meet with GSA’s Catalog Management team to ask their questions on how to best utilize the agency’s pricing tools and platforms for contractors. Supply BPA holders can sign up for one-one-one meetings with VA Supply BPA leadership at the Med/Surg Supply BPAs Table. On May 3, the VA will be manning the Ask the FSS Table and the new Pathfinder Table, which will highlight how vendors can use the Pathfinder site to engage with the VA and submit their innovative ideas.

The Coalition is thrilled to have the opportunity to expand our facilitation of direct engagement between government and industry partners at the Spring Training Conference. Check the agenda to learn more about these new opportunities!

Networking Receptions on Both Days!

Once the afternoon Market Continuity Panels wrap up at the end of May 2^nd and 3^rd, all conference participants, including attendees and speakers, are invited to join us for a networking reception. At this year’s Spring Training Conference, both days will conclude with a reception, scheduled from 5:15 – 6:30 pm on May 2, and 4:30 – 6 pm on May 3. We encourage you to take advantage of this opportunity to continue conversations from the sessions and build valuable connections within the federal acquisition community!

Increase Your Organization’s Brand Exposure!

If your organization is seeking opportunities to boost its brand, look no further than the Spring Training Conference! A variety of Premier and Auxiliary sponsorship packages are available for the conference, each offering great benefits to help your spread your brand’s awareness to an audience of federal contracting professionals and key government decision makers. You also may choose one or more sponsorship packages, or work with the Coalition to develop a customized plan that fits your organization’s business and budget needs.

We strongly encourage you to learn more about all of the excellent benefits offered for each sponsorship tier in the Coalition’s Sponsorship Prospectus. You won’t want to miss out on this opportunity to showcase your brand and help grow your business!

All sponsorship opportunities will be offered on a first-come-first-serve basis. If you have any questions, or are ready to secure your sponsorship, contact Heather Tarpley at htarpley@thecgp.org or 202-315-1055.

As always, we would like to thank our current sponsors for their continued support of the Coalition and the Spring Training Conference. Our sponsors include:

Platinum Sponsors: AvKARE; Covington & Burling; and McKesson
Silver Sponsor: Sheppard Mullin
Coffee & Networking Sponsor: SAIC

NEW EVENT: VA NAC Meeting in Chicago, April 19

The Coalition is pleased to announce that we will be hosting a meeting with the Department of Veterans Affairs National Acquisition Center (NAC) on Wednesday, April 19 from 1:00–4:30 PM CDT in Chicago (registration here). The annual VA NAC meeting is one of our most popular events for our Healthcare members. VA speakers will include:

Christopher Parker, Associate Executive Director, Strategic Acquisition Center & Acting Associate Executive Director, National Acquisition Center
VA Federal Supply Schedule (FSS) Leadership
VA National Contract Service (NCS) Leadership

The program will cover the latest developments for VA FSS and NCS contracts and will include time to network with leadership of these contracting programs. The agenda will be released soon, as well as the location of the meeting in downtown Chicago. The meeting will be in-person only. To register, click here.

Last Call for Input on the OASIS+ Draft RFP

Last week, GSA released the second OASIS+ Draft Request for Proposals (RFP). Within the request, GSA released a cover letter outlining some of the changes made in the new version and an additional Q&A covering industry questions from the first RFP.

The Coalition will be compiling member feedback to send comprehensive comments on the new draft RFP. Please submit your feedback to JSnyderwine@thecgp.org by noon EDT, today, March 17, 2023.

For any additional questions, please reach out to JSnyderwine@thecgp.org.

President’s Budget Requests Increased Tech Funding

Federal News Network reports that the President’s Fiscal Year 2024 Budget Request includes $74 billion in Federal technology spending for civilian agencies, a 13% increase from the previous year. Of the $74 billion, $12.7 billion is allocated for cybersecurity. One notable change in the budget is that for the first time cybersecurity priorities outlined by the Office of Management and Budget are included as a specific line item, with $366 million allocated to three priority areas:

Improving the defense and resilience of government networks
Deepening cross-sector collaboration in defense of critical infrastructure
Strengthening the foundations of a digitally-enabled future

In addition to cybersecurity, the budget includes more than $510 million for funding to modernize services, reduce administrative costs, and launch new online programs. Funding is included to hire 120 professionals with customer service experience to the Federal Government, and $75 million is designated to develop interagency life experiences centered on improving access to programs such as disaster survivor assistance and Medicare. In addition to customer experience funding directed at specific agencies, the budget also calls for $200 million for the Technology Modernization Fund (a $100 million decrease from FY 2023) and $90 million (matching last year’s contribution) for the Federal Citizen Services Fund.

