FAR & Beyond: Protecting the Supply Chain and National Security
For decades, we have recognized the national security implications of our reliance on overseas raw materials and supplies. These implications have prompted a growing recognition that our nation needs a strong industrial base. The pandemic and its aftermath only further exposed the fragility of our supply chains in all parts of the economy.
Two prominent procurement laws address supply chains and the industrial base: the Buy American Act (BAA) and the Trade Agreements Act (TAA). As the names imply, the BAA favors domestic end products using a certain percentage of domestic components, and the TAA allows products made in allied countries to compete with domestic supplies. Although the BAA sounds like the best, most patriotic choice from the standpoint of assuring economic, strategic, and national security stability in our supply chain, the TAA, in its implementation, may provide the best overall results.
Certainly, there are supplies that we want sourced in the United States. Achieving that end via the BAA, however, may prove to be difficult. The BAA is a price evaluation preference tool that does not prohibit the purchase of foreign products. Rather, it places a price premium on foreign end products of 20 percent if the lowest domestic offer is from a large business and 30 percent if the lowest domestic offer is from a small business. Thus, the government may end up buying products from China or other non-aligned countries if the domestic price is low enough after adding the premium to the low foreign offer. On the other hand, the TAA ensures that products will be purchased from domestic sources or from allies with which we have a trade agreement. The reciprocity of TAA also ensures that American-made products are treated fairly under foreign government procurements. Consequently, accounting for the totality of our nation’s supply chain policy interests, leveraging the TAA results in the most efficient price, excluding prices and products that might be offered from non-aligned countries, such as China, while strengthening the security and stability of the industrial base, and increasing its reliability, especially in times of need.
In the context of small business, the application of these two laws is especially confounding. Generally, for a small business or socioeconomic set-aside for supplies, an offeror seeking to qualify as a small business must supply the product of a small business made in the United States. If no small domestic manufacturers exist, the Small Business Administration (SBA) can issue a waiver of the nonmanufacturer (NMR) rule, which waives this requirement. Under these circumstances, the small business offeror can offer the product of a large business or a product made outside of the United States on a small business or socioeconomic set-aside supply contract. Although the TAA allows the President to waive BAA for countries with a trade agreement with the United States, the act restricts the President from waiving any small business or minority preference in government procurement.
The implications of the foregoing are significant. Clearly, the TAA should not apply if SBA has not waived the NMR because, in that case, an offeror on a set-aside contract must supply the product of a small business made in the United States. If, however, SBA has issued a waiver of the NMR because no small business manufacturers exist, then the BAA must apply to the set-aside, notwithstanding the fact that, but for the purchase being made from a small business under a set-aside, the law and policy interests underlying the TAA would control. The government, then, could find itself required to purchase a product from a non-designated country, and, in so doing, potentially introduce risk into the supply chain and otherwise harm other-than-small domestic manufacturers.
This anomaly arising from the interplay between these laws needs to be addressed. Some believe a clarification may be affected via legislation. Others see a remedy in amending FAR Subpart 25.4 to provide the TAA does apply to supply acquisitions set aside for small business or socioeconomic categories if SBA has issued a waiver of the NMR. Given the significant implications for our supply chain and national security, policymakers need to decide on an approach and act. In the meantime, it should make sure its requirements are fashioned to mitigate the deleterious effects identified here.
White House Drafting Executive Order to Protect Personal Data Connected to the Government
The President is preparing an executive order that seeks to prevent foreign adversaries from accessing Americans “highly sensitive” data including certain contractor data and healthcare information, reports CNN. The executive order would direct the Department of Homeland Security to issue new restrictions on data transactions that could threaten national security. In a draft document obtained by Bloomberg, the White House stated that the exploitation of said data poses an “unusual and extraordinary threat” to national security and foreign policy by enabling activities such as espionage, cyberattacks, and blackmail. Additionally, the draft order included concerns about artificial intelligence being used to search data and then track and build profiles of Federal employees or government associates. Threats to certain healthcare-related information are also expected to be covered in the upcoming executive order. For example, the collection of certain genetic information by foreign adversaries, including patient data obtained through healthcare providers for political figures, journalists, academics, activists, and members of marginalized communities.
