Friday Flash 12.17.21

A Time for Hope

It is a happy coincidence that so many holiday traditions occur within weeks of each other in the November-December timeframe.  Hannukah, Advent, Los Posadas, Saint Nicholas Day, Kwanzaa, Boxing Day, the list goes on, and each one comes with its own customs that involve bringing together family, friends, and community.

As the years go by, we accumulate memories that come to mind during the holidays, and the more memories we accumulate, the more nostalgic we become.  With that nostalgia comes the risk of melancholy, captured by the words of John Greenleaf Whittier in the poem, “Maud Muller,” about a chance encounter between a young farm maid and a judge where, though taken with each other, neither acted on their desires, leaving them to reminisce about their meeting throughout their lives.

God pity them both! and pity us all,
Who vainly the dreams of youth recall.
For of all sad words of tongue or pen,
The saddest are these: “It might have been!”

To such thinking, we say, “Humbug!”  We believe that the holiday season should be a time for hope, a time to entertain nostalgia, but to avoid the negativity of melancholy.  It also can be a time to appreciate the different holiday traditions that we hold dear, and allow all of us as a nation, to celebrate the free expression of beliefs among people of diverse backgrounds that gives meaning to our national motto, “E Pluribus Unum,” out of many, one.

In keeping with the season, turning outward and embracing hope gives us the joy experienced by Dickens’ Ebeneezer Scrooge, who, having his closed heart vivified by the Spirits of Christmas,

… became as good a friend, as good a master, and as good a man, as the good old city
knew, or any other good old city, town, or borough, in the good old world. Some people
laughed to see the alteration in him, but he let them laugh, and little heeded them;
for he was wise enough to know that nothing ever happened on this globe, for good,
at which some people did not have their fill of laughter in the outset; and knowing that
such as these would be blind anyway, he thought it quite as well that they should wrinkle
up their eyes in grins, as have the malady in less attractive forms. His own heart laughed:
and that was quite enough for him.

Whatever your background or tradition, the Coalition wishes you and yours the hope of the season, the laughter enjoyed with family and friends, and the blessings of health and happiness in the New Year.

Executive Order to Improve Federal Customer Service

This week, the President signed an Executive Order (EO) on “Transforming Federal Customer Experience (CX) and Service Delivery to Rebuild Trust in Government” that looks to improve the Federal Government’s delivery of customer service to the American public. The signing of the EO reinforces the Administration’s commitment to improving the experience for Americans related to Government service delivery. The EO will create a “sustained, cross-Government service delivery process” that seeks to improve the “customer life experiences” that Americans have when they reach out to the Government for a particular purpose. For the Administration, improving service delivery to the public “means eliminating friction from government interactions ranging from filing a change of address with the U.S. Postal Service to paying taxes.” The White House stated in their announcement that “modernizing programs, reducing administrative burdens, and piloting new online tools and technologies that can provide a simple, seamless, and secure customer experience” are part of the CX effort. 

The order lists specific Federal agencies and programs that are the focus of the Administration’s CX efforts:  

  • General Services Administration (GSA) USA.gov;  
  • Office of Personnel Management’s (OPM) retirement services and Federal employment services;  
  • Social Security Administration; and   
  • Veterans Affairs Department’s (VA) Veterans Benefits Administration and Veterans Health Administration. 

An additional aspect of the EO concerns VA benefits. In the announcement, the White House stated that soon, Veterans and service members can use Login.gov to access the VA, which will remove “outdated and duplicate VA.gov sign in options.” Instead, online services will be available in “a single, integrated, and fully inclusive digital platform on VA.gov and a flagship VA mobile application.” 

Jason Miller, Deputy Director for Management at the Office of Management and Budget (OMB), told reporters that the specific action items in the order are “near-term in nature, meaning that they will generally be completed in the coming months, within one year.”  

