How the CMMC is Changing Culture One Company at a Time

Note from John: Seems like every time I have a conversation with another colleague or company the topic of CMMC comes up. The Cybersecurity Maturity Model Certification is not going away…for many good reasons. As defense contractors we have to protect our assets, resources and those of our clients. It is in OUR best interest. Here is another great article from Jason Miller.

© Skorzewiak – depositphotos.com

This is a guest post by Jason Miller, executive editor, Federal News Network.

Let’s set the record straight: The Cybersecurity Maturity Model Certification, or CMMC, accreditation body is not part of the Defense Department.

Of all the misconceptions out there about CMMC, Chris Golden, a former member of the CMMC accreditation body and the director of information security for Blue Cross, Blue Shield, said that is the one he hears the most.

So 18 months into the CMMC development and roll out, Golden said industry and agencies still need to grasp why this initiative matters so much.

“We’re losing a lot of intellectual property as a country to our adversaries through gaps in cybersecurity practices and maturity throughout the supply chain. And right now, that’s focused on DoD supply chain, but it will very quickly go out,” Golden said in an interview. “If you look at the Air Force, Navy, Marine Corps F-35 aircraft, and then you look at the Chinese J-31 aircraft, and you wonder why those airplanes look exactly the same? You wonder how that happened. That’s the problem we’re trying to fix.”

Golden said the idea behind CMMC, and supply chain security more broadly, is changing one company’s culture at a time.

“As each company does their assessment, they’re going to get a little bit better. And hopefully, the next time they have their next assessment, they’re going to be a little bit better,” he said. 

“We’re just going to slowly change the culture, where companies are going to start looking at cyber the way they look at human resources. Most people that start a company are not experts on local, federal and state labor laws. So what do they do? They hire an expert to help set up a HR office to handle all that stuff for them to do everything right to keep them out of jail. Cyber has got to be seen as the same thing. It’s just part of doing business in the modern global enterprise. What we’re trying to do is we’re trying to get the point where people don’t forget about it or whitewash it or whatever the case is, but actually take it seriously as a part of doing business.”

That culture change has to happen with just more than defense industrial base companies. This is why the Department of Homeland Security and the General Services Administration are starting to consider how they can use CMMC.

Click the link below to read the full article and listen to Jason’s interview with Chris Golden, a former member of the CMMC accreditation body and the director of information security for Blue Cross, Blue Shield: https://federalnewsnetwork.com/cybersecurity/2021/02/cmmc-changing-culture-one-company-at-a-time/.


Small Business Start-Up Infrastructure

© elenabs – depositphotos.com

What should a small business’s back office look like, and how should it function? I sat down with TAPE’s Executive Vice President/General Manager Ted Harrison and we put some thoughts together.

A small start-up business has evolving needs as they begin and grow their business. These needs are ever changing but here are just a few functional areas that will need some attention and thought from the beginning. 

IT: Information technology is probably an easy thing to keep simple in the beginning. Each employee should have their own email on a company domain name (e.g., tape-llc.com), and this can be set up fairly cheaply. 

You can implement a shared cloud-based suite for collaboration such as Google Drive or Apple iCloud. These solutions are often enough to support a very small business’s needs. You can also take advantage of the benefits of Microsoft Office 365, which can grow with you. 

As the company begins to grow and protection of IP against cyber threats becomes more important, you will want to look at investing in an IT network either through outsourcing or internal support. (CMMC is just around the corner!)

F&A: In the beginning, your finance and accounting needs can be managed through QuickBooks or other rudimentary finance software. 

When payroll and AP become more complex and the company requires bank capital to operate, management by a dedicated accountant will become necessary. 

Once the accounting department grows to several people, it will be time to consider oversight by a controller. Outsourcing this function may be most cost effective in the early stages as you grow. 

HR: The human resources function can be outsourced from the beginning, if needed, to ensure that all Federal and State regulations are satisfied. It is fairly inexpensive to outsource the recruiting function. 

Once requirements increase including payroll, recruiting, and employee relations, it may be beneficial to have an HR director to manage the function. 

Contracts: A small company can often rely on expertise from the SBA, PTACs or other small business support entities, but once contracts grow it will be beneficial to have a dedicated contracts manager to ensure compliance with FARs and DFARs.