The draft order also focuses on protecting US “government-related data” linked to current or recent contractors and Federal employees. It calls for new regulations that “prohibit or restrict people in the U.S. from engaging in any transactions that gives adversarial countries access to government-related data or sensitive personal data or that poses an unacceptable national security risk.” Administration officials will then decide which classes of transactions to prohibit. Additionally, the Administration will propose new security requirements with mechanisms to monitor compliance. The Coalition will publish the executive order in the Friday Flash when it is released.
Additional CIO-SP4 Protests
Washington Technology reports that the National Institutes of Health’s IT Acquisition and Assessment Center (NITAAC) Chief Information Officer-Solutions and Partners 4 (CIO-SP4) contract has received two additional protests regarding the vehicle’s self-scoring methodology. CIO-SP4 is designed to support agency needs for IT and health IT across several task areas. NITAAC’s self-scoring methodology requires companies to meet a certain score threshold to pass the first phase of evaluation. NITAAC began sending out Phase 1 notices to successful and unsuccessful offerors during the week of January 8, 2024.
These two additional complaints appear to be identical to CIO-SP4 protests filed over the past two years bringing the total number of protests to 356. GAO will publish decisions on the two protests by April 29, 2024.
HHS Contracting through New Consortium to Increase Domestic Supply of Medical Countermeasures
The Department of Health and Human Services (HHS) has announced its first solicitation through its new Biopharmaceutical Manufacturing Preparedness (BioMAP) consortium. The Request for Project Proposals (RPP), released on January 11, asks offerors—who must be consortium members—to submit white papers on “the production of small molecule drug substances at commercial scale.” According to the solicitation, the RPP supports work on increasing domestic drug production by the Industrial Base Management and Supply Chain (IBMSC) office, a unit of HHS’ Administration for Strategic Preparedness and Response (ASPR) created in March 2023 to strengthen the U.S. public health industrial base in the wake of COVID-19.
The consortium also released a draft statement of objectives (SOO) for a project to commercialize platforms for “efficient distributed scalable manufacturing of active pharmaceutical ingredients and finished dose form drugs.” The deadline to submit questions on the SOO ahead of its release is January 31.
HHS founded BioMAP earlier this year to support the domestic manufacturing of medical countermeasures—technologies including biologics, drugs, and devices used to combat public health emergencies—as a follow-up to previous actions by the Federal Government to strengthen the US supply chain for essential medicines, medical countermeasures and critical inputs in 2023 and in 2020. The consortium’s current members include biotechnology companies, pharmaceutical manufacturers, non-profit research organizations, and institutions of higher education. The consortium structure exempts procurements with consortium members from some FAR requirements, allowing the government greater flexibility to collaborate on requirements development and conclude contracts rapidly. Companies that are interested in joining the consortium can submit an application here.
FedRAMP Usage Accelerating Despite Challenges
The Government Accountability Office (GAO) released a report on the state of the Federal Risk and Authorization Management Program (FedRAMP) last week. While FedRAMP authorizations grew by about 60 percent from 2019 to 2023, GAO noted that agency compliance with FedRAMP was not being monitored and that there are widely varying cost estimates for FedRAMP certification. FedRAMP was established by OMB in 2011 “to ensure that cloud services have adequate information security while also reducing operational costs.” The program achieves this by connecting authorized third-party assessment organizations (3PAOs) to cloud service providers (CSPs) that are sponsored by an agency or the Joint Authorization Board (JAB). OMB requires that agencies use FedRAMP-certified cloud services.
GAO identified six key issues hindering further FedRAMP utilization:
- Long response times from stakeholders;
- A poor understanding of the program by CSPs;
- Agency resources being unavailable for sponsorship;
- Infrastructure updates required by CSPs to meet security requirements;
- Difficulties garnering agency sponsors for CSPs; and
- A lack of consistency across 3PAOs.
In its report, GAO recognized that “OMB and the FedRAMP Program Management Office in the General Services Administration (GSA) already have efforts underway to address [these issues]” and recommended that these efforts be finalized and held to “firm time frames.”
