Last week’s far-reaching Executive Order on Promoting Competition in the American Economy included language that carried implications for government procurement generally, including direction that could facilitate the creation of opportunities for small businesses. Indeed, the Biden Administration’s focus here on increasing competition and removing barriers to entry in the Federal marketplace once again prompts us to discuss a competition issue: streamlining the Federal Supply Schedules (FSS) program through the elimination of the Price Reduction Clause (PRC).
We are heartened to see that the Schedules Program is on GSA Administrator Robin Carnahan’s radar. During her confirmation hearing before the Senate Homeland Security and Government Affairs Committee, she spoke to the Schedules noting that, “I’ve talked to businesses that have tried to get on GSA Schedules… . [T]hey’ve told me about how difficult that process is, and I’m interested in learning more about how we can streamline that.” Administrator Carnahan need look no further than the elimination of the PRC as the catalyst for streamlining the FSS program, reducing barriers to entry, and increasing competition in the Federal marketplace.
The rationale for elimination of the PRC reduces to one simple, but fundamental, point: the costs of the PRC far outweigh the benefits. Consider the following:
- With roots extending back into pricing policies from the 1980s, the PRC conflicts with fundamental, competitive changes in Federal procurement and the government and commercial marketplaces over the last four decades. The evolution of technology, the entrance and exit of market participants, and the use of innovative purchasing practices all have worked to make the utility of the PRC obsolete.
- The PRC is a barrier to entry for new vendors from the commercial marketplace. This barrier unnecessarily limits competition and access to new, cutting-edge commercial solutions and technologies.
- Against the backdrop of the evolution of the market, the PRC represents the most significant compliance burden in governmentwide contracting, collectively costing small, medium, and large FSS contractors hundreds of millions of dollars annually.
- The PRC brings little or no value to the Federal government. GSA’s own review of modifications implementing contract price reductions found that approximately 3 percent of total price reductions were triggered by price reductions associated with the “tracking customer.”
- FSS Program competition at the order level is mandated by statute, and for a very good reason. As Congress recognized, efficient price and value are driven by competition at the task order because, at the task order level, customer agency requirements actually are definitized in real time in the market. They simply are not driven by pre-determined contract-level pricing or by bureaucratic, process-driven pricing oversight mechanisms like the PRC, negotiated against hypothetical requirements at a time in the past.
- The compliance costs of the PRC negatively impact and restrict business of all sizes, but disproportionately impact small businesses that must invest scarce resources to address the PRC’s complex compliance regime.
- PRC costs include, but are not limited to, offer preparation and negotiation of the mechanics for triggering a price reduction; dedication of systems and personnel for oversight and review of commercial operations to validate compliance, and training of employees and senior executives responsible for compliance. In addition, let us not forget the legal and audit costs associated with the management of a PRC compliance program.
- The PRC is an anticompetitive, restraint on trade. It is the only governmentwide contract term that, as condition of obtaining a government contract, restricts the discretion of the contractor to compete fully and fairly in the commercial market. Thus, this deleterious economic policy of the PRC reduces economic growth and job creation.
The foregoing case for eliminating the PRC provides GSA with a compelling opportunity to yield a win-win-win for customer agencies, FSS contractors, and for GSA itself. By reducing barriers to entry, the elimination of the PRC will enhance competition and improve agency access to commercial solutions. It will ensure that price and value is driven by task order level competition for agency specific requirements. It will allow contractors, especially small business contractors, to focus resources on competing for and performing work for the government customer. The time is now to provide the government the benefits of competition available to its industry partners. The time is now to eliminate the anti-competitive PRC and this change is within the GSA Administrator’s authority.
On July 9, President Biden released the Executive Order (EO) on Promoting Competition in the American Economy. The EO is intended to tackle overconcentration, monopolization, and unfair competition in the American economy. Federal agencies are called on to rescind regulations that create unnecessary barriers to entry that suppress competition. Agencies should examine how procurement or other spending methods can improve competitiveness for small businesses and businesses with fair labor practices.
