Photo of Nicole Owren-WiestPhoto of Steve McBradyPhoto of Elizabeth Buehler

The Defense Contract Audit Agency (“DCAA”) recently made public its Fiscal Year (FY) 2018 Report to Congress (“Report”), which, among other things, provides an update on its incurred cost audits and highlights DCAA’s industry outreach activities.  Although the Report touts DCAA’s elimination of the incurred cost audit backlog, DCAA acknowledges that there still is a backlog of 152 years, the majority of which is due to reasons purportedly beyond DCAA’s control, and that is not yet in compliance with the NDAA 2018 requirements to complete incurred cost audits within 12 months of receiving a contractor’s adequate proposal.  To “eliminate” the backlog, DCAA “closed 8,482 incurred cost years with a total dollar value of $392.2 billion” using a variety of methods, including reports and memos – the latter of which account for more than half of the years closed.  Other reported methods for closing out audits included that the contractor went out of business or did not have any flexibly- priced contracts.

Additionally, according to DCAA, it:

  • Sustained audit exceptions for incurred costs 24.1% of the time, which is down from 28.6% in FY 2017 (and is calculated only “based on contracting officer negotiation decisions,” i.e., it does not include successful contractor appeals or settlements following a Contracting Officer’s Final Decision);
  • Calculated the time to complete an incurred cost audit at 125 days, which is down from 143 days in FY 2017 (although this calculation is “measured from the date of the entrance conference to report issuance” and, thus, does not account for when the contractor actually submitted its incurred cost proposal to DCAA);
  • Will continue to “dedicate the audit resources necessary to meeting the NDAA requirements in FY 2019”; and
  • “With the backlog behind [it], will be returning to a more balanced mix of audits across [its] whole portfolio, including business systems, Truth in Negotiations, Cost Accounting standards, pre-award surveys, claims, and terminations.”

The Report also summarizes its outreach actions toward industry, including its engagement with the Section 809 Panel.  In this respect, the Report references the Professional Practice Guide (PPG), which was included in Part III of the Panel’s Report, as previously discussed here.  According to DCAA, the PPG “will provide consistency in the way DCAA and Independent Professional Accounting Firms [(“IPA”)] consider risk and materiality.”  Indeed, the Report indicates that DCAA plans “to use the PPG to meet Congressional requirements to establish, codify, and implement these new materiality thresholds” and that the PPG also “will be important to IPAs when they perform select incurred cost audits for contractors previously audited by DCAA.”

Photo of Anuj VohraPhoto of Monica DiFonzo SterlingPhoto of Karla Perez Chacon

Last month, in National Government Services, Inc. (“NGS”) v. United Statesa pre-award bid protest handled by Crowell & Moring—the Federal Circuit ruled that “workload caps” imposed by the Centers for Medicare & Medicaid Services (“CMS”) in its administration of the Medicare Program violated the Competition in Contracting Act’s (“CICA”) “full-and-open competition” requirement. In so doing, the Federal Circuit reversed a Court of Federal Claims (“COFC”) decision that upheld the caps (a prior GAO decision had done the same), clarified the meaning of “full and open,” and clarified the scope of agency authority pursuant to the Federal Acquisition Regulation (“FAR”) to address concerns about competitive balance in the marketplace.

Background

In 2003, as part of the Medicare Modernization Act, Congress established the Medicare Administrative Contractor (“MAC”) program, through which CMS contracts with third-parties to administer Medicare claims and benefits. Under the MAC program, the United States is divided into twelve regions representing different percentages of the total MAC workload depending on the region’s size; CMS awards individual contracts for each.

