Happy New Year! We begin the new year with the “watchwords” that we expect will drive the procurement system and government operations through 2023 and beyond.
Cybersecurity is a fundamental requirement for government operations and the contractors that deliver mission support. The cyber threat from near-peer adversaries and other bad actors is an ever-present reality. In 2023 we will see several policy and procurement measures addressing cybersecurity. Among these measures, this spring we anticipate the public release of the Cybersecurity Maturity Model Certification (CMMC) DFARs rule. A threshold issue is whether it will be an interim or proposed rule. Of note, in 2022 the Coalition submitted comments on the CMMC Pre-decisional Draft Assessment Guide, which can be found here.
In addition, implementation of the Software Bill of Materials (SBOMs) will continue apace across government, with agencies executing on the directives from the President’s executive order. Cyber information sharing between the private sector and government will continue to grow, becoming central to our combined efforts in combating cyber theft and cyber threats. The “devil will be in the details,” however, in advancing collective cyber information sharing. A key issue, for instance, will be whether government contractors will be subject to a Tik Tok ban in 2023.
In connection with all the foregoing, there is the Cyber Solarium Commission 2.0 (CSC 2). Specifically, it remains to be seen what role the CSC2 will play in advancing cybersecurity in 2023.
Supply Chain Resiliency
The next watch phrase for 2023 is Supply Chain Resiliency. The pandemic laid bare the vulnerabilities in the nation’s supply chains, especially the over-reliance on China as a source for critical supplies. Over the last three years, several steps have been taken to prohibit certain purchases from China. First, it was Section 889, the so-called Huawei ban on certain telecommunications products and services, followed by restrictions in connection with unmanned aircraft systems (UAS) and certain printed circuit boards. Following up on these prohibitions, this year’s NDAA includes prohibitions in connection with semiconductors and rare earth and energetic materials. It is clear that China is a source of concern, prompting questions as to what other areas might be ripe for some form of de-coupling. Look no further than the recommendations of the 2022 US-China Economic and Security Commission Report to Congress, which includes specific recommendations regarding active pharmaceutical ingredients (APIs) and pharmaceutical products.
More generally, 2023 will be a year for the implementation of current laws and regulations focusing on supply chain resiliency. The effectiveness of the government’s implementation will go a long way to determining the success in making supply chains more resilient. Proactive, ongoing government-industry engagement will be vital to the success of these efforts. Additionally, it will be important to understand and assess the use of the Defense Production Act authorities in addressing domestic capabilities. Finally, 2023 will reveal whether an evolution from solely Buy America to Buy Allied, inklings of which we have seen recently, continues. Over the long term, a resilient supply chain, by necessity, will include multiple, redundant, domestic, near shore, and allied capabilities.
Sustainability as a performance measure and a potential discriminator among government contractors enters the federal procurement system in 2023. In November of 2023, FAR CASE 2021-015, Disclosure of Greenhouse GAS Emissions and Climate Related Financial Risk, was published. The FAR proposes to establish public disclosure of greenhouse gas (GHG) emissions and climate related risks by major and significant government contractors with Federal sales over $7.5 million. It also, over time, would establish reduction targets for emissions. Over time the intent is to make sustainability one of the criteria for award of contracts. Comments on the proposed rule are due on February 13, 2023 and look for the Coalition to submit comments through our Green Committee.
Market Continuity will drive governmentwide contracting in 2023. While GSA’s Polaris small business GWAC procurement is ongoing, three major governmentwide contract vehicles will launch this year. The NASA SEWP team had its first industry day in November 2022, kicking off the public engagement for the NASA SEWP VI procurement. NASA SEWP is the oldest IT GWAC program in government. Over the last few years it has been the largest GWAC in terms of annual contract purchases by customer agencies. The OASIS+ procurement is off and running, with a draft RFP issued in the fall of 2022 and comments received on December 31st. GSA intends to issue a second draft RFP for comment, with the goal of issuing the final RFP this Spring. OASIS has been a highly successful contracting program representing tens of billions of dollars in professional services support for customer agencies over its contract life. Alliant 3 is moving forward, as well, with GSA seeking public comments on a draft set of RFP documents. Those comments were due today, January 6th. Finally, the Department of Veterans Affairs (VA) Medical/Surgical Prime Vendor (MSPV) program supporting the healthcare supply needs of VA healthcare facilities is extending to the next generation through its MSPV Gen-Z V1 Distribution and Supply Management contract—the RFP of which was released by the VA this week.
These governmentwide procurements are critical to market continuity for government customer and industry partners, and GSA and NASA are to be commended for their ongoing engagement to move these vital procurements forward. The Coalition, along with our NASA SEWP, OASIS+, and Alliant 3 working groups, looks forward to working with GSA and NASA on ensuring these procurements provide best value solutions to meet customer agency needs.
While Cybersecurity, Supply Chain Resiliency, Sustainability, and Market Continuity are watchwords for 2023, there remain other critical issues and opportunities that will demand the focus of the procurement community. The continuing impact of inflation and the contracting policy and procedures intended to mitigate its impact remain a high priority for 2023. Likewise, efforts to increase access to innovative, non-traditional commercial firms will continue through OTAs, small business programs, and acquisition streamlining.
