On March 18, President Trump issued an Executive Order invoking the Defense Production Act (DPA), a tool that may help the administration combat the COVID-19 pandemic. With companies like 3M, GE, and others voluntarily ramping production of medical supplies to accomplish the nation’s significant needs, the president is yet to unleash his recently invoked authority. Still, the Executive Order activates far-reaching executive powers to prioritize production of key medical supplies, including protective medical equipment and ventilators. With the apparatus needed to deploy the DPA now in place, government contractors should prepare themselves for what may come.

By way of background, Congress passed the DPA during the Korean War to ensure sufficient production of materials deemed critical to the nation’s defense. Echoing economic controls imposed in World War II, the DPA gives the executive branch extraordinary powers, including the authority to require manufacturers to produce and prioritize certain items; allocate raw materials and facilities for the production of these items; and, in certain circumstances, even set price and wage controls.


Continue Reading

By failing to object to solicitation terms before the close of bidding, a protester typically waives those objections in a post-award bid before the Court of Federal Claims (COFC). An exception exists, however, where a protester filed a timely pre-award agency-level protest challenging patent errors or ambiguities.

But, as powerfully illustrated by the COFC’s decision in Harmonia Holdings Group, LLC v. United States, this exception is limited. In that case, Harmonia, one of the offerors on the procurement, initially brought an agency-level protest to challenge the U.S. Customs and Border Protection’s (CBP) issuance of two amendments to the solicitation, arguing that the agency improperly denied offerors the opportunity to revise their proposals in response to these amendments. CBP denied the protest.


Continue Reading

A major shift in cybersecurity requirements for Department of Defense (DoD) contractors is about to come into effect—earlier this month the DoD released for public comment the long-anticipated Version 0.4 of the draft Cybersecurity Maturity Model Certification (CMMC). This new framework to safeguarding controlled unclassified information (CUI), which includes a certification requirement by a third-party auditor, presents both significant opportunities and challenges for DoD contractors.

In an overview briefing on the new model, DoD emphasized that the new framework will impose a unified cybersecurity standard for all DoD acquisitions and, in so doing, “reduce exfiltration of [CUI] from the Defense Industrial base.” To achieve this goal, the new model significantly bolsters the existing compliance regime around cybersecurity—which currently, for the most part, requires compliance with the security standards set forth in NIST SP 800-171 through DFARS 252.204-7012.


Continue Reading

In an article published by Law360, we examined a report issued by the U.S. Department of Defense (DoD) Inspector General on July 23, which summarizes the findings of an audit into the protection of controlled unclassified information (CUI) on contractor networks.

The DoD reviewed nine contractors’ information systems and revealed some deficiencies that do not meet the standards set forth in National Institute of Standards and Technology (NIST) Special Publication 800-171. The exposed deficiencies include: not mitigating vulnerabilities on their networks and systems, not scanning their network for vulnerabilities, not mitigating high vulnerabilities identified in the contractor’s management programs and more.


Continue Reading