In addition, GAO found that OMB is not monitoring whether agencies are complying with the requirement that all cloud services be FedRAMP certified. In its assessment, GAO identified nine agencies that reported using cloud service products not authorized by FedRAMP. GAO also found that “data on actual costs were limited” and cost estimates “varied widely and ranged anywhere from tens of thousands to millions of dollars.” Finally, GAO recommended that OMB “issue guidance to agencies to ensure that they consistently track and report the costs of sponsoring a FedRAMP authorization.” GSA agreed with GAO’s recommendation, while OMB did not comment.
Follow the Coalition’s Social Media for the Latest News and Updates!
Stay connected with The Coalition for Government Procurement! Follow our social media pages for the latest updates, exciting announcements, and photos from our meetings and events. We are thrilled to have relaunched our Facebook page, and are eager to connect and engage with our community through the platform.
All Coalition updates will be shared on LinkedIn, Twitter, and Facebook, so be sure to connect with us on each!
To follow us on Facebook, click here.
Follow the Coalition’s LinkedIn here, and Twitter here.
Accounting Corner: First Glance: Breakdown of the Alliant 3 Draft Solicitation
Authored By: Leo Alvarez, Principal, Dylan Schreiner, Manager, and Molly Menoni, Senior Consultant; Baker Tilly
The highly anticipated and closely watched second draft of the Alliant 3 solicitation is finally here! After nearly a year since the release of the amended version of the first draft request for proposal (RFP), on December 8th, 2023, the General Services Agency (GSA) released the second draft RFP for the “Best-In-Class” (BIC) Governmentwide Acquisition Contract (GWAC).
As a continuation of flagship vehicles Alliant and Alliant 2, Alliant 3 will provide government agencies with integrated information technology (IT) solution services for evolving needs. The focus of the contract vehicle is to solicit existing and future leading-edge technologies.
There are several changes when compared to the first draft RFP – some of which address technical proposal structure, self-scoring and teaming. For more background on the initial draft RFP, Baker Tilly published an article that is available here.
Key Takeaways
Contemplated number of awards
According to the second draft RFP, GSA still intends to make at least 60 awards while also considering the possibility of tied scores. In the event of a tie at the 60th award, all offerors with equal scores will receive an award. Additionally, if a tied score occurs before the 60th award, the two offerors will also receive awards.
Read the full article here.
Healthcare Spotlight: VHA Launches “Access Sprints” as Demand for Veteran Care Increases with the PACT Act
Federal News Network reports that in order to keep up with “unprecedented growth” in the demand for healthcare from the Department of Veterans Affairs (VA), the Veterans Health Administration (VHA) is holding “access sprints” to help increase appointment availability across multiple areas of care. Through the access sprint, appointments will be offered at night and weekend clinics, and the number of veterans that each provider sees will increase. VHA reported that while the agency saw consistent week-to-week increases in mental healthcare appointments in December 2023 and January 2024, the average wait time held steady at about 21-22 days or increased at most locations.
In addition, VHA is looking to increase employee productivity while avoiding burnout. During fiscal year (FY) 2023, VHA hired over 61,000 employees, setting an agency record. Over 4,200 of these employees were mental health clinicians. VHA is specifically targeting mental health staffing in rural areas. Under the PACT Act, which was signed in August 2022, over 100,000 new veterans have enrolled in VA healthcare. In FY24, VHA anticipates an additional 21,000 enrollees under the Act, and 55,000 more enrolled veterans over the next five years. VHA wants to increase its capacity by standing up new clinics and increasing staff size.
View from Main Street: Size Recertification Consternation
Updates on Timely Topics Impacting the Government Contracting Industry from Vice President of Acquisition Policy, Ken Dodds
In a recent bid protest, the Government Accountability Office (GAO) had a difficult time determining whether a firm was a Service-Disabled Veteran-Owned small business concern (SDVOSB). The protester represented itself as an SDVOSB with its offer for its Federal Supply Schedule (FSS) contract which was awarded in May of 2019. On January 26, 2023, the procuring agency issued a Request for Quote (RFQ) to award a Blanket Purchase Agreement (BPA) under the FSS. The agency issued the RFQ to firms identified as SDVOSBs on the relevant FSS and identified the RFQ as an SDVOSB set-aside but did not request size recertification in connection with the RFQ. On February 1, 2023, the protester submitted its quote. On June 28, 2023, the protester was acquired by a non-SDVOSB. The protester was the incumbent on a BPA and informed the procuring agency that it was no longer an SDVOSB. On August 28, 2023, the procuring agency awarded the BPA to another offeror. The procuring agency argued the protester was not an interested party to challenge the award because the protester was not an SDVOSB and was not eligible for award.
