Friday Flash 11.5.21

Heaven’s Soldier: Lt. Col. Francis P. Duffy

Next Thursday, our nation marks Veterans Day, a time to remember and honor service members who willingly offer up themselves in service to our country.  Begun following World War I and for over a century thereafter, the ritual of celebrating Veterans Day has come to include recognizing acts of heroism great and small by those in our military and those serving our military.  As we have done in the past (see, e.g., Veterans Day: Reminding Us of Our Higher Calling” and “Remembering a Harlem Hellfighter on Veterans Day”), at this time, the Coalition recognizes a remarkable figure of World War I.

Lt. Col. Francis P. Duffy is recognized as the most decorated Chaplain in U.S. history.  An immigrant from Canada, he was one of eleven children and a descendant of Irish Immigrants to North America who sought to escape famine in their homeland.  After college, he was ordained a Roman Catholic priest, and obtained his Doctorate from The Catholic University of America.  At the turn of the last century, Fr. Duffy volunteered to minister to sick soldiers returning from the Spanish American War and, in the process, caught typhoid and spent time recuperating.  Later, in addition to his role as a parish priest, Fr. Duffy served as Chaplain to the N.Y. National Guard’s 69th Regiment, the so-called “Fighting 69th,” comprised mostly of Irish Americans.

At the outbreak of World War I, Fr. Duffy joined with the 69th Regiment, one of the first units to leave for France.  There, he ministered to the young men of his flock, from hearing Confessions to saying Mass, and he offered a paternal ear to all, listening to their worries and fears as they faced death in the newly mechanized age of combat.  Fr. Duffy was no stranger to this combat.  Indeed, he regularly put his life on the line, accompanying stretcher patrols under fire into the open fields separating combatant trenches to retrieve the wounded and the dead.

Fr. Duffy kept the welfare of his men in his heart perhaps, in part, because he knew many of them from their time together back home.  He maintained their Irish traditions, which reinforced their common heritage in service to this nation, bolstered esprit de corps, and earned him their love and admiration.  Though he maintained courage and an even keel under fire, he was not immune to the pains of war’s loss.

[W]itnesses recall that in turning over one young soldier to give the last rites, Duffy broke down into tears; he remembered baptizing him as a baby.

Perhaps it was a blessing that, in the middle of such horror, the same kind soul that blessed that soldier and welcomed him into the world ushered him to the hope of salvation.  In any case, the scene provides an example of why Fr. Duffy was so admired for his leadership and his dedication to the troops, so much so, that then-Colonel Douglas MacArthur considered appointing him as regimental commander.  For his bravery, service, and dedication, Fr. Duffy was awarded the Distinguished Service Cross, the Distinguished Service Medal, the Legion d’honneur, the Croix de Guerre, and New York State’s Conspicuous Service Cross.

After the war, Fr. Duffy returned to New York City and led Holy Cross Parish in Hell’s Kitchen.  When he died in 1932, a reported 25,000 people attended his funeral at St. Patrick’s Cathedral, and a statue is dedicated to his honor in New York City’s Times Square.

Although wars tend to be viewed in macroscopic terms, e.g., battles, strategic decisions, and the like, Fr. Duffy’s life demonstrates the significance of individual dedication and contribution.  Each soldier does their part in service to the cause, and as we celebrate this Veterans Day, we should take time to remember these individual contributions that, together, have kept us free.

The following served as sources for the foregoing:;;; and


COVID-19 Vaccination Deadline for Contractors Extended to Jan. 4

On Thursday, the Administration announced a new deadline of January 4, 2022 for federal contractors to comply with certain COVID-19 safety protocols including vaccination. The same deadline was set by OSHA with respect to private sector companies with 100 or more employees. Although the deadlines are the same for the public and private sectors, the White House stated that the OSHA Emergency Temporary Standard (ETS) will not apply to workplaces that are subject to the federal vaccine mandate for contractors. This is so employers are not required to track multiple requirements since the OSHA standard allows workers to have either one or both shots by the January 4 deadline or receive at least weekly COVID-19 testing, whereas the federal vaccine mandate does not provide contractors the COVID-19 testing option. 


Defense Department Releases Enhanced CMMC 2.0

On November 4, the Department of Defense (DoD) announced the strategic direction of its Cybersecurity Maturity Model Certification (CMMC) program. This announcement marks the completion of the program’s internal review conducted by senior leadership across DoD. The enhanced program is known as “CMMC 2.0.” In addition to the original goals of protecting sensitive information, DoD states that CMMC 2.0 makes the following improvements:

  • Simplifying the CMMC standard and providing additional clarity on cybersecurity regulatory, policy, and contracting requirements;
  • Focusing the most advanced cybersecurity standards and third-party assessment requirements on companies supporting the highest priority programs; and
  • Increasing DoD oversight of professional and ethical standards in the assessment ecosystem.