Your small business’s infrastructure will grow and change as your business evolves. Pay attention to where you’re feeling stretched so you can get the right support in place well before it’s needed.


New Government-Wide SDVOSB Certification Requirement and Process

Note from John: The VA’s role in certifying veteran-owned small businesses seems to be gone and the transfer of that role to the SBA appears to be underway. This really makes sense as they are the entity that certifies all the other socio-economic programs such as 8(a), HUBZone and ED/WOSB. 

Once the process is put into place I’m hopeful this will help streamline the process for new companies to get certified. Those companies that are currently self-certifying will have one year from the Go Live date to apply for the certification. After that date the self-certification is not valid even for Government requirements outside the VA.

© garagestock – depositphotos.com

This is a guest post by Steven Koprince of Koprince Law LLC. It was originally published on Dec 4, 2020, and the 2021 NDAA was signed into law on Jan 1, 2021.

The House and Senate have agreed to eliminate service-disabled veteran-owned small business self-certification and adopt a government-wide SDVOSB certification requirement, while transferring control of the certification process from the VA to the SBA.

The Conference Report on the 2021 National Defense Authorization Act would require government-wide SDVOSB certification (eventually) and transfer control of the Center for Verification and Evaluation from the VA to the SBA. Assuming the President signs the bill into law (which, unlike the typical NDAA, remains to seen), SDVOSB self-certification–which is still the law for non-VA contracts–is on its way out.

If you’re not the sort to read an entire National Defense Authorization Act, you can skip right to Section 862, where the SDVOSB changes are set forth. Here are some of the most important pieces of Section 862:

  • Government-Wide SDVOSB Verification Won’t Happen Overnight. The 2021 NDAA calls for the certification requirement to kick in “2 years after the date of enactment of this Act.” 
  • The SBA Will Be in Charge. Under the 2021 NDAA, the SBA, not the VA, will run the Government-wide SDVOSB certification program. The VA’s Center for Verification will be abolished and its functions transferred to the SBA. This move makes sense, given that the SBA runs all of the other Government-wide socioeconomic programs, and that SBA judges already provide oversight over SDVOSB and VOSB applications. The VA, however, will continue to determine whether an individual qualifies as a veteran or service-disabled veteran.
  • Self-Certified SDVOSBs Get a Grace Period. The 2021 NDAA says that once the program goes live (an event the bill calls the “transfer date”), a self-certified SDVOSB will have one year to file an application for certification.  If the application is filed within the one-year period, the company can continue to rely on its self-certification for non-VA contracts until the SBA makes a decision on the application.  Failing to apply within one year, however, will render the self-certification invalid. 

After the grace period ends, self-certified SDVOSBs will no longer be eligible for set-aside and sole source contracts, government-wide. The 2021 NDAA adds this language to the Small Business Act:

A contracting officer may only award a sole source contract to a small business concern owned and controlled by service-disabled veterans or a contract on the basis of competition restricted to small business concerns owned and controlled by service-disabled veterans if such a concern is certified by the Administrator as a small business concern owned and controlled by service-disabled veterans.

So there you have it: under the 2021 NDAA, government-wide SDVOSB certification will happen, and the SBA will take control of the certification (not “verification,” anymore) program. As I alluded to earlier, the President has threatened to veto the 2021 NDAA for reason unrelated to SDVOSB certification. But even if Congress accedes to the President’s requests, it seems unlikely that Section 862 is going away. Our best bet is that it becomes law in the next several weeks.

This post originally appeared at https://smallgovcon.com/service-disabled-veteran-owned-small-businesses/congress-approves-government-wide-sdvosb-certification-requirement-transfers-cve-to-sba/ and was reprinted with permission.


Federal Contracting in 2021 – My Thoughts

© iCreative3D – depositphotos.com

From COVID-19 to politics to protests, our world has changed a lot over the past year. Thankfully it does appear we can expect the potential for returning to some sort of normalcy on the COVID front toward the end of 2021. 