In resolving the interested party challenge, GAO noted the Small Business Administration’s (SBA) general rule that size for a contract is determined at the time of offer for the contract.[1] For multiple award contracts (MACs), contracting officers may request size recertifications in connection with orders or BPAs.[2] However, when an order or BPA is set aside under a full and open MAC, size must be determined at the time of offer for the order or BPA, but the FSS is exempt from this provision.[3] SBA’s rules further provide that if there is an acquisition or merger, the contractor must recertify its size status within 30 days, and if the firm is other than small the agency cannot count future dollars awarded to the concern towards its small business goals.[4] In addition, SBA’s rules at the time the RFQ was issued provided that If the merger or acquisition occurred within 180 days of the offer but prior to award, the firm was not eligible for award of the “contract.”[5]
The procuring agency argued that because the acquisition occurred within 180 days of the offer or quote for the BPA, the protester was required to recertify and was ineligible for award. The protester contended that the requirement to recertify after offer but prior to award applied to contracts, not orders or BPAs under those contracts.
GAO agreed with the protester.[6] SBA’s rules expressly exempt the FSS from the requirement to recertify size in connection with a set-aside order or BPA. In addition, SBA Office of Hearings and Appeals (OHA) caselaw indicated that a merger or acquisition triggering recertification at the FSS contract level did not trigger a requirement for recertification for pending orders or BPAs, when the solicitation for the order or BPA did not request size recertification.[7]
Epilogue: In the GAO protest, SBA sided with the procuring agency and argued that the recertification requirement applied, and the protester was ineligible for award. On April 27, 2023, SBA issued a final rule effective May 30, 2023, to include the terms “order” and “agreement” in its rule providing that a firm is not eligible for award if a merger or acquisition occurs within 180 days of offer but prior to award.[8] The change was not discussed in the preamble to the proposed or final rule.[9] While this rule concerning eligibility for award will apply to set-aside orders under non-FSS full and open MACs, It does not appear that an unsuccessful offeror could file a timely size protest on this issue in connection with an FSS order or BPA where the contracting officer did not request size recertifications with the offer or quote.[10] However, SBA or a contracting officer may file a size protest at any time, so OHA may ultimately have to address the issue.[11]
[1] 13 CFR 121.404(a).
[2] 13 CFR 121.404(a)(3).
[3] 13 CFR 121.404(a)(1)(i)(A), (a)(1)(ii)(A).
[4] 13 CFR 121.404(g)(2)(i).
[5] 13 CFR 121.404(g)(2)(iii) (January 2023).
[6] Washington Business Dynamics, LLC, B-421953, B-421953.2, Dec. 18, 2023.
[7] Size Appeal of EBA Ernest Bland Associates, P.C., SBA No. SIZ-6139 (2022).
[8] 88 FR 26164, 26201.
[9] 87 FR 55642.
[10] 13 CFR 121.1004(a)(2)(iii), (a)(3)(iii).
[11] 13 CFR 121.1004(b).
Off the Shelf: Procurement Trends at the VA
Greg Giddens, Co-Founder and Partner at Potomac Ridge Consulting, joined Off the Shelf for a discussion of the key procurement trends at the Department of Veterans Affairs (VA). During the interview, Giddens discusses the VA’s IT and supply chain modernization efforts, including the agency’s embrace of best value methodologies, including use of statement of objectives and performance-based contracting. He also highlights the progress the VA has made in the Medical/Surgical Prime Vendor (MSPV) program.
A former senior executive at the VA, Giddens shares his thoughts on the unique challenges facing the Department’s logistics and procurement systems, including the use of credit cards for open market purchases. Turning to government-wide topics, Giddens provides his insights on the Contractor Performance Assessment Reporting System (CPARS), providing recommendations on what contractors need to pay attention to when working through performance evaluations.
Listen to the full podcast here.