Coalition Events in March

The Coalition currently has five members-only committee meetings and events scheduled for March, listed for your convenience below. All times are in Eastern Daylight Time. For assistance with registration, please contact Ian Bell at ibell@thecgp.org.

March 21, 12:00 – 1:00 PM: Pharmaceutical Subcommittee Meeting with Dr. Jennifer Martin, VA PBM (click here to register)
March 22, 10:00 – 11:00 AM: Small Business Committee Meeting, OSDBU Panel (click here to register)
March 23, 1:30 – 3:00 PM: OASIS+ In-Person Working Group Meeting with Tiffany Hixson, GSA (click here to register)
March 24, 11:00 AM – 12:00 PM: BRIC/Cyber Meeting with Townsend Bourne and Bob Metzger (click here to register)
March 28, 10:00 – 11:00 AM: NASA SEWP Working Group Meeting with Joanne Woytek, NASA (click here to register)

Pentagon’s Budget Request Totals $842 Billion

Federal News Network reports that the Department of Defense’s (DoD) proposed Fiscal Year 2024 Budget Request totals $842 billion, a $26 billion increase from the previous year. The budget proposal allocates $170 billion for procurement accounts, a nearly $6 billion increase from the prior year. At $145 billion, Research and Development will be allocated an additional $5 billion from the previous year. Regarding information technology, the Pentagon expects to spend $13.5 billion. Among other priorities, the funding will be used to implement the new Zero Trust framework as well as the Cybersecurity Maturity Model Certification (CMMC).

Coalition Requests Update on TDR Expansion

Last week, the Coalition sent a letter to Sonny Hashmi, Commissioner of the Federal Acquisition Service in the General Services Administration (GSA), asking for an update on when Transactional Data Reporting (TDR) will become an option across the entire Multiple Award Schedule. Among other benefits, TDR provides more relevant purchasing data to the government, reduces regulatory burden on industry, increases small business participation in the Federal marketplace, and improves supply chain security. We look forward to facilitating positive engagement on the program and training for contracting officers on how to use TDR data effectively. We will continue to update our members on the opportunities TDR offers through the Flash and our Far and Beyond blog, and appreciate their support while we work on this key policy priority.

GSA Touts Two Years of Progress on American Rescue Plan Priorities

Last Saturday marked two years since the signing of the $1.9 trillion American Rescue Plan (ARP) Act, and GSA took the occasion to highlight how it is using ARP funding to improve Federal services and technology.

In a press release issued Friday, GSA Administrator Robin Carnahan said that the ARP has improved service delivery and built trust in government, and that “GSA is proud to be making smart investments in everything from cybersecurity to customer experience.” The act, which primarily directed funds to state and local governments for COVID relief and economic stimulus, also provided GSA with $150 million for the Federal Citizen Services Fund (FCSF) and $1 billion for the Technology Modernization Fund (TMF).

According to TMF Executive Director Raylene Yung, the additional TMF funding has allowed GSA to increase its investment rate in the TMF program tenfold. The TMF program helps Federal agencies finance IT modernization projects. TMF has made 38 total investments—27 since the ARP—that include both direct service-delivery improvements, such as a streamlined system for veterans to access records at the National Archives, and internal Federal systems improvements, including improving security in the Department of Treasury’s intelligence-sharing network and the U.S. Agency for Global Media. According to Ms. Yung, “agencies and the public are seeing a significant, measurable impact from our efforts to improve citizen data protections, strengthen governmentwide collaboration, and enhance public-facing digital service.”

As for the FCSF, GSA explained that it is supporting similar work through the Technology Transformation Services (TTS). GSA has used FCSF funding to shorten FedRAMP authorization timelines by a month, create a new set of inclusive design patterns for Federal websites, and launch the U.S. Digital Corps fellowship program to bring early-career technologists into the government.