While some things may never return to what we once knew as “normal,” let’s look to some more positive things we can leverage moving forward: 

  1. Working from home is working. Over the past year, most of us have become quite proficient at working remotely from the comforts of home. After an initial learning curve, many of us have noticed a dramatic uptick in productivity and creative ways of accomplishing results in our new environments. As COVID gets more under control and the vaccine becomes available to the masses, I do believe our workforce will start to migrate back to the office, or more likely a hybrid approach where we will work from the office maybe 2-3 days a week and remotely the remainder. 
  2. We can make do with less space. As a small business one of our largest expenses is work space for employees. By adopting a more permanent work-from-home or hybrid approach, many companies will be able to reduce their office space square footage when re-negotiating their leases. Employees that are required to come into the office may “hot desk” their work spaces with other employees on alternate days. I’ve seen some of our Government clients transitioning to this model with great success.
  3. We can expand our recruitment nationwide. Of course our other major expense is our employees. Not only have our overhead employees been working remotely but so have many of our direct employees. This has allowed us to expand our search for top quality employees from all areas of the country. Since they may not reside in extremely high cost of living areas such as Northern Virginia or the DC Metro area, their salaries are often far less demanding, allowing us to be more cost competitive. 
  4. We can be team players. I see the continuation of the trend of moving requirements to established GWACs and multiple-award contract vehicles. Just a couple that come to mind for this year are CIO SP4 and Polaris. These contract vehicles provide the necessary access to the customers and their requirements and are excellent opportunities for the small business community to work with our large business counterparts to build the best teams. 
  5. Better virtual conferences and meetings. While I do see some events opening up toward the end of this year, it seems most will remain virtual. Over the past year there have been great improvements to virtual event platforms, with features like breakout rooms and other virtual introduction tools. It’s hard to beat face-to-face interactions, but we have come a long way. 

While no one can predict the future, one thing is certain – change is something that will continue.


Court of Federal Claims (COFC) Finds in Favor of the Small Business Community

Note from John: This is potentially huge news for the small business community. In recent years, the government has often put new or existing requirements directly onto a multiple-award large business IDIQ contract vehicle without doing an analysis to see if there are two viable small business entities capable of providing those services. This COFC finding mandates that the government do a Rule of Two analysis prior to moving the requirement onto the large business IDIQ. This will provide more opportunities for us…possibly many more. 

gavel
© AndreyPopov – depositphotos.com

This is a guest post by Nicole Pottroff of Koprince Law, LLC.

The United States Court of Federal Claims (COFC) has ruled that an agency has to conduct a small business Rule of Two analysis before it can use an existing multiple-award indefinite delivery indefinite quantity (MAIDIQ) contract vehicle to procure services.  This is a landmark decision, given that GSA Schedule contracts are exempt from the Rule of Two. 

The COFC’s decision in Tolliver Grp., Inc. v. United States, No. 20-1108C, 2020 WL 7022493 (Fed. Cl. Nov. 30, 2020), arose out of the Department of the Army’s decision to cancel two General Services Administration (GSA) Federal Supply Schedule (FSS) support staffing solicitations, which were 100% set aside for service-disabled veteran owned small businesses (SDVOSB). The solicitations sought fire support specialists training services for the Fires Center of Excellence field artillery school at Fort Sill. The Army had previously procured these services through a long-term omnibus MAIDIQ contract.

The Army first awarded the solicitations to two SDVOSBs. But it subsequently cancelled the solicitations and the awards for the purpose of transferring the work to an existing MAIDIQ. According to the Army, this Training Management Support (TMS) MAIDIQ would “provide a potentially better procurement vehicle for this requirement” than the GSA FSS contract.

Two SDVOSBs brought this lawsuit under the Tucker Act, arguing that the Army’s actions violated two laws: (1) the Administrative Procedure Act (more on that issue in an upcoming blog); and (2) the Rule of Two (the subject of this blog). Specifically, the plaintiffs argued that the Army violated the Rule of Two by “mov[ing] the unchanged requirements to the New Ft. Sill IDIQ, where only large businesses are eligible for award[.]”

The court explained:

The Rule of Two . . . is straightforward, and provides that the contracting officer shall set aside any acquisition over the simplified acquisition threshold for small business participation when there is a reasonable expectation that – (1) Offers will be obtained from at least two responsible small business concerns; and (2) Award will be made at fair market prices.

