Friday Flash 09/02/2022

Labor Day

By 1894, many states had enacted laws setting aside a day to honor labor, but it was on June 28th of that year that President Grover Cleveland signed an act into law providing a federal holiday on the first Monday in September to celebrate the role of labor in our society. More than 125 years out from this date, Labor Day has come to mark many different social points in our national life. In fashion, for instance, certainly in years past, it marked the point on the annual calendar beyond which white (lightweight) clothing brought out of storage on Memorial Day should not be worn (a rule reportedly flouted by fashion designer Coco Chanel). In many states, Labor Day still defines the end of summer for primary and secondary school students, the point after which they walk their personal version of “The Green Mile” in the return to school.

It is natural that holidays on the calendar, especially after a long period of time, serve as demarcation points for seasons and other aspects of our social life. Regarding Labor Day, however, although it may signal the coming the return to school for some students, it should not be viewed simply as an “End of Summer” celebration.

At the end of the 19th century, labor faced significant challenges.

In the late 1800s, at the height of the Industrial Revolution in the United States, the average American worked 12-hour days and seven-day weeks in order to eke out a basic living. Despite restrictions in some states, children as young as 5 or 6 toiled in mills, factories and mines across the country, earning a fraction of their adult counterparts’ wages.

People of all ages, particularly the very poor and recent immigrants, often faced extremely unsafe working conditions, with insufficient access to fresh air, sanitary facilities[,] and breaks.

In response to these conditions, workers organized to bargain for basic rights in the workplace, and, at times, there was significant social unrest and economic disruption. What arose from that strife, however, was a movement that rejected the false ideologies of communists and revolutionaries, embraced business unionism, and gave us benefits that we now may take for granted, including the five-day work week, the eight-hour workday, safe and sanitary working conditions, and prohibitions against exploiting child labor.

We wish everyone a safe and healthy holiday with family and friends.

NASA to Combine Several IT Support Contracts into $1B New Contract Vehicle

The National Aeronautics and Space Administration (NASA) announced plans to consolidate its incumbent IT support contracts into a single vehicle projected to be worth over one billion dollars, reports FCW. The new vehicle consolidates 10 current NASA support contracts in lieu of their recompetition. In the determination and findings document, NASA stated that NCAPS would “consolidate and standardize application and platform service requirements,” thereby lowering costs, improving service delivery and bettering cybersecurity. A draft request for proposal is expected as early as next week, and FCW predicts that NASA will award the contract through the Alliant 2 Governmentwide Acquisition Contract.

Proposed CMMC Assessment Process to Undergo Changes

Federal News Network reported that the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body (AB) is planning to revise its draft CMMC Assessment Process (CAP) document, which was released in late July. The CAP is designed to be used by CMMC Third Party Assessment Organizations (C3PAOs) and organizations seeking certification (OSCs).  According to the CMMC AB, the purpose of CAP is to outline third-party assessment phases, procedures, and templates. During a public meeting on August 30, CMMC AB Chairman Matthew Travis said that “we very much wanted to get your feedback, and I know the draft CAP has caused a lot of activity in message boards and other fora, which is great. We’re going to continue to work this and adjudicate comments and share with you, each month give you an update on CAP revisions and changes.” Travis added that the AB is looking to make the CAP more efficient. The Coalition submitted comments to the AB in response to the draft CAP document. The Coalition urged the AB to reconsider the CAP for multiple reasons, including an increase in burdens and expenses for companies, particularly small businesses. The Coalition’s full comments can be read here.

A joint voluntary surveillance program began last week. This program “allows companies to voluntarily gain an assessment of their cybersecurity compliance from a joint team of Defense Department assessors and a CMMC Third-Party Assessment Organization hired by the company seeking certification.” Companies that receive a high assessment through the program will automatically receive CMMC Level 2 Certification once CMMC is implemented. According to Travis, initial writing of the CMMC rule has begun, and a draft has been shared internally within the Department of Defense.