 

GSA Administrator Carnahan on the Customer Service Executive Order

On December 13, GSA Administrator Carnahan released an announcement about the recently released Executive Order (EO) on Transforming the Federal Customer Experience.  The EO aims to improve the customer experience (CX) delivered to the American people for government services. In the announcement, the Administrator described how Federal agencies will be “undertaking an all-hands-on-deck effort to make government services simpler and more secure, and as the home of governmentwide shared services, GSA has a leading role to play.”  She also said that, per the EO, GSA would build upon their previous efforts to make Federal online services, like login.gov and USA.gov even easier for American citizens to interact with the Government. The EO specifically tasks GSA with:

  • Establishing a product roadmap for creating shared services organized around major life experiences.
  • Developing a digital ‘Federal front door’ that includes USA.gov, and explore bringing in other sites like benefits.gov and grants.gov.
  • Dedicating multi-disciplinary teams to support High Impact Service Providers (HISPs), which provide public-facing services designed to have high impact on the public, while aligning with state and local governments as much as possible.
  • Working with the VA to provide seamless integration with login.gov accounts for customers that eliminate outdated and duplicative sign-in options.

 

 

FY22 NDAA Passes Both Houses of Congress

On Wednesday, the Senate passed the FY 2022 National Defense Authorization Act (NDAA) with an 89-10 vote, reports Politico. The passage comes a week after the House passed the FY22 NDAA which approves $768 billion in spending for national defense programs. The defense budget will receive a $25 billion increase under the new legislation.  The FY22 NDAA now goes to the White House for the President to sign.

 

 

Safer Workforce Taskforce Posts Guidance on Injunction of Contractor Vaccine Mandate 

The Safer Workforce Taskforce released an update on the vaccine mandate for Federal contractors as a result of the injunction that was issued by the U.S. District Court for the Southern District of Georgia on December 7.  The preliminary injunction blocks the enforcement of Executive Order (EO) 14042 nationwide. The Taskforce states that the Federal Government “will take no action to enforce the clause implementing requirements of Executive Order 14042, absent further written notice from the agency, where the place of performance identified in the contract is in a U.S. state or outlying area subject to a court order prohibiting the application of requirements pursuant to the Executive Order.”  

The excluded states and outlying areas where the clause will not be enforced due to the injunction are:  

  • The fifty States; 
  • The District of Columbia; 
  • The commonwealths of Puerto Rico and the Northern Mariana Islands; 
  • The territories of American Samoa, Guam, and the United States Virgin Islands; and 
  • The minor outlying islands of Baker Island, Howland Island, Jarvis Island, Johnston Atoll, Kingman Reef, Midway Islands, Navassa Island, Palmyra Atoll, and Wake Atoll. 

If a contractor has a contract with the COVID-19 vaccine clause outside of these areas, the clause will be enforced (unless the contractor employees complete substantial work in a covered contractor workplace located in an excluded or outlying area, or in connection with a covered contract in an excluded state or outlying area.)  

The guidance also notes that contractor employees working onsite in Federal buildings or Federally controlled facilities are still required to follow the workplace safety protocols when onsite. 

 

 

Excellence in Partnership Award Nominations Now Open! 

The Coalition for Government Procurement is pleased to announce that nominations are now open for the 2021 Excellence in Partnership (EIP) Awards. 

The EIP Awards honor individuals and organizations in the acquisition community who have made significant contributions to the Federal procurement system that deliver best value and meet agency missions. Historically, these awards have recognized individuals, organizations, and contractors involved in procurement with GSA, VA, DOD, DHS, and other Federal agencies. 

We are seeking nominations from qualified candidates in the award categories below from both government and industry: 

Lifetime Acquisition Excellence Award 

Presented to an individual in the contracting community for demonstrating a life-long commitment to advancing “common sense in government procurement.” Awards will be made in the following subcategories: 

  • Department of Defense 
  • Civilian agency 
  • Industry 

 

Acquisition Excellence Award 

Presented to an organization or individual for outstanding performance over the year in meeting the mission-critical needs of a Federal agency through a government contract. Awards will be made in the following subcategories: 

  • Department of Defense 
  • Civilian agency 
  • Industry 

 

Sustainability/Green Excellence Award 

Presented to an organization or individual that has made outstanding sustainability contributions in support of the Federal government’s goal to address climate change. Awards will be made in the following subcategories: 

  • Department of Defense 
  • Civilian agency 
  • Industry 

 

Advocating for Veterans Award 

Presented to an organization or individual for promoting and executing a successful program that supports veterans. Awards will be made in the following subcategories: 

  • Department of Defense 
  • Civilian agency 
  • Industry 

 

Click here to submit your nomination for the 2021 EIP Awards before the January 31, 2022 deadline. Awardees will be named this March and recognized at our Spring Training Conference in May 2022. If you have any questions, please contact Michael Hanafin at mhanafin@thecgp.org. 

