U.S. Department of Defense

On March 18, President Trump issued an Executive Order invoking the Defense Production Act (DPA), a tool that may help the administration combat the COVID-19 pandemic. With companies like 3M, GE, and others voluntarily ramping production of medical supplies to accomplish the nation’s significant needs, the president is yet to unleash his recently invoked authority. Still, the Executive Order activates far-reaching executive powers to prioritize production of key medical supplies, including protective medical equipment and ventilators. With the apparatus needed to deploy the DPA now in place, government contractors should prepare themselves for what may come.

By way of background, Congress passed the DPA during the Korean War to ensure sufficient production of materials deemed critical to the nation’s defense. Echoing economic controls imposed in World War II, the DPA gives the executive branch extraordinary powers, including the authority to require manufacturers to produce and prioritize certain items; allocate raw materials and facilities for the production of these items; and, in certain circumstances, even set price and wage controls.


Continue Reading

The U.S. government continues to take action in an effort to slow the spread of the COVID-19 virus.  In so doing, the government has provided insight into those industries and operations deemed to be essential to U.S. national security.  Lessons learned from these actions will almost certainly help inform U.S. policymakers