These improvements increase the ease of CMMC execution, implement cybersecurity standards while minimizing barriers of compliance with DoD standards, and “instill a collaborative culture of cybersecurity and cyber resilience.” CMMC plays a major role in DoD’s efforts to safeguard the defense industrial base against cybersecurity threats.


Administration Addresses Compliance with COVID-19 Vaccine Mandate 

On Monday, November 1, the Safer Federal Workforce Task Force updated its Frequently Asked Questions (FAQs) for contractors that are required to comply with certain COVID-19 safety protocols, including vaccination, per FAR 52.223-99 (“COVID Clause”). Companies with new Federal contracts, or modified contracts with the COVID-19 Clause, including the GSA Schedules program, are required to have all covered employees vaccinated by the extended deadline of January 4.  The Task Force addressed compliance in the new FAQs and stated that contractors will not be immediately removed from contracts at the January 4 deadline if the contractor has not met the vaccine requirements. Contractors must show good faith effort, such as working towards compliance and notifying contractor employees of the requirements. Contractors will see disciplinary actions, such as termination of contract, if the contractor is not making good faith efforts to comply with the vaccine mandate. 

The Task Force also discussed that all accommodations do not need to be resolved by December 8. If there is a contractor employee who is waiting for an accommodation to be resolved, then the employee must follow the workplace safety protocols, such as social distancing and masking. If a contractor employee’s accommodation is approved, then they must continue to follow the workplace safety protocols. If a contractor employee receives an accommodation and the contractor employee is working onsite at a Federal workplace, then an agency decides if there are any safety protocols sufficient outside of vaccination. If the agency decides there are not any safety protocols sufficient outside of vaccination then the onsite contractor employee will not be able to perform the duties at the Federal workplace. The onsite contractor employee being relieved of their onsite duties does not relieve the contractor from meeting their contractual requirements.   

The Task Force stated that contractors can determine disciplinary action of contractor employees who fail to comply with the vaccine mandate, but suggested that contractors follow guidance given by Office of Personnel Management (OPM) for Federal employees who refuse to comply with the vaccine mandate.  

The FAQs clarify that a covered workplace is any workplace where a contractor employee performs work on or in connection to a covered contract. The FAQs also state that if a corporate affiliate is working at a covered contractor workplace, then the corporate affiliate is considered a covered contractor.  For more details, see the Legal Corner article provided by Miller and Chevalier below. 


OSHA Publishes COVID-19 Vaccination and Testing Requirements for Businesses with 100+ Employees 

The Occupational Safety and Health Administration (OSHA) issued a new COVID-19 and Emergency Temporary Standard (ETS) on November 4, which will require that employers with 100 or more employees develop, implement, and enforce a mandatory COVID-19 vaccination policy, unless they “adopt a policy requiring employees to choose to either be vaccinated or undergo regular COVID-19 testing and wear a face covering at work.” According to the new ETS issued by OSHA, employers are required to:  

  • Determine the vaccination status of each employee, obtain acceptable proof of vaccination status from vaccinated employees and maintain records and a roster of each employee’s vaccination status. 
  • Require employees to provide prompt notice when they test positive for COVID-19 or receive a COVID-19 diagnosis. Employers must then remove the employee from the workplace, regardless of vaccination status; employers must not allow them to return to work until they meet required criteria. 
  • Ensure each worker who is not fully vaccinated is tested for COVID-19 at least weekly (if the worker is in the workplace at least once a week) or within 7 days before returning to work (if the worker is away from the workplace for a week or longer). 
  • Ensure that, in most circumstances, each employee who has not been fully vaccinated wears a face covering when indoors or when occupying a vehicle with another person for work purposes. 

The ETS does not require employers to pay for testing. Employers may be required to pay for testing to comply with other laws, regulations, collective bargaining agreements, or other collectively negotiated agreements. Employers are also not required to pay for face coverings. 

Additionally, OSHA has compliance assistance posted on their website to help businesses implement the standard, including a webinarfrequently asked questions and other compliance materials. 

OSHA is expected to publish the interim final rule on Friday about the ETS. An advance notice is available here. 


CGP Fall Training Conference: Less Than Two Weeks Away!