Within 180 days after the signing of the order, the Defense Secretary must submit a report on the state of competition in the defense industrial base, specifically mentioning where the solicitation process can be improved due to lack of competition. The Defense Secretary must also submit a plan on how to avoid terms in procurement agreements that make it hard for the Department of Defense (DoD) or service members to restore their own equipment. The Defense Secretary will present the report and plan to the new White House Competition Council. The Council will be led by the Assistant to the President for Economic Policy and the Director of the National Economic Council. Other members of the Council will include the Departments of Treasury, Defense, Agriculture, Commerce, Labor, Health and Human Services, Transportation, and Office of Information and Regulatory Affairs. See the Fact Sheet for the EO here.
Federal News Network reported that Soraya Correa, the Department of Homeland Security’s (DHS) Chief Procurement Officer, is retiring after more than 40 years of service with the Federal Government. Ms. Correa’s last day with DHS will be July 31. She has worked with the DHS since 2003 and took the role of Chief Procurement Officer in 2015. During her career, she also worked with several other agencies, including GSA and NASA. While serving at DHS, Ms. Correa became known as one of the most innovative and creative leaders in the Federal Government. She founded the Procurement Innovation Lab, which has become a model for other agencies. The lab has been one of the most active innovation offices in the Government. She also held reverse industry days where contractors had discussions with DHS acquisition officers about bidding processes.
Roger Waldron, President of the Coalition, issued the following statement about Ms. Correa:
“Soraya was one of the leaders across Federal procurement. Her relentless focus on people and giving them the tools and capabilities they needed, as well as fostering innovation and experimentation, proved to create momentum across DHS. More importantly, she served as an example for other departments and challenged them to innovate boldly. I’ve known her for 24 years, and there isn’t a more dedicated public servant out there. I hold her in the highest regard for her dedication to Federal procurement and to the American taxpayer.”
On July 8, The Department of Veterans Affairs (VA) Office of Inspector General (OIG) published a report on Training Deficiencies with VA’s New Electronic Health Record System (EHR) at the Mann-Grandstaff VA Medical Center in Spokane, Washington. In the report, the OIG stated that the VA Office of Electronic Health Record Modernization (OEHRM) had significant deficiencies in training content, training delivery, and its ability to assess the efficacy of its training at the medical facility.
Facility leaders reported that the training did not test proficiency in navigating clinical scenarios, but instead focused on multiple steps to complete specific tasks. They also noted that staff did not receive context on the actions they were performing. The OIG found significant gaps in training for business and clinical workflows. Staff reported that there was an absence of workflow training content and reference materials that prevented them from understanding how to apply what they learned to their daily work. The OIG found the following four factors that may have negatively affected the staff’s ability to use the new EHR system:
- Insufficient time for training;
- Limitations with the training domain;
- Challenges with user role assignments; and
- Gaps in training support.
Gaps were found between the EHR available for practice and the system used by the VA at the facility, diminishing the staff’s ability to successfully operate the new EHR once it was live. Facility leaders and staff identified having insufficient time to cover complex training topics while balancing COVID-19 duties. The OIG found that the challenging user role assignment process resulted in inaccurate role assignments, which then led to personnel being placed in the wrong training. Additionally, the OIG found that adoption coaches were unavailable or limited. In a survey administered by the OIG to facility staff, 53 percent of respondents disagreed or strongly disagreed with the statement, “I am able to share patient information within the new VA EHR with other clinicians without difficulty.” 65 percent of respondents disagreed or strongly disagreed with the statement, “I am able to navigate the different applications of the new EHR without difficulty.”
The VA OEHRM acknowledged the deficiencies in training and reported on-going efforts to address them. OIG made eight recommendations to the VA Deputy Secretary related to EHR training content and delivery, the evaluation of training, Cerner’s contractual performance for training, and reviewing the governance of the EHR modernization effort.
Rep. Mike Rogers (R-Ala.), Ranking Member of the House Armed Services Committee, recently shared comments to Bloomberg on the future of procurement at DoD after the cancelation of the JEDI contract. Rogers expressed frustration with the “glacial pace” of DoD procurement after JEDI’s cancellation on the heels of over two years of delays. He also expressed his intent to implement “repercussions” for those who lose frivolous protests. “All options are on the table,” according to Rogers, however, he declined to discuss specifics. Rep. Jim Langevin (D-R.I.), who chairs the House Subcommittee on Cyber, Innovative Technologies, and Information Systems, also conveyed his interest in addressing “the minimum threshold for a protest” after the JEDI cancellation.