House Leaders Investigate Incomplete USAspending.gov Data
MeriTalk reports that House Oversight and Accountability Committee Chairman James Comer (R-KY) and House Budget Committee Chairman Jodey Arrington (R-TX) sent a notice on January 22 to the Office of Management and Budget (OMB) and the Treasury Department about the launch of an investigation into the “lack of completeness of Federal spending information on USAspending.gov.” The investigation follows a GAO report that found that nearly one-third of agencies failed to consistently report spending data to USAspending.gov, which “accounted for more than $5 billion in new outlays” between fiscal years 2022 and 2025. Additionally, the report found that “data on USAspending.gov did not always agree with publicly available Federal agency reports.”
Currently, neither OMB nor Treasury have clear responsibility for determining which agencies must report data. To rectify this, GAO requested that Congress assign OMB and Treasury to determine which agencies must report data to USAspending.gov and to ensure that agencies complete all reporting requirements.
Seeking Member Feedback on CMMC Proposed Rule
On December 26, 2023, the Department of Defense (DoD) released its long-awaited proposed rule to establish the Cybersecurity Maturity Model Certification (CMMC) Program. The CMMC Program is designed to ensure that defense contractors and subcontractors have implemented a comprehensive and scalable assessment mechanism that incorporates certain security measures. These required measures would expand the application of existing security requirements for Federal Contract Information (FCI) and add new Controlled Unclassified Information (CUI) security requirements for certain priority programs. Currently, DoD requires applicable defense contractors to implement the security requirements established by the National Institute of Standards and Technology (NIST) Special Publication (SP) 800–171 Rev 2. This guidance covers the level of security necessary for sensitive unclassified DoD information processed, stored, or transmitted on contractor information systems. Additionally, the guidance covers the necessary documentation of contractor’s implementation status, including any plans of action to implement additional requirements in a System Security Plan (SSP). According to DoD, CMMC will provide the Department with the mechanism necessary to verify that a defense contractor or subcontractor has implemented the security requirements at each CMMC level.
In addition to the CMMC proposed rule, the Defense Department is also seeking feedback from the public on eight guidance documents for the CMMC Program. The documents provide additional guidance for the CMMC model, assessments, scoring, and hashing.
The Coalition will be submitting comments on the CMMC proposed rule on behalf of its members. Please submit any comments and/or questions about CMMC 2.0 to be included in our comments to Ian Bell at IBell@thecgp.org by COB February 6, 2024. Public comments are due to DoD on February 26, 2024. If you have any additional questions, please reach out to Ian Bell at the above address.
Seeking Member Feedback on Single-Use Plastics Proposed Rule for VA and GSA Schedules
GSA has released a proposed rule aimed at reducing single-use plastic in Federal procurement. The rule, published in December 2023, applies to GSA and VA Federal Supply Schedule (FSS) contracts and will “amend the General Services Administration Acquisition Regulation (GSAR) to add a new provision and clause to identify single-use plastic free (SUP-free) packaging availability.” The rule defines “single-use plastic packaging” as:
any plastic used for the containment, protection, handling, delivery, or presentation of goods by a producer for a consumer with the intent of being disposed of immediately after use. Disposal of the product meaning that it is routinely recycled, disposed of, or discarded after its contents have been used or unpackaged, and typically not refilled or otherwise reused by the producer. Packaging includes, but is not limited to ancillary packaging, brand/sales packaging, grouped packaging, and redundant packaging.
In the proposed rule, GSA is proposing that MAS contractors be required to identify whether or not they offer SUP-free packaging for supplies, and if so, “whether the SUP-free packaging is standard or must be specified by the ordering official.” Identification would take place when the contractor submits their price list. The corresponding contract clause would require contractors “to identify whether SUP-free packaging is available as the standard shipping practice, or at a premium or discount rate” and encourages contractors to include this information in their marketing materials. GSA would update its ordering systems, like GSA Advantage!, with a new product icon symbolizing SUP-free packaging, and “ordering activities [would be able to] focus their GSA Advantage! search on the designated icons and price to meet climate objectives.”
The Coalition plans to provide feedback on the rule and encourages all Schedule contractors to review the proposed rule. Those wishing to contribute to the Coalition’s comments should reach out to Ian Bell at ibell@thecgp.org by February 6, 2023. Public comment is due to the Federal Government on or before February 26, 2024 via regulations.gov.