It is less than two weeks away from our virtual Fall Training Conference – please take a few minutes to register now if you haven’t already.  We have confirmed our two Keynote speakers: Robin Carnahan, Administrator of the U.S. General Services Administration (GSA) on November 17, and Michael Parrish, Chief Acquisition Officer and Principal Executive Director for the Office of Acquisition, Logistics, and Construction (OALC) at the Department of Veterans Affairs (VA) on November 18.   

GSA Administrator Carnahan, sworn into office in July 2021, will be discussing her initial impressions as Administrator, GSA’s role in supporting the Biden Administration’s priorities, and her vision for government-wide contracting programs moving forward. Prior to joining GSA, Administrator Carnahan served in executive and leadership roles in business, academia, and government, including as the Secretary of State of Missouri (2005-2013).  She founded and led the State and Local Government Practice at 18F, a tech consultancy inside GSA (2016–2020). She is a nationally recognized government technology leader and in 2017 was named one of the federal government’s “Top Women in Tech.”  


Mr. Parrish was appointed Principal Executive Director of the VA’s Office of Acquisition, Logistics, and Construction (OALC) on March 1, 2021. The OALC provides policy and oversight for the Department’s $36B acquisition needs and manages VA’s major construction and leasing programs to support the largest integrated health care system in the United States, providing care at 1,255 health care facilities to over 9 million Veterans enrolled in the VA health care program. He also serves as Chief Acquisition Officer and senior advisor to the Secretary, managing and overseeing all acquisition activities for the Department.   


Roger Waldron, Coalition President, will have the privilege of interviewing Mr. Parrish during his keynote remarks, and will cover numerous topics such as technology and VA systems, requirements development, supply chain modernization, and much more. Mr. Parrish has over 35 years of senior leadership experience in military, government, corporate, and non-profit organizations and has been Chairman & CEO of several publicly traded companies as well as founder and CEO for multiple Service-Disabled Veteran-Owned Businesses. 

Following the keynote on day one, we will have an assortment of speakers and panels from across the federal acquisition community to discuss key policy, operational, and management initiatives shaping the business of government, including: 

  • Legal and Compliance Panel presenting “The Rogers” 
  • Cyber and Supply Chain Compliance Panel 
  • VA Procurement and Contracting Panel 
  • DoD Cybersecurity Initiatives and CMMC Panel 
  • Schedules Workshop Panel 
  • View from the Hill Panel 
  • GSA Interagency Contracting Portfolio Panel (GWACs, OASIS, and more) 

Panels on day two will consist of the following: 

  • Procurement Executive Panel  
  • Future of VA Medical Logistics 
  • A Dialogue with Made in America Director Celeste Drake 
  • Medical Supply Chain Panel 
  • Observations from FAS Commissioners – Present and Past 
  • Priorities for IT Modernization Fund Panel 
  • Buy American and Domestic Sourcing Panel 

As always, both days will conclude with smaller breakout sessions where you will be able to choose your session based on your industry and particular interest.  There are 16 sessions over the two days, including GSA SystemsOffice ProductsIndustrial Products/Update from the SSACServices on GSA SchedulesITVA Public Law Pricing UpdateDLA MSPV and ECATSmall Business OpportunitiesVA MSPV – Operational UpdateE-Commerce – Update on Commercial Platforms InitiativeCloud MarketplaceDHA PharmaceuticalsGWAC/MACGlobal Supply/4PLServices MAC; and Furniture. 

We encourage you to view the complete draft agenda and register today!  

Finally, we want to thank our current sponsors who help make this event possible – Gold Sponsors: CACIGDITMedical PlaceSheppard MullinThe Gormley Group; and Silver Sponsor: Concordance Healthcare Solutions.  For sponsorship inquiries or commitments, please contact Matt Cahill at 


DHS Directive Requires Agencies to Address Cyber Vulnerabilities

On November 3, the Department of Homeland Security (DHS) released Binding Operational Directive 22-01 which is meant to protect the Federal Government against cyberattacks. DHS has “previously imposed cybersecurity mandates on government agencies, often in the form of emergency requirements for an immediate fix to a critical software problem being used in an active cyberattack,” such as an order in 2017 to remove software from antivirus company Kaspersky Lab, according to the Wall Street Journal. The Directive requires Federal agencies to address vulnerabilities in the Federal system, including software and hardware. There is a catalog of “known exploited vulnerabilities,” managed by the Cybersecurity and Infrastructure Security Agency (CISA), which determines which vulnerabilities agencies need to remediate. The Directive has three required actions for agencies. 