In 2010, pursuant to its authority to administer the MAC program, CMS implemented the workload caps at issue. Pursuant to the caps, an individual MAC contractor could not hold more than 26% of the national Medicare workload. CMS identified two overarching concerns animating the caps: (1) business continuity issues for the Medicare program should a single entity holding too much of the workload suffer a “disaster event” such that it was unable to continue performance; and (2) the need to maintain a dynamic, competitive marketplace of available MAC contractors. Although CMS placed no limitation on the number of contracts for which for a contractor could bid, the caps precluded a contractor from winning an award that would result in it exceeding the 26% threshold, even where CMS deemed its proposal to represent the best value in a particular procurement.

In 2017, CMS issued an RFP for the MAC contract in Jurisdiction 8, the award of which would put NGS, a current MAC contractor, over the 26% threshold. In November 2017, NGS filed a pre-award protest at GAO challenging the caps as incorporated into the Jurisdiction 8 procurement, arguing that they violated CICA’s the FAR’s full-and-open competition requirements, and that CMS lacked authority to implement them. GAO denied the protest. So too, did the COFC after NGS filed a follow-on protest in February 2018.[1] NGS ultimately found success when the Federal Circuit reversed the COFC decision, and accepted NGS’ arguments nearly in their entirety.

 The Federal Circuit’s Decision

 In reversing the COFC’s decision, the Federal Circuit considered two questions. First, did CMS’ workload caps violate CICA and the FAR’s full-and-open competition requirements? Second, if yes, was CMS nonetheless authorized to implement them?

The Federal Circuit answered the first question affirmatively, rejecting the Government’s argument that because the caps did not prevent NGS from submitting a proposal, the MAC procurements were full and open (the COFC accepted this argument). The Court explained that simply being able to submit a bid was insufficient where “a responsible offeror that would exceed the workload caps is not given the same opportunity to win an award as other offerors that submitted awardable proposals.” The Court also rejected the Government’s efforts to characterize the caps as evaluation criteria, explaining that they were “not requirements tailored to meet CMS’ needs for a particular procurement” or “based on some capability or experience requirement.” Instead, the caps were CMS’ “attempt to divvy up the MAC contracts in a way that ensures business continuity and helps maintain a competitive MAC market.”

In answering the second question—whether CMS was authorized to implement the caps—the Court noted that CMS’ concerns about “business continuity” and maintaining a competitive marketplace were neither improper nor lacked a rational basis. But absent express authority allowing CMS to limit competition—which the Court concluded the Medicare statute does not grant—CMS was required to utilize specific mechanisms included in CICA and FAR Part 6 to address such concerns. Those mechanisms do not include the broad, program-encompassing caps CMS attempted to impose.

Instead, CICA (at 41 U.S.C. § 3303) and the FAR (at Subpart 6.2) allow agencies, on a procurement-specific basis, to exclude a particular offeror from a procurement in order to promote business continuity and market competition. But CICA and the FAR require that any such exclusion be accompanied by a written Determination and Findings signed by the head of an agency or its designee detailing the justification for the exclusion. While this is, on its face, an onerous requirement, the Court rejected the Government’s argument that CMS need not utilize FAR Part 6 because doing so would be too difficult:

As the Government’s brief tellingly notes, during the time period when CMS used a case-by-case approach to analyze business continuity and competition concerns . . . “CMS had been unable to identify factors that would ‘tip the scales’ for an offeror to lose an award and found it difficult to justify a decision to deny an award based upon business continuity and competition concerns under those circumstances.” But regardless of how difficult it may or may not be to justify excluding a source from competition, this justification is what the FAR requires.

Because it held that CMS had failed to implement the caps properly, the Court did not consider the rationality of the caps themselves, explaining that it would “leave those issues to be addressed in a case in which CMS has followed the proper procedures to address its overarching market concerns.”

Conclusion

While agencies have are afforded substantial discretion to administer their procurements in the manner they best see fit, the Federal Circuit’s decision in NGS is a reminder that such discretion is not unfettered. Absent express authorities stating otherwise, bidders are entitled to full and open competition in federal procurements, subject only to the constraints specifically delineated in CICA and the FAR.