Changes for Third Parties in Effective Sept. 16

The General Services Administration’s (GSA) Integrated Award Environment (IAE) announced in an Interact blog that as of September 16, Entity Administrators in the System for Award Management (SAM) must hold a position in the entity they administer. The intent of the change is to ensure that “entities are in control of who has permission to edit and maintain their information.” On September 16, Entity Administrators will only be able to assign new third parties a Data Entry role, not an Entity Administrator one. All current third-party Entity Administrator roles will be converted into Data Entry roles at a later date. According to the IAE, third parties “can continue to create and manage registrations on behalf of entities with a Data Entry role” but “will no longer be able to assign roles to others.”

Army Looks for Efficient Implementation and Future “Big Bets” in Ongoing Review of its Network

Undersecretary of the Army Gabe Camarillo announced that the Army is running a portfolio review of its network that will be complete this fall, FedScoop reported. The review aims to ensure that Army resources, spread across an array of groups, are being used to advance the Army’s goal of achieving a next-generation network that unifies enterprise systems and tactical networks. Camarillo has also asked the Army’s tactical network team to identify “big bets”—improvements, whether technical, logistical or programmatic, which could have a substantial effect on the network’s performance. Among them, according to Brig. Gen. Jeth Rey, director of the Army’s network cross-functional team, is improving the acquisition for new technologies and getting “[them] into the hands of the user a little bit faster.”

Following through on this and other “big bets” will not only improve the Army’s own network, but also help the service implement the DoD’s Joint All-Domain Command and Control (JADC2) strategy. JADC2 aims to connect “sensors with shooters” and ensure that information can be shared quickly across all of the armed services. Rey added that the JADC2 will be addressed from the perspective of transport, bandwidth and the Army’s data fabric, the “federated environment” the Army uses to share information internally. The review is due to be completed this fall.

GSA on Cybersecurity Priorities for 2023

Lawrence Hale, Acting Deputy Assistant Commissioner for Category Management, Office of Information Technology Category at GSA, spoke on his office’s plans in 2023 to increase cloud adoption and move to Zero Trust security, reports Meritalk. At an event hosted by the Advanced Technology Academic Research Center, Hale spoke of the work his group is doing on the cloud special item number (SIN) to facilitate agencies response to the cloud imperative in 2021 Executive Order on improving the nation’s cybersecurity. “We’re working on setting up something on top of the cloud SIN to improve the ease of use, to improve the ability to acquire cloud, and buy cloud the way industry buys its cloud,” Hale stated.

Hale also said that a major priority is assisting agencies with their Zero Trust security migrations in order to meet the mandate of the cybersecurity executive order. Hale spoke on GSA’s work with the Cybersecurity and Infrastructure Security Agency (CISA) to develop a Zero Trust buyer’s guide “to help agencies assess where [they] are on [their] Zero Trust journey and determine what the most important next steps are.” Hale emphasized that the development of a Zero Trust architecture should be built upon agencies’ existing programs and tools as opposed to rebuilding from the ground up. He specifically pointed to tools within CISA’s Continuous Diagnostics and Mitigation program as a foundation to work from in the development of a Zero Trust architecture.

OMB Budget Guidance Emphasizes Customer Experience

FCW reports on the latest budgetary guidance from the Office of Management and Budget (OMB) and its emphasis on the customer experience. The inclusion of new language in Circular A-11 focused on the customer experience is “a clear signal of the kinds of things OMB is going to be looking for as they review those proposals,” Don Kettl, a retired professor of public policy, told FCW. “The timing is not a coincidence.” The guidance places new emphasis on non-traditional measures of experience. “Measures of experience (including measures of equity (e.g., participation), effort (burden/friction), and those outlined further in this guidance) are of co-equal importance as traditional measures of financial and operational performance,” the guidance states. The guidance emphasizes the need for the customer experience to increase trust in the Federal Government and calls upon agencies to reduce the administrative burden for Americans interacting with the Federal Government.

DHS Turns from CMMC to Self-Assessment for Certification Plans

The Department of Homeland Security (DHS) is planning to use self-assessments to assert the cybersecurity of its vendors as opposed to using a model similar to the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC), reports FCW. At an event hosted by FCW, Kenneth Bible, DHS chief information security officer, stated that the department is exploring self-assessments to determine the cyber maturity of vendors. His comments represent a shift from indications in 2021 where DHS was looking to emulate the CMMC model. Bible stated that self-assessments may be preferable to the CMMC model due to the greater regulatory burden it places on small businesses which make up a large portion of DHS contractors. FCW also reports that DHS will be issuing a final rule soon to ensure that contractors protect controlled unclassified information as well as its unified agenda.