As for the Coalition, our watchword for 2023 is “engagement.” The Coalition remains committed to engaging with interested parties across government and industry to foster/promote a procurement system that delivers best value commercial solutions to support customer agency mission requirements.
Register for Upcoming Coalition Events
Overview of the National Defense Authorization Act (NDAA) for Fiscal Year 2023, Jan 24
The Coalition is excited to announce our first all-member event of 2023! Join us virtually on January 24 from 10 am – 12 pm EST for an Overview of the National Defense Authorization Act (NDAA) for Fiscal Year 2023, presented by Moshe Schwartz, President of Etherton and Associates, Inc. The NDAA was signed into law on December 23, 2022. During the event, Schwartz will highlight trends and focus areas of the NDAA; acquisition, industrial base, and cybersecurity provisions; and how the NDAA may impact the administration’s policy goals. Additionally, Schwartz will identify potential future areas of focus and change in acquisition and industrial base policy. We look forward to your participation! To register, click here.
Medical Device Cybersecurity from a VHA Perspective, Jan 25
Join a webinar with the Veterans Health Administration (VHA) on medical device cybersecurity hosted by AMSUS-SM and the Coalition for Government Procurement. The webinar will cover how to initiate the cybersecurity approval process, terminology and roles, and what contractors can expect during the VHA’s process. Our guest speakers will be Robert Steldt, Chair of the Medical Device Security Working Group and Healthcare Technology Manager, VISN 12 at the VA, along with Megan Friel, Acting Director of the Office of Healthcare Technology Management. Register Now!
Year in Review for Small Business Contractors, Feb 1
The Coalition’s Small Business Committee will be hosting a presentation, the Year in Review for Small Business Contractors on February 1 from 10 am – 12 pm EST. The event will feature a discussion of the changes in regulation such as the updates to the Mentor-Protégé program. The presentation will feature Ken Dodds, Government Contracting Industry Expert at Live Oak Bank, David Black, Partner at Holland & Knight, and Jonathan Williams, Partner at Pileiro Mazza. To register for the event, click here. Please direct any questions to JSnyderwine@thecgp.org.
The Coalition is also working to schedule an in-person meeting for the OASIS+ working group with Assistant Commissioner for the Office of Professional Services and Human Capital Categories, Tiffany Hixson. The meeting would be the week of January 23 and would provide members an opportunity to provide in-person feedback and engagement on the first draft proposal.
Cyber and Technology Funding Increases in the FY23 Omnibus
Fedscoop reports that the $1.7 trillion omnibus package, passed by Congress on December 23 last year, includes increased funding for cybersecurity, as well as science and technology programs. The package appropriates $2.9 billion for the Cybersecurity and Infrastructure Security Agency (CISA) and $1.6 billion for the National Institute of Standards and Technology (NIST)—for both, a budget increase of over $300 million. $1.3 billion of the CISA allocation will be for cybersecurity programs. NIST’s allocation includes $953 million for scientific and technical research, $462 million for new research facilities, $175 million for its Manufacturing Extension Partnership Program, and $4 million to establish a center of excellence that creates standards for measuring climate change in the U.S. and its effects.
To combat cybercrime, the spending package includes $50 million to address threats from Russia and other foreign adversaries and $422 million for the Office of Personnel Management for cybersecurity and hiring initiatives. The bill requires the Federal Trade Commission to report on cybercrimes committed by foreign adversaries, specifically focused on China, Iran, North Korea, and Russia.
The spending package also allocates $200 million for the Department of Energy’s (DOE) Cybersecurity, Energy Security, and Emergency Response (CESER) Office and $100 million for the Department of Treasury’s Cybersecurity Enhancement Account. Finally, it includes $22 million for the White House Office of the National Cyber Director, which is set to release a national cyber strategy in 2023 along with a cybersecurity workforce, training, and education plan.
The bill did not provide the maximum funding allowed under the Creating Helpful Incentives to Produce Semiconductors and Science (CHIPS) Act, which was passed by Congress in August to increase domestic semiconductor manufacturing and innovation. However, the bill includes significant funding increases for the National Science Foundation and DOE’s Office of Science.
Greater Oversight of IT Spending and Contracting Expected in 2023
As last year drew to a close, Federal News Network led a panel discussion with a diverse group of Federal technology experts about what to expect in the new year. The consensus was that 2023 will bring a focus on cybersecurity, Zero Trust, IT modernization, and customer experience. Ann Dunkin, the Chief Information Officer at the Energy Department, drew attention to the Software Bill of Materials (SBOM) project because European regulators are working on their own SBOM standard.
Additionally, the release of the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) rule is expected in March 2023. This, along with the development of a national digital strategy, reflects ongoing efforts to continue to modernize both IT security and the customer experience.
Another area to watch on the Hill is oversight, which is likely to scrutinize IT spending and the use of the Technology Modernization Fund (TMF). Julie Dunne, a former commissioner of the Federal Acquisition Service at the General Services Administration (GSA), expects Congress to focus on TMF repayment and whether the funds are targeting legacy IT. The panel expects greater emphasis on ensuring that products that are from China and/or not compliant with the Trade Agreements Act are kept out of the Federal market. Jonathan Alboum, the former chief information officer at the Agriculture Department and now federal chief technology officer for ServiceNow, expects Congress to look further into the Federal Risk Authorization Management Program (FedRAMP), with particular emphasis on certification speed and reciprocity between agencies.