  1. Agencies have 60 days to “review and update internal vulnerability management procedures in accordance with this Directive.” At CISA’s request agencies must provide a copy of the policies and procedures. The policies must include, at minimum:
     a.) Establish a process for ongoing remediation of vulnerabilities that CISA identifies, through inclusion in the CISA-managed catalog of known exploited vulnerabilities, as carrying significant risk to the federal enterprise within a timeframe set by CISA pursuant to this directive;
     b.) Assign roles and responsibilities for executing agency actions as required by this Directive;
     c.) Define necessary actions required to enable prompt response to actions required by this Directive;
     d.) Establish internal validation and enforcement procedures to ensure adherence with this Directive; and
     e.) Set internal tracking and reporting requirements to evaluate adherence with this Directive and provide reporting to CISA, as needed.
  2. Agencies have six months to remediate vulnerabilities with a Common Vulnerabilities and Exposures (CVE) ID assigned prior to 2021, but agencies will have to remediate any other vulnerabilities within two weeks. The “known exploited vulnerabilities” catalog lists specific timelines for each vulnerability. The timelines may be adjusted “in the case of grave risk to the Federal Enterprise.”
  3. Agencies must report on the status of vulnerabilities listed in the repository. In line with requirements for the Continuous Diagnostics and Mitigation (CDM) Federal Dashboard deployment and OMB annual FISMA memorandum requirements, agencies are expected to automate data exchange and report their respective Directive implementation status through the CDM Federal Dashboard. Initially agencies may submit quarterly reports through CyberScope submissions or report through the CDM Federal Dashboard. Starting on October 1, 2022, agencies that have not migrated reporting to the CDM Federal Dashboard will be required to update their status through CyberScope bi-weekly. 

This Directive applies to all agencies and executive branch departments except DoD, the Central Intelligence Agency and the Office of the Director of National Intelligence.


Waldron Discusses Cloud BPA in “Daily Scoop” Podcast   

In a new Daily Scoop podcast hosted by Francis Rose this week, Roger Waldron of The Coalition for Government Procurement touched on his FAR & Beyond blog recommendations with respect to GSA’s cloud marketplace. Roger discusses the unintended consequences of GSA’s current acquisition strategy that seeks using generic, governmentwide BPAs for cloud services via the Multiple Award Schedules program. Generic, governmentwide BPAs create “Vertical Contract Duplication,” increasing transactional and administrative costs to government and industry. Focusing on task order when they can market the prime contracts at the schedule level to avoid these additional costs. In addition, the podcast addresses the use of data evidence-based decision making in Federal Government decision making. To listen in to the entire show, click here 


Climate Chief Coming to DoD

The Department of Defense (DoD) is working on organizational changes to make sure that they are addressing climate change, according to Federal News Network. One of the organizational changes includes creating a leadership position to handle climate issues. Climate change has become a growing concern within DoD because it has caused more damage to bases than any terrorist attack in recent years. In September 2021, DoD released a Climate Adaptation Plan which has strategies to support tackling climate change in all of DoD’s strategic decisions. The Department plans to focus these efforts in two areas, “adaptation to enhance resilience to the effects of climate change; and mitigation to reduce greenhouse gas (GHG) emissions.”  In terms of sustainable procurement, DoD hopes to enhance mission readiness while also preventing pollution and minimizing environmental, safety and occupational health impacts on the warfighter.  The Department also plans to use its immense buying power to increase transparency in the supply chain and will “expect major suppliers to fully disclose greenhouse gas (GHG) emissions and [their] broader Environmental, Social and Governance (ESG) performance which was the subject of a recent DoD RFI. 

In addition, DoD issued a Climate Risk Analysis in October 2021 that discusses reducing climate change vulnerabilities in addition to analyzing climate change risks in the department 


GSA Discusses Managing Contractor GHG Emissions to be Competitive 

In a recent GSA blog post, Assistant Commissioner of the Office of Policy and Compliance, Mark Lee, addressed how organizations can track and reduce their greenhouse gas (GHG) emissions. GSA is highlighting this information for contractors in preparation for potential GHG requirements as a result of Executive Order 14030 which directs the FAR Council to amend the FAR to require major Federal suppliers to disclose their GHG emissions; set GHG reduction targets; consider the social cost of GHG emissions; and where feasible, give preference to bids from suppliers with a lower social cost of GHG emissions   

The Environmental Protection Agency (EPA) Center for Corporate Climate Leadership, which serves as a resource for organizations in order to track and reduce their impact on climate, provided the following four-step process for GHG inventory development: 

1) Get Started: Scope and Plan Inventory. According to the blog post, this presentation on EPA’s GHG Management Tools and Resources is an excellent resource to check out if you are getting started. If you are a small business, the EPA has developed guidance specifically for you. Check out EPA’s Guide to Greenhouse Gas Management for Small Business and Low Emitters. 