 

OMB and GSA Face Challenges with Offsetting TMF Operating Costs

On December 10, the Government Accountability Office (GAO) released a report on the lack of recovery of operating expenses for the Technology Modernization Fund (TMF). TMF is a funding vehicle that allows agencies to complete modernization projects that make systems more efficient and more secure. Previously, GAO recommended that GSA and OMB create a plan to fully recover operating expenses for TMF. In 2018, OMB released funding guidelines which stated that agencies are required to reimburse the amount transferred from the fund and a fee. Under the guidelines, agencies were required to make payments after one year of the initial award and were to complete repayment in five years. OMB has relaxed the payback requirements since receiving $1 billion after the passing of the American Rescue Plan Act.  

 As of August 2021, there were fee payments of almost $810,000, which covers nearly 29 percent of TMF’s total operating expenses since 2018.  GAO stated that if OMB and GSA had implemented GAO’s previous recommendation, then they would have a greater chance to collect fees to offset operating costs. GAO found that only two of the 11 projects reviewed by GAO showed any cost savings. There is guidance for agencies to provide cost estimates, but it lacked instructions on what data elements and fields are required. 

 

DHA Cybersecurity Summit for Medical Devices, Jan. 13

The Coalition for Government Procurement and the AMSUS-SM Technology Working Group are partnering to host a summit with the Defense Health Agency’s (DHA) Office of the Chief Information Officer. The topic will be DHA’s Risk Management Framework (RMF) and how to achieve an Authority To Operate (ATO), which is a cybersecurity requirement for Military Treatment Facilities to purchase certain medical equipment. 

The virtual meeting will be on Thursday, January 13 from 10:30 am- 12:30 pm EST. During the meeting, members will be briefed by DHA technology experts on the cybersecurity requirements and how vendors can effectively achieve ATO certification.  

RSVP today by emailing Aubrey Woolley at awoolley@thecgp.org. We will send the log-in information to all members who RSVP. If you have any questions, please contact Aubrey Woolley at awoolley@thecgp.org or (703) 999-6372. 

 

 

GAO Recommends Improved Communications with Industry on CMMC

GAO posted a report on the implementation of the Cybersecurity Maturity Model Certification (CMMC) by the DoD. The report addresses what steps DoD took to develop CMMC, the progress the department has made in its implementation, and the extent to which DoD has developed plans to assess the program’s effectiveness. GAO found that DoD has not sufficiently provided details and timely communication with industry on implementation. According to GAO, without an improvement in communication, industry will face challenges in implementing the required CMMC practices. Additionally, GAO found that DoD’s CMMC assessment plans do not fully reflect GAO’s leading practices for effective pilot design. For instance, DoD has not outlined how it will analyze its data to measure performance. DoD has also not developed outcome-oriented measures to determine the effectiveness of CMMC. GAO believes that this will hurt DoD’s ability to evaluate the extent to which CMMC strengthens cybersecurity within the defense industrial base.  

The report notes that DoD CMMC 2.0 was announced in November. The report was mostly completed before this announcement. CMMC 2.0 makes significant changes to the program such as eliminating some certification levels and assessment requirements. DoD said that the department intends to suspend the current pilot and begin a new rulemaking period to implement CMMC 2.0. GAO made three recommendations to DoD to improve communication with industry, develop a plan to evaluate CMMC, and develop outcome-oriented performance measures. DoD agrees with these recommendations and plans to address them in CMMC 2.0.  

  

 

 

GSA Governmentwide Cloud Multiple Award BPA Coming in 2022

GSA posted a notice on Interact stating that in 2022, the agency will be establishing a Governmentwide Cloud Multiple Award Blanket Purchase Agreement (BPA) against the Multiple Award Schedule (MAS) “Cloud and Cloud-related IT Professional Services” and “IT Professional Services” Special Item Numbers (SINs). The BPA will be conducted and awarded in phases based on the following pools:

Pool 1  Pool 2  Pool 3 
Infrastructure as a Service (IaaS) and 
Platform as a Service (PaaS) 
Software as a Service (SaaS)  Cloud Professional Services 
Mandatory SINs  Optional SINs  Mandatory SINs  Optional  