 

[1] At the Court of Federal Claims, NGS amended its complaint to include a pre-award challenge to CMS’ inclusion of the caps in the procurement of a new MAC services in Jurisdiction H.

Photo of Kris D. MeadePhoto of Rebecca SpringerPhoto of Kate M. Growley, CIPP/G, CIPP/USPhoto of Laura J. Mitchell Baker

Following the announcement of the White House’s Executive Order on Maintaining American Leadership in Artificial Intelligence (EO) and the Department of Defense’s (DOD) Artificial Intelligence Strategy (AI Strategy) in February, as reported on here, the United States recently endorsed the Organization for Economic Co-operation and Development Council’s (OECD) Recommendation on Artificial Intelligence (Recommendation) – the world’s first intergovernmental policy guidelines for Artificial Intelligence (AI).  In the Recommendation, the OECD sets forth the “Principles on Artificial Intelligence” to promote innovative and trustworthy AI in harmonization with human rights and democratic values.  More than 40 countries have adopted these principles – including all 36 OECD member countries and 6 non-member countries – signaling global cooperation, coordination, and commitment to human ethical and social considerations in promotion of AI.  Companies are likely to see more efforts and progress from the White House and around the federal government in support of sustainable, responsible AI.

 

OECD’s Recommendation – Principles on Artificial Intelligence

With the support of six non-member countries, the OECD hopes that the Recommendation and its five value-based principles will be embraced by any democratic nation, or a nation who shares democratic values, to facilitate an open dialogue on AI.

The Recommendation identifies five values-based principles for countries to implement in their promotion of reliable AI:

  • Inclusive growth, sustainable development, and well-being to benefit people and the planet.
  • Human-centered values and fairness that respects the rule of law, human rights, democratic values and diversity, including appropriate safeguards to ensure a fair and just society.
  • Transparency and responsible disclosure in AI systems to ensure people understand and challenge AI-based outcomes.
  • Robustness, security, and safety in AI systems throughout their life cycles.
  • Accountability among organizations and individuals developing, deploying, and operating AI systems.

With these guiding principles, the OECD asks countries to consider the following five recommendations:

  • Facilitate public and private investment in research & development to spur innovation in trustworthy AI.
  • Foster accessible AI systems with digital infrastructure, technologies, and mechanisms that allow for collaboration with data and knowledge.
  • Create an environment to foster the deployment of trustworthy AI systems.
  • Empower people with AI skills and support workers in jobs that will employ AI.
  • Cooperate across borders and public sectors to ensure responsible control of AI.

In recognizing that countries need assistance in carrying out these principles, the OECD will launch the OECD AI Policy Observatory (Observatory) later this year.  The Observatory will be an online live database containing AI resources, from policies and strategies to general information on AI.  In addition, countries and other stakeholders will be able to share and update their own AI policies, which will provide an interactive comparison of their respective AI strategies and initiatives.  Likewise, the Observatory will provide a platform to discuss and debate AI issues for the international community and other stakeholders.

 

Significance of the United States’ Support of OECD’s Recommendation

The OECD’s Recommendation is a historic step for the United States and the other member states, and is very significant for the United States as it joins the international community in its pledge for responsible AI.  This should come as no surprise, as the Recommendation echoes the White House’s and DOD’s recent announcements on AI.  Prior to these announcements, the United States did not have a public position with regard to the ethical and social considerations of AI.  But, the United States’ public support of the Recommendation – along with the EO and AI Strategy – demonstrates the United States’ unequivocal commitment to values-based AI.  As a result, companies are likely to see more opportunities to partner with the federal government in developing AI.  The United States Department of Commerce’s National Institutes of Standards and Technology (NIST) has already taken steps in this direction, and issued a Request for Information for help to create technical standards and tools in consideration of AI technologies.  Companies should expect other federal agencies to follow suit in the search for and promotion of responsible AI.