2) Collect Data and Quantify GHG Emissions. For this step, you need to figure out what data you need, how to collect it, select your emission factors, and calculate emissions. This can be challenging; however, EPA’s Center for Corporate Climate Leadership has several GHG Management Resources to assist you. The Simplified GHG Emissions Calculator is a particularly helpful resource for small and medium-size businesses. 

3) Develop a GHG Inventory Management PlanAn Inventory Management Plan (IMP) describes an organization’s process for completing a high-quality, corporate-wide GHG inventory. Organizations use an IMP to institutionalize a process for collecting, calculating, and maintaining GHG data. EPA’s Inventory Management Plan guidance is available here. 

4) Set a GHG Emission Reduction Target and Report Progress. Now that your IMP is in place, report your data, set a GHG target, and begin reducing your emissions. Public disclosures are usually made on company websites or through third-party environmental disclosure systems (e.g., the Carbon Disclosure Project (CDP)). Guidance on GHG target setting is available on EPA’s Target Setting page and additional guidance for setting a “science-based” target is available from the Science Based Targets Initiative linked on the EPA’s site.  

How can you start reducing your footprint? 

  • If you own your commercial facility, buy renewable energy (see EPA’s Green Power Partnership) and/or make your facility more energy-efficient 
  • Shift your owned or leased fleets, or any domestic delivery services, to electric vehicles. 
  • Purchase and use sustainable products. GSA will help with information on that — the GSA Green Procurement Compilation provides a list of sustainable products federal agencies are required to purchase.  
  • Make or sell green products that conform to Standards and Ecolabels Recommended by EPA. Manufacturers: Certify your products! Resellers or distributors: Identify green products on Federal market platforms (e.g., GSAAdvantage!). 
  • Work with EPA Smartway to reduce GHG from goods your company ships or receives. 

The blog post also advised that “in the first quarter of FY 2022, GSA and EPA will offer a recorded presentation specifically for Federal contractors interested in learning more about GHG management. Please be on the lookout on Interact for more information.” 


Green Committee Meeting with GSA’s Chief Sustainability Officer, Nov. 9 

Join the Green Committee for a meeting on Tuesday, November 9 at 1 pm EST. Our special guest speaker will be Kevin Kampschroer, GSA’s Chief Sustainability Office and Director of the Office of Federal High-Performance Buildings. Joining Mr. Kampschroer will be Katie Miller, Consultant, and Ann Kosmal, a Climate Response Architect who works on Strategic Risk Management & Resilience at GSA. 

As members know, Sustainability is one of the current Administration’s top priorities. This meeting will be a good opportunity for members to have dialogue with the GSA in advance of the Fall Training Conference, Nov. 17-18, on this important issue. Mr. Kampschroer will address GSA’s recently released Climate Change Risk Mitigation Plan, GSA’s current sustainability objectives and how suppliers can best support these initiatives.     

To attend this virtual meeting, please RSVP to Michael Hanafin at If you would like to be added to the Green Committee distribution list, please contact Aubrey Woolley at We welcome members from all industries to participate.   


VA Discusses Path Forward for Electronic Health Records 

On November 2, the House Veterans Affairs Committee’s Subcommittee on Technology Modernization held a hearing examining next steps for the continuation of the VA’s Electronic Health Record Modernization (EHRM) program. The hearing provided oversight of the program and addressed what the VA’s plans are moving forward. Deputy Secretary of the VA Donald Remy testified before the subcommittee and highlighted three points addressing what the VA is doing now to move forward following previous safety concerns that were raised about the implementation of the Cerner EHR system. First, the VA is learning from its implementation mistakes of the past. Second, from Remy’s perspective, the Cerner system is working. And lastly, the VA is bringing together all relevant stakeholders to ensure an effective EHR deployment.  

The hearing comes in the wake of conversations about redirecting resources to start introducing this system at other facilities despite safety concerns related to the program, including 829 patient safety tickets being submitted, with 576 being directly related to the program. Deputy Secretary Remy stated that the VA’s response to Congress about its strategic review of the program will be submitted within the month. 


Legal Corner: New Task Force FAQs Address Contractor Vaccine Mandate Enforcement, Accommodations

Jason N. Workmaster, Alex L. Sarria & Sarah Barney

Miller & Chevalier

The Legal Corner provides the legal community with an opportunity to share insights and comments on legal issues of the day. The comments herein do not necessarily reflect the views of The Coalition for Government Procurement.