SINs 

Mandatory SINs  Optional  

SINs 

518210C  Ancillary  518210C  Ancillary  518210C  54151S 
OLM  —–  OLM  —–  OLM  Ancillary 
Phase 1 Award  Phase 2 Award  Phase 3 Award 
Estimated date of Award: 

TBD 2022 

Estimated date of Award: 

TBD 2022 

Estimated date of Award: 

TBD 2022 


For more details, GSA’s announcement on Interact is available here

 

Legal Corner: Georgia Federal Court Blocks Federal Contractor COVID-19 Vaccine Mandate Nationwide

Authored by Dan Kelly & Hugh Murray

McCarter & English

The Legal Corner provides the legal community with an opportunity to share insights and comments on legal issues of the day. The comments herein do not necessarily reflect the views of The Coalition for Government Procurement.

Judge R. Stan Baker of the US District Court for the Southern District of Georgia issued an order (Order) on December 7, 2021, enjoining the federal government “from enforcing the vaccine mandate for federal contractors and subcontractors in all covered contracts in any state or territory of the United States of America.” This comes on the heels of the November 30, 2021 order by a federal court in Kentucky (see our article here) blocking the federal government’s ability to enforce the obligation embedded in clauses in federal government contracts and other instruments requiring employees of federal contractors with covered contracts in Kentucky, Ohio, and Tennessee to be fully vaccinated by January 18, 2022.

The Georgia case was originally brought by the states of Georgia, Alabama, Idaho, Kansas, South Carolina, Utah, and West Virginia (and agencies within those states). Unlike the court in Kentucky, Judge Baker elected to extend the order nationwide because one of the intervening plaintiffs, Associated Builders and Contractors, Inc. (ABC), has members with covered contracts located throughout the United States Further, the court concluded that “given the breadth of ABC’s membership, the number of contracts [they] will be involved with, and the fact that EO 14042 applies to subcontractors and others, limiting the relief to only those before the Court would prove unwieldy and would only cause more confusion.”

In any request for a preliminary injunction in which the Government is the party whose actions are being enjoined, a complaining party must show a likelihood of success on the merits, irreparable injury, that the injury threatened outweighs any harm the injunction would inflict on the Government, and that the injunction would not be adverse to the public interest. In this case, Judge Baker concluded that it was likely that President Biden exceeded his authority under the broad statute (the Federal Property and Administrative Services Act) giving the executive branch the authority to procure goods and services through an “economical and efficient system.” Citing US Supreme Court precedent, the court concluded the mandate cannot stand given the lack of explicit language in the enabling statute because of the mandate’s “vast economic and political significance.” The court concluded, at least preliminarily, that the implementation of the mandate would impose an “extreme economic burden” on contractors, that it would pose an “impediment” to the ability of some contractors with recalcitrant employees to continue to perform federal work, that it would have a major impact on the economy, and that it “operates as a regulation of public health.”

In its irreparable harm finding, the court focused less on the potential loss of contracts due to employees who refuse vaccination and more on the economic costs of implementing the mandate. Relying on testimony, the court noted the “incredibly time-consuming processes…to identify the employees covered by the mandate and to implement software and technology to ensure that those employees have been fully vaccinated (or have requested and been granted an accommodation or exemption) by the deadline in January.” The court noted, perhaps incorrectly, that the burden extended to “requir[ing] that any subcontractors’ employees working on or in connection with a covered contract are in compliance.” (The operative clause (clause) and the Safer Workforce Task Force Guidance merely require the clause be flowed down to certain subcontractors—there is no enforcement mandate.) Quoting the US Court of Appeals for the Fifth Circuit’s opinion and order (BST Holdings) staying the vaccine mandate for private employers promulgated by the Occupational Health and Safety Administration (OSHA), the court concluded that the costs of complying with a regulation that is later held invalid “always produces the irreparable harm of nonrecoverable compliance.”

In balancing the harms, the court was not persuaded by the Government’s arguments that an order would delay vaccinations and permit the continued spread of COVID-19 and that the harm it and the general public would suffer far outweigh any harm the contractors would suffer. The court said that the injunction merely preserves the status quo and contractors remain free to encourage employees to get vaccinated. “In contrast, declining to issue a preliminary injunction would force [the contractors] to comply with the mandate, requiring them to make decisions which would significantly alter their ability to perform federal contract work which is critical to their operations.” The court went on: “[R]equiring compliance [with the mandate] would likely be life altering for many of the…employees as [the contractors] would be required to decide whether an employee who refused to be vaccinated can, in practicality, be reassigned to another office or another task or whether the employee instead must be terminated.”