President Signs Law Addressing Conflicts of Interest in Contracting
On December 27, the President signed a bipartisan bill that would address organizational conflicts of interest that may arise due to a Federal contractor’s commercial clients. The Preventing Organizational Conflicts of Interest in Federal Acquisition Act directs the Federal Acquisition Regulation (FAR) Council to revise FAR provisions related to conflicts of interest, including “unequal access to information, impaired objectivity, and biased ground rules.”
Within 18 months, the Council must update definitions of conflicts of interest, add “illustrative examples,” provide contract clauses for agencies to use to address conflicts of interest, and require that executive agencies establish or update conflict-of-interest procedures. Finally, it will change the guidelines for how contracting officers evaluate potentially conflicted offerors and allow them to consider an offeror’s “professional standards and procedures to prevent organizational conflicts of interest.”
Although it could apply to other conflicts of interest, including between the Federal Government and other public organizations, the bill’s sponsors emphasized that their main concern is commercial–Federal conflicts. In a press release, Sen. Peters (D-MI) stated that “agencies should know about whether Federal contractors’ outside business interests might conflict with their work” in order to “ensure Federal contractors are providing transparency … before they are awarded taxpayer dollars,” and Sen. Hassan (D-NH) cited a recent case involving the Food and Drug Administration and a consultancy as a driver for the original legislation. Several public interest organizations, including Citizens for Responsibility and Ethics in Washington and Transparency International U.S., expressed support for the measure.
GSA Finishes First in 2022 Agency Cyber Performance Report
Federal News Network reported on the results of the Office of Management and Budget’s (OMB) assessment of agency performance on key metrics as required by the FY22 Federal Information Security Management Act (FISMA). Twenty-three Federal agencies were graded by OMB on their performance in five categories from the NIST Cybersecurity Framework–identify, protect, detect, respond, and recover. In each category, agencies received a score out of a possible 15 points in all categories except for “protect,” which had a possible 40 points. Federal Chief Information Security Officer Chris DeRusha said that there were two goals for the FISMA metrics: aligning agency assessments and finding places for agencies to improve. The metrics are based on the Administration’s priorities, including investing in cybersecurity defense and migrating to Zero Trust architecture.
According to the report, GSA received the highest composite score of 94. Over half of the 23 agencies received a score in the 80s, including the VA, Small Business Administration, and the Department of Health and Human Services. DeRusha reported that agencies made steady progress over the past four years in areas such as hardware and software asset management, so OMB emphasized new focus areas like cyber data and encryption in this assessment. OMB and the Cybersecurity and Infrastructure Security Agency (CISA) will release the FISMA 2023 metrics in the coming weeks.
DeRusha stated that the 2023 metrics will remain mostly consistent with those used in 2022. He added that “the 2023 metrics demonstrate that OMB and CISA need to be agile in how they measure cyber progress as well as accurately reflecting efforts to reach a target state.” OMB worked directly with agency Inspector Generals to develop the metrics for 2022 and 2023, which has resulted in a two-step assessment approach. Agencies are assessed on a core set of metrics annually, as well as a second set of process metrics over two years.
GSA Inflation Reduction Act Projects Focus on Clean Energy
On December 19, GSA announced over $300 million in construction and renovation projects at Federal facilities across the country funded through the Inflation Reduction Act, which was signed by the President in August. The projects look to use clean energy innovation and domestic clean manufacturing through emerging technologies and low-carbon materials. The projects also aim to accelerate efforts to reach the President’s goal of a net-zero emissions Federal buildings portfolio by 2045.
Projects were selected based on their potential to maximize the use of low-carbon materials and sustainable, emerging technologies. GSA estimates that the projects will help to reduce greenhouse gas emissions by approximately 120,000 metric tons and reduce energy costs by about $35 million over the next 20 years. The first round of projects includes eight Federal facilities across the country.
The Inflation Reduction Act provides GSA with $2.15 billion in funding for low-carbon materials, $975 million for emerging and sustainable technologies, and $250 million for efforts to convert Federal facilities into High Performance Green Buildings. Through Inflation Reduction Act investments, GSA expects to avoid over 2.5 million metric tons of greenhouse gas emissions over the next 20 years.
GAO Releases Report on VA IT Acquisition
Mirroring trends seen at the Department of Defense and in governmentwide acquisition, a December report on Department of Veterans Affairs (VA) IT acquisition found growth in IT spending but a smaller pool of contractors participating. Reviewing spending in FY 2017 through 2021, GAO found that IT contract obligations grew from $4.2 billion in 2017 to $6.5 billion dollars in 2021 and made up around 15 percent of all VA contract obligations over the entire period.
GAO identified two primary drivers of the growth: technology modernization initiatives, particularly the VA’s ongoing transition to a new electronic health record system, and the COVID-19 pandemic, during which the VA purchased at least $2.3 billion in products and services. The majority of the increased spend occurred under the VA’s most frequently used IT contracts, T4NG and NASA SEWP.
Despite the increase in total dollar value, the number of contractors the VA purchased from decreased by more than 25 percent, likely as the result of efforts by the VA to consolidate requirements and use fewer, larger IT contracts and task orders. The number of veteran-owned and service-disabled veteran-owned small businesses (SDVOSBs) who received contracts fell by more than 10 percent. However, four of the 10 largest contractors—who collectively received about half of all IT contract obligations—were SDVOSBs or VOSBs.
