Skip to Content

Friday Flash 07/10/2026

Celebrating Our 2026 GW Law Scholar

Each year, the Joseph P. Caggiano Memorial Golf Tournament brings the government procurement community together for a day of camaraderie, networking, and friendly competition. More importantly, it provides an opportunity to honor Joe Caggiano’s legacy by supporting veterans in meaningful and lasting ways. Since 2023, the tournament has helped the Coalition community make a significant impact through its support of Paws for Purple Hearts, an organization dedicated to improving the lives of veterans and wounded service members through highly trained assistance dogs and its innovative Canine Assisted Warrior Therapy® program. Last year, thanks to the generosity of Coalition members and tournament participants, we surpassed our $35,000 fundraising goal and fully funded the training of a new service dog.

At the same time, the tournament continues to support another important part of Joe’s legacy through the Coalition’s endowed scholarship at The George Washington University (GWU) Law School.

Since 2014, the Coalition has partnered with GWU to fund and grow an endowed scholarship supporting veterans pursuing careers in U.S. government procurement law. Through the continued support of the Coalition community, more than $150,000 has been raised for the scholarship fund, helping to support veterans who are preparing to become procurement professionals.

We are pleased to recognize Morgan Fasolak as this year’s Coalition for Common Sense in Government Procurement Scholar.

Morgan is a law student at GWU concentrating in Government Procurement Law. She has already built an impressive foundation in the field through an internship with Judge Marian Horn of the U.S. Court of Federal Claims and her work as a research assistant to Dean Jessica Tillipman. Before attending law school, Morgan graduated from West Point. The Coalition proudly congratulates Morgan on this well-deserved recognition.

We hope to welcome Morgan during this year’s Joseph P. Caggiano Memorial Golf Tournament and celebrate the accomplishments of those whose education is made possible through the generosity of our members, sponsors, and attendees.

This year, attendees will also have the opportunity to meet Waldron, the PPH service dog sponsored by the Coalition community’s participation in the golf tournament. Named in honor of our Coalition President, Waldron represents the meaningful impact our members have made through their support of PPH and the veterans the organization serves.

Whether you join us on the course or at the networking reception, your participation helps make these impactful initiatives possible. Together, we are investing in the future of government procurement while honoring those who have served our country.

We look forward to seeing you at Whiskey Creek Golf Course on August 19, as we continue Joe’s legacy of supporting veterans, advancing education, and strengthening our procurement community.

Learn more about the Joseph P. Caggiano Memorial Golf Tournament, and register here.


Secure Your Sponsorship for the Annual Golf Tournament!

We’re proud to offer a variety of sponsorship opportunities for the Joseph P. Caggiano Memorial Golf Tournament designed to fit every business and budget. Many sponsorship packages include golfer registrations, providing a unique opportunity to support two outstanding veteran-focused causes, increase your company’s visibility within the federal procurement community, and enjoy a day of networking and golf at one of the region’s most scenic courses.

Whether you’re looking for prominent event visibility, meaningful engagement with attendees, or a way to give back to our veteran community, there is a sponsorship opportunity to meet your goals.

View the sponsorship opportunities here.

If you have any questions, or are ready to secure your sponsorship for the annual golf tournament, please contact Heather Tarpley at htarpley@thecgp.org

Thank you to our current sponsors!

Department of War Releases Section 805 Compliance Guidance 

Federal News Network reports that the Department of War (DoW) has released a list of Chinese firms with which Pentagon contractors are prohibited from doing business. The prohibition stems from Section 805 of the fiscal 2024 National Defense Authorization Act, which, as of June 30, prohibits the DoW from entering into, renewing, or extending contracts for the procurement of goods, services, or technology with firms designated by the Pentagon as Chinese military companies under its Section 1260H list. Beginning June 30, 2027, the prohibition will expand to include firms that are indirectly involved with companies on the Section 1260H list. 

To help contractors comply with Section 805, the Department launched a webpage outlining the implementation timeline, compliance requirements, and waiver process. To receive a waiver, contractors must provide a “compelling justification” for additional time to implement the requirements, along with a phase-out plan to eliminate goods, services, or technology produced or developed by companies on the Section 1260H list.  The webpage also links to a list of prohibited Chinese military companies posted on the Federal Register. The list is current as of June 10, 2026. 