Finally, the court found the public interest was served by the injunction. Again quoting BST Holdings, the court found “From economic uncertainty to workplace strife, the mere specter of [EO 14042] has contributed to untold economic upheaval in recent months” and “the principles at stake when it comes to [EO 14042] are not reducible to dollars and cents.”

Key Takeaways:

  • This is a preliminary injunction and not a final adjudication. By its nature, it is temporary and could be revoked by a later order or by an appellate court (in this case, the Eleventh Circuit Court of Appeals). However, it is probably here to stay for at least weeks if not months.
  • The Order does not invalidate the clause or enjoin the Government or prime contractors from including the clause in contracts and subcontracts. The remaining provisions of the clause—i.e., the workplace safety restrictions—are not affected by the Order, and covered contractors are still bound by them.
  • The Order undoubtedly covers subcontractors in addition to prime contractors, although the Government has no privity with subcontractors. Although the Order enjoins the Government from enforcing the vaccine mandate, it specifically speaks of the vaccine mandate as it applies to both “federal contractors and subcontractors.” Should a prime attempt to force a subcontractor to comply with the mandate, it is almost a certainty that the subcontractor would be able to take refuge in the Order on the theory that in this case the prime is acting as the agent of the Government, and is similarly enjoined.
  • Contractors are not constrained from voluntarily encouraging employees to get vaccinated. Moreover, except in states where employers are prohibited from requiring their employees to get vaccinated (e.g., Texas and Florida), employers can establish human resources policies requiring vaccination against COVID-19 as a condition of employment as long as they allow for a medical or a religious exception consistent with established law.

 

 

Legal Corner 2: Executive Order 14042 Update 12.0: U.S. District Court Issues Nationwide Injunction

Authored by:

Sheppard Mullin

The Legal Corner provides the legal community with an opportunity to share insights and comments on legal issues of the day. The comments herein do not necessarily reflect the views of The Coalition for Government Procurement.

Federal contractors and subcontractors across the country now may press the pause button on their EO 14042 COVID-safety efforts, as earlier today the U.S. District Court for the Southern District of Georgia enjoined enforcement of the EO nationwide. The Order goes well beyond the prior federal court injunction that covered only federal contracts in Kentucky, Ohio, and Tennessee.

The Georgia decision (formally captioned The State of Georgia v. Joseph Biden, 1:21-cv-163) is the result of a complaint filed by the states of Georgia, Alabama, Idaho, Kansas, South Carolina, Utah, and West Virginia. Subsequently, the court permitted a nationwide trade association (Associated Builders and Contractors, Inc., or ABC) to intervene as a plaintiff as well. The decision to permit ABC to intervene proved particularly impactful in that the court relied on the national membership of ABC as the basis for applying the injunction nationwide.

The Immediate Impact of Georgia v. Biden

Before getting to the details of the decision, let’s focus on the impact.

In short, as of this afternoon, the Government may not enforce either the Executive Order or the contract clauses issued pursuant to the Executive Order in any U.S. state or territory. While the injunction does not prohibit contractors from voluntarily continuing to follow the Guidance of the Safety Task Force – or from mandating vaccines for their employees – as we noted in our prior Alert, contractors in states that prohibit vaccine mandates (or prohibit employers from requesting proof of vaccination or enforcing mask mandates) do so at great risk. Now that the EO is unenforceable (at least for the time being), the EO no longer preempts contrary state laws. Thus, mandating vaccination in Tennessee or Montana, for example, now will run afoul of state law, whereas, previously, Federal contractors could mandate vaccination under the EO.

Similarly, and also as we discussed in our prior alert, unionized companies likewise will need to think twice before continuing voluntarily to adhere to the Task Force Guidance, even if permitted under state law. While a mandatory compliance obligation likely is not required to be collectively bargained, a voluntary decision to enforce safety guidance probably is.

Against this background, on the eve of the original compliance deadline (12/8/21), Federal contractors now must recalibrate their compliance plans. For contractors with employees nationwide looking for a uniform policy, suspending rollout of your EO 14042 action plan is the only realistic option at this point. For those that wish to continue processing vaccine cards, you must do so carefully and in accordance with state law (e.g., Tennessee prohibits employers from taking an “adverse employment action” against anyone who refuses to provide proof of vaccination). Once a revised plan is developed, contractors should communicate the new plan to employees – and quickly. Contractors also should consider sending a similar communication to subcontractors, or, at least, putting a pause on incorporating the new FAR/DFARS clause into subcontracts.