Surveying a sample of acquisitions on T4NG and NASA SEWP, GAO found that VA competed almost all orders under these vehicles, although its overall competition rate was 76 percent due to the large volume of work associated with its electronic health record modernization, a noncompetitive contract. The VA received positive competition in response to orders under T4NG and SEWP, with 64 percent of SEWP orders receiving two or more offers, and T4NG receiving competition for 91.4 percent. For all the sampled acquisitions, VA used past performance as an evaluation factor as required by the Federal Acquisition Regulation. The VA appropriately reported on contractor performance at least 96 percent of the time for every year in the evaluation period.
GAO noted that VA still has yet to implement 13 recommendations from GAO regarding healthcare IT acquisition, including the implementation of performance metrics and greater supply chain monitoring.
US NDAA for Fiscal Year 2023: Important Changes to Procurement Laws and Policy
The Legal Corner provides the legal community with an opportunity to share insights and comments on legal issues of the day. The comments herein do not necessarily reflect the views of The Coalition for Government Procurement.
By Marcia G. Madsen, Luke Levasseur, Cameron R. Edlefsen, and Evan C. Williams, Mayer Brown
On December 23, 2022, President Biden signed into law the National Defense Authorization Act for Fiscal Year 2023 (“NDAA” or “Act”). Title VIII includes a series of statutory changes to federal acquisition policy, acquisition management and numerous related matters. These new laws cover a broad range of policy reforms and new requirements that will impact the government contracting sector. In addition to several matters of general concern that are located outside Title VIII, we focus on a number of acquisition policy reforms below.
General Service Authorities
Section 525 – Rescission of COVID-19 Vaccination Mandate
Section 525 directs the Secretary of Defense to rescind the Department of Defense’s (“DoD”) COVID-19 vaccine mandate as to members of the US Armed Forces. The NDAA provides no such statutory relief to federal government contractors, although federal agencies are not currently enforcing the vaccine mandate against contractors.
Notably, the Office of Management and Budget (“OMB”) issued guidance in October 2022 that may lead to the resurrection of the vaccine mandate for contractors. Mayer Brown’s November 20 Legal Update explains this OMB guidance in detail.
Acquisition Policy and Management
Section 803 – Data Requirements for Commercial Products for Major Weapon Systems
Section 803 amends the data requirements involving commercial products related to subsystems, components, and spare parts of major weapons systems under 10 U.S.C § 3455. For subsystems, components, and spare parts proposed as a commercial item, but not previously determined to be commercial, contractors must identify comparable products sold commercially or to nongovernmental entities that will support the contractor’s “of a type” assertion. Further, contractors must also provide the contracting officer with “a comparison necessary to serve as the basis of the ‘of a type’ assertion of the physical characteristics and functionality” between the subsystem, component, or spare part and the comparable commercial product. And if the contractor does not sell such comparable products commercially or to nongovernmental entities, the contractor must notify the contracting officer that no such sales are made and provide the contracting officer a similar comparison to that described above to “the most comparable commercial product in the commercial marketplace, to the extent reasonably known by the offeror.”
Section 803 also amends the uncertified cost and pricing information that offerors must submit under 10 U.S.C § 3455(d) for the contracting officer to determine the reasonableness of the price of subsystems, components, and spare parts of major weapons systems determined to be commercial items. This information includes representative samples of the prices paid for the same or similar commercial products under similar terms and conditions and those terms and conditions. If an offeror cannot provide this information, as determined by the contracting officer, an offeror must then provide similar representative samples that were sold under different terms and conditions and those terms and conditions. If the offeror’s submitted information is insufficient for the contracting officer to determine price reasonableness and if approved by a level above the contracting officer, the offeror must submit other relevant uncertified cost and pricing information to include labor and material costs and overhead rates.
Although Congress’s Joint Explanatory Statement directs the Under Secretary of Defense for Acquisition and Sustainment to continue submitting the annual report of “data denials,” a report detailing instances when offerors have denied contracting officer requests for this information, section 803 includes no such direction. However, offerors must take heed of Defense Federal Acquisition Regulation Supplement (“DFARS”) section 252.1502, which requires contracting officers to “include [in Contractor Performance Assessment Reporting System reports] a notation on contractors that have denied multiple requests for submission of data other than certified cost or pricing data over the preceding 3-year period, but nevertheless received an award.”
Section 805 – Treatment of Certain Clauses Implementing Executive Orders
Section 805 amends 10 U.S.C. § 3862 (Requests for equitable adjustment or other relief: certification) and directs that any contract clauses unilaterally inserted into an existing DoD contract by a contracting officer to implement requirements from an executive order “shall be treated as a change directed by the contracting officer pursuant to, and subject to, the Changes clause of the underlying contractual instrument.” Under section 805, the referenced Changes clause is the Federal Acquisition Regulation (“FAR”) contract clause, FAR 52.243-4. Moreover, DoD must conform the DFARS no later than 120 days from the NDAA’s enactment.
