As we noted in a blog post in December 2016, “LPTA Out, Fixed Price Contracts In,” the Department of Defense (DoD) has been moving to restrict the Lowest Price Technically Acceptable (LPTA) evaluation methodology, which requires award to the lowest-price offeror that meets the minimum requirements regardless of whether more expensive solutions are optimal.  Further, in 2016 legislation went into effect requiring that limitations on the use of LPTA evaluations be codified in the Defense Federal Acquisition Regulation Supplement (DFARS).

New Restrictions on LPTA Evaluations

On September 26, 2019, DoD issued a final rule that amends the DFARS to implement that legislation.  The new rule, which was mandated by Section 813 of the National Defense Authorization Act (NDAA) for 2017, as amended by section 822 of the NDAA for 2018, establishes that the LPTA evaluation methodology shall only be used when the following conditions are met:
Continue Reading

A major shift in cybersecurity requirements for Department of Defense (DoD) contractors is about to come into effect—earlier this month the DoD released for public comment the long-anticipated Version 0.4 of the draft Cybersecurity Maturity Model Certification (CMMC). This new framework to safeguarding controlled unclassified information (CUI), which includes a certification requirement by a third-party auditor, presents both significant opportunities and challenges for DoD contractors.

In an overview briefing on the new model, DoD emphasized that the new framework will impose a unified cybersecurity standard for all DoD acquisitions and, in so doing, “reduce exfiltration of [CUI] from the Defense Industrial base.” To achieve this goal, the new model significantly bolsters the existing compliance regime around cybersecurity—which currently, for the most part, requires compliance with the security standards set forth in NIST SP 800-171 through DFARS 252.204-7012.


Continue Reading

A recent decision in Sotera Defense Solutions, Inc. v. Department of Agriculture, CBCA 6029, 6030, by the United States Civilian Board of Contract Appeals (CBCA), upheld a contract provision that imposed greater obligations on the government than required by the Service Contract Act (SCA). The validity of this contract provision ultimately proved dispositive in the outcome of the case with the CBCA holding the government liable for costs.

In 2012, the National Institutes of Health (NIH) awarded Sotera a contract for the provision of information technology (IT) services. The contract stated that the positions in the contract were exempt from the SCA but advised that a contracting officer would have to determine whether the SCA applied to any positions requested within the task order. The Department of Agriculture (USDA) issued three task orders against the NIH contract to Sotera in which the USDA sought IT operations and maintenance support for offices located throughout the United States.


Continue Reading

I am excited to be presenting a training seminar titled, “Trends and Changes in Federal Contracting FY 20” for the Florida Procurement Technical Assistance Center (Florida PTAC).

The interactive seminar will provide insight into the world of federal government contracting for Fiscal Year 2020 and new initiatives that will impact federal businesses in the next 12 months.


Continue Reading

In an article published by Law360, we examined a report issued by the U.S. Department of Defense (DoD) Inspector General on July 23, which summarizes the findings of an audit into the protection of controlled unclassified information (CUI) on contractor networks.

The DoD reviewed nine contractors’ information systems and revealed some deficiencies that do not meet the standards set forth in National Institute of Standards and Technology (NIST) Special Publication 800-171. The exposed deficiencies include: not mitigating vulnerabilities on their networks and systems, not scanning their network for vulnerabilities, not mitigating high vulnerabilities identified in the contractor’s management programs and more.


Continue Reading

The Department of Defense (DoD) Inspector General recently issued a report summarizing the findings of an audit into the protection of Controlled Unclassified Information (CUI) on contractor networks.  Based on an in-depth review into nine contractors, the audit uncovered some common practices that fall short of meeting the standards set forth in NIST SP 800-171, which contractors are obligated to follow under DFARS 252.204-7012.

Shortcomings Discovered in DoD Audit

These common lapses include the following, among others:

  • Inconsistent tracking of cybersecurity threats
  • Failure to consistently mitigate network vulnerabilities
  • Uneven use of strong passwords
  • Inconsistent use of multifactor identification


Continue Reading

At the end of June, the U.S. Supreme Court issued an important Freedom of Information Act (FOIA) decision that decreases the burden on contractors seeking to protect confidential information.  As most contractors are aware, FOIA requires that, upon request, the government disclose information in its possession, unless an exemption applies.  This presents a significant risk for contractors as they regularly provide highly sensitive information to the government in the course of obtaining or performing federal contracts and grants.

Fortunately, that type of information falls within the scope of the exemption at 5 U.S.C. 552(b)(4) (Exemption 4), which shields from disclosure “trade secrets and commercial or financial information obtained from a person and privileged or confidential.”  After receiving notice that a party is seeking the public release of such information, in order to protect it, contractors previously had to demonstrate that the information was customarily kept private and that the government agreed, implicitly or expressly, to treat it as confidential.


Continue Reading

Bass, Berry & Sims attorneys Todd Overman and Sylvia Yi will be presenting on key government contracting issues for small businesses.

We are excited to be presenting on key government contracting issues for small businesses on July 17, 2019 at The Tower at Peabody Place in Memphis, Tennessee. The presentation, titled, “Government Contracting Law Overview,” will discuss the pros and cons of business entity types, requirements of the SBA’s All Small Mentor Protégé Program, protecting partnerships

Bass, Berry & Sims attorney Richard Arnholt provided insight into delays to the procurement timeline in the Department of Defense’s (DoD) important $10 billion "JEDI" cloud procurement due to pending and potential protests.I recently provided insight into delays to the procurement timeline in the Department of Defense’s (DoD) important $10 billion “JEDI” cloud procurement due to pending and potential protests.

In a recent court filing, DoD said it would not award the contract until at least July 19, but the resolution of Oracle’s pending suit, as well as other potential related actions, may push the award and implementation dates out past this summer.


Continue Reading