Emergency Test Deadline for FedRAMP CSPs is July 14 

FedRAMP has reminded cloud service providers that the deadline to complete its quarterly Emergency Test Form is Tuesday, July 14 at 5:00 PM (ET). The quarterly test is designed to verify the functionality of providers’ FedRAMP Security Inboxes and ensure emergency notifications are received by designated security officials. 

The notice also reinforces upcoming implementation deadlines for FedRAMP’s Vulnerability Detection and Response (VDR) and Vulnerability Evaluation and Reporting (VER) rules, which cloud service providers must adopt by December 7, 2026, aligning with the requirements of CISA’s Binding Operational Directive (BOD) 26-04. Providers will have a grace period through March 7, 2027, after which failure to comply could result in the revocation of FedRAMP authorization and removal from the FedRAMP Marketplace.  

The notice also includes updated implementation timelines and ongoing progress expectations for participants in the FedRAMP 20x Pilot. 


GAO Weapon Systems Assessment Highlights Acquisition Challenges 

The Government Accountability Office (GAO) published its annual Weapon Systems Assessment, highlighting continued challenges implementing procurement reform within the Department of War (DoW). The review found that major defense acquisition programs (MDAPs) continue to experience schedule delays and cost overruns, significantly affecting force readiness. On average, it now takes more than 12 years to field a weapon system through an MDAP. GAO also identified several critical MDAPs that had not updated their delivery schedules to reflect delayed interim milestones, indicating that program timelines are likely to continue increasing in the coming years. 

GAO also found increased use of the middle tier of acquisition (MTA) rapid prototyping and rapid fielding pathways, which are intended to deliver capabilities within five years. However, GAO expressed concern that several technologies being developed through these pathways will require significantly more than five years to develop and field. According to the report, DoW plans to invest approximately $49 billion across 23 of its most expensive MTA programs, with nearly half focused on developing immature technologies. GAO noted that this approach is inconsistent with established acquisition best practices and increases the risk that these programs will fail to deliver fieldable capabilities. As a result, GAO recommended that DoW ensure MTA pathways are used only for mature technologies. DoW concurred with the recommendation. 


GSA FAS Industry Day Takeaways 

Federal News Network reports on key takeaways from the General Services Administration’s (GSA) recent Federal Acquisition Service (FAS) Industry Day as GSA positions FAS as the operational center of a more centralized, data-driven federal buying model. At the event, GSA leaders outlined priorities of FAS’s major reorganization, including:  

  • Procurement modernization: Expanded use of governmentwide contract vehicles, commercial-first acquisition, greater Multiple Award Schedule (MAS) flexibility, increased pricing transparency, and stronger supply chain oversight.  
  • Contractor readiness: Prepare for expanded data reporting requirements and increased focus on compliance with pricing policies, the Trade Agreements Act (TAA), the Buy American Act (BAA), and supply chain requirements.  
  • New value-added reseller (VAR) guidance: FAS announced that VARs will be evaluated based on the value of the services they provide rather than product markups. The agency adopted more standard commercial definitions for resellers and VARs and will emphasize total value, line-item pricing, and clear documentation of value-added services.  
  • Procurement consolidation: GSA continues integrating NITAAC and NASA SEWP into its acquisition portfolio.  
  • Updated MAS ordering rules: New GSAR guidance allows Multiple Award Schedule (MAS) contractors to include Special Item Numbers (SINs) from another contractor’s Schedule contract in proposals without treating them as open-market items. Under the new process, only the selling MAS contractor reports the sale and pays the Industrial Funding Fee (IFF), eliminating duplicate reporting and fees. 

VA Health IT Modernization Continues Amid Leadership Transition  

Federal News Network reports that the VA is continuing its nationwide reorganization of the Veterans Health Administration (VHA) and preparing to recompete its Community Care Network contract through the Community Care Network Next Generation procurement. According to Federal News Network, “this year, VHA is spending $4.8 billion restructuring and modernizing its roughly 170 hospitals and 1,300 sites of care” which includes approximately $1 billion toward rolling out its new electronic health record (EHR) system. The most recent EHR go-lives have been in Dayton, Cincinnati and Chillicothe, Ohio with more rollouts soon in Indiana and other facilities in the Midwest.  