- Congress’s Joint Explanatory Statement emphasizes the importance of collecting and assessing commercial item pricing data to making “critical, foundational decisions related to contract actions for firm-fixed price sole source contracts.” Contractors should carefully review section 803’s new requirements and ensure they are in compliance.
- Section 805 clarifies that new contract terms resulting from executive orders constitute contract changes and can be the subject of requests for equitable adjustments regarding increased costs and time required for performance.
Amendments to General Contracting Authorities, Procedures, or Limitations
Section 817 – Modification to Prohibition on Operation or Procurement of Foreign-made Unmanned Aircraft Systems
As part of the FY2020 NDAA, Congress prohibited DoD agencies from “operat[ing] or enter[ing] into a contract for the procurement of” an unmanned aircraft system (UAS)—including the manufacture, flight or ground control systems, or network connectivity related to such systems—from the People’s Republic of China. Section 817 of the NDAA for FY2023 revised and clarified the breadth of the applicable UAS restrictions in several ways. Section 817 appears to focus on UAS production by companies in China, but, notably, the law also expands the restrictions to additional “covered foreign countr[ies]” and adds Russia, Iran, and North Korea to the prohibited list. Finally, section 817 adds a prohibition on DoD entering (or extending) a contract with a specified “covered [UAS] company,” i.e., Da-Jiang Innovations (or any of its subsidiaries or affiliates).
Section 822 – Modification of Contracts to Provide Extraordinary Relief Due to Inflation Impacts
Like many other businesses, government contractors have experienced substantial difficulties with impacts of the current inflationary environment. To date, DoD has had limited ability to provide relief to its contractors that are necessary to the country’s defense industrial base (“DIB”). Section 822 amends 50 U.S.C. § 1431 (Public Law 85-804) and expands the authorization for the President to empower agencies involved with the national defense “to enter into, amend, and modify contracts, without regard to other provisions of law [when] . . . such action would facilitate the national defense.” To protect the DIB, section 882 allows DoD to provide equitable adjustments to contractors dealing with increased costs “due solely to economic inflation.” This can provide important assistance for contractors that have been negatively affected by high inflation while performing multi-year, fixed-price contracts. The law makes accessing this potential relief easier by increasing the monetary thresholds above which senior agency official approval is required. (Section 822 increases the applicable thresholds for procurements in excess of $500,000 for secretarial level approvals and $150,000 for congressional notice, up from $150,000 and $25,000, respectively.)
Importantly, although section 882 authorizes relief in more circumstances for contractors experiencing difficulties from high inflation, neither this provision nor any other in the NDAA appropriates funding for that relief. The statute also does not explain how contractors having difficulty performing without an economic price adjustment to address inflation should seek or will qualify for the aid. Subsection (b) of the act mandates the Under Secretary of Defense for Acquisition and Sustainment to issue the necessary guidance within 90 days. Contractors—particularly those experiencing difficulties as a result of fixed-prices that have not been adjusted to address inflation—should track the implementing guidance carefully and (given the likelihood of delay while other requests are processed) see inflation adjustments to price as soon as practicable.
- Many contractors in the defense sector—particularly those with a large volume of fixed-price contracts—have been harmed by inflation affecting world markets. The NDAA opens the door to providing relief, but important details—i.e., the amount to be appropriated and guidance regarding which types of contractors will qualify—remain to be explained.
Software and Technology
Section 841 – Guidelines and Resources on the Acquisition or Licensing of Intellectual Property
Many companies have become increasingly wary of dealing with the government with respect to protection of contractors’ intellectual property (“IP”) rights. In short, although companies doing business with the US government have opportunities to engage in research and to develop technologies with the government, they bear substantial risk associated with potential failure to take sufficient steps to protect the contractor’s pre-existing IP—and increasingly aggressive positions taken by the government concerning ownership of IP. Contractors must be vigilant to follow the FAR and DFARS requirements and to ascertain that the increasingly complex documentation does not convey to the government any rights beyond those to which it is entitled in a particular circumstance.
This section of the NDAA requires that DoD develop new guidelines and resources to facilitate consistent application of DoD’s IP rules. The guidance is to explain IP strategies and other mechanisms supporting open system approaches, models and best practices for negotiated licenses, and definitions of key terms, examples, and case studies as described in the FAR and DFARS IP provisions.
Section 843 – Other Transaction Authority Clarification
During the past several years, Congress has encouraged and DoD has pursued efforts to streamline procurement of new technologies (often from companies that have not previously contracted with the government) through “Other Transactions” (“OTs”). OTs are frequently defined by what they are not, i.e., an OT is authorized by 10 U.S.C. § 4021 and can take the form of any kind of transaction other than a contract, grant, or cooperative agreement. OTs are developed as prototyping efforts in which agencies work with contractors to develop rapid, less formal agreements under which needed technologies can be efficiently procured. As a result of the substantial public and private efforts, OTs—and particularly the ability of agencies to acquire production as a follow-on to a prototype effort—have come to represent a growing portion of the government’s spending.