Legal Corner:

White House Releases National Cybersecurity Strategy

The Legal Corner provides the legal community with an opportunity to share insights and comments on legal issues of the day. The comments herein do not necessarily reflect the views of The Coalition for Government Procurement.

By Rajesh De, Stephen Lilley, Veronica R. Glick, Dominique Shelton Leipzig, David A. Simon, Marcus A. Christian, Marcia G. Madsen, Howard W. Waltzman, Sasha Keck, and Lauren N. Williams, Mayer Brown

The Biden administration released its National Cybersecurity Strategy (“Strategy”) on March 2, 2023.1 The Strategy builds on previous policy actions by the Biden administration that sought to strengthen cybersecurity in critical infrastructure and protect personal data, including through regulatory action, government procurement requirements, and an emphasis on software security.

The Strategy calls for (1) a “[r]ebalanc[ing of] the responsibility to defend cyberspace,” under which the “most capable and best-positioned actors in cyberspace must be better stewards of the digital ecosystem,” with the Strategy notably highlighting the role of cloud services and software providers and (2) a “realign[ment of] incentives to favor long-term investments,” in part to “ensure that market forces and public programs alike reward security and resilience.” While still emphasizing public-private sector collaboration, the Strategy reflects an increased focus on regulatory action and private sector liability. Although many of the Strategy’s proposed changes will hinge on congressional action, if implemented by Congress and the administration, the Strategy would have significant consequences for certain businesses, including owners and operators of critical infrastructure, software developers, cloud providers, government contractors, and businesses that handle personal information. Understanding the Strategy and its potential implications accordingly will be important for companies across sectors.

The Strategy replaces the 2018 National Cyber Strategy and largely builds on the path charted by the 2021 Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity,” and on the National Security Memorandum “Improving Cybersecurity for Critical Infrastructure Control Systems.” It sets out its priorities within five pillars: (1) defend critical infrastructure, (2) disrupt and dismantle threat actors, (3) shape market forces to drive security and resilience, (4) invest in a resilient future, and (5) forge international partnerships to pursue shared goals. Below we highlight key elements of these pillars that could have important implications for businesses, including:

Expanded regulation of critical sectors’ cybersecurity practices, including technology and cloud services
Potential legislative debates over liability frameworks for software security
Initiatives to increase the speed and scale of collaboration with the private sector to disrupt threat actor groups
Efforts to harmonize cybersecurity regulations that apply to businesses

Pillar One: Defend Critical Infrastructure

Pillar One aims to set out a regime for “collaborative defense that equitably distributes risk and responsibility, and delivers a foundational level of security and resilience for our digital ecosystem.” It identifies five strategic objectives: (1) establish cybersecurity requirements to support national security and public safety, (2) scale public-private collaboration, (3) integrate federal cybersecurity centers, (4) update federal incident response plans and processes, and (5) modernize federal defenses.

New and expanded regulation is central to this pillar of the Strategy. The Strategy states that “[w]hile voluntary approaches to critical infrastructure cybersecurity have produced meaningful improvements, the lack of mandatory requirements has resulted in inadequate and inconsistent outcomes.” To address this, the Strategy tasks federal agencies with using existing authorities to set minimum cybersecurity requirements for critical sectors. The administration states its intent to work with Congress to pursue legislation to cover areas where gaps in authority are present. The Strategy also notes that the administration “encourage[s]” states and independent regulators to use their authorities to set cybersecurity requirements in a “deliberate and coordinated manner.”