The proposed Community Care Network Next Generation indefinite-delivery/indefinite-quantity contract has a potential value of up to $700 billion over ten years and is expected to become one of the largest federal services contracts.   

Finally, VA officials said the department will announce interim leadership for the VHA in the coming days following the departure of Undersecretary for Health John Bartrum effective July 6. 


VA OIG Identifies Security Weaknesses in Patient Tracking System 

A Department of Veterans Affairs (VA) Office of Inspector General (OIG) audit found that the Veterans Health Administration’s (VHA) Patient Advocate Tracking System-Replacement (PATS-R) lacked adequate security and access controls to protect veterans’ sensitive personal information. According to the audit, VHA incorrectly categorized the cloud-based system as low risk, resulting in fewer security controls than appropriate for an application that stores veterans’ personal and medical information. 

Although VHA implemented several corrective actions during the audit, the OIG found that user access controls and oversight remained insufficient. For example, the OIG found users with access beyond their operational needs, inconsistent reviews of user permissions, and a lack of standardized guidance for managing user accounts. The OIG issued five recommendations to strengthen system governance, access controls, and user oversight. VHA concurred with all five recommendations. 


Major Federal Cybersecurity Rules Expected This September 

Federal News Network reports that several significant federal cybersecurity regulations are expected to be finalized in September 2026. Among them is the Cybersecurity and Infrastructure Security Agency’s (CISA) final rule implementing the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), which will require covered critical infrastructure entities to report cyber incidents within 72 hours and ransomware payments within 24 hours. 

According to the Unified Agenda of Federal Regulatory and Deregulatory Actions, two long-awaited federal contracting rules will be finalized in September. One establishes standardized cybersecurity requirements for unclassified federal information systems and another addressing cyber threat and incident reporting and information sharing. In addition, the Department of War is expected to issue updates to its Cybersecurity Maturity Model Certification (CMMC) program, including implementation guidance for transitioning to NIST Special Publication 800-171 Revision 3 and proposed revisions to the Defense Federal Acquisition Regulation Supplement (DFARS) clause governing the safeguarding of covered defense information and cyber incident reporting. 


DISA Expands Enterprise Software Acquisition Efforts  

Federal News Network reports that the Defense Information Systems Agency (DISA) is expanding its Joint Enterprise License Agreement (JELA) initiative, with four additional multi-year enterprise software contracts currently in development. The agreements are designed to consolidate the Department of War’s procurement of commercial software and cybersecurity products, helping reduce costs, improve standardization, and expand access to enterprise software across the military. DISA currently has agreements in place with Broadcom, Adobe, Cisco, and Palo Alto Networks.  

Department officials said enterprise licensing will become increasingly important as military operations grow more complex and require greater interoperability across the services. Officials also emphasized the need for more outcome-based contracting and increased collaboration among the military services to ensure enterprise agreements are adopted department-wide rather than by individual components. According to Army officials, the service currently spends approximately $2.8 billion annually on software licenses across 120 separate contracts. 


DISA Introduces New Marketplace for DoW Cloud Services 

MeriTalk reports that the Defense Information Systems Agency (DISA) is launching an effort to expand the Department of War’s (DoW) access to commercial cloud services. The agency is replacing its Joint Warfighting Cloud Capability (JWCC) Next initiative with the JWCC Unified Cloud Marketplace (UCM), creating a more centralized approach to acquiring authorized cloud services while broadening access to additional cloud providers.  

The new three-tier model will continue supporting major hyperscale cloud providers while also expanding participation to additional cloud, software, and emerging technology vendors. DISA says the UCM will improve efficiency, preserve security, and accelerate access to innovative cloud capabilities. The agency expects to release a solicitation for the UCM Core contract later this year, with awards anticipated in FY27. Meanwhile, demand for the existing JWCC contract remains strong, with more than 200 task orders totaling over $7.2 billion awarded since 2022. 