According to the court, the Army did not dispute that there were “at least two responsible business concerns capable of performing the work at fair market prices, or that, in general, the Rule of Two is mandatory.” The Army, instead, argued that the Small Business Act and the FAR gave it the discretion “to make use of a multi-award contract without first conducting a rule of two analysis to determine whether the task order should be set aside for small business.” The Army cited the following statutory language:

Federal agencies may, at their discretion:

(1) set aside part or parts of a multiple award contract for small business concerns . . . ;

(2) notwithstanding the fair opportunity requirements under section 2304c(b) of title 10 and section 4106(c) of title 41, set aside orders placed against multiple award contracts for small business concerns. . .; and

(3) reserve 1 or more contract awards for small business concerns under full and open multiple award procurements . . . .

The Army also cited the FAR clause for “[p]artial set-asides of multiple-award contracts[,]” which similarly says that “contracting officers may, at their discretion, set aside a portion or portions of a multiple-award contract” under certain circumstances.

Based on these sources, the Army argued that, since it “exercised its discretion not to set-aside any portion of the TMS MAIDIQ scope or any of the TMS MAIDIQ‘s contract awards for small business,” it could now “utilize the TMS MAIDIQ for any acquisition – and avoid the Rule of Two – so long as the contemplated scope of work is within the TMS MAIDIQ’s scope.”

But the court rejected this “sweeping inference.” The FAR and Small Business Act provisions the Army cited, instead, tell the agency “how a multiple award contract may be structured or how a task order competition under a multiple award contract may be competed.” They do not address whether the agency may ignore the Rule of Two simply because the agency prefers to use a MAIDIQ that already has been awarded. As the court explained:

[T]he fact that an agency has the discretion to partially set-aside “a portion” of a multiple award contract for small business does not lead to the ineluctable conclusion that having decided not to engage in a partial set-aside, an agency may thereafter dispense with the Rule of Two. The latter does not follow from the former. To the contrary, the grant of discretion applies even where the Rule of Two does not require a set-aside, but the grant of discretion does not somehow, by negative implication, eliminate the Rule of Two requirement.

As such, the court concluded that “[t]he Rule of Two unambiguously applies to ‘any’ ‘acquisition,’ FAR 19.502-2, without any loophole for MAIDIQ task orders.” The court noted, “where the FAR intends to make the Rule of Two entirely inapplicable to the selection of a particular procurement vehicle, the FAR knows how to do so,” and it cited FAR subpart 8.4, which expressly exempts FAR Part 8 FSS procurements from the Rule of Two requirements. The indefinite delivery contract regulations in FAR subpart 16.5, however, do no such thing.

Because there was no legal exemption from the Rule of Two for MAIDIQs, the court turned to the specific question of “whether the agency has any obligation to apply the Rule of Two to a particular scope of work that is covered by the scope of an already-issued multiple-award contract[]” before it can leverage the existing MAIDIQ.

To this, the court answered “yes.” Interestingly enough, its decision was actually based on a GAO decision, LBM, Inc., B-290682, where GAO found that the “Army violated FAR § 19.502-2(b) when [it] did not consider continuing to acquire the Fort Polk motor pool services under a total small business set-aside[.]” GAO’s decision there–and therefore, the court’s decision here–centered around the definition of an “acquisition.” The FAR defines an acquisition as:

the acquiring by contract with appropriated funds of supplies or services (including construction) by and for the use of the Federal Government through purchase or lease, whether the supplies or services are already in existence or must be created, developed, demonstrated, and evaluated. Acquisition begins at the point when agency needs are established and includes the description of requirements to satisfy agency needs, solicitation and selection of sources, award of contracts, contract financing, contract performance, contract administration, and those technical and management functions directly related to the process of fulfilling agency needs by contract.

According to GAO, the purchasing of services with appropriated funds in LBM was an acquisition, “regardless of the fact that the agency anticipated acquiring those services through their transfer to the [IDIQ] scope of work.” GAO said, “[h]ad the agency complied with the requirements of [the Rule of Two], it might have concluded that the [IDIQ] contracts were not the appropriate vehicle for this acquisition.” Thus, GAO concluded that “the agency’s intent to use a task order under [a multiple award contract] as the contract vehicle did not eliminate the legal requirement that the agency undertake that analysis.”