Photo of Mana Elihu Lombardo

The Digital Revolution is here. Contractors are reinventing their products, customer experiences, and business models — and transforming the public sector marketplace as a result.  Meanwhile, government agencies are increasingly using emerging technologies and developing plans to promote and incentivize their use. Join us on May 8, 2018, at 10:30 AM Eastern, as Crowell & Moring attorneys Gail Zirkelbach, John Gibson, and Mana Lombardo lead a discussion highlighting regulatory and contractual compliance considerations that are pivotal to successful planning and implementation of transformative technology in government contracting. Specific topics include:

  • 3D Printing
  • Artificial Intelligence
  • Blockchain

OOPS begins tomorrow! For more information and to register, please click here.

Photo of Crowell & Moring

Crowell & Moring’s 35th annual Ounce of Prevention Seminar (OOPS) is just around the corner, taking place on May 7 and 8 at the Renaissance Hotel in Washington. At this year’s seminar, “The Challenging Climb to Reach New Heights,” the Government Contracts Group will provide updates and insight in a variety of areas, including ethics and compliance, bid protests, False Claims Act enforcement, cybersecurity, international issues affecting government contractors, and more.

Check back here for updates from our panelists, who will preview sessions on international considerations, #MeToo, and emerging technologies.

For more information and to register for OOPS, please click here.

Photo of John E. McCarthy Jr.Photo of Nicole Owren-WiestPhoto of Meredith Parnell

On March 21, 2019, the Department of Defense (DoD) Defense Innovation Board (“DIB”) released a report, Software is Never Done: Refactoring the Acquisition Code for Competitive Advantage (“the Report”), summarizing DIB’s Software Acquisition and Practices (SWAP) study, which was mandated by the National Defense Authorization Act of Fiscal Year (FY) 2018. The two-year study involved conversations with Congress, the DoD, federally-funded research and development centers, contractors, and the public focused on ways in which DoD can take advantage of the strength of the U.S. commercial software ecosystem. In addition, the Board solicited feedback on concept papers and draft versions of the Report leading up to its publication.

DIB describes the ideal approach to software development as one of “iterative development that deploys secure applications and software into operations in a continuing (and continuous) fashion.” The Report is critical of current DoD software projects where the DoD “spends years on developing requirements, taking and selecting bids from contractors, and then executing programs that must meet the listed requirements before they are ‘done.’” DIB concluded that, as a result, software is obsolete before it reaches the field, is ill-matched to the needs of users, and risks positioning the DoD behind adversaries like China, which leverages private industry to develop national security software.

The Report makes 26 specific recommendations that flow from three fundamental themes: (i) “speed and cycle time” are the critical metrics for managing the DoD’s procurement, deployment and updating of software; (ii) the DoD must do more to educate, retain, and support the best internal software developers; and (iii) software development can no longer be managed as if it were hardware.

Among other things, the Report urges the DoD to immediately:

  • Require suppliers to provide access to “source code, software frameworks, and development toolchains, with appropriate intellectual property (IP) rights, for all DoD-specific code,” enabling the DoD to perform full security testing and rebuilding of binaries from the source. The Report notes that contractors should have licensing agreements to protect any IP developed with their own resources.
  • Shift away from the use of “rigid requirements for software programs to a list of desired features” with minimum standards for operation, security, and interoperability.
  • Make security a “first-order consideration” for all software intensive systems and acquisition programs, and prioritize “regular and automated penetration testing” to expose vulnerabilities and breach DoD systems before adversaries do.

DIB proposes that the DoD secure high-level support for the Report’s vision during FY 2019, and begin initial deployment of its recommendations in FY 2020.

