The Department of Defense (DoD) has now finalized its new cybersecurity standards, which we discussed last year.  The new cybersecurity standards, which are intended to protect controlled unclassified information, will be implemented by the Cyber Maturity Model Certification program (CMMC), which was finalized last week after multiple draft iterations.  CMMC Version 1.0 is available here.

CMMC Will Require Third-Party Certification of Cybersecurity Maturity Level

Among other changes from the prior cybersecurity compliance regime, this new approach will require that to be eligible for DoD awards, contractors must be certified by a third-party commercial certification organization to have achieved one of five cybersecurity maturity levels, with higher levels representing more advanced cybersecurity. Later this year, DoD solicitations will contain the applicable CMMC requirement, and contractors failing to meet this standard will be unable to bid. The requirements will apply to all parties within the supply chain (although subcontractors may not have to meet as high a CMMC standard as the prime contractor, depending on their scope of work).


Continue Reading DoD Finalizes Cybersecurity Maturity Model Certification

Please join the Bass, Berry & Sims Government Contracts & International Trade attorneys as they continue a series of complimentary briefings via webinar that will serve as an extension of our GovCon & Trade Blog and feature timely and practical guidance on key topics of interest.

The next GovCon & Trade briefing, hosted by Bass,

The GovCon 2020 Small Business Summit will take place in less than two months in Tampa. Todd Overman will be a panelist with industry representatives discussing the importance of the Contractor Performance Assessment Reporting System (CPARS) for growing companies, and Richard Arnholt will moderate a panel with several mid-tier firm representatives on the use joint

On November 8, 2019, the Small Business Administration (SBA) released an expansive proposed rule to merge its two mentor-protégé programs, while also modifying a number of rules applicable to participants in the program. Under the proposed rule, the SBA will combine its 8(a) Mentor-Protégé Program into its All Small Mentor-Protégé Program (ASMPP).

The 8(a) program is about two decades old and is reserved for 8(a) firms, while the ASMPP was created in 2016 and is open to any small business. According to the SBA, the benefits to participants in both of the programs are identical and the merging of the two programs is being done to “eliminate confusion regarding perceived differences between the two programs, remove unnecessary duplication of functions within SBA, and establish one, unified staff to better coordinate and process mentor-protégé applications.” Below is a summary of the material proposed changes and new recertification rule that could have a big impact on who qualifies for set-asides under unrestricted multiple award contracts.


Continue Reading Merging Mentoring Programs: SBA’s Proposed Rule to Simplify its Mentor-Protégé Programs

I recently commented to Law360 on the findings of the ISDC’s report on suspension and debarment activity in FY2018.  The report, which is available here, shows an increased used of tools such as proactive engagement by contractors, pre-notice letters, and administrative agreements by suspending and debarring officials, all of which indicate an increased willingness

On October 31, 2019, President Trump signed Executive Order (EO) 13897 – “Improving Federal Contractor Operations by Revoking Executive Order 13495.” Taking effect immediately, EO 13897 revokes EO 13495 previously issued by the Obama administration in January 2009. EO 13495, titled “Nondisplacement of Qualified Workers Under Service Contracts,” required successor contractors to an expired service contract to offer a right of first refusal of employment to those “qualified” employees from the predecessor contract if the follow-on contract is awarded for the same service, at the same location.
Continue Reading Trump Revokes “Right of First Refusal” for Employees on Predecessor Contracts

The government fiscal year runs from October 1 to September 30, and at the end of each fiscal year federal agencies rush to award contracts and commit funding before that funding expires. As a result, our Government Contracts Practice is typically very busy between September and November filing protests of awards or defending awards to our clients, often filing detailed challenges to awards on very short notice, typically 10 days or less.

This year has been no exception, and we have been grateful that our clients have relied on us to file or defend a number of protests at the Government Accountability Office (GAO) and the Court of Federal Claims related to awards or solicitations issued by the Army, the Navy, the CIA, and the State Department, among others agencies that together total well over $1 billion.

Three Key Issues for Government Contractors to Remember About Protests

While some protests are still pending, in the month of October alone the government agreed to take “corrective action” in five procurements as a result of the protests we filed, giving our clients another shot at important contracts in four post-award protests and agreeing to remedy defects in a solicitation after a pre-award protest. The fact that we continue to see a significant percentage of protests being resolved through corrective action highlights three issues all government contractors should keep in mind.


Continue Reading Tis the Season (for Protests)!

As the Department of Defense (DoD) pushes to overhaul cybersecurity requirements with a new Cybersecurity Maturity Model Certification (CMMC) program to be implemented in the fall of 2020, I recently provided insights for an article in Law360 that highlighted some potential challenges the quick rollout and still-unanswered questions could present. Contractors generally welcome the unified and modernized approach to cybersecurity, but because there are many questions left unanswered since the initial drafts released in May and in September, there are concerns among some that the perceived rush is creating undue stress and confusion.

As a result, the September draft of the CMMC program received a large volume of public comments, which Todd noted was unusual given the limited time available for comment. For solutions the DOD could address in the final rule, I suggested the Department ensure minimum cybersecurity levels are included in contracts as pass-fail threshold requirements, rather than as subjective assessments that potentially open up new grounds for bid protests.


Continue Reading Insight on DoD’s Cybersecurity Plan

Given the continued high volume of mergers and acquisitions (M&A) transactions in the federal marketplace, buyers and sellers need to be aware of the developing body of case law at Government Accountability Office (GAO) and Court of Federal Claims (COFC) regarding how acquisitions are impacting pending bids and the steps that parties can take to protect those bids in certain situations.

This post will highlight recent cases and provide practical guidance on diligence, deal timing and communications with government customers regarding transactions. Additionally, this post will outline bid protest decisions involving asset deals and corporate reorganizations, and their impact on pending bids.


Continue Reading How Do Mergers & Acquisitions Impact Pending Bids?

A recent decision by the U.S. Court of Federal Claims in Bitmanagement Software GMBH vs. The United States determined the United States was not liable for copyright infringement because, based on the interactions between the parties, the Navy was authorized to copy Bitmanagement’s software on 350,000 computers. Bitmanagement is a German company that develops software for rendering three-dimensional graphics and one of their primary products is a three-dimensional renderer named BS Contact Geo.

Background: Floating Software Licenses Led to Copyright Infringement Allegations

In 2006, the Navy was developing a software application called SPIDERS 3D that provides a virtual reality environment for engineers and technicians to view and optimize configurations of Navy installations. During the development of this application, the Navy realized a need for the inclusion of a three-dimensional visualization software within SPIDERS 3D. To fill this need, the Navy procured BS Contact Geo on three separate occasions in 2006, 2008 and 2012 through a software reseller, Planet 9, who Bitmanagement used to market and sell Bitmanagement’s products in the United States.


Continue Reading Software Developer Acquiescence Dooms Bid for Copyright Infringement against Navy