Agencies Prepare for Quantum Computing Threats

Federal News Network reported on the threat of quantum computing to cybersecurity. According to Lily Chen, Acting Cryptographic Technology Group Manager at the National Institute of Standards and Technology (NIST), quantum computing will pose major changes to what is understood about cybersecurity. Chen recently spoke during a webinar where cyber experts outlined steps for agencies to take to prepare for post-quantum cybersecurity. Additionally, the White House and multiple agencies have begun work to mitigate the threat. The President signed a national security memorandum in May that explains the Administration’s plan to address the cybersecurity risks associated with quantum computing. In July, Congress passed the Quantum Computing Cybersecurity Preparedness Act which requires agencies to strengthen their cybersecurity in preparation for quantum computing attacks. NIST and the Department of Homeland Security (DHS) created a working group for organizations to help them better protect their data and systems. Agencies are also advised to speak with vendors to ask how often they update their algorithms. Agencies can also ask vendors if they have hybrid protypes, which combine classic public key cryptography with quantum resistant technology, to test. NIST has reported that it has selected four encryption algorithms to become part of the agency’s post-quantum cryptographic standard.

Legal Corner: Just When You Thought It Was Safe To Go Back In The Water . . . The 11th Circuit Revives Executive Order 14042

By Jonathan Aronie & Ryan Roberts; Sheppard Mullin

With apologies to Jaws II, just when you thought it was safe, the U.S. Court of Appeals for the 11th Circuit has released a shark back into the EO 14042 waters.

On Friday, August 26, the 11th Circuit published a 66-page decision affirming the injunction against the Federal Government’s Code-19 Vaccine Mandate issued by the U.S. District Court for the Southern District of Georgia, but limiting the previous nationwide scope of the injunction. To quote the decision:

“We agree that the plaintiffs’ challenge to the mandate will likely succeed and that they are entitled to preliminary relief. Even so, because the injunction’s nationwide scope is too broad, we vacate it in part.”

What this means is that the 11th Circuit injunction, which previously applied to every contractor everywhere across the U.S., now applies only to the plaintiffs in this particular case: Seven states and the members of one industry association (Associated Builders and Contractors). Putting it in the affirmative, EO 14042 may be back in play for Federal contractors that, until last week, likely believed compliance with the federal vaccine mandate was behind them.

We should note at the outset, though, that following the issuance of the 11th Circuit’s opinion, the Office of Management and Budget announced its view that the injunction was still in place. As reported by Government Executive Magazine, OMB said

“At this time, the nationwide injunction remains in effect, and thus agencies should continue not to take any steps to enforce Executive Order 14042.”

As a factual matter, OMB is wrong. The nationwide injunction does not remain in effect. We assume what OMB meant to say is that the Administration will continue voluntarily not to enforce the Executive Order for the time being. This should come as some comfort to contractors trying to navigate the new enforceability map, which we affectionately call the SheppardTracker (see below). But unlike an injunction, a voluntary non-enforcement decision can disappear overnight.

In any event, now that the 11th Circuit has narrowed the scope of the District Court’s injunction, let’s discuss the question you all are asking: What does the decision mean to me?

The Current State Of 14042 Vaccine Mandate (Notwithstanding OMB’s Non-Enforcement Statement)

Most importantly, EO 14042 no longer is enjoined nationwide. In other words, the Federal Government could begin enforcing EO 14042 (via FAR 52.223-99 and agency deviations) in more than half of the United States (35 states to be exact). As a refresher, FAR 52.223-99, Ensuring Adequate COVID-19 Safety Protocols for Federal Contractors is a clause developed by the FAR Council to support agencies in meeting the applicability requirements and deadlines set forth in EO 14042.

In the absence of a nationwide injunction, the scope of each individual district court injunction once again has become relevant. Here’s a high-level summary of the existing injunctions.