Photo of Mark RiesPhoto of Anuj VohraPhoto of Christian CurranPhoto of Meredith Parnell

Much that has been written about the bid protest reforms in the Section 809 Panel’s final report has focused on Recommendations 66-69, which expressly address (and propose changes to) the protest process at the U.S. Government Accountability Office (“GAO”) and the Court of Federal Claims (“COFC”). But the 809 Panel’s most impactful recommended changes to the protest process actually may be contained in Recommendation 35 (“Rec. 35”). There, in the context of a discussion of “updating” the Department of Defense’s (“DoD”) process for the acquisition of commercial and related items and services, the 809 Panel proposes to eliminate entirely GAO/COFC protests for such acquisitions valued at less than $15 million (and likely many above that threshold as well).

As discussed further below, the implementation of Rec. 35 may have unstated consequences that could ripple across both DoD and civilian agency acquisitions.

A. Recommendation 35: An Entirely Different Protest Process for Acquisitions of “Readily Available” Goods and Services

Rec. 35 proposes that DoD “[r]eplace commercial buying and existing simplified acquisition procedures and thresholds with simplified, readily available procedures for procuring readily available products and services and readily available products and services with customization.” The recommendation stems from the 809 Panel’s belief that to operate effectively, DoD must be able to procure readily available items and services as would a private sector company, without the current FAR-based constraints.[1]

In Rec. 35, the 809 Panel proposes replacing DoD’s current commercial-buying framework with two newly-defined categories of products and services: “readily available” (“RA”) and “readily available with customization” (“RAC”). These two categories would greatly expand the concept of “commercial items.” The 809 Panel defines RA products and services as those “that require no customization by the vendor and can be ordered directly by customers, to include products and services that only governments buy.” RAC products and services are defined as those “sold in the private sector, including to other public-sector customers, for which customization or manufacturing that is consistent with existing private-sector practices is necessary to meet DoD’s needs.” The only acquisitions not covered under these two categories are those for which “DoD finance[s] development . . . to provide a defense-unique capability.”

The breadth of these definitions is important given the 809 Panel’s recommendations for acquiring these goods and services and, significant here, challenging those acquisitions:

  • No Advance Public Notice. Procurements for RA goods or services—whether customized or not—valued at less than $15 million would have no public solicitation or bidding process. Instead, a DoD contracting officer would need only to conduct sufficient market research to confirm that the goods and services being acquired were, in fact, readily available.[2] The lack of public notice or solicitation precludes the possibility of pre-award protests. And following award in such procurements, the procuring agency would need only post a notice of the award, and make the contracting file publicly available.[3]
  • Limited Award Challenges. GAO and the COFC would no longer have jurisdiction to consider protests arising out of RA procurements—customized or not—below the $15 million threshold. Instead, contractors wishing to challenge an award would be able to file only a post-award, agency-level protest, limited only to the question of whether the agency conducted adequate market research and reasonably concluded that the goods or services in question were readily available. (Procurements where a traditional solicitation is issued would generally remain subject to the GAO’s and COFC’s bid protest jurisdiction (subject to other recommendations contained in the 809 Report).

B. Impact of Recommendation

By their very terms, the procedures proposed in Rec. 35 would drastically change the way commercial items are procured. And given the expansive definitions of RA and RAC, there are few things—beyond major defense acquisition programs—that would not qualify. Indeed, the 809 Panel acknowledges that under these broad definitions in the report, “nearly all of the services DoD procures should meet the definition of readily available with customization.” Moreover, because the 809 Panel proposes that DoD may use the RA procedures for procurements in excess of the $15 million threshold with only authorization at the local level by the “chief of the contracting office,” DoD could use these procedures for procurements well in excess of $15 million with minimal, if any, transparency.

If implemented, these procedures also could have a ripple effect across DoD procurements in a variety of ways, and affect non-DoD procurements as well.

First, the new acquisition procedures would eliminate pre-award public scrutiny—and protests—of RA and RAC procurements where there is no public solicitation. This could stifle opportunity for small businesses and nontraditional contractors to access DoD procurements in favor large, traditional contractors with deep connections to DoD. This also would allow DoD to operate a huge swath of its expenditure of taxpayer funds unchecked at the pre-award stage, precluding both public scrutiny and eliminating potential offerors’ ability to challenge the ground rules of the procurement where the agency’s procurement may unduly restrict competition, improperly favor one offeror over another, or otherwise violate procurement law or regulation.