Jedi’s current replacement is the Joint Warfighter Cloud Capability (JWCC) Program, which plans to use a multi-cloud approach split between both Amazon and Microsoft. A tentative competitive rebidding is scheduled for early 2025. In the meantime, representatives in Congress can hold hearings, call for a Government Accountability Office (GAO) study, or draft legislation to streamline DoD procurement.
DoD Considering Additional CMMC Requirements
Fedscoop reported that, according to sources familiar with the matter, DoD is considering introducing new requirements to the Cybersecurity Maturity Model Certification (CMMC) Program that could increase the costs of some assessments. DoD and the CMMC Accreditation Body (CMMC-AB) are working to finalize requirements that would mandate increasing the number of experienced assessors that conduct tests. In effect, this requirement could result in a price increase for assessments since additional provisional assessors would need to be paid. This proposed rule would only apply to CMMC level three assessments for companies that handle DoD’s controlled unclassified information. Under the proposed rule, Certified Third Party Assessor Organizations (C3PAOs) would need to hire four full-time provisional assessors. Previously, it was thought that C3PAOs would only need to hire one full-time provisional assessor and three registered practitioners, who are entry-level assessors, to conduct a level three assessment. Some officials are concerned that this change will contribute to the limitation of resources necessary to implement CMMC.
HHS Office of Special Counsel Agrees with OTA Whistleblower
The Office of Special Counsel for the Department of Health and Human Services (HHS) released an audit on July 9 after a whistleblower raised concerns over Other Transaction Authority (OTA) usage. The audit found that The National Heart, Lung, and Blood Institute (NHLBI) did not comply with Federal requirements in their usage of OTA authority. Originally, the NHLBI had disputed a whistleblower prompted OIG report on the issue. The Office of Special Counsel concurred with the OIG’s finding that over $84 million in OTA spending was mishandled. The OIG called for HHS to review and update their policies and procedures by November 15, 2021.
Legal Corner: A Critical Step: NIST Defines “Critical Software” Subject to Biden’s Cybersecurity Order
The Legal Corner provides the accounting community with an opportunity to share insights and comments on legal issues of the day. The comments herein do not necessarily reflect the views of The Coalition for Government Procurement.
Authored by Alex Sarria and Jason Workmaster; Miller & Chevalier
On June 25, 2021, the National Institute of Standards and Technology (NIST) published a definition of “critical software,” the first of several steps the Biden administration is taking to enhance the cybersecurity of America’s software supply chain under the recent Executive Order on Improving the Nation’s Cybersecurity (the Order or E.O.). In addition to providing this crucial definition, the NIST publication includes a preliminary list of “software and software products” that may qualify as “critical” under the Order and responses to a series of Frequently Asked Questions (FAQs).
The NIST publication is significant for federal contractors and other companies that offer and sell software for use by the U.S. government because under the Order, “critical software” will soon be subject to heightened development and transparency standards and eventually will be banned from use by federal agencies if the software does not meet those standards. Below we discuss the key elements of the NIST publication and what the software industry can expect next.
The Biden Cybersecurity Order
The Biden administration issued the Order on May 12, 2021, promising to make sweeping changes to the way the federal government approaches cybersecurity. The magnitude of those potential changes is perhaps most evident in Section 4, which aims to improve the “security and integrity of critical software — software that performs functions critical to trust (such as affording or requiring elevated system privileges or direct access to networking and computing resources),” according to the Order. The president directed the Secretary of Commerce, acting through NIST, to develop and publish a definition of “critical software” based on input from government agencies, the private sector, academia, and other interested parties.
Defining critical software is a crucial first step to implementing Section 4 of the Order because it eventually will lead to the creation of uniform software development standards that will be enforced via the Federal Acquisition Regulation (FAR). Following the creation of these standards, the Department of Homeland Security (DHS) will recommend contract language to the FAR Council, which in turn will amend the FAR to codify the new software development standards and require federal agencies to:
- Remove all “non-compliant software” from existing contracting vehicles, including Indefinite Delivery, Indefinite Quantity contracts, Federal Supply Schedules, Federal Government-wide Acquisition Contracts, Blanket Purchase Agreements, and Multiple Award Contracts.