  • Georgia Injunction (clarified by 11th Circuit Decision): The injunction now applies only to the state plaintiffs acting as contractors, and, therefore, has no impact on private companies. Accordingly, the Federal Government now is permitted to enforce FAR 52.223-99 against Federal contractors in Georgia, Alabama, Idaho, Kansas, South Carolina, Utah, and West Virginia (the plaintiff states). (See blue states on the map below.)
  • Kentucky Injunction (appeal pending in the 5th Circuit): The Federal Government is enjoined from enforcing FAR 52.223-99 “in all covered contracts in Kentucky, Ohio, and Tennessee.” (See red states on the map below.)
  • Florida Injunction (appeal pending in the 11th Circuit): For now, the Federal Government is enjoined from enforcing FAR 52.223-99 “within Florida.” However, given the 11th Circuit’s decision on the Georgia injunction, we suspect this injunction, too, will be narrowed, to permit the Federal Government to enforce FAR 52.223-99 against Federal contractors in Florida. (See red states on the map below.)
  • Missouri Injunction (appeal pending in the 8th Circuit): The Federal Government is enjoined from enforcing FAR 52.223-99 “for federal contractors and subcontractors in all covered contracts in Missouri, Nebraska, Alaska, Arkansas, Iowa, Montana, New Hampshire, North Dakota, South Dakota, and Wyoming.” (See red states on the map below.)
  • Louisiana Injunction (appeal pending in the 5th Circuit): The injunction applies only to the state entities acting as contractors, and therefore has no impact on private companies. The Federal Government is permitted to enforce FAR 52.223-99 against Federal contractors in Louisiana, Mississippi, and Indiana. (See green states on the map below.)

We also have updated our SheppardTracker to reflect what we believe to be the current state of play:

In short, the Federal Government may choose to begin enforcement of FAR 52.223-99 against contractors performing in the 35 states NOT shaded red.

Also, do not forget, at least one state has passed anti-vaccination-mandate legislation the enforceability of which hinges to some extent on the viability of the various federal injunctions. With the nationwide injunction no longer in place, the Preemption Doctrine could dictate that EO 14042 overrides contradictory state law.

Whether the Federal Government chooses to resume incorporating FAR 52.223-99 into contracts, or begins enforcing its requirements, however, is yet to be determined; although OMB’s recent statement to Government Executive Magazine provides at least some clue to this mystery in the short term. We suspect the Task Force will publish updated guidance shortly detailing the path forward. The Biden Administration has rolled back many COVID-19 initiatives and restrictions in recent months, and, therefore, its appetite to restart enforcement of EO 14042 is an open question. Time will tell.

In the meantime, there are additional threats circling in the 14042 waters. For instance, other district courts still have not ruled on the Motions for a Preliminary Injunction originally filed in their jurisdictions back in 2021 (e.g., the judge in the Southern District of Texas stayed litigation there once the nationwide injunction was issued by the Southern District of Georgia). Additionally, the other Circuits with appeals pending could overturn the preliminary injunctions previously granted by the lower courts (or severely limit their scope, as the 11th Circuit did), which would add to the 35 states in which the Federal Government could enforce EO 14042. We’ll continue tracking the various pieces of litigation and alert you of any notable developments.

While we eagerly await updated Task Force Guidance, for now, it seems many Federal contractors may be back to having to comply with the requirements of EO 14042 to some extent. Accordingly, everyone should keep a close eye on the Task Force website, the OMB website, the GSA 14042 page, and the specific terms of your solicitations and contracts.

Finally, we would be remiss if we did not point out two confusing points in the 11th Circuit’s decision:

  • Who Are The Plaintiffs? According to the 11th Circuit, the injunction now is limited to “the seven plaintiff States and their agencies” (and members of the plaintiff industry association). This language is not a model of clarity regarding whether the Court is referring to the States themselves (e., situations in which the state is a federal contractor) or whether the Court is referring to all contractors within those states. While the Court’s explicit language seems to limit the injunction to the state agencies only – and that’s how we read it – the fact that several of the states brought the suit on behalf of their citizens (and presumably their contractors) could mean that those citizens and contractors could be considered plaintiffs. As we said, we think the better reading is that the injunction applies to the states as contractors only (and not all contractors in those states), but we have to acknowledge the possibility of a contrary interpretation.
  • How Does It Apply To Solicitations? The decision includes an interesting statement about the Federal Government including FAR 52.223-99 in solicitations. The 11th Circuit stated: “we leave the injunction in place to the extent that it bars federal agencies from considering the enforceability of the mandate when deciding who should receive a contract, if any plaintiff belongs to the pool of bidders.” Unless every Federal contractor in the United States becomes a member of the Associated Builders and Contractors overnight, this exception appears to be very limited in scope, but the Task Force’s interpretation here will be key. More on this topic below.