The COFC followed suit, stating:

The bottom line from this Court’s perspective is that the cancelled solicitations at issue here are themselves acquisitions. The government’s identification of a need – of a scope of work – that it must procure itself begins an acquisition. Accordingly, we view the identification of the continued need for [the two solicitations’] requirements as either part of in-process acquisition or a new acquisition.

According to the court, either way the acquisition is viewed, the Rule of Two applies. The court said, even if the Army had “satisfied its small business set aside obligations with respect to the TMS MAIDIQ acquisition in 2018,” that did not mean that it also satisfied those obligations with respect to the acquisitions of the requirements set forth in the 2020 solicitations. The court said:

In sum, the government’s failure to apply the Rule of Two prior to deciding to cancel the solicitations at issue is fatal to that decision, whether because that failure undermines the central rationale of the cancellation decision or whether because the decision to move the work to the TMS MAIDIQ prior to conducting a Rule of Two analysis constitutes an independent violation of law.

In the end, the COFC enjoined the agency from cancelling the solicitations and transitioning the work to the MAIDIQ (or to any other procurement vehicle) without first complying with the Rule of Two.

This is truly a landmark decision by the COFC–with the potential to affect a multitude of federal contracts. Especially of late, we have seen many federal agencies attempt to shuffle new requirements to existing IDIQs, often to simplify their acquisition procedures or avoid certain rules or litigation. At least now, those agencies will not be able to escape the small business Rule of Two in doing so.

This post was originally published on the SmallGovCon blog at https://smallgovcon.com/u-s-court-of-federal-claims/cofc-says-agency-must-consider-rule-of-two-before-using-multiple-award-idiq-contract-vehicle/ and was reprinted with permission.


Is it Time For a Controller?

© nikvector20 – depositphotos.com

As your small business grows, your needs and regulatory requirements change. You have to have approved forward pricing rates and go through audits. These are things that may be best suited to be led by a controller working directly with your organization, rather than an external bookkeeper or accountant. 

How to hire a controller

The first thing you need to determine before hiring a controller is which functions you actually want or need out of the position. Bookkeeping, accounts payable, accounts receivable, payroll, audit preparation, government rates submissions, pricing efforts…the list goes on. 

You need to also consider the level of experience and the systems they are expected to know and understand. Are you doing a conversion from an older system to something like Deltek Costpoint? If so, you may need someone with that requisite experience, and that experience does come with a price tag attached.  

Are they the lone ranger in their section or will they be managing staff, leading a team made up of payroll and AP personnel or even a junior bookkeeper? 

How much experience does the controller need to have in your specific industry? 

This is a tricky question in our GovCon industry. There are many requirements of us that the typical controller for a commercially-focused company may not know about or understand. Pricing and your direct/indirect rate structures are critical to your success and you want someone very familiar with these aspects. 

What are important qualities to look for in a controller?

  • Experience
  • CPA designation
  • Trustworthiness – After all, these folks will have access to all your organization’s financial accounts and data 
  • Dedication
  • Length of time at previous organizations – This is important because it takes some time for a controller to get acquainted with your organization and ways of doing business. You don’t want to get them up to speed and then have them leave quickly – likely to a competitor – with knowledge of your rates and practices. NDAs are needed but remember the NDA doesn’t erase their memory. 

To find controller candidates, look to your network or colleagues, friends, and industry organizations, as well as previous controllers or accounting staff; also consider third-party sites, recruiters, and LinkedIn. 

Here at TAPE we’ve just gone through the process of hiring our own new controller. We found the most important thing to do is to really define what you want before going out to look to fill a position. It’s also important to form a comfort level with that candidate. They will know all things financial about your organization. You have to be comfortable with that, and with them.


FAR Final Rule Increases both Micro-Purchase and the Simplified Acquisition Threshold

© ikuvshinov – depositphotos.com

While many federal agencies have already increased the thresholds for micro-purchase and simplified acquisition via deviations, the FAR has officially been updated as well. Effective August 31, 2020, the FAR has solidified the following thresholds:

  • $10K for micro-purchase (previously $3,500)
  • $250K for simplified acquisition threshold (previously $150K)

The increase to the simplified acquisition threshold should help small businesses, and here’s how: Purchases above the micro-purchase threshold, but not over the simplified acquisition threshold, shall be set aside for small business if two or more small firms are expected to compete. See FAR 19.502-2.