The FY2023 NDAA clarifies (and expands) the definition of prototype projects to which the OT authorities apply. It adds efforts related to a “proof of concept, model, or process (including a business process)” or reverse engineering. Section 843 also makes clear that a pilot or novel application of commercial technologies in the defense area, agile development activity, and the creation, design, development or demonstration of operational activity are all within DoD’s prototype authority. Section 843 also expands the possible uses of pilot program authority for almost three years to cover prototyping of the “design, development, or demonstration of new construction techniques or technologies to improve military installations or facilities.” Even with the limits placed on this plan (i.e., “the aggregate value of transactions entered under such a pilot program may not exceed $200,000,000”), it appears that the NDAA’s additional OT authorization will represent an important, additional area for expansion of DoD’s use of OTs.
- OTs have grown dramatically in recent years and become an important part of the way DoD procures important new technology. The FY2023 NDAA indicates that spending through OTs is likely to continue to grow.
Defense Industrial Base and Small Business Restrictions
Section 855 – Codification of Prohibition on Certain Procurements from the Xinjiang
Uyghur Autonomous Region
Section 855 extends the prohibition on certain procurements from the Xinjiang Uyghur Autonomous Region of China (“XUAR”) under section 848 of the FY2022 NDAA (Public Law 117–81). In particular, section 848 of the FY2022 NDAA prohibited the use of funds to knowingly procure any products mined, produced, or manufactured wholly or in part by forced labor from the XUAR. In addition, section 848 required a certification from offerors for contracts with DoD stating the offeror has made a good faith effort to determine that forced labor from the XUAR was not or will not be used in the performance of a contract. Section 855 of the FY2023 NDAA codifies the prohibition by adding a new section to the United States Code, 10 U.S.C. § 4661. Section 855 also requires that, “[n]ot later than 180 days after the date of the enactment of this Act, the Secretary of Defense shall issue a policy to require that an offeror or awardee of a Department of Defense contract shall make a good faith effort to determine that forced labor from XUAR [. . .] will not be used in the performance of such contract.” This is a further example of the trend of the United States promulgating supply chain restrictions aimed at China.
Section 856 – Codification of the Department of Defense Mentor Protégé Program
Section 856 modifies the DoD MentorProtégé Program (“MPP”) in a number of notable ways. Under the MPP, small business protégés are partnered with larger defense contractors, who serve as mentors. The program, originally established during the First Gulf War, assists eligible small businesses to expand their involvement in the defense industrial base. To increase mentor participation, section 856 reduces the threshold amount of DoD contract awards a firm is required to receive during the fiscal year before it becomes a mentor (and enters an MPP agreement) from $100 million to $25 million. This section also increased the duration of MPP participation from two to three years. Aimed at strengthening the defense industrial base related to software development, section 856 creates a five-year Protégé Technical Reimbursement Program. Under this program, a protégé firm may receive up to 25 percent of the reimbursement, for which the mentor firm in the agreement is eligible, for engineering and software development that will be ready for integration with a DoD program or system.
Section 857 – Procurement Requirements Relating to Rare Earth Elements and Strategic and Critical Materials
Section 857 requires contractors that provide to DoD a system with a permanent magnet that contains rare earth elements or “strategic and critical materials” to disclose the country or countries where those components were mined and where other relevant processes occurred. Of note, contractors are required to undertake a commercially reasonable inquiry before making this disclosure. In the event the contractor cannot make the required disclosure, section 857 directs DoD to require that the contractor establish and implement a supply chain tracking system in order to be able to make the disclosure. Section 857 also provides DoD the authority to waive these requirements if the continued procurement of the system is necessary to meet the demands of a national emergency or if a contractor cannot currently make the required disclosure but is making significant efforts to comply.
Section 860 – Risk Management for Department of Defense Pharmaceutical Supply Chains
Section 860 directs DoD to undertake a series of actions related specifically to pharmaceutical supply chains. In particular, DoD is instructed to identify information gaps and risks in the supply chain management of scarce pharmaceuticals and to develop and issue implementing guidance to mitigate reliance on foreign supply sources.
Section 872 – Modifications to the SBIR and STTR Programs
Section 872 modifies both the Small Business Innovation Research (“SBIR”) program and the Small Business Technology Transfer (“STTR”) program. These two initiatives are considered the largest source of “high risk/high reward” funding for start-ups and small businesses in the United States. Section 872 directs DoD to implement a due diligence program to assess the security risks of companies that are selected to receive awards under the SBIR and STTR programs. This assessment includes an analysis of the firm’s cybersecurity practices as well as any financial ties and obligations the firm may have with foreign entities. Section 872 clarifies that the assessments must take place prior to notifying the small business that it has been selected to receive the contract award.
- As we have seen in prior years, the NDAA continues to focus on safeguarding US companies’ supply chains from foreign influence.
- Continuing a recent trend, DoD will be subject to increasingly restrictive controls on acquisitions involving materials from China, Russia, Iran, and North Korea.
- While focusing on supply chains and foreign powers, the NDAA also strengthens small business participation in the DIB by modifying the MPP, SBIR, and STTR programs.
Other Matters – Improvement to Cybersecurity for the Defense Industrial Base
Section 884 – Incorporation of Controlled Unclassified Information Guidance into Program Classification Guides and Program Protection Plans
Section 884 requires DoD to ensure that all program classification guides for classified programs and all program protection plans for unclassified programs include guidance for the proper marking of controlled unclassified information (“CUI”). The joint explanatory statement accompanying the NDAA noted Congress’s concern related to DoD’s handling of CUI markings:
We understand the Department of Defense’s uneven application of CUI markings is particularly problematic for industry, which often receives little CUI training or guidance from the Government and is unsure of its responsibilities regarding this marking convention. We are also concerned with the extent and efficacy of the training, guidance, and oversight provided to the Department’s Government personnel on the CUI marking convention, which has resulted in the overclassification of entire documents and a lack of clear portion markings within documents.