Now, let’s take a deeper dive into the 11th Circuit’s decision.

Georgia v. Biden In Greater Detail

Let’s begin with a bit of history.

On December 7, 2021, the U.S. District Court for the Southern District of Georgia enjoined enforcement of EO 14042 nationwide (discussed previously here). This decision resulted a complaint by the states of Georgia, Alabama, Idaho, Kansas, South Carolina, Utah, and West Virginia. The Court permitted the Associated Builders and Contractors, Inc. (ABC), a nationwide trade association, to intervene as a plaintiff. ABC’s intervention proved to be of particular importance because the Court relied on ABC’s national membership as the basis for applying its injunction nationwide.

District Court Judge Baker’s decision focused on preserving the rule of law and ensuring “all branches of the government act within the bounds of their constitutionally granted authorities,” even in times of crisis. In order to do so here, Judge Baker determined that granting plaintiffs motion for a preliminary injunction was necessary. After determining that the plaintiff States and ABC all had standing to challenge EO 14042, Judge Baker focused his decision on the likelihood of success on the merits prong of the injunctive relief standard. Judge Baker noted that plaintiffs “need only show a substantial likelihood of success on the merits on one claim” (emphasis added), and went on to examine the plaintiffs’ contention that EO 14042 exceed the authority granted to the President by the Procurement Act (40 U.S.C. § 101, the Federal Property and Administrative Services Act).

According to Judge Baker, the question before the Court was whether Congress “clearly” authorized the President to use the Procurement Act to issue the directives contained in EO 14042. Judge Baker answered that question in the negative, finding the actual purpose of the EO to be the “regulation of public health.” As explained by Judge Baker, the purpose of the Procurement Act is to promote economy and efficiency in the federal procurement process. Although the Procurement Act affords the President significant deference to achieve this goal, Judge Baker found there was an insufficient nexus between the Procurement Act and EO 14042 and concluded that the Procurement Act “did not clearly authorize the President to issue the kind of mandate contained in EO 14042, as EO 14042 goes far beyond addressing administrative and management issues in order to promote efficiency and economy in procurement and contracting, and instead, in application, works as a regulation of public health, which is not clearly authorized under the Procurement Act.” Because substantial likelihood of success on a single claim was enough, according to Judge Baker, the Court did not examine the other challenges raised by the plaintiffs, such as arguments centered on the Administrative Procedure Act and the Non-Delegation Doctrine.

Regarding the remaining prongs of the injunctive relief standard, Judge Baker found that plaintiffs likely were to be irreparably harmed if the EO was permitted to remain in force and found the balance of harms favored plaintiffs. As such, Judge Baker granted injunctive relief in favor of plaintiffs and ordered the United States enjoined “during the pendency of this action or until further order of this Court, from enforcing the vaccine mandate for federal contractors and subcontractors in all covered contracts in any state or territory of the United States of America.”

The Court’s decision subsequently was appealed to the 11th Circuit. During the pendency of the appeal, the United States Government moved the district court to clarify whether the injunction applied to the entire EO or just the vaccine mandate. The Court clarified that its injunction was intended to enjoin only the vaccine mandate, meaning it did not enjoin the masking or physical distancing requirements of EO 14042 (discussed previously here).

The Court of Appeals Decision

The three-judge 11th Circuit Panel began its analysis by identifying the two questions before it:

  • First, whether the challenge to the vaccine mandate is likely to succeed.
  • Second, whether the scope of the district court’s injunction was too broad, which would suggest an abuse of discretion by the lower court.

Notably, the language of the 11th Circuit’s decision strongly suggests the Court is considering only the vaccine mandate, and not the entirety of EO 14042.