Second, the new procedures would significantly circumscribe the post-award protest process. The procedures completely remove oversight outside of DoD itself by eliminating GAO/COFC jurisdiction and leaving only agency-level protests. And even what is left within DoD can hardly be described as a protest. By limiting agency-level protests to the question of whether an agency conducted sufficient market research to determine commercial availability, Rec. 35 removes all other traditional grounds of protest—i.e., equal treatment of offerors, realism of proposed pricing, sufficient consideration of apparent organizational conflicts of interest, rationality of award decision, etc.

The ability to bring these types of traditional protest grounds serve not only to protect the investment of individual offerors in a given procurement, but to safeguard the integrity of the procurement system. Under the 809 Panel’s proposal, for the acquisition of RA products/services—with or without customization—where a solicitation is not issued, there would be nearly zero outside oversight of DoD procurement decisions. And although the 809 Panel asserts that releasing the “contract file” would increase transparency, even if true, that transparency is offset by the minimal information that would be included in the file and the lack of a viable mechanism to act on it.

Third, the limitation of protests proposed by the 809 Panel would also call into question the decades of legal precedent at GAO and COFC that contractors and agencies rely upon when planning acquisitions and bidding on procurements. And this uncertainty would likely have a severe impact on agency and contractor productivity and efficiency when it comes to planning and executing a procurement. Without a process to incentivize compliance, DoD agencies using RA procedures may choose to ignore established decisional law, adversely affecting an offeror’s ability to understand the legal boundaries of the agency’s procurement process.

Moreover, the proposed changes in Rec. 35 (and others) will create separate procurement and protest systems for the DoD and civilian agencies. Historically, this bifurcated approach created significant confusion, inefficiency, especially among the contractor community and particularly for those companies who operate in both the DoD and civilian spaces. These concerns eventually prompted the departure from the old Armed Services Procurement Regulation (“ASPR”)/Federal Procurement Regulation (“FPR”) split and the development of unified procedures under the FAR. Rather than propelling procurement to the future, the 809 Panel essentially seeks to revert to bygone days. As such, contractors once again will have to adapt not only to the new DoD processes, but also to the different, civilian agency procurement process.

All of these issues demonstrate that the RA procedures proposed by the 809 Panel may create significant upheaval in the DoD procurement community that could dramatically change how contractors will need to operate with regard to DoD procurements. But despite its “bold” proposals, the 809 Panel cites to very little by way of studies or research to support the benefits—much less the necessity—of these recommendations. Indeed, just last year the RAND Corporation released a comprehensive study of DoD procurements that found that bid protests were not a significant impediment to the procurement process. Thus the drastic revisions to the DoD protest process appear to be simply change for change sake, at best a solution in search of a problem.

Although improvements to the procurement process are always worth considering, the drastic measures called for in Rec. 35 threaten to upend decades of established legal principles in the procurement arena, and make the process less, not more, transparent for the public and for contractors. Contractors should take heed when examining their positions on these important issues and continue to monitor congressional activity in this area going forward as these reforms likely will dramatically impact many defense contractors’ business.

 

[1] In putting forward its belief that drastic changes are needed, the 809 Panel makes no distinction between the procurement of cutting-edge technology advancements from nontraditional businesses and the procurement of office supplies or custodial services for a support agency office.

[2] Although the report identifies a $15 million maximum for use of its new market research process, it also authorizes the process for RA and RAC procurements of any value in excess of $15 million if the “chief of the contracting office” authorizes use of the process in writing. No criteria govern use of this authority. The 809 Panel references FAR subpart 2.1, Definitions, for the definition of “chief of the contracting office,” but that term is not defined in the FAR. The term “contracting office” is defined essentially as any “office that awards or executes a contract.”