We know a number of clients have been working their way through a significant number of religious/medical exemption requests. There is no prohibition against continuing to process such requests, but be sure not to take any action that violates state law (remember, unlike the EO, some states require you permit exemption requests based on “personal conscience” or other non-religious/medical bases).

Finally, a number of you are in possession of solicitations, proposals, quotes, modifications, or other “contract-like instruments” incorporating the new FAR/DFARS clause. Given the injunction, you are well within your rights to take exception to incorporation of the clause, either in a proposal in response to a pending solicitation or by refusing to accept a modification incorporating the clause. Shortly after the Kentucky decision, Federal agencies released guidance stating they would no longer incorporate the mandate in contracts with performance occurring in those three states. Given today’s decision, we expect similar nationwide guidance shortly.

Scope: Vaccination Mandate, Masking/Distancing, or Both?

Unlike the Kentucky court order, the Georgia order leaves no confusion as to the geographic scope of this order – it applies to “all covered contracts in any state or territory of the United States of America.” In yet another example of a court making our lives more difficult than need be, however, the order is surprisingly imprecise as to what specifically was enjoined.

The most frequent question we received this afternoon was whether the injunction applies just to the vaccination mandate, or whether it applies to the EO as a whole (including the masking/distancing requirements). The order enjoined the Government from “enforcing the vaccine mandate for federal contractors and subcontractors in all covered contracts.” The order did not expressly enjoin enforcement of EO 14042, FAR 52.223-99, or DFARS 252.223-7999. Thus, we are left to guess as to the proper interpretation of the scope of the injunction – particularly, whether the injunction applies only to the vaccination mandate or more broadly to EO 14042 and the implementing contract clauses.

Our take – the injunction applies not only to the vaccination requirement, but also to the masking/physical distancing requirements of the EO and contract clauses. We think this for three reasons.

  • First, the plaintiffs requested an injunction of the “Contractor Mandate,” which the one plaintiff that chose to define the term defined as “Executive Order 14042 and its implementing regulations.” (Emphasis ours.) The court granted this motion, and therefore, despite the inexact language, we believe enjoined all aspects of EO 14042.
  • Second, it stands to reason that if the President lacks the authority to use the Procurement Act to issue a vaccination mandate, he probably also lacks the authority to issue a mask/distancing mandate. (Although, we concede, there certainly is an argument that the Balancing of the Harms and Public Interest prongs of the TRO/PI standard may not come out the same absent a vaccination mandate.)
  • Third, practically, it would make little sense for the Government to try to enforce the masking/physical distancing requirements with the vaccination mandate on hold, particularly because various Government entities stated, repeatedly, that they will not be actively enforcing compliance with EO 14042, at least in the near future.

So, we think the entire EO is on hold, and contractors now should follow all applicable non-EO 14042 guidance on masking and distancing (e.g., state, local, CMS). But, we are hopeful the Task Force updates the official Guidance very soon to provide a definitive answer.

The Decision

Judge Baker began his decision by quoting his Kentucky colleague Judge Van Tatenhove: “This case is not about whether vaccines are effective. They are.” “However,” he went on, “even in times of crisis this Court must preserve the rule of law and ensure that all branches of government act within the bounds of their constitutionally granted authorities.” To preserve the rule of law here, Judge Baker found it necessary to grant plaintiffs’ motion for a preliminary injunction.

Finding that the plaintiff States and the ABC all had standing to bring their challenge to the EO, Judge Baker, like Judge Van Tatenhove, focused his decision on the likelihood of success on the merits prong of the TRO/PI standard. Noting that plaintiffs “need only show a substantial likelihood of success on the merits on one claim” (emphasis added), he went about immediately examining the plaintiffs’ contention that the EO exceeded the authority granted to the President by the Procurement Act (more formally known as the Federal Property and Administrative Services Act, 40 U.S.C. §101).

The standard under which Judge Baker reviewed the EO was key to his ultimate decision. The question, according to Judge Baker, was whether Congress “clearly” authorized the President to use the Procurement Act to issue the directives contained in EO 14042. Finding the actual purpose of the EO to be the “regulation of public health,” Judge Baker answered that question in the negative.