Likelihood of Success

The core question before the Court, in its view at least, was whether Congress, in vesting the President with broad procurement powers under the Procurement Act, authorized the President to improve efficiency through a vaccine mandate. Put another way, did Congress delegate to the President “the power to require widespread vaccination through the Procurement Act.” As the Court put it, “the question is not whether Congress could authorize the President to make procurement agreements continent on COVID-19 vaccination. It is whether Congress did so in the Procurement Act.”

While acknowledging that the Procurement Act confers broad authority on the President, the Court – like the District Court below it – emphasized that the Procurement Act’s delegation to the President is not unlimited. “The Act confers broad but not unbounded authority.”

Limiting its analysis to the Procurement Act (as apparently the Federal Government’s lawyers did before the Court), the Court noted that “the President cannot issue policies that require [federal officials] to take steps outside the Act or contrary to the Act – however useful such steps may appear.” Citing Supreme Court precedent, the Court emphasized that the Procurement Act empowers “the President to carry out the Act’s specific provisions – but not more.” In a more poetic moment, the Court put it this way: The Procurement Act “is not an ‘open book’ to which contracting agencies may ‘add pages and change the plot line.’”

In the end, the 11th Circuit agreed with the District Court that nothing in the Procurement Act confers upon the President the power to mandate vaccines for all federal contractors: “Nothing in the Act contemplates that every executive agency can base every procurement decision on the health of the contracting workforce.” The Court emphasized that the power to create and maintain an “economical and efficient” procurement system is “worlds away” from establishing health standards for all contractors’ employees. “No statutory provision contemplates the power to implement an across-the-board vaccination mandate. It follows that the President likely exceeded his authority under the Procurement Act when directing executive agencies to enforce such a mandate.”

The Court founded its view upon a well-settled principle of statutory interpretation: Congress is expected to “speak clearly when authorizing an agency to exercise powers of vast economic and political significance.” In other words, if Congress had wanted to give the President the power to use its procurement powers to set health policy, Congress would have said so.

Interestingly, reading between the lines, the Court implied that a given Agency could employ a vaccine mandate if it had a compelling reason to do so. “We cannot say that when Congress passed the Procurement Act, it meant to delegate authority to set baseline health and safety qualifications for contractors – standards that would apply regardless of the specific needs in a given project.”

Scope of Injunction

After concluding that the Administration likely would lose its case against the seven plaintiff states (and trade association), the Court set about evaluating the scope of the District Court’s injunction. Remember, the District Court enjoined enforcement of the vaccine mandate “against any contractor, anywhere in the United States, plaintiff or not.” The 11th Circuit began its analysis by commenting “we are both weary and wary of this drastic form of relief.”

The Court then undertook a cogent discussion of the advantages of differences of opinion coming from the various lower courts and the dangers of judicial overstepping that puts those advantages at risk. The Federal court system was designed to “allow courts to reach multiple answers to the same legal questions,” wrote the Court. A nationwide injunction, the Court continued, “gives a single district court an outsized role in the federal system.” “By cutting off parallel lawsuits, nationwide injunctions frustrate foundational principles of the federal court system.”

Against this background, the 11th Circuit found the lower court’s injunction “overbroad.” Accordingly, the Court vacated the lower’s courts injunction “to the extent that it bars enforcement of the mandate against nonparty contractors through new and existing contracts.” In contrast, the Court affirmed the injunction to the extent it “blocks federal agencies from enforcing the mandate in contracts with any plaintiff State or member of the plaintiff trade association.” “As a result,” wrote the Court, “plaintiffs need not comply with the vaccination requirement in their capacity as contractors, and they are not responsible for including that requirement in lower-tier subcontracts.”

One Complicating Factor

While the Court clearly was bothered by the nationwide scope of the injunction, it recognized a complication regarding solicitations. “Unlike procurement contracts, solicitations are generally issued by the federal government to many bidders, who are then expected to comply with the solicitation’s terms to remain eligible for the contract award.” Because a plaintiff could be prejudiced by an agency’s consideration of who is subject to the mandate and who is not, the Court decided to leave “the injunction in place to the extent that it bars federal agencies from considering the enforceability of the mandate when deciding who should receive a contract, if any plaintiff belongs to the pool of bidders.”