The Strategy identifies cloud-based services as a focus, given many sectors’ reliance on cloud infrastructure. The Strategy states that the administration plans to work with industry, Congress, and regulators to close any “gaps in authorities to drive better cybersecurity practices in the cloud computing industry.” To that end, during a rollout discussion of the Strategy at the Center for Strategic and International Studies (“CSIS”), Acting National Cyber Director Kemba Walden remarked that, since cloud services are a “baseline service across critical infrastructure sectors. . . [,] there needs to be some baseline minimum requirements that are common across all their customer sets.”²

The Strategy does not provide specifics on these intended regulations. Rather, it emphasizes “performance-based” requirements that “leverage existing cybersecurity frameworks, voluntary consensus standards, and guidance” including the Cybersecurity and Infrastructure Security Agency’s (“CISA”) Cybersecurity Performance Goals ³ and the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity.⁴ The Strategy also describes an effort to be led by the Office of the National Cyber Director (“ONCD”), in coordination with the Office of Management and Budget (“OMB”), to harmonize federal cybersecurity regulations, which may be beneficial to cross-sector businesses facing conflicting and duplicative requirements. For example, the Strategy notes that the Cyber Incident Reporting Council will coordinate and deconflict federal incident reporting requirements.

Pillar One also lays out plans to enhance public-private information sharing and access to support from federal agencies during cyber incidents. For example, the Strategy states that the federal government will partner with the private sector to explore enhanced machine-to-machine data sharing that will enable “real-time, actionable and multi-directional” information sharing. This Pillar also describes a plan to increase inter-agency collaboration and integration to improve the private sector’s ability to reach and receive support from the appropriate federal agencies.

Pillar Two: Disrupt and Dismantle Threat Actors

Pillar Two targets “more sustained and effective disruption of adversaries” in pursuit of “mak[ing] malicious actors incapable of mounting sustained cyber-enabled campaigns that would threaten the national security or public safety of the United States.” It states five strategic objectives: (1) integrate federal disruption activities, (2) enhance public-private operational collaboration to disrupt adversaries, (3) increase the speed and scale of intelligence sharing and victim notification, (4) prevent abuse of US-based infrastructure, and (5) counter cybercrime and defeat ransomware.

Pillar Two emphasizes offensive efforts to thwart threat actors and cause sustained disruption to malicious cyber activities. It outlines campaigns spearheaded by the Department of Justice and Department of Defense, noting the important role of the private sector in disruption efforts, including its visibility into adversary activity. To facilitate public-private collaboration in this area, the Strategy declares that the federal government will “increase the speed and scale of cyber threat intelligence sharing to proactively warn cyber defenders and notify victims when the government has information that an organization is being actively targeted or may already be compromised.”

The Strategy describes a plan to engage with cloud and internet infrastructure providers to share information on malicious uses of their services and support victims who report abuses of these services. The Strategy further notes the need for providers to “make reasonable attempts to secure the use of their infrastructure against abuse or other criminal behavior.”

The role of financial institutions is highlighted as part of efforts to combat ransomware. The Strategy emphasizes continuing and expanding implementation of Anti-Money Laundering and Countering the Financing of Terrorism (“AML/CFT”) controls to combat the use of cryptocurrency to launder ransom payments. More broadly, the Strategy emphasizes that “the Administration strongly discourages the payment of ransoms” because the “most effective way to undermine the motivation of these criminal groups is to reduce the potential for profit.”

Pillar Three: Shape Market Forces to Drive Security and Resilience

Pillar Three reflects a judgment that “market forces alone have not been enough to drive broad adoption of best practices in cybersecurity and resilience.” In the administration’s view, “[i]n too many cases, organizations that choose not to invest in cybersecurity negatively and unfairly impact those that do, often disproportionately impacting small businesses and our most vulnerable communities.” In light of this perspective, Pillar Three seeks to “shape market forces to place responsibility on those within our digital ecosystem that are best positioned to reduce risk.” In doing so, Pillar Three states that the administration “will not replace or diminish the role of the market, but channel market forces productively toward keeping our country resilient and secure.” Pillar Three identifies six strategic objectives to that end: (1) hold the stewards of our data accountable, (2) drive the development of secure Internet of Things (“IoT”) devices, (3) shift liability for insecure software products and services, (4) use federal grants and other incentives to build in security, (5) leverage federal procurement to improve accountability, and (6) explore a federal cyber insurance backstop.

Pillar Three reiterates the administration’s support of legislation regarding the handling of personal data. The Strategy states that the administration “supports legislative efforts to impose robust, clear limits on the ability to collect, use, transfer, and maintain personal data and provide strong protections for sensitive data like geolocation and health information.” In addition, the Strategy states that this legislation should include national standards for securing personal data that align with NIST standards and guidelines.