By Evan WilliamsLuke Levasseur & Nick Feldstern; Fox Rothschild

In Rick Aviation, Inc. v. United States, the Court of Federal Claims (COFC) tackled a novel application of the Federal Acquisition Regulation (FAR) “late is late” rule. The question the court squared up against is what happens when an otherwise timely bid or proposal is caught in a government firewall or email filter and does not reach the procuring agency’s email server?

According to COFC, unless the bid or proposal is received by the designated government office in the solicitation before an award is made, the “late is late” rule prevents the agency from accepting the bid or proposal. As the government continues to expand its implementation of cybersecurity controls and AI-supported processes, this issue may become a problem for a growing number of offerors.

COFC’s decision serves as a practical reminder that, absent certain narrow exceptions, the risk related to ultimate receipt by the procuring agency of an electronically submitted proposal remains largely on the offeror.

Below, we discuss the case and provide practical suggestions to help reduce this risk.

Rick Aviation, Inc. v. United States, No. 25-1604 (June 17, 2026)

In April 2025, the Defense Logistics Agency (DLA) issued a solicitation for the procurement of petroleum fuel products with a deadline of 1 p.m. on May 23, 2025. The solicitation advised contractors to ensure their offers were “sent with enough time to be processed through the server.” The solicitation also instructed offerors to submit their proposals via email to either the contracting officer or the designated DLA email address and warned that its email filtration system would scan for viruses and key words that could delay delivery of a bid.

On May 22, at 1:27 p.m., Rick Aviation, Inc. (RAI) emailed its proposal to the designated DLA email address and received an automated response stating that its proposal had been successfully delivered. One other competitor, Avfuel, also submitted a proposal.

DLA accepted Avfuel’s proposal and awarded it the contract on August 19, 2025. On September 23, 2025, RAI notified DLA that it intended to protest the award. After receiving RAI’s notice, the contracting officer informed RAI that the agency could not find RAI’s proposal in either potential email inbox. Unbeknownst to RAI or DLA, RAI’s email with its proposal had been quarantined by the Defense Information Systems Agency (DISA), a partner of DLA that provides information technology services, including email services, “due to error by the sender” related to the Sender Policy Framework (SPF) configuration authentication standard used by DISA. Because DISA’s email gateway blocked RAI’s email as a result of the SPF error, the proposal never reached DLA’s designated email inbox.

In September, the contracting officer concluded that because RAI’s proposal never arrived at the designated email address before award, it could not be considered under the “late is late” rule. RAI filed its complaint at COFC later that month, alleging that DLA’s rejection of its bid was arbitrary and capricious.

The Court denied RAI’s protest, explaining that under FAR 52.212-1(f)(2)(i) (Instructions to Offerors—Commercial Products and Commercial Services), an offer received at the government office designated in the solicitation after the exact time specified for receipt of offers is “late” and will not be considered unless:

(1)  the proposal was received before award was made;

(2) the contracting officer determined that accepting the late offer would not unduly delay the acquisition; and

(3) one of the clause’s specific exceptions applies, including the “electronic commerce” exception (receipt at the “initial point of entry to the government infrastructure” no later than one day prior to the due date) or the “government-control” exception (acceptable evidence that the offer was received at the government installation designated for receipt and was under the government’s control before the time set for receipt of offers).

(For further discussion on the exceptions to the “late is late” rule, see our previous post.)

RAI’s proposal was not “received” at the government office designated in the solicitation before award. DISA is an intermediary agency that essentially provides email services to DLA. Although DISA and DLA are part of the same Department of War, receipt by DISA’s server did not satisfy the receipt-by-the-agency requirement. Instead, the Court determined DLA never “received” RAI’s proposal because DISA’s gateway blocked RAI’s email from arriving on DLA’s server.

Further, the Court ruled that the automated response RAI received indicating that its email had been delivered was not the same as confirmation that the email had been received. Notwithstanding RAI being lulled into a false sense of security by the delivery confirmation, the Court’s analysis ultimately turned on the fact that the CO in the office specified in the solicitation did not receive the proposal before the award was issued.

The Court recognized that its result may seem harsh and that “disputes like this one have arisen with disturbing frequency [and] painfully illustrate how FAR provisions enacted long ago conflict with modern technology.” Nevertheless, the FAR places the responsibility on offerors to ensure their proposals reach their intended destinations, and RAI could have followed up with the contracting officer to confirm receipt. Because RAI’s proposal was not “received” prior to award, a “late is late” exception could not apply.