This carve-out presents quite a logistical hurdle for procuring agencies that now will have to change the rules of their procurements based upon who is bidding on those procurements. Although unlikely, perhaps we’ll see bidders convincing members of the plaintiff industry association to submit bids simply to knock the EO 14042 provisions out of the solicitation. . . . unlikely, but interesting to think about.


As we continue to monitor how the Administration and Task Force decide to proceed in light of the 11th Circuit’s decision, it likely makes sense to dust off your preexisting EO 14042 compliance plans. Our existing resources are linked below.


About The Authors

Jonathan and Ryan are Governmental Practice partners in Sheppard Mullin’s DC office. Jonathan leads the firm’s Governmental Practice and co-founded the firm’s Organizational Integrity Group. Ryan leads the Governmental Practice’s Commercial Products & Services Team and the Group’s EO 14042 Task Force. Jonathan can be reached at Ryan can be reached at

Important Note

This blog is provided for information purposes only and does not constitute legal advice and is not intended to form an attorney client relationship. As you are aware, things are changing quickly. This blog does not reflect an unequivocal statement of the law, but instead represents our best interpretation of where things currently stand. This blog does not address the potential impacts of the numerous other local, state, and federal orders that have been issued in response to the Covid-19 pandemic, including, without limitation, potential liability should an employee become ill, requirements regarding family leave, sick pay, and other issues.

VA Posts MSPV Gen-Z V1 Distribution and Supply Management Draft RFP

On September 1, the Department of Veterans Affairs (VA) issued the MSPV Gen-Z V1 Distribution and Supply Management Draft Request for Proposals (RFP). The VA is seeking feedback on content of the solicitation, the scope of work that will affect the solicitation process, and material issues with the Statement of Work. Responses to the RFP are due no later than 5 pm ET on September 14, 2022. The Coalition is considering submitting consensus comments. Please send any input and/or questions to Aubrey Woolley at by COB Wed., September 7.

The anticipated release date for the finalized solicitation is October 2022.

A View From Main Street

This week’s A View From Main Street features guest author Ken Dodds of Live Oak Bank. The comments herein do not necessarily reflect the views of The Coalition for Government Procurement.

SBA’s socioeconomic set-aside programs require that the individual upon whom eligibility is based must own and control the concern. SBA’s rules on control address issues pertaining to the long-term decision-making and the day-to-day management of the concern, e.g., quorums for board meetings, compensation, licenses, critical financing, proximity to the office, and availability during normal business hours. SBA’s rules on ownership require that the individual upon whom eligibility is based must own at least 51% of the stock or ownership interest. The statutory definition for the 8(a) program provides that ownership must be “unconditional,” while the statutory definitions for Service-Disabled Veteran Owned (SDVO) small business concerns (SBCs) and Women-Owned Small Businesses (WOSBs) do not contain the term “unconditional.”[1] Nevertheless, SBA’s rules provide that ownership must be “unconditional” for all three programs.[2]

With respect to unconditional ownership of an SDVO SBC, SBA’s current rules prohibit ownership that is subject to conditions, agreements, restrictions on or assignments of voting rights, or where ownership benefits would go to another, except in the case of death or incapacity. SBA’s rules further provide that an owner’s pledge or encumbrance of stock or ownership interest as collateral under normal commercial circumstances is allowed if the owner retains control absent violations of the terms.

In a recent decision in a response to a Court of Federal Claims’ (COFC) remand, SBA’s Office of Hearings and Appeals (OHA) found that a minority owner’s right of first refusal to purchase the service-disabled veteran’s (SDV) interest in the event of a sale, on the same terms proposed by a buyer, violated the unconditional ownership requirement.[3] COFC subsequently found OHA’s decision was not arbitrary or capricious and upheld the determination that the protester was not an eligible SDVO SBC.[4] Interestingly, in the size context a right of first refusal does not always result in affiliation.[5] For example in Zeiders, OHA found that the majority and minority owners’ mutual right of first refusal to purchase stock in the event of a proposed sale by either party “dispels the inference of control.”[6] When considering what is best for an SDV, an SDV’s ability to attract minority investors and access capital for growth certainly outweighs preserving an SDV’s right to stick minority owners with an unknown majority owner. SBA is in the process of finalizing rules to take over SDVO SBC certification from the VA and implement SDVO SBC certification government-wide effective January 1, 2023.[7] Perhaps SBA’s final rule will authorize mutual rights of first refusal when there is bona fide offer. Such an exception should also apply to WOSB and 8(a) concerns.