- Mandate providers of “legacy software” update their practices to meet the new development standards.
Once implemented, these new rules could produce seismic changes in the federal marketplace for commercial software. Contractors that can offer the government more secure software will gain an even greater competitive advantage, whereas companies that are slow to adapt their products may eventually find themselves on the outside looking in.
The NIST Publication: Critical Software
There are many existing definitions and uses of the term “critical,” according to the NIST publication. To implement the Order, NIST developed a tailored definition of critical software, termed “E.O.-critical software,” which focuses on the cybersecurity attributes and functions of a given piece of software. Specifically, E.O.-critical software is defined as any software that has, or has direct software dependencies upon, one or more components with at least one of these attributes:
- is designed to run with elevated privilege or manage privileges;
- has direct or privileged access to networking or computing resources;
- is designed to control access to data or operational technology;
- performs a function critical to trust; or,
- operates outside of normal trust boundaries with privileged access.
The definition applies to software of all forms (e.g., standalone software, software integral to specific devices or hardware components, cloud-based software) purchased for, or deployed in, production systems and used for operational purposes. Key terms within the definition are explained in the FAQs, including “direct software dependencies” and “critical to trust.” See FAQ 2 (“For a given component or product, [by direct software dependencies], we mean other software components (e.g., libraries, packages, modules) that are directly integrated into, and necessary for operation of, the software instance in question. This is not a systems definition of dependencies and does not include the interfaces and services of what are otherwise independent products.”) and FAQ 3 (“Critical to trust” covers categories of software used for security functions such as network control, endpoint security, and network protection.”).
NIST recommends a phased implementation of Section 4 of the Order, focusing first on standalone, on-premises software that has security-critical functions or poses similar significant potential for harm if compromised. Subsequent phases may address other software categories, such as:
- Software that controls access to data
- Cloud-based and hybrid software
- Software development tools, such as code repository systems, development tools, testing software, integration software, packaging software, and deployment software
- Software components in boot-level firmware
- Software components in operational technology (OT)
The publication includes a preliminary list of software categories considered by NIST to be E.O.-critical. This list is not authoritative. The final list of E.O.-critical software will be developed by the Cybersecurity & Infrastructure Security Agency (CISA) within 30 days of the NIST publication (i.e., on or before July 25, 2021). NIST’s unofficial list identifies the following software categories as E.O.-critical:
Contractors and other entities that provide software for use by the federal government should carefully examine this preliminary list to determine if their offerings may be covered. Though the list is unofficial, it seems likely that the final CISA list will closely track the NIST recommendations. Moreover, in NIST’s opinion, individual departments and agencies can ask software vendors to attest that their products meet E.O.-critical security measures set forth in Section 4 of the Order, even if those software products are not included in CISA’s final list of E.O.-critical software. See FAQ 15 (“If I am using a software product that is not included in the E.O.-critical list, but it is critical for me, can I ask the vendor to provide attestation? Yes, departments and agencies can leverage the E.O.-critical security measures defined in Section 4(e) as part of a procurement.”). Therefore, all software providers should keep a close watch on developments in this area, regardless if their products are officially included in the initial implementation phase.
If you have questions about the administration’s cybersecurity executive order or its implementation, please contact us:
Legal Corner: Proposed Rules Streamline Country of Origin Determinations for Mexican and Candian Imports
The Legal Corner provides the accounting community with an opportunity to share insights and comments on legal issues of the day. The comments herein do not necessarily reflect the views of The Coalition for Government Procurement.
Authored by Shara Anaroff, Alexander Chinoy, Kimberly Breier, Geronimo Guiterrez Fernandez, and Victor Ban; Convington
On July 6, 2021, U.S. Customs and Border Protection (“CBP”) and the Department of the Treasury proposed rules that would simplify the non-preferential rules of origin for goods imported from Mexico or Canada. This proposed rulemaking could significantly impact companies that import to the United States from these countries, including for purposes of government procurement and U.S. Section 301 tariffs imposed on Chinese imports. Additionally, an interim final rule issued concurrently by CBP and Treasury confirms that for purposes of marking under the United States-Mexico-Canada Agreement (“USMCA”), rules of origin based on tariff classification changes continue to apply, thereby maintaining the status quo.