Section 884 gives DoD some flexibility in executing this mandate, as evidenced by the direction that the Secretary of Defense ensure the updated guidance be completed before January 1, 2029.
Additional Important FY2023 NDAA Changes
Section 5921 – FedRAMP Authorization Act
Section 5921 codifies the Federal Risk and Authorization Management Program (“FedRAMP”) into law and standardizes the current FedRAMP regime. The section, referred to as the “FedRAMP Authorization Act,” generally seeks to reduce unnecessary costs related to certifying cloud technologies through a variety of measures. For instance, the provision establishes a “presumption of adequacy” allowing cloud technologies that achieve authorization with one federal agency to be presumed adequate for use at other agencies with the same security requirements. Similarly, section 5921 requires federal agencies to use the existing security assessments, to the extent practicable, for any cloud technology the agency seeks to authorize that already has received a FedRAMP authorization. Also of note, this section creates the “Federal Secure Cloud Advisory Committee,” a committee composed of not more than 15 qualified members from the public and private sectors, to streamline government and industry collaboration related to the acquisition of cloud services.
- Congress appears to recognize that defense contractors have received inconsistent guidance with respect to CUI protocols and, as a result, has directed DoD to issue guidance for the proper marking of this information.
- Recognizing the ever increasing role of cloud services, and the continuing need for security protocols, the NDAA streamlines the FedRAMP process in several important ways.
Section 5949 – Prohibition on Certain Semiconductor Products and Services
Section 5949 precludes acquisition by US federal agencies of products or services that include certain semiconductors originating in China or other foreign countries of concern. Under section 5949(a), agencies will be prohibited from:
- “procur[ing], obtain[ing], or extend[ing] or renew[ing] a contract to procure or obtain, any electronic parts of products, or services that include covered semiconductor products or services,” (Section 5949(a)(1)(A)), and
- entering into a contract “with an entity to procure or obtain electronic parts or products that use any electronic parts or products that include covered semiconductor products or services” (Section 5949(a)(1)(B)). Under the applicable rule of construction (Section 5949(a)(2)(B)), this use prohibition applies when the covered semiconductor products or services are in “critical systems,” which are defined as “national security systems,” i.e., telecommunication or information systems operated by the federal government that involve intelligence and cryptologic activities; command and control of military forces; equipment that is an integral part of a weapon or weapons system; or any other system identified by the Federal Acquisition Security Council or DoD.
Although the prohibitions have five years to take effect, contractors (and their subcontractors and suppliers) must start now to thoroughly analyze their supply chains and identify any products sold to the federal government that contain covered semiconductor products or services. Contractors will then need to take steps to source section 5949-compliant semiconductor products and services.
 Section 803 of the NDAA for FY2019 directed submission of these “Data Denial” Reports.
 Congress first authorized the MPP as a pilot program in 1990, and, at that time, the program was scheduled to expire in 1994. See Section 831 of the National Defense Authorization Act for Fiscal Year 1991, Pub. L. No. 101-510, § 831, 104 Stat. 1485, 1607 (1990).
 As an incentive mechanism, the MPP allows DoD to use its appropriated funding to provide direct reimbursement to mentors for providing developmental assistance to protégés. Section 856 allows the protégé to receive up to 25 percent of the reimbursement that the mentor firm is eligible to receive from the government for qualifying engineering and software development work.
 See Mayer Brown’s previous Legal Update, which provides an in-depth analysis on section 5949.
Webinar: Medical Device Cybersecurity from a VHA Perspective, January 25
Join a webinar with the Veterans Health Administration (VHA) on medical device cybersecurity hosted by AMSUS-SM and the Coalition for Government Procurement. The webinar will cover how to initiate the cybersecurity approval process, terminology and roles, and what contractors can expect during the VHA’s process. Our guest speakers will be Robert Steldt, Chair of the Medical Device Security Working Group and Healthcare Technology Manager, VISN 12 at the VA along with Megan Friel, Acting Director of the Office of Healthcare Technology Management.
Presenter: Robert Steldt, Healthcare Technology Manager, VISN 12 and Megan Friel, Acting Director, Office of Healthcare Technology Management
Moderator: Alan James, MBA, HCISPP, CC, Senior Government Account Manager, Stryker
Date: Wednesday, 25 January
Time: 12:00 – 1:00 pm EST
Virtual Platform: GoToWebinar
Target Audience: AMSUS-SM and Coalition Members
By Ken Dodds, Live Oak Bank
The following blog does not necessarily represent the views of the Coalition for Government Procurement.
Contractor Teaming Agreements
Teaming is an often-used term in government contracting, but it has three different meanings, with varying responsibilities and ramifications. The FAR defines contractor teaming agreements (CTA) as either a joint venture or a prime/sub relationship.
A joint venture is typically a separate legal entity owned by two or more businesses that join together to perform a contract. The joint venture entity is the prime contractor but the parties to the joint venture are jointly, and if needed individually, responsible for performance of the contract. In a prime/sub teaming arrangement, the prime it responsible for contract performance and has the direct relationship with the government.
