Welcome to Jenner & Block's Government Contracts Legal Round-Up, a biweekly update on important government contracts developments. This update offers brief summaries of key developments for government contracts legal, compliance, contracting, and business executives. Please contact any of the professionals at the bottom of the update for further information on any of these topics.

Executive Actions

1.  OMB Issues Memo Regarding "Protecting Critical Software Through Enhanced Security Measures" (August 10, 2021)

  • In this guidance, OMB identifies the "pressing need" for agencies to implement more rigorous protections for critical software pursuant to Executive Order 14028, Improving the Nation's Cybersecurity (May 12, 2021).
  • "Critical software" is defined by the National Institute of Standards and Technology (NIST) as, among other things, any software that runs with elevated privileges or manages privileges; is designed to control access to data or operational technology; or performs a function critical to trust.
  • OMB's memo provides instructions for a phased implementation that first focuses on a list of standalone, on-premises software that performs security-critical functions or poses similar significant potential for harm if compromised.
  • Subsequent phases of implementation will address additional categories of software, as determined by the Cybersecurity and Infrastructure Security Agency (CISA), including software that controls access to data, and cloud-based and hybrid software.
  • Within 60 calendar days (or by October 9), agencies must identify all agency critical software, in use or in the process of acquisition.
  • Within one year (or by August 10, 2022), agencies must implement the security measures designated by NIST for all categories of critical software included in the initial phase.
  • Contractors should anticipate new rules and/or contract requirements for enhanced security measures for federal procurement of critical software products, often purchased as commercial items.

2. DOJ Issues Memo Regarding New Vaccine Certification/Testing Requirements Instituted by President Biden (August 13, 2021)

  • The Department of Justice (DOJ) is one of the first agencies to release guidance to implement President Biden's July 29 COVID-19-related enhanced safety standards for those accessing government facilities. We have not yet seen guidance from OMB or other agencies, but anticipate such guidance soon.
  • According to its guidance, DOJ will ascertain the vaccination status of every individual who enters a DOJ facility, specifically, DOJ employees, contractors, and visitors. DOJ will soon release an electronic link for entering this information.
  • Non-vaccinated individuals, including those not yet fully vaccinated or who decline to respond, will be required to comply with the CDC and DOJ guidance for unvaccinated individuals, including:
    • Mandatory mask wearing and physical distancing;
    • Submitting to weekly or bi-weekly COVID-19 testing;
    • Demonstrating negative test results prior to entering DOJ buildings or participating in official events at other locations; and
    • Adhering to applicable travel restrictions and protocols.
  • Further guidance for contractors will be forthcoming in the "near future."
  • Medical information will remain confidential and may only be disclosed on a "need to know" basis.

Regulatory Update

1. FAR Case 2017-011: Section 508-Based Standards in Information and Communication Technology, Final Rule Effective September 10, 2021 (August 11, 2021)

  • This final rule will amend the Federal Acquisition Regulation (FAR) to incorporate recent revisions and updates to accessibility standards issued by the US Access Board.
  • Among other things, section 508 of the Rehabilitation Act of 1973 mandates that Federal agencies "develop, procure, maintain, or use" information and communication technology or "ICT" in a manner that ensures those with disabilities have comparable access to, and use of, such information and data.
  • The Access Board completed a multiyear effort to update its existing set of standards to address advances in ICT, harmonize with accessibility standards around the world, and ensure consistency with regulations promulgated since the late 1990s.
  • There is a generally a safe harbor for ICT acquired on or before January 18, 2018, but such products will need to be upgraded or modified to conform to the new standard if such ICT is altered after January 18, 2018, or does not comply with the original 508 standards. In addition, ICT acquired after January 18, 2018, must be upgraded or modified to conform to the new standards. The upgrades and modifications will be included in agency requirements documents.

2. FAR Case 2016-011: Revision of Limitations on Subcontracting, Final Rule Effective September 10, 2021 (August 11, 2021)

  • This final rule will amend the FAR to implement revised and standardized limitations on subcontracting, including the nonmanufacturer rule, that apply to small business concerns.
  • The purpose of this rule is to implement statutory authorities and SBA regulations that are designed to make it easier and less burdensome for small business prime contractors to comply with requirements related to how much work they may subcontract under Federal contracts, including task and delivery orders under those contracts (i.e., the "limitations on subcontracting").
  • The changes to these requirements are intended to ease compliance costs and provide more authorized ways to subcontract.
  • A Class Deviation published on August 19, 2021, further modified FAR language to clarify the SBA intent to include some exclusions to the 50 percent limitation on subcontracting for service contracts.