Importers must declare to CBP the country of origin of every good imported to the United States. Correctly determining origin is important because it can affect applicable tariffs, the availability of special preferences under free trade agreements, eligibility for government procurement, and other regulatory requirements related to importation.
Click here to read the full article.
The VA’s OIG released an audit report on the Electronic Health Record Modernization (EHRM) program, which is responsible for managing the VA’s transition to a modernized electronic health record system designed to be interoperable with a new DoD electronic record system. Of the $16.1 billion total expected cost the VA reported to Congress in 2018, $4.3 billion was delegated to information technology (IT) infrastructure upgrades. These upgrades range from new computers to system interfaces and, are a critical part of the EHRM.
The OIG reviewed the OEHRM cost estimation processes and found multiple “weaknesses” which distorted original estimations. These included incomplete documentation and $2.5 billion in program-related IT infrastructure upgrades which were not reported to Congress. The OIG made six recommendations, which included an independent cost estimate, developing new cost-estimating procedures, and reassessments of both past estimates and reporting processes. The OEHRM concurred with all six recommendations.
DoD Lifts Workplace Restrictions
On July 7, DoD announced that up to 90 percent of personnel will be allowed to return to the office starting on July 9. The department is transitioning from Health Protection Condition Level (HPCON) Bravo to HPCON Alpha. DoD stated that it will still provide maximum telework opportunities and flexible scheduling for its workforce. HPCON Alpha is not the final reentry plan for DoD, and the department will continue to work with the Office of Management and Budget (OMB) and the White House’s Safer Federal Workplace Task Force to finalize plans. Some of the other measures effective on July 9 include six feet physical distancing, screening for all visitors, COVID-19 vaccines remaining available through the health clinic, and compliance with mask-wearing requirements.
GSA’s Summer 2021 MAS Newsletter is Available
On July 14, GSA published its Summer 2021 MAS newsletter. This newsletter includes:
- eBuy Turns 20;
- Transactional Data Reporting;
- Summer Supplier Training; and
- Catalog Management Updates.
Current MAS Program Updates
- MAS Consolidation Phase 3;
- MAS Office Hours;
- Verified Products Portal; and
- Vendor Support Center (VSC) Update Project
Read the full newsletter here.
July 22 – Summer of Compliance Webinar: Government Contracts Compliance Update Part II
On July 22 from 12:00 – 1:00 pm EDT, the Coalition will host part two of the webinar series, Government Contracts Compliance Update: Do Your Internal Controls Address Recent Changes and Key Risks? Our presenters will be David Black and Eric Crusius, both Partners at Holland & Knight LLP. FAR 52.203-13 advises Federal contractors and subcontractors to conduct periodic review of company business practices and internal controls for compliance with the “special requirements of Government contracting.” Each year, several new Government contracts-related statutes, regulations, and case law developments create new obligations and compliance risk and 2020/2021 have been no different.
David and Eric will help Federal contractors spot and identify key risk areas arising from Government contracting that might warrant updates to their compliance programs by focusing on revised policies and procedures, tailored employee training, internal reporting and response, employee discipline, and mandatory disclosure. They will also provide a checklist of issues to consider according to business function, including:
1) operations, contract performance and subcontracting/purchasing;
2) business development;
3) enterprise-wide information technology;
4) intellectual property management;
5) human resources and employment; and
6) compliance program and internal controls.
Specific changes and risks that will be addressed include the Section 889 (Chinese telecommunications products and services) prohibition; cybersecurity requirements; small business program requirements; proposal preparation; Contractor Performance Assessment Reporting System (CPARS); changes and requests for equitable adjustment (REAs); Federal Supply Schedules; gifts and gratuities; teaming agreements; subcontract flow downs; and intellectual property management.
You can register HERE. If you have already registered for Part I, you do not need to register again.
Upcoming General/Office Products Committee Meeting
On July 27 at 10:00 am EDT, all members are invited to attend a virtual meeting, hosted by the General/Office Products Committee, with DoD’s Jim Mette, FedMall Program Manager.
Jim will be sharing DoD’s changes and updates to the FedMall platform, including single sign-on.