The Strategy also highlights a new priority to “shift liability onto those entities that fail to take reasonable precautions to secure their software,” albeit while also acknowledging that “even the most advanced software security programs cannot prevent all vulnerabilities.” The Strategy criticizes vendors that “ignore best practices for secure development, ship products with insecure default configurations or known vulnerabilities, and integrate third-party software of unvetted or unknown provenance” as well as those who “leverage their market position to fully disclaim liability by contract.” It describes the desired legislation as limiting the ability of providers to fully disclaim liability by contract and establishing a “higher standard of care for software in specific high-risk scenarios.” The Strategy states that the administration will drive the “development of an adaptable safe harbor framework to shield from liability companies that securely develop and maintain their software products and services,” which will draw from best practices such as the NIST Secure Software Development Framework. (During the CSIS launch event, Deputy National Security Advisor Anne Neuberger said that the administration would learn from existing liability regimes for products, such as vehicle safety standards, as it assesses how to incentivize development of secure software.) Pillar Three also identifies four other steps the administration intends to pursue to enhance software security: (1) encouraging coordinated vulnerability disclosure, (2) promoting the further development of Software Bills of Materials (“SBOMs”), (3) developing a process for mitigating risk from unsupported software, and (4) partnering with the private sector and the open-source software community to invest in the development of secure software. (We discuss similar software security-focused questions in a webinar.)

Pillar Three also highlights existing initiatives on IoT cybersecurity as well as federal procurement requirements under EO 14028. Pillar Three highlights the administration’s work on IoT device labeling, for example, and asserts that “[c]ontracting requirements for vendors that sell to the Federal Government have been an effective tool for improving cybersecurity.” On the latter point, Pillar Three notes that “[c]ontinuing to pilot new concepts for setting, enforcing, and testing cybersecurity requirements through procurement can lead to novel and scalable approaches.” This Pillar also explains that the government will hold companies that fail to meet contractual commitments regarding cybersecurity practices accountable under existing laws such as the False Claims Act.

In addition, Pillar Three addresses cyber incident insurance. The Strategy observes that the existing cyber insurance market might be insufficient in the event of a catastrophic cyber incident. Accordingly, the administration intends to explore “the need for and possible structures of a Federal insurance response to catastrophic cyber events.”

Pillar Four: Invest in A Resilient Future

Pillar Four seeks to help “build a more secure, resilient, privacy-preserving, and equitable digital ecosystem through strategic investments and coordinated, collaborative action.” It states six strategic objectives: (1) secure the technical foundation of the internet; (2) reinvigorate federal research and development for cybersecurity; (3) prepare for our post-quantum future; (4) secure our clean energy future; (5) support development of a digital identity ecosystem; and (6) develop a national strategy to strengthen our cyber workforce.

The Strategy notes the need to develop and implement solutions to secure the technical foundations of the internet, many of which the administration views as “inherently vulnerable.” The Strategy calls for renewed federal investment in research and development in technologies, such as quantum-resistant cryptography-based environments and enhanced digital identity solutions. This pillar also states that ONCD will lead the charge in the implementation of the strategy for an expanded cyber workforce.

Pillar Five: Forge International Partnerships to Pursue Shared Goals

Pillar Five reflects the goal of “a world where responsible state behavior in cyberspace is expected and rewarded and where irresponsible behavior is isolating and costly.” Reflecting the intent to build “a broad coalition of nations working to maintain an open, free, global, interoperable, reliable, and secure Internet,” this pillar identifies five strategic objectives: (1) build coalitions to counter threats to our digital ecosystem; (2) strengthen international partner capacity; (3) expand US ability to assist allies and partners; (4) build coalitions to reinforce global norms of responsible state behavior; and (5) secure global supply chains for information, communications, and operational technology products and services.

This pillar highlights the administration’s commitment to strengthening collaboration with partners to combat threat actors based in foreign countries, establishing policies for providing cyber support to allies, and holding states accountable for violating international law in cyberspace. It also advocates for examining the dependency on foreign products and services that pose a risk to the United States’ digital ecosystem. The Strategy states that “[c]ritical inputs, components, and systems must increasingly be developed at home or in close coordination with allies and partners.” This aligns with existing federal government efforts to secure supply chains, such as the International Technology Security and Innovation Fund established by the CHIPS and Science Act of 2022 to support secure semiconductor and telecommunications supply chains.