On November 1, 2021, the Safer Workplace Task Force (Task Force) released new Frequently Asked Questions (FAQs) on contractor compliance with the workplace safety and vaccination requirements mandated by President Biden’s Executive Order on Ensuring Adequate COVID Safety Protocols for Federal Contractors (Executive Order). The Executive Order requires covered contractors, covered contractor employees, and those working at covered contractor workplaces to comply with vaccination, masking, and physical distancing protocols, absent an accommodation for disability or religious reasons. Our previous alerts have covered the Executive Order in more detail and the subsequent Task Force guidance and may be helpful for understanding key definitions and nuances in the new FAQs.

A brief timeline highlights where the new FAQs fit in to the broader picture of the Executive Order:

  • September 9, 2021: The Biden administration releases the Executive Order, indicating that federal contractors will soon be subject to employee vaccination, masking, physical distancing, and compliance monitoring requirements via a forthcoming Federal Acquisition Regulation (FAR) clause.
  • September 24, 2021: The Task Force releases guidance for federal contractors and subcontractors (Guidance) setting out key definitions for covered contractors, covered contractor employees and workplaces, and mandating vaccination for any covered contractor employee working on or in connection with a covered contract or working at a covered contractor workplace.
  • September 30, 2021: The FAR Council issues a class deviation clause requiring compliance — as early as December 8, 2021 — with Task Force Guidance for covered contracts and “strongly encourag[ing]” the inclusion of the clause in non-covered contracts.
  • November 1, 2021: The Task Force releases new FAQs on contractor compliance, accommodations, and the scope of covered contractor workplaces.

The new FAQs build on previous recommendations about compliance with the vaccination mandate, the process for granting accommodations, and the scope of covered entities. Further, they address the relationship between contractor accommodations and federal workplaces. The key takeaways are as follows:

  • Good Faith Effort: The new FAQs establish a “good faith” standard for a contractor’s efforts to come into compliance with the Guidance. This is a significant development, as it indicates that the government is not taking a bright-line approach to enforcement for contractors who are attempting to become compliant. However, this also means that the approaches or perspectives of contracting officers working with contractors who are facing challenges with compliance may be difficult to predict and may produce varying outcomes. At this point a contractor’s most proactive approach is to be working diligently toward compliance and retain an open dialogue with their agency costumers — including keeping contracting officers aware of the status of compliance on an ongoing basis.
  • Timing of Requests for Accommodations and Accommodation Criteria: Requests for accommodations do not need to be resolved by the time covered contractor employees begin work on a covered contract as long as the employees requesting accommodations comply with workplace safety protocols for unvaccinated individuals. If an accommodation is denied, contractors should establish a timeline for the employee to promptly become fully vaccinated. Furthermore, the FAQs direct covered contractors to the Centers for Disease Control recommendations regarding accommodation requests or vaccination delays based on pre-existing conditions, pregnancy, and participation in clinical trials.
  • Requirements for Employees with Accommodations in Federal Workplaces: Covered contractor employees who have received accommodations from a covered contractor and are working at a federal workplace should comply with the federal agency’s requirements for unvaccinated individuals, including masking, physical distancing, and testing. Notably, agencies may determine that, due to the nature of a project or federal workplace, vaccination is the only appropriate workplace safety protocol. In such circumstances, even employees with accommodations may not work at those federal workplaces. Because of this, contractors should put their respective agency customers on notice when they grant an employee an accommodation.
  • Employee and Contractor Noncompliance: For covered contractor employees who refuse to be vaccinated and have not been provided an accommodation, contractors should determine the appropriate method of enforcement. Contractors can utilize their traditional processes for enforcing workplace requirements or model their approach after the federal agencies, starting with a period of education and counseling, followed by disciplinary measures and, in the face of noncompliance, removal. For contractors who are noncompliant (as opposed to contractors who are making a good faith effort to become compliant but are not yet compliant), significant actions, including termination of a contract, should be taken by a contracting officer.
  • Prior Access to Documentation: For the purposes of documenting compliance with vaccination requirements, contractors can consider prior access to an employee’s documentation or access via a state’s immunization database sufficient.
  • Affiliates: The employees of a covered contractor’s corporate affiliate are considered covered contractor employees if those employees work at a covered contractor workplace. If a covered contractor’s employees are working on or in connection with a covered contract at a workplace controlled by a corporate affiliate, the workplace is considered a covered contractor workplace.