The Court also rejected RAI’s assertion that DISA’s SPF configuration standard, which resulted in the quarantine of RAI’s proposal, constituted an unstated evaluation criterion. In short, the SPF configuration was a technical or procedural matter, not a substantive basis for evaluating proposals, and thus, it could not be considered an evaluation criterion.

Key Takeaways for Contractors

In an age of firewalls, encryption, and AI-assisted security, contractor personnel need to be certain they understand the technical details of the processes by which they communicate with the government—and how to ensure their communications successfully work their way through the electronic maze and are received by the intended recipient. Offerors bear full responsibility for ensuring their electronic submissions actually reach the designated inbox—including maintaining properly configured email authentication protocols. Indeed, the Court emphasized that the solicitation expressly warned offerors to verify receipt with the contracting officer, and RAI’s failure to do so proved fatal to its protest.

As the RAI decision makes clear, contractors should not treat their “sent items” email box or automated delivery response as conclusive proof that the agency received an offer. Instead, to mitigate the non-receipt risk, contractors should: 

  • Build into electronic submission plans sufficient time to verify receipt and resolve any delivery problems before the deadline.
  • Request affirmative confirmation of receipt from the contracting officer or other receipt point(s) designated by the solicitation.
  • When a solicitation warns that email filtering may delay delivery, follow up on receipt. Doing so can be the difference between a timely offer and an offer the agency cannot consider.

In sum, contractors are advised to submit proposals early, confirm receipt, and keep a record showing that the offer reached the right place before the deadline.


All-Member Briefing with GAO on DoW’s Use of OTAs, July 21 

Please join us for an all-member briefing on Other Transaction Authority (OTA)s featuring Tatiana Winger, Director of GAO’s Contracting and National Security Acquisitions team, and her colleagues on July 21 at 11:00 AM ET. The meeting will be held virtually. 

On behalf of Congress, the Government Accountability Office (GAO) has looked into federal agencies’ use of OTAs, which are a type of contracting mechanism not subject to the Federal Acquisition Regulations (FAR). In recent years, OTAs have grown in use and importance in light of actions taken by the Executive Branch and Congress. In this webinar, Tatiana Winger and several of her colleagues from GAO’s Contracting and National Security Acquisitions team will provide an overview of OTAs and discuss the findings from their most recent report looking into DOD’s use of OTAs opportunities. This will include a discussion of recent data trends and insights into how programs are using OTAs to quickly deliver capability to the warfighter. 

To register, click here. For any assistance with registration, please contact Mady Whiting at mady.whiting@thecgp.org 

Note: This is a members-only event. If you see a message that says “Registration Not Available” please log in using your member account. 


IT/Services Committee Meeting on The Future of MAS, July 22 

The Coalition’s IT/Services Committee will be hosting a meeting with Giovanni Onwuchekwa, Executive Director of the Office of Multiple Awards Schedule on July 22 at 10:00 AM ET. Mr. Onwuchekwa will cover the future of MAS, the new organization of FAS, and GSA’s plans to standardize contracting officer training. 

The meeting will be held on July 22 at 10:00 AM ET, in person at CGI Federal: 1000 N Glebe Road, Arlington, VA 22201. (9th floor Studio Space). Virtual attendance is also available. 

To register, click here. For any assistance with registration, please contact Mady Whiting at mady.whiting@thecgp.org 

Note: This is a members-only event. If you see a message that says “Registration Not Available” please log in using your member account. 


General/Office Products Committee Meeting on GSA Schedule Pricing 2.0, July 29 

Please join us for a meeting hosted by The Coalition’s General/Office Products Committee on July 29 from 10:00 -11:00 AM (ET). 

Jack Tekus, Acting Principal Deputy Assistant Commissioner of GSA’s Office of Acquisition Solutions Development, will discuss the rollout of Pricing 2.0 and other Office of Mission Delivery initiatives. 

The meeting will be held virtually. 

To register, click here. For any assistance with registration, please contact Mady Whiting at mady.whiting@thecgp.org 

Note: This is a members-only event. If you see a message that says “Registration Not Available” please log in using your member account. 

Back to top