Implementation

The Strategy directs ONCD to coordinate implementation of the Strategy under the oversight of National Security Council staff and in coordination with OMB. The precise pace and course of these implementation efforts remains to be seen. Given the limited availability of details on the potentially significant requirements described in the Strategy, companies should continue to monitor for legal and regulatory developments and for opportunities for private sector input in legislative and administrative processes.

¹ See National-Cybersecurity-Strategy-2023.pdf (whitehouse.gov).

² CSIS, The Biden-Harris Administration’s National Cybersecurity Strategy.

³ See Cross-Sector Cybersecurity Performance Goals | CISA.

⁴ See Framework for Improving Critical Infrastructure Cybersecurity Version 1.1 | NIST.

Healthcare Corner:

VA “Modernization Sprint Report” Introduces New EHR Deployment Strategy

On March 10, the Department of Veterans Affairs (VA) released an EHR Modernization Sprint Report detailing how the VA plans to improve deployments of its Electronic Health Records (EHR) system, solve longstanding issues, and improve governance on the project. The modernization has been on pause since last October when the VA announced that its deployment would be delayed until June 2023. At that time, the VA established a EHR Modernization (EHRM) Sprint Team to address concerns about the initial deployment strategy and identify solutions that ensure patient safety.

According to Federal News Network, the Sprint Team’s review identified four key patient safety issues. The first is the “unknown queue” issue, which, according to the VA Office of Inspector General (OIG), caused clinical orders to enter an unmonitored inbox and resulted in serious patient harm at Mann-Grandstaff VA Medical Center in Spokane, Washington. The sprint review also found that the EHR system did not properly follow up or reschedule appointments for patients who canceled or no-showed, and it led users to believe that they had created a referral for a patient when the system had not. Finally, the EHR billed patients for medical imaging without ordering the actual imaging.

The report also calls for prioritizing 30 other issues outside of these “focus areas”; describes VA’s new process for deciding whether a site is ready for a deployment; and recommends new methodologies for working around issues in the field and training users. The report does not indicate any changes to the department’s plans to resume EHR deployments this June.

A View From Main Street

By Ken Dodds, Live Oak Bank

The following blog does not necessarily represent the views of the Coalition for Government Procurement.

Subk, Size Standard and FAR Updates

Accelerated Payment

Effective March 16, 2023, the FAR will be amended to provide for a goal of payment to small business prime contractors within 15 days of receipt of a proper invoice. In addition, the goal will be to pay prime contractors that subcontract with small business concerns within 15 days of receipt of an invoice if they agree to make payment to small business subcontractors within 15 days of receipt of the accelerated payment, assuming the small business subcontractor has submitted a proper invoice.[1]

Employee-Based Size Standards

Effective March 17, 2023, SBA will increase 144 employee-based size standards and leave the other employee-based size standards at the existing level. Of note, SBA is retaining the Nonmanufacturer size standard of 500 employees, increasing the Environmental Remediation Services size standard from 750 to 1,000 employees (NAICS 562910 Exception), increasing the size standard for Ship Building and Repairing from 1,250 to 1,300 employees (NAICS 336611), and increasing the size standard for Guided Missiles and Space Vehicles, Their Propulsion Units and Propulsion Parts from 1,250 to 1,300 employees (NAICS 541715 Exception3).[2]

Status Protests and 8(a) Options

Effective March 16, 2023, the FAR will be amended to implement SBA rules which allow protesters to allege that an apparent successful offeror or awardee under a HUBZone, SDVO, or WOSB/EDWOSB set-aside or sole source award is unduly reliant on an ineligible concern for performance, i.e., not a similarly situated an entity. The FAR will also implement SBA’s rule concerning long-term 8(a) contracts (contracts with duration greater than 5 years) requiring an 8(a) firm to be in the 8(a) program within 120 days of the end of the fifth year of the contract for the agency to exercise the option.[3]