While the FAQs address several areas of concern for covered contractors, questions remain about the practical considerations of compliance and enforcement, as well as the live issues pertaining to the relationship between the Executive Order and state bans on vaccination mandates. We will continue to monitor and report on the developments in COVID-19-related requirements for contractors and subcontractors


Healthcare Corner: MSPV Dialogue Opportunities with the VA in November 

There will be two opportunities in November for members to engage in dialogue with the U.S. Department of Veterans Affairs (VA) about the Medical/Surgical Prime Vendor (MSPV) program.     

MSPV Dialogue with VA CAO, Michael Parrish, Nov. 10   

On November 10 at 1 pm EST, VA Chief Acquisition Officer, Michael Parrish, has offered to meet with members of the Medical/Surgical Subcommittee for a strategic dialogue about the MSPV program. Phil Christy, Deputy Executive Director of the VA’s Office of Acquisition, Logistics and Construction will also participate in the discussion. The MSPV dialogue with Mr. Parrish on November 10 at 1 pm EST will be a virtual meeting. Please RSVP to Michael Hanafin at to attend.   

MSPV Breakout Session at Fall Conference, Nov. 18   

As a follow-up, members will have an opportunity to meet with MSPV supply program and contracting professionals with the VA during a breakout session at the virtual 2021 Coalition Fall Training Conference on November 18 at 3:55 pm EST. The VA speakers for the MSPV breakout session will be:   

  • Mark Probus, Director, VHA Medical Supply Program Office, VHA    
  • Katie Hulse, Director, Acquisition Services 3 (Medical/Surgical Prime Vendor), VA SAC    
  • Craig Hilliard, Lead Contracting Officer, MSPV Supply BPAs, VHA    
  • Kim Hupp, Contracting Officer, MSPV DAPAs, VA    
  • Gina Napier, Contracting Officer, MSPV-NG Bridge, VA    

To attend the MSPV breakout session, please register for the Fall Training Conference here.     


Moshe’s Musings

Buy America vs. Buy Allies

Author: Moshe Schwartz, President, Etherton and Associates

The comments in this article do not necessarily reflect the views of The Coalition for Government Procurement.

Government contracting is a powerful tool for promoting public policy, and the Biden Administration is using it to promote its policies, including domestic sourcing. An Executive Order titled Ensuring the Future is Made in All of America by All of America’s Workers established the Made in America Office, and one of the first proposed rules focuses on implementing the E.O.

Much can be gained from buying domestic, but there are also benefits from close economic and strategic cooperation with allies, including doing business with those allies. According to the Commerce Department, defense exports Read More


New Updates 

On November 2, GSA posted an update on improvements and additions made to The updates include: 

  • Updates to the Workload report: Based on user feedback, GSA corrected the Total Action Obligation in the Workload report for DoD records that use Express Reporting. 
  • Static report added for Hurricane Ida: GSA recently added a static report for Hurricane Ida that shows entries in FPDS with the “Hurricane Ida H21I” NIA code. The report can be found in the DataBank under the ‘Static’ tab.  
  • Updates to the Entity Management API: A new version of the Entity Management API was released. Version 3 includes the EVS Source data field, updated error code handling, and other minor updates. More information can be found at OpenGSA. 
  • A new option for getting the Unique Entity ID (SAM): On April 4, 2022, the Federal Government will transition from DUNS Numbers to Unique Entity IDs as the primary means for identification for Federal awards. Registered entities in have already been assigned a Unique Entity ID that is viewable in the entity registration record. Subcontractors, sub-awardees, or grant recipients who do not need to complete an entity registration still need a Unique Entity ID. These entities can make a Unique Entity ID-only request on if they have a DUNS number, do not intend to bid on or apply for Federal awards directly, and are not part of a Federal agency. This can be achieved by signing in to, select “Get Started,” then select “Get Unique Entity ID.” 


DoD CIO Nominee Outlines Priorities 

Fedscoop reported that John Sherman, the White House’s nominee for DoD’s Chief Information Officer (CIO), plans to launch a new recruiting strategy to bring cybersecurity and digital prospects into DoD if he is confirmed. Part of Sherman’s strategy would include allowing for easier transitions between Government and industry for technology and cybersecurity employees because “the strategy of recruiting new talent for a 30-year career with the Government is no longer viable.” Sherman’s commitment to recruiting is tied to his priority of expanding zero trust architecture. Sherman believes that the Government’s Zero Trust strategy needs to be further scaled across DoD.  