[3] Publicly posted contracting files would include identification of the products/services procured and the price paid, the contracting officer’s market research, and a “short award decision document” when the awardee was chosen based on factors other than price.

Photo of Peter J. EyrePhoto of Daniel R. FormanPhoto of Evan D. WolffPhoto of Kate M. Growley, CIPP/G, CIPP/US

Crowell & Moring has issued its fifth annual report on regulatory trends for in-house counsel. “Regulatory Forecast 2019: What Corporate Counsel Need to Know for the Coming Year” explores a diverse range of regulatory developments coming out of Washington and other leading regulatory centers of power, and it takes a deep dive into international trade—examining the challenges and opportunities that will arise in the year ahead as global businesses compete in the digital revolution and operate their businesses across borders.

The section focusing on government contracts, Battening Down the Hatches on Cybersecurity,” discusses why doing business with the federal government will get tougher as requirements for cybersecurity become stricter.

Also relevant to contractors is the article Congressional Influence on Rulemaking is On the Rise,” which discusses how congressional input on rulemaking is increasing as the Trump administration pursues deregulation.

Be sure to follow the conversation on Twitter with #RegulatoryForecast.

Photo of Evan D. WolffPhoto of Kate M. Growley, CIPP/G, CIPP/USPhoto of Michael G. Gruden, CIPP/GPhoto of Payal NanavatiPhoto of Judy Choi

Adding to the Defense Contract Management Agency’s (DCMA) new cybersecurity responsibilities, the Department of Defense (DoD) Under Secretary of Defense for Acquisition and Sustainment (USDAS) recently issued a memorandum titled Strategically Implementing Cybersecurity Contract Clauses that increases DCMA’s role.  The memorandum tasks DCMA with implementing a process to perform company-wide assessments of contractors’ compliance with the DFARS Safeguarding Clause and the related solicitation provision, DFARS 252.204-7008 Compliance with Safeguarding Covered Defense Information, in lieu of the current contract-by-contract assessment of the Clause and Provision requirements.

Specifically, the memorandum addresses the inefficiencies caused by DFARS 252.204-7008, which requires contractors to self-certify on a contract-specific basis implementation of National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 as required by the Safeguarding Clause.  USDAS notes that this approach impedes the effective implementation of requirements to protect the DoD’s Controlled Unclassified Information (CUI).  To resolve these issues, the memorandum directs DCMA to develop a proposed path to issue no-cost bilateral block modifications to contracts administered by DCMA and recommend to the USDAS a set of business strategies to:

  • obtain and assess contractor system security plans (SSPs) and associated plans of action and milestones (POAMs) at a strategic level as an alternative to the contract-by-contract review;
  • propose a methodology to determine contractors’ cybersecurity readiness at a strategic level and assign levels of confidence for contractors’ readiness assessment at the corporate, business sector or facility level; and
  • propose how to communicate contractors’ cybersecurity readiness and confidence level to DoD components.

Of note, DCMA is further instructed to engage industry to discuss methods to oversee the implementation of the DFARS Safeguarding Clause and NIST SP 800-171.  It is possible that this industry engagement may occur through another DoD Industry Day, since the last DFARS Safeguarding Clause-related Industry Day occurred almost two years ago.

Industry will once again take a “wait and see” approach to the DoD’s policy implementation since the DCMA is directed to take action after March 1, 2019.

Photo of David B. Robbins

This week’s episode covers government shutdown, trafficking in persons policy, and False Claims Act news, and is hosted by partner David Robbins. Crowell & Moring’s “Fastest 5 Minutes” is a biweekly podcast that provides a brief summary of significant government contracts legal and regulatory developments that no government contracts lawyer or executive should be without.

ListenCrowell.com | PodBean | SoundCloud | iTunes