Lower Tier Subcontracting

Historically, large prime contractors with subcontracting plans reported small business subcontracting performance at the first tier, i.e., firms with a direct subcontract with the prime contractor. In 2013, Congress amended the Small Business Act to provide that prime contractors with individual small business subcontracting plans “shall” receive lower tier credit toward their subcontracting plan goals.[4] Congress further provided that the amendment did not abrogate a prime contractor’s responsibility to meet its first-tier goals. In 2016, SBA implemented this amendment and required large prime contractors to establish small business subcontracting goals at the first tier and at lower tiers and report their performance at both tiers.[5] In 2019, Congress amended the Small Business Act to provide that large prime contractors could elect to establish small business subcontracting goals utilizing performance at lower tiers but were not required to do so. Congress also provided agencies could not establish separate small business subcontracting goals at the first tier and lower tiers.[6] On December 19, 2022, SBA issued a proposed rule to implement these changes.[7] The comment period closed on February 17, 2023. After considering the comments SBA will likely issue a final rule in late 2023. The FAR might have to be amended through the rulemaking process and subcontracting reporting systems might have to be altered before large prime contractors will be able to utilize this statutory change.

Do you have a topic you wish to be covered or a question on how Live Oak Bank can support your business? Email me at ken.dodds@liveoak.bank.

[1] 88 FR 9730.

[2] 88 FR 9970.

[3] 88 FR 9734.

[4] Section 1614 of the NDAA of 2014, Public Law 113-66.

[5] 81 FR 94246.

[6] Section 870 of the NDAA of 2020, Public Law 116-92.

[7] 87 FR 77529.

All-Member Briefing on the FY 2023 NDAA: Healthcare Focus

Moshe Schwartz

This Wednesday, Moshe Schwartz, President of Etherton and Associates, briefed members on healthcare provisions in the FY2023 National Defense Authorization Act (NDAA). During the presentation, Mr. Schwartz covered the key themes in the FY23 NDAA like China, the industrial base and supply chain, cybersecurity and acquisition streamlining and how these priorities were also present in Title V II focused on Healthcare policy. He also addressed the FY 2023 budget and prospects for the FY 2024 NDAA and budget.

Click here to access the slides. A full recording of the presentation can be found here.

Reciprocity for Security Clearances Remains High Priority for Federal Government

According to FCW, reciprocal acceptance of security clearances between agencies remains a key issue within the Federal Government. At a recent press conference, Senator Mark Warner (D-VA), Chairman of the Select Intelligence Committee, said that “for contractors, trying to make sure that if you’ve got a clearance, you shouldn’t have to go through the same exact hoops again. It should be the expectation that you’ve got reciprocity.” Reciprocity for clearance holders is a cross-agency priority goal of the White House, Office of Personnel Management, DoD, and the Office of the Director of National Intelligence. Most clearances are handled by the Defense Counterintelligence and Security Agency, which is working to support reciprocity by building a centralized platform that will interface with other agencies’ information systems, but it is not yet clear if the intelligence community will move their processes to the new system.

Upcoming GSA Webinar on Policies Shaping the Federal Marketplace

On March 30, the GSA FAS Office of Policy and Compliance (OPC) will host a webinar on current and emerging policies affecting the Federal marketplace. The webinar will take place at 1:00 PM EDT. Some of the policies addressed during the webinar include:

Updates related to Implementation of the Cybersecurity Executive Order;
A new Joint Ventures Policy under the Multiple Awards Schedule Program;
Contracting Opportunities Forecast; and
New initiatives to support underserved communities through the Federal Government.

To register for the webinar, click here.

GSAR Update: GSA to Remove Payments Deviation

GSA has published a proposed rule in the Federal Register removing clause 552.232-1 Payments from the General Services Administration Acquisition Regulation (GSAR) after finding that it “is no longer in the best interests of the GSA.” The clause “requires, in certain transactions, the Government to pay a contractor without submission of a proper invoice for non-commercial fixed price contracts for supplies or service,” deviating from its Federal Acquisition Regulation (FAR) counterpart that demands an invoice or voucher. GSA identified the deviation in a regular review of its acquisition regulations, as required by the FAR, but “does not have any historical information” on why it was created and is unaware of any situation where it is in use. The proposed rule’s public comment period runs through May 1.

Please Welcome New Premier Member