3. FAR Case 2019-004: Good Faith in Small Business Subcontracting, Final Rule Effective September 10, 2021 (August 11, 2021)

  • This final rule will amend the FAR to provide examples of failure to make good faith efforts to comply with a small business subcontracting plan, which could result in the assessment of liquidated damages per FAR 52.219-16, Liquidated Damages-Subcontracting Plan.
  • As background, small business subcontracting plans are required from large prime contractors when a contract is expected to exceed $750,000 ($1.5 million for construction) and has subcontracting possibilities.
  • FAR 19.704 lists the elements of the plan, which include the contractor's goals for subcontracting to small business concerns and a description of the efforts the contractor will make to ensure that the full panoply of eligible small business concerns have an equitable opportunity to compete.
  • FAR 19.705-7 contains examples of a good faith effort, and examples of a failure to make a good faith effort. The following may be indicators of a failure to make a good faith effort:
    • Failure to use market research to identify eligible small business concerns, including the use of Federal Systems such as SBA's Dynamic Small Business Search or SUBNet systems.
    • Failure to designate and maintain a company official to administer the subcontracting program and monitor and enforce compliance with the plan.
    • Failure to submit required reports on time and as provided in agency regulations specified in FAR 52.219-9.
    • Failure to maintain records or otherwise demonstrate procedures adopted to comply with the plan, including subcontracting flowdown requirements.
    • Adoption of company policies that frustrate the objectives of the plan.
    • Failure to pay small business subcontractors according to the terms of their contract with the prime contractor.
    • Failure to correct substantiated findings from Federal subcontracting compliance reviews or participate in subcontracting plan management training offered by the government.
    • Falsifying records of subcontract awards to small business concerns.
  • Contractors will want to use this list as guidance for ensuring a finding that they have used good faith efforts to meet small business subcontracting goals.

Protest Cases

1. American International Movers, Inc., B-419756, July 20, 2021 (Published August 22, 2021)

  • GAO denied a protest challenging that the Air Force's requirements for storage facilities were unduly restrictive.
  • The RFP, covering a base and four option years, sought warehouses capable of storing up to 30 million gross pounds of household goods and unaccompanied baggage annually, with remote climate sensor monitoring technology and climate control.
  • Here, the protester challenged that the combination of the storage requirement, the climate-control requirement, and the option years rendered the solicitation unduly restrictive. The protester argued that the solicitation "shift[ed] virtually all risk of contract performance to the contractor with no guaranty of any return," and contended that small businesses were incapable of meeting the solicitation requirements.
  • GAO denied the protest, finding that the Air Force reasonably justified its requirements. Specifically, the historical data, combined with the inherent uncertainty of predicting future surges or troop realignments, supported the agency's argument that the solicitation's requirements were reasonable.
  • GAO also noted that there is no requirement that an agency eliminate all risk from a solicitation; to the contrary, an agency may provide for a competition that imposes maximum risks on the contractor and minimum burdens on the agency.

Where an agency reasonably identifies its needs and allows offerors the opportunity to meet those needs, the fact that a solicitation's requirements may be burdensome or even impossible for an offeror to meet does not make them objectionable. To the chagrin of contractors, when considering protests challenging unduly restrictive requirements, GAO is highly deferential to the agency, unless there is no rational basis for the stated requirements.

2. Vertex Aerospace, LLC, B-418828.8, July 23, 2021 (published August 13, 2021)

  • GAO denied a protest challenging the Navy's decision to cancel a solicitation for contractor logistics support and resolicit the requirements under two separate competitions following a sustain decision in an earlier protest.
  • The Navy reasonably exercised its broad discretion to cancel the solicitation because the solicitation no longer accurately reflected its needs, as many additional aircraft and locations required service.
  • GAO also denied the protest challenging the Navy's decision to award an interim sole-source contract to the incumbent contractor.
  • Although the protester had submitted a capability statement for the interim effort, GAO found unobjectionable the Navy's conclusion that award to the protester would create an unacceptable delay due to a break in service caused by the transition period.
  • GAO also dismissed as untimely the protester's contention, first raised in its comments on the agency report, that the Navy should have used FAR 6.302-2, which provides for other than full and open contracting based on an unusual and compelling urgency, and violated the requirements in FAR 6.301(d) for agencies to solicit offers from as many potential sources as practicable when not providing for full and open competition.

This decision offers two takeaways for contractors regarding the latitude offered to agencies by GAO. First, GAO affords great deference to agencies in how solicitations are structured; if an agency says its needs have changed, GAO is unlikely to override the agency's conclusion. Second, it remains difficult to challenge interim bridge contracts, even if awarded on a sole source basis, so long as the agency can articulate reasons why opening up the bridge to competition would be detrimental.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.