Additionally, Federal Computer Week reported that if confirmed, Sherman will seek to update the Cybersecurity Maturity Model Certification (CMMC) to reduce the burden on small and medium-sized businesses. He stated that he would work with the National Security Agency and U.S. Cyber Command to provide a “security-as-a-service” model that would provide templates and guides for businesses. Oversight of the CMMC program is expected to shift to the DoD’s CIO Office with the Chief Information Security Officer as the lead. Currently, the program is led by the Undersecretary of Defense for Acquisition and Sustainment. 


Lawmakers Look to Strengthen and Streamline FedRAMP

Fedscoop reported that on November 2, a bipartisan group of lawmakers introduced the Federal Secure Cloud Improvement and Jobs Act, a bill aimed at helping agencies quickly adopt cloud services by codifying the Federal Risk and Authorization Management Program (FedRAMP). This legislation is in response to hackers recently targeting cloud service providers. The bill would require GSA to begin automating FedRAMP security assessments and reviews within a year. Lawmakers believe that codifying FedRAMP will reduce program costs, improve the reuse of program authorities to operate (ATOs), improve cybersecurity, and create more jobs at cloud service providers.  

Rep. Gerry Connolly (D-Va.) proposed similar legislation that has been held up in the Senate Homeland Security Committee since January. The new bill and Connolly’s legislation both would provide $20 million in annual funding to the FedRAMP Program Management Office, and would require it to establish metrics to track the time and quality of its assessments. Both bills also establish a FedRAMP Board, however the board proposed in the newly introduced legislation would play a greater advisory role. The board would be made up of cloud computing, cybersecurity, and risk management experts from GSA, DoD and the Department of Homeland Security (DHS). The bill also creates a Federal Secure Cloud Advisory Committee that would improve communication between agencies and cloud service providers. 


Off the Shelf: A Deep Dive into COVID-19 Protocols for Federal Contractors 

This week on Off the Shelf, Sheppard Mullin Partners Jonathan Aronie, Ryan Roberts, and Denise Giraudo provided their analysis of the implementation of the President’s Executive Order on Ensuring Adequate COVID Safety Protocols for Federal Contractors. 

Aronie, Roberts and Giraudo addressed the scope, contractual mechanics, and the process for implementing the COVID-19 vaccine mandate for Government contractors. In particular, Aronie and Roberts address applicability of new vaccine clauses to contracts and contract-like agreements with the Federal Government. They also address the scope of coverage for contractor employees and the flow down requirements to subcontractors. 

Giraudo addressed key aspects of managing the new requirement, including how employee vaccination can be verified, and the role of the vaccine coordinator. She also provided analysis of the differences between the Occupational Safety and Health Administration (OSHA) COVID-19 requirements for businesses with more than 100 employees and the requirements for Federal contractors. 

Finally, the Sheppard Mullin team shared key insights from their Executive Order 14042: Survival Guide for Federal Contractors. 


Proposed Rule on Using the Social Costs of Greenhouse Gas Emissions in Federal Procurement Decisions

On October 15, the FAR Council issued a proposed rule providing notice to contractors about plans to amend the FAR to ensure that major Federal procurements minimize the risk of climate change. On May 20, President Biden signed Executive Order (EO) 14030, Climate-Related Financial Risk. The EO states that the Federal Government should manage climate-related financial risk within its procurement activity. This proposed rule looks to ensure that Federal procurements minimize the risk of climate change by requiring the social cost of greenhouse gas emissions to be considered in procurement decisions, and by giving preference to bids and proposals from suppliers with a lower social cost of greenhouse gas emissions. The social cost is an estimate of monetized damage from increases in greenhouse gas emissions.

The FAR Council is seeking public comments on a list of questions in the proposed rule such as “how can greenhouse gas emissions, including the social cost of greenhouse gases, best be qualitatively and quantitatively considered in Federal procurement decisions?”

The Coalition will be submitting comments through the Green Committee which are due by December 14, 2021. Please send any comments or questions about the proposed rule to Aubrey Woolley at .

NIST Releases Draft Consumer Software Labeling Framework 

The National Institutes of Standards and Technology (NIST) has drafted a set of cybersecurity criteria for consumer software which it hopes will aid in the development of voluntary labels that indicate to the public whether consumer software meets a certain baseline level of cybersecurity. On November 1, NIST posted a draft document that outlines the new assessment criteria. The framework may require manufacturers to address multiple aspects of the production process such as secure development and data protection. Comments on the draft document are due by December 16, and a final version will be published no later than February 6. The draft guidelines come as the Government is pushing Federal contractors to implement greater cybersecurity protections and the Department of Justice is pursuing companies that do not accurately disclose information about their cybersecurity practices.