If you have any questions/concerns that you would like addressed during the meeting, please email Samantha Holt at firstname.lastname@example.org.
To RSVP, email Michael Hanafin at email@example.com.
After a one-year hiatus due to the global pandemic, The Coalition for Government Procurement is thrilled to announce we are bringing back our Annual Joseph P. Caggiano Memorial Golf Tournament on August 18! Here are the top FORE (!) reasons you should register TODAY!
1: Honoring Joe’s legacy – Joe was not only a colleague and member of the Coalition Board of Directors, but a true friend to many of us and an overall wonderful person. His career in the government marketplace spanned 25 years, including serving seven years as COO of the Washington Management Group/FedSources. Joe also served eight years in the Navy and inspired the Coalition to support veteran non-profit organizations. The Caggiano family will once again be in attendance to honor his legacy and one of his close friends recently summed it up perfectly by saying, “I have not met anyone better than Joe, yet! I’m still looking…”
2: Supporting our veterans – Tournament proceeds will once again support the Coalition’s endowment for a qualified veteran concentrating their studies in the field of U.S. Government procurement and pursuing the JD/LLM degree or the interdisciplinary Masters degree at The George Washington University. We are excited to share that to date, four scholarships have been awarded to deserving veterans:
- The first ever recipient in 2017 was Tom Roltsch, who served four deployments in Afghanistan and Iraq with the Army Reserve. Tom studied procurement policy in the Masters program at The George Washington University and currently works for ManTech International Corporation as Principal Reliability Engineer.
- The 2018 recipient of the scholarship was Craig Barrett. Craig is currently a Senior Counsel in the Government Contracts Group at Crowell & Moring. Prior to joining Crowell & Moring, Craig spent nearly 18 years in government service both as an active-duty service member and as a civilian. Craig served as an active-duty Marine Judge Advocate immediately after the attacks on 9/11. His service with the military continued as a civilian executing the role of Acquisitions Operations Manager for the Marine Corps Systems Command, the acquisition arm of the Marine Corps.
- The 2019 recipient of the scholarship was Jennifer Sandusky. Jennifer joined the United States Civilian Board of Civil Contracts as a full-time Attorney Adviser in February of 2020 and completed the L.L.M. program in Government Procurement Law at The George Washington University Law School.
- The 2020 recipient was Connor Smith. Connor is a third-year law student at The George Washington University completing his Government Procurement Concentration. In 2012, Conner graduated from Clark University before enlisting in the Army, where he served for five years. During his time with the Army, Connor served as a Cryptological Linguist, responsible for identifying foreign communications.
3: A Beautiful Venue – Whiskey Creek Golf Club is an amazing golf course in Ijamsville, Maryland with outstanding views on every hole. As their website notes, the course is “bordered by a high ridge of hardwoods and a winding, free-flowing creek, the property contains many different environments and natural features including springs, streams, stone walls, wetlands, rock outcroppings, broad meadows, pine forests and dramatic views of the Catoctin Mountains. Architect J. Michael Poellot and design consultant Ernie Els, a 2-time United States Open Champion, have designed Whiskey Creek to take full advantage of its spectacular setting.”
4: Time to get out of your basement and enjoy some camaraderie and competition – Everyone has been cooped up for a long time, and what better way to get some fresh air and reconnect with colleagues than by hitting the greens! We know you have a personal pandemic story to share, along with business challenges and successes. Take advantage of this opportunity to catch up with old friends (and make new ones!) during a friendly scramble style golf competition. There will be low scores and there will be (very) high scores – but everyone will be a winner as there will be prizes for both! Not a golfer? No problem! You can come participate in the Veranda Club where you can take in the scenic views from the large club house deck, play in a cornhole tournament, or join us for the reception as golfers filter in from the course to enjoy an awards ceremony, BBQ, and burgers!
Lastly, I want to encourage you to consider one of our sponsorship opportunities as we are still seeking Title Sponsors, a Reception Sponsor, and many hole sponsors. Thank you to our Lunch Sponsor, The Gormley Group; our Beverage Cart Sponsors, CACI and ManTech; and all our hole sponsors! For sponsorship questions or commitments, please contact Matt Cahill at firstname.lastname@example.org or 202-315-1054.