Have a topic you wish to be covered or a question on how Live Oak Bank could support your business? Email me at

  [1] 15 USC 632(n), (q), 637(a)(4)(A)(i).

[2] 13 CFR 124.3, 125.11, 127.201(b).

[3] E&L Constr. Grp., LLC v. United States, 159 Fed. Cl. 115 (2022); Randy Kinder Excavating, Inc. d/b/a RKE Contractors, SBA No. CVE-232-P (June 13, 2022).

[4] E&L Constr. Grp., LLC v. United States, No. 21-1765C, 2022 U.S. Claims LEXIS 1826 (Fed. Cl. Aug. 3, 2022)

[5] ArmorShield, LLC, SBA NO. SIZ-4598 (December 18, 2003); B&L, LLC d/b/a Orange Grove Medical Specialties, SBA No. 4279 (November 19, 1997); Procurement Automation Institute, Inc., SBA No. 4236 (January 9, 1997), Science-Metrics Corporation, SBA No. 144 (May 18, 1965); but see Olmec Toys, Inc., SBA No. 4077 (July 25, 1995); Clarklift of Nebraska, Inc., SBA No. 2679 (May 20, 1987); Telectro Industries Corporation, SBA No. 26 (January 12, 1962).

[6] Zeiders Enterprises, Inc., SBA No. 2729 (September 3, 1987).

[7] 87 FR 40141 (July 6, 2022).

VA Names Permanent Chief Information Security Officer

Fedscoop reported that the VA has appointed Lynette Sherrill as the permanent Deputy Assistant Secretary for Information Security and Chief Information Security Officer (CISO). Her appointment follows the February departure of former CISO Paul Cunningham. Sherill has been serving as Acting CISO since February. She previously held the role of VA Executive Director of Enterprise Command Operations, where she was responsible for the enterprise service desk, enterprise command center, and major incident problem management teams. In her new role, Sherill “will lead cybersecurity programs and risk management activities to protect Veterans and ensure secure and reliable operation of VA information systems.” While in her acting role, she was responsible for developing the VA’s new Zero Trust First Cybersecurity Strategy as well as evaluating other agency systems. One of her main responsibilities will be to address how quickly the VA responds to cybersecurity concerns. The VA Office of Inspector General noted limited progress in this area during a June House committee hearing.

GSA Releases Request for Comments on Transactional Data Reporting

GSA released a request for comments regarding an extension to an existing OMB clearance. The agency is looking to continue to collect information from contractors that have opted to conduct transactional data reporting. The total estimated annual public cost burden for this information collection is $18,104,484.46 and 281,344 hours. Public comments are requested on if the collection of this data continues to be necessary, along with its practical utility; whether GSA’s estimate of the cost of collection for the data is accurate and based on valid assumptions and methodology; and ways to enhance the quality, utility, and clarity of the data to be collected. Comments are due by October 21 and can be submitted here.

Modernization Initiatives at the Department of Veterans Affairs

This week, Chief Acquisition Officer Michael Parrish and Deputy Executive Director Phil Christy from the Department of Veterans Affairs (VA) Office of Acquisition, Logistics, and Construction (OLAC) join Off the Shelf for a wide-ranging discussion focusing on VA operations and key policy, program, and modernization initiatives.

Parrish and Christy provide an update on the VA’s Pathfinder website, a virtual concierge to streamline procurement and innovation. They also discuss the Med-Surg Prime Vendor program as the VA moves towards RPF issuance.

Parrish also provides an update on the VA’s Supply Chain Modernization initiative and the coming procurement, and highlights the vision for the VA’s Supply Chain 2050: Easy to Use, Integrated and Intelligent (EII).

Finally, Parrish and Christy discuss the role, responsibility, and function of OALC within the VA.

Click here to listen to the podcast.