Judge Baker explained (correctly) that the purpose of the Procurement Act is to promote economy and efficiency in the procurement process. While recognizing the Procurement Act gives the President significant deference to achieve this goal, Judge Baker noted the Act does not give him unfettered powers. “[T]hat deference was expressly not intended to operate as a ‘blank check for the President to fill in at his will.’” Finding an insufficient nexus between the Procurement Act and the EO, Judge Baker concluded that the Procurement Act “did not clearly authorize the President to issue the kind of mandate contained in EO 14042, as EO 14042 goes far beyond addressing administrative and management issues in order to promote efficiency and economy in procurement and contracting, and instead, in application, works as a regulation of public health, which is not clearly authorized under the Procurement Act.”

Unlike Judge Van Tatenhove, Judge Baker did not resolve (one way or the other) the other challenges raised by the plaintiffs – specifically, arguments centered on the Administrative Procedure Act and the non-delegation doctrine. One basis for enjoining an Executive Order was enough for him.

Beyond the likelihood of success on the merits prong of the TRO/PI standard, Judge Baker found that plaintiffs were likely to be irreparably harmed if the EO was permitted to continue in force, and also found that the balancing of the harms favors plaintiffs over defendants. Judge Baker’s decision no doubt was driven, in part at least, by his finding that plaintiffs would have a “laborious undertaking” to comply with the EO.

The most notable difference between the Kentucky order and the Georgia order is the scope of the injunctive relief. You will recall Judge Van Tatenhove limited the scope of his order to contracts in Kentucky, Ohio, and Tennessee. He included a very thoughtful discussion explaining his decision in that regard. In contrast, Judge Baker applied his injunction nationwide. According to Judge Baker, plaintiff ABC has members “all over the country.” Having let ABC intervene, he then used ABC’s involvement to justify the nationwide scope of the injunction. “On the unique facts before it,” he wrote, “the Court finds it necessary, in order to truly afford injunctive relief to the parties before it, to issue an injunction with nationwide applicability.”

Accordingly, Judge Baker ordered the United States enjoined “during the pendency of this action or until further order of this Court, from enforcing the vaccine mandate for federal contractors and subcontractors in all covered contracts in any state or territory of the United States of America.”

What’s Next

The decision, like the Kentucky decision, will be appealed. But, as we noted in Update 11.0, we think the Supreme Court ultimately will decide the fate of EO 14042.

Until then, you should:

  • Reevaluate your compliance plans and give serious consideration to pausing all EO 14042 compliance efforts;
  • Research the laws applicable in the states where your employees work to ensure you do not run afoul of those prohibitions, whatever your updated compliance plans may be;
  • Consider sending a communication to employees providing an updated status on your company’s updated policy; and
  • Consider pausing efforts to incorporate the FAR/DFARS clause throughout your supply chain.

We’ll keep you posted as these decisions make their way through the appeals process. Stay tuned for additional updates. In the interim, we’ll update our Survival Guide as soon as possible.

 

Legal Corner 3: CMMC 2.0 Simplifies Requirements But Raises Risks for Government Contractors

Authored by Shardul Desai,  Eric S. Crusius , and  Kelsey M. Hayes

Holland & Knight

The Legal Corner provides the legal community with an opportunity to share insights and comments on legal issues of the day. The comments herein do not necessarily reflect the views of The Coalition for Government Procurement.

With the announcement of a revamped Cybersecurity Maturity Model Certification (known as CMMC 2.0),1 for the third time in five years, the U.S. Department of Defense (DOD) announced new, comprehensive cybersecurity standards for government contractors and subcontractors to ensure the protection of sensitive unclassified information, that is, Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). By referring to the new cybersecurity standard as CMMC 2.0, the DOD implicitly recognizes the likelihood of future versions at an unknown cost to the Defense Industrial Base (DIB).