How can you leverage this rule to your advantage?

Micro-purchases or simplified acquisition threshold are ways in which smaller dollar amount contracts can be accomplished without any competition. These situations are perfect for new, emerging small businesses.  

Opportunities exceeding these limits have to go according to the regular FAR guidelines and do a regular acquisition (competition), unless you can do something with a set-aside that gives you a sole source. Government requirements falling within these dollar value limits can even be awarded to large businesses.  

There are some rules and regulations that must be considered, for example, you can’t do 10K a hundred times to support a $1,000,000 requirement but you can do 10K and even some renewals, etc.

Fundamentally this applies to something small, e.g., you’re going to send a couple employees in for a week of analysis and they can give you a sole source for $10,000 to do that easily.

For larger but still small increments up to $250K, there is a SAP (simplified acquisition procedure) FAR 19.502-2 explanation. That work that might only be a small amount to most big contracts, but it’s a way to get your foot in the door and get started, and you can do that on a sole source basis under the simplified acquisition rules. 

So certainly anyone who’s starting out, this is a way to get business directly for yourself. You have to go look at the rules and understand them, but the point is you can get a $10K purchase order directly, straight up, no competition, and these $250K ones with certain rules and regulations, and under certain conditions.


NDAA 2020 874 – Post-Award Explanations

© peshkova – depositphotos.com

Section 874 of NDAA 2020, Post-Award Explanations for Unsuccessful Offerors for Certain Contracts, “requires the FAR to be revised within 180 days to require that contracting officers provide a brief explanation of award, upon written request from an unsuccessful offeror, for task order or delivery order awards in an amount greater than the simplified acquisition threshold and less than or equal to $5.5 million issued under an indefinite delivery-indefinite quantity contract. Currently, offerors are only entitled to a debriefing after award of an order exceeding $5.5 million.” – Megan Connor, PilieroMazza

So what does this mean for us? Here’s what makes this important. Last year in the FAR rules, a detailed debrief of your losing proposal had to be made only if total value of the award exceeded $5.5 million. 

If it was less than $5.5 million, under those old rules, you weren’t entitled to anything. They literally didn’t have to even give you the time of day. All they’d tell you is that  XXX company won, not you. No explanation of what you did wrong or right. Hopefully you have all taken advantage of this rule change on every source selection this past year. If not, I suggest you add the request for a debrief into your standard process when an award notification (win or loss) is made.  

The revised rule states anything above the simplified acquisition threshold from $250K to $5.5 million now may provide you a brief explanation of award. You do have to request this and you should ALWAYS ask for it immediately after you receive the notice. 

The result is usually just a paragraph or two. It might be something like, “the offeror’s proposal was judged acceptable but not more than acceptable,” or it could say, “we awarded it to the lowest bidder.”  

This rule means you will get more explanatory results from your IDIQ task order bids and useful information for that next proposal. I hope you have taken advantage of this.


FAR Council Issues New Interim Rule on Section 889 – Prohibitions on Using Chinese Telecommunications and Video Surveillance Equipment

© PirenX – depositphotos.com

This is a guest post by Isaias “Cy” Alba, IV of PilieroMazza, PLLC.

Note from John: Seems like the list of action items for us small business folks is forever growing. With CMMC looming and now this requirement in place we must make sure we are ever vigilant to protect ourselves and our most important clients. This one requires the annual SAM reps and certs BUT also requires we conduct these repeated, reasonable inquiries throughout the contract performance. This one may not be so onerous…especially after the initial review of assets and services.

If you have not viewed PilieroMazza’s prior client alert and webinar on the implications of the new prohibition on the use of certain Chinese telecommunications and video surveillance equipment, we highly recommend you do so before reading this article as it will provide helpful background and information which we will not rehash in this article. You can find that content here and here, respectively.