2023 Small Business Regulatory Year in Review, Jan. 30
The Coalition is excited to host a virtual 2023 Small Business Regulatory Year in Review presentation on January 30 from 10:00 – 11:30 AM (ET)! The event features industry experts David Black, Partner at Holland and Knight, Ken Dodds, Vice President of Acquisition Policy at The Coalition for Government Procurement, and Jon Williams, Partner at PilieroMazza, who will provide insights on the regulatory cases and updates of the past year that affected both large and small business contractors.
During the event, Black, Dodds, and Williams will cover a wide range of topics, including observations on:
- Small Business Administration (SBA) and FAR Part 19 Rule updates;
- Office of Hearings and Appeals (OHA) cases;
- Government Accountability Office (GAO)/Court of Federal Claims (COFC) decisions;
- And More!
Small and large businesses are encouraged to attend. If you have any questions in advance of the event, please contact Joseph Snyderwine at JSnyderwine@thecgp.org.
To register, click here.
Webinar – What Contractors Need to Know about the CMMC Proposed Rule, Feb. 5
At the end of December, DoD released its long-awaited proposed rule to establish the Cybersecurity Maturity Model Certification (CMMC) Program. Please join the Coalition for a webinar on February 5 from 12:00 – 1:00pm EST as we host a terrific panel to discuss the proposed rule and address some of the questions contractors may be asking regarding what comes next. The panelists will be:
- Townsend Bourne, Partner, Sheppard Mullin
- Bob Metzger, Shareholder, Rogers Joseph O’Donnell
- Michael Gruden, Counsel, Crowell & Moring
Covered topics:
- An overview of the proposed rule for CMMC and what contractors need to focus on first;
- What the proposed rule resolves and what was left ambiguous;
- The CMMC attestation and certification process and what to expect;
- Impact of CMMC attestations on other cyber disclosure regulations (FCA, SEC, etc.);
- CMMC effects on supply chain management;
- Timing of the rulemaking and when the rule likely will be effective;
- Key issues for potential comments, e.g., use of cloud-based external services providers;
- Special challenges for smaller businesses; and
- What this means for companies at Level 1 (with FCI) but not Level 2 (CUI), and COTS products suppliers.
Register for the CMMC webinar here.
IT/Services Committee Meeting with GSA’s Office of IT Category, Feb. 12
On February 12 at 10:00 AM (ET), the IT/Services Committee will host Cheryl Thornton-Cameron, Acquisition Operations Director within GSA’s Office of Information Technology Category for a members-only meeting.
To register for the members-only meeting, click here.
The meeting will be in-person in the greater DMV area, and virtual attendance will be available. The Coalition will update members once a location has been confirmed.
To facilitate the dialogue with industry, GSA has requested members submit questions and topics for the meeting by February 2.
Please submit all questions and topics to Joseph Snyderwine at JSnyderwine@thecgp.org.
Cloud Working Group Meeting on GSA’s ASCEND BPA, Feb. 16
The Coalition’s Cloud Working Group will be hosting a members-only meeting with Joel Lundy, Director, Office of IT Products at GSA’s Information Technology Category (ITC) (pending agency approval) on February 16 at 10:00 AM (ET) to discuss the draft ASCEND Blanket Purchase Agreement (BPA). Joel Lundy will be joined by Barry Hodge, Branch Chief, Cloud Solutions Branch, ITC and Jonathan Plante, IT Specialist, Cloud Solutions Branch, ITC.
To register for the meeting, click here. The meeting will take place at Deloitte, 1919 N Lynn Street Suite 1500 Arlington, VA 22209.
In addition, the Coalition is collecting comments from members on the Draft ASCEND BPA. Comments can be submitted to Joseph Snyderwine at JSnyderwine@thecgp.org by 10:00 AM (ET) on February 20. Comments are due to GSA by February 21.
Webinar – Healthcare Focus: Briefing on FY24 NDAA, Feb. 21
On February 21 from 12:00 – 1:00 PM (ET), the Coalition is hosting the webinar, Healthcare Focus: Briefing on the National Defense Authorization Act (NDAA) for Fiscal Year 2024, with Moshe Schwartz, President of Etherton and Associates. During the presentation, Schwartz will provide an update on recent healthcare legislation in the fiscal year (FY) 2024 National Defense Authorization Act (NDAA).
To register, click here.