Nevertheless, version 2.0, which was released after a seven-month review by the Biden Administration, reflects the DOD’s assessment of the DIB’s concerns and reflects the DOD’s efforts to streamline and improve upon its earlier version after criticisms aimed at its cost and complexity. Specifically, CMMC 2.0 collapses CMMC 1.0’s five tiers to three simplified tiers that are based on the cybersecurity framework implemented and that are devoid of additional CMMC-unique practices and processes. CMMC 2.0 also will allow “annual self-assessment with an annual affirmation by DIB company leadership” for Level 1 and part of the new bifurcated Level 2 (formerly Level 3). Otherwise, an independent third-party assessment or government-led assessment will be required.2

Besides CMMC 2.0, contractors with CUI are also required to comply with Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7019 and 252.204-7020. Collectively, these clauses require contractors to enter their compliance with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 into DOD’s Supplier Performance Risk System (SPRS). DOD will identify medium- and high-risk contracts and perform independent assessments of contractor compliance with NIST SP 800-171 and whether a contractor’s compliance matches what it inputted into SPRS. Contractors should also be mindful as to whether these disclosures match their prior acceptance of contracts with DFARS 252.204-7012, which required full compliance with NIST SP 800-171.

The return of self-assessment, which was the bedrock of the first DOD cybersecurity standards set out in DFARS 252.204-7012 and whose failure led to the development of CMMC 1.0., creates substantial risks to DIB companies and their leadership. The U.S. Department of Justice (DOJ) recently announced a new Civil Cyber-Fraud Initiative that emphasized the use of the False Claims Act (FCA), 31 U.S.C. § 3729 et. seq., to bring civil action against government contractors who knowingly misrepresented their cybersecurity practices and protocols.3 The FCA allows the government to recover treble damages and permits qui tam suits,4 which allow whistleblowers to receive a portion of the monies recovered by the government. In addition, other regulatory agencies have brought enforcement actions for alleged false certifications concerning compliance with agency-required cybersecurity standards.5 Thus, the risk of a DOJ investigation or a qui tam suit connected with a DIB company’s self-assessment affirmation is very real, and this announcement – coupled with self-certification options in CMMC 2.0 – should not been seen as a coincidence. Nevertheless, companies can reduce such risks with appropriate cybersecurity policies and a culture of compliance.

 

 

Comment Period for Climate Risk ANPR Extended to Jan 13

The Federal Acquisition Regulatory (FAR) Council announced that the comment period for seeking public input on a potential FAR amendment to implement section 5(b)(ii) of Executive Order 14030, Climate-Related Financial Risk will be extended to January 13. The comment period was extended to allow additional time for interested parties to submit comments in response to the questions posed in the advance notice of proposed rulemaking. On October 15, the FAR Council issued a proposed rule providing notice to contractors about plans to amend the FAR to ensure that major Federal procurements minimize the risk of climate change. On May 20, President Biden signed Executive Order (EO) 14030, Climate-Related Financial Risk. The EO states that the Federal Government should manage climate-related financial risk within its procurement activity. This proposed rule looks to ensure that Federal procurements minimize the risk of climate change by requiring the social cost of greenhouse gas emissions to be considered in procurement decisions, and by giving preference to bids and proposals from suppliers with a lower social cost of greenhouse gas emissions. The social cost is an estimate of monetized damage from increases in greenhouse gas emissions.     

The Coalition plans to comment on the ANPR through the Green Committee.  If you have input on the ANPR, of if you would like to join the committee, please contact Aubrey Woolley at awoolley@thecgp.org 

 

DoD Posts National Industrial Security Program Documents

DoD has issued three documents related to the National Industrial Security Program: 

  • DoD Manual 5220.32 Volume 1 – Industrial Security Procedures for Government Activities: This manual “implements policy, assigns responsibilities, establishes requirements, and provides procedures, consistent with EO 12829, DoD Instruction 5220.22, and EO 10865, for the protection of classified information that is disclosed to, or developed by contractors, licensees, and grantees of the U.S. Government.” Additionally, the manual prescribes industrial security procedures and practices applicable to the Government’s activities using DoD as their cognizant security agency (CSA).  
  • DoD Manual 5220.32 Volume 2 – Procedures for Government Activities Relating to Foreign Ownership, Control, or Influence (FOCI): This volume “sets forth industrial security procedures and practices related to FOCI for DoD and non-DoD agencies, who have entered into agreements with DoD to act on their behalf to provide industrial security services.” 
  • DoD Instruction 5220.22: This instruction “establishes policy and assigns responsibilities for administration of the NISP in accordance with Executive Orders 10865 and 12829 (References (c) and (d)) to ensure that classified information disclosed to industry is properly safeguarded.”