The FAR Council released a new interim rule, effective October 26, 2020, allowing federal contractors who already certified in SAM, pursuant to the new FAR 52.204-26, that they “do not” use the prohibited equipment or services to update that certification only once a year instead of in conjunction with every proposal or bid pursuant to FAR 52.204-24(d)(2). Pursuant to this interim rule, FAR 52.204-26(c)(2) adds the following representation, which will be included in all contractor’s SAM representations and certifications:

After conducting a reasonable inquiry for purposes of this representation, the offeror represents that it [ ] does, [ ] does not use covered telecommunications equipment or services, or any equipment, system, or service that uses covered telecommunications equipment or services.

While the FAR Council has billed this as a change to ease the administrative burden of having to conduct repeated “reasonable inquiries” prior to certifications on each bid or proposal, this rule does NOT change the ongoing reporting requirements during contract performance which are, arguably, the most onerous part of the new Section 889 compliance regime.

Specifically, clients are already asking me about how this impacts the reviewing and reporting requirements of FAR 52.204-25, and whether this is still required if they take advantage of the new FAR 52.204-26 annual reporting. Unfortunately, the answer is “YES,” the constant monitoring and reporting during all federal contracts required under FAR 52.204-25(d) still applies. 

This means that even if a contractor has made the new FAR 52.204-26 certification in SAM, they still have to closely monitor the performance of themselves, employees, and subcontractors to ensure that none of the prohibited equipment or services are used or delivered on any federal contracts. If such use or delivery is found, the one-day required disclosure and the ten-day follow-up disclosures still apply in full force. 

Thus, while this new interim rule is helpful to ease the burden of having to perform a “reasonable inquiry” prior to every bid or proposal, it does not alleviate the eternal vigilance that all federal contractors must now undertake to comply with the full application of Section 889 of the 2019 NDAA.

Please contact Cy Alba, the author of this client alert, or a member of PilieroMazza’s Government Contracts or Cybersecurity & Data Privacy groups with inquiries.

This post originally appeared as a PilieroMazza Client Alert at https://www.pilieromazza.com/far-council-issues-new-interim-rule-on-section-889-prohibitions-on-using-chinese-telecommunications-and-video-surveillance-equipment/ and was reprinted with permission.


Proposal Support – Phone a Friend, or Make a Friend?

© garagestock – depositphotos.com

The cost of submitting a proposal to the government for a small business is huge, especially when you consider all the people who are involved in developing a proposal. There are proposal managers, tech writers, proposal coordinators, subject matter experts, pricing support, contracts managers – all these people play a part in doing proposal support. 

So depending on your company, in terms of its size, your resources, your existing employees, your existing contracts, you may or may not have those subject matter experts and proposal professionals on hand – someone who can “shred” a proposal, meaning they take all the requirements the government has put in the solicitation or RFP, and put them in a document that will be the outline for your submission back to the government. 

In the case where you do not have all these resources at the ready, and you’re without the staff members with the expertise necessary to submit a proposal, you have a decision to make. Can you hire all these people and make them a permanent part of your staff? And by the way, these people are not cheap; they’re experts at what they do. 

Another thing to consider in hiring a proposal manager or technical writer is, do you have enough throughput in proposals to keep those folks busy and justify those costs on an annual basis? They’ll have expectations that they’re going to be around longer than just this one proposal. This is their career; they’re in for the long-term.

So that is one option, to hire full-time employees, which is very expensive but may be the right decision depending on your circumstances. Or do you count on some other company to help you out, who may be willing to provide or lend you those resources, such as a partner company or friend, at least until you grow? 

Or, as a third option, do you reach out to a consultant or proposal resource organization? These companies, like our friends at Proposal Helper, have proposal experts on their staff, and essentially rent them to you for a period of time while you work on your proposal.

Those are big questions that you have to ask, and it all depends on the depth of your wallet, and your needs. If it’s a small task order, you might not need all of those resources, but somebody still has to write a compelling document that meets all the requirements of the solicitation that the government has put out. So you have to figure out where those people are coming from. 

Do you have the expertise on staff, or can you hire the experts you need? Can you phone a friend? Is there another company that has those resources and are willing to let you use them? Or will you make a friend? Do you reach into your wallet again, on a temporary basis, to hire the services of a proposal resource organization

These are all good options but you have to figure out which fits your small company.


css.php