And then there is the GSA Schedule, which allows firms with Schedule contracts to form CTAs to provide goods and services from the team members’ Schedule contracts. Under the GSA Schedule CTA, each member has privity of contract with the government and each member is operating as the prime contractor for the portion of work that they perform. The GSA Schedule guidance provides that a CTA should designate a team lead and address responsibilities for invoicing and payment, and that team members should resolve any dispute concerning payment without the involvement of the government. The GSA Schedule guidance suggests that the team lead may submit invoices on behalf of the team members, but GSA recommends that payment be made directly to each team member.
A recent Court decision concerning a dispute between GSA Schedule CTA team members illustrates the potential hazards of GSA Schedule CTAs. The plaintiff team members alleged the team lead failed to submit invoices in some cases but also received payment for the team members’ work without distributing the payments to the team members. The defendant team lead counterclaimed and alleged that the team members agreed that the team lead would act as the prime and that the team members would be subcontractors. The defendant also alleged the plaintiffs’ invoices were faulty. The defendant further alleged the plaintiffs discredited the defendant resulting in lost contract work.
In a ruling addressing the parties’ motions to dismiss, the Court found the defendant did not breach the CTA because it did not specify that the team lead was responsible for invoicing for the team and distributing payment. The Court found that the plaintiff team members had sufficiently alleged the tort of conversion and claims of fraud and denied the motion to dismiss these counts. The Court dismissed the defendant team lead’s counterclaim that the plaintiffs breached implied-in-fact subcontracts but found the defendant had sufficiently alleged tortious interference with a contract, tortious interference with business expectancy and defamation.
The case illustrates that the best course of action for GSA Schedule CTAs would be for individual team members to invoice separately and receive payment directly. If the government requires the GSA Schedule CTA team lead to submit consolidated invoices for the team, team members should insist on being paid directly and must diligently monitor and verify that the team leader is timely submitting invoices and take immediate action if there is a delay or other invoicing issue.
Do you have a topic you wish to be covered or a question on how Live Oak Bank can support your business? Email me at firstname.lastname@example.org.
 FAR 9.601.
 13 CFR 125.8(b)(2)(viii).
 FAR 9.604(e).
 AB Staffing Solutions, LLC v. ASEFI Capital, Inc., No. 3:22CV32 (DJN), 2022 WL 16555707 (E.D. Va. Oct. 31, 2022).
New “Interested” Feature Added to GSA eBuy
Photo Source: GSA
GSA has added a new feature to eBuy, the Federal Government’s main platform for posting contract solicitations and receiving quotes, that allows contractors to show interest in a Request for Information (RFI) or a Request for Proposal (RFP). Added on December 29, the feature is intended to help buyers understand how many quotes they might receive and whether an extension will be needed to solicit more responses. Buyers will be able to see the eBuy profile of contractors who have indicated interest, and the RFI/RFP will be stored in the seller’s list of quotes for reference. In a statement to the Coalition, GSA confirmed that an indication of interest is not equivalent to a quote when determining how many offerors competed for a solicitation. GSA also added that an “indication of interest will not trigger any additional action from a buyer.”
New Leadership Selected for National Security Commission on Emerging Biotechnology
The House and Senate Armed Services Committees announced the selections of a chair and vice chair for the National Security Commission on Emerging Biotechnology (NSCEB) last Friday.
The NSCEB, created by the 2022 National Defense Authorization Act, is charged with reviewing “how advancements in emerging biotechnology and related technologies will shape current and future activities of the Department of Defense.” It will produce a public report in two years containing recommendations for executive and legislative action, with some specific areas of interest including biotechnology workforce development, biotech investment, and data sharing between industry and government. The chair of the commission will be Dr. Jason Kelly, the head of Gingko Bioworks, a synthetic biotechnology company that programs cells for a variety of industries. The vice chair will be Dr. Michelle Rozo, the previous head of Technology and National Security at the National Security Council. The commission’s other 10 members include industry experts and members of both houses of Congress.
Seeking Member Testimonials About the Value of Coalition Membership
The Coalition for Government Procurement is seeking member quotes about the value of membership with the Coalition. If you have a quote about how the Coalition has benefited you or your organization that we can include in our membership and marketing materials, please contact Michael Hanafin at email@example.com.
Register for the AFCEA Bethesda Health IT Summit, Jan 17-18
The Coalition is proud to sponsor AFCEA Bethesda’s 15th Annual Health IT Summit, Collaborating for a Resilient Health IT Ecosystem. The Summit will have two days of agency focused panels held on Tuesday and Wednesday, January 17 and 18. Each day will be a unique opportunity to learn, engage, and connect with key government agencies including HHS, CMS, DHA, VA, NIH, CDC, and FDA on the most important healthcare IT challenges facing government and industry today.
Technology provides an environment for collaboration, cooperation, and coordination among key players in the healthcare system, including government agencies, private-sector partners, and academia. The pandemic has created a rare opportunity to transform and modernize a sprawling healthcare system that has been stubbornly slow to change. At a time when the average life expectancy of Americans has declined for three consecutive years, transforming healthcare means better outcomes and healthier Americans. For that to happen, we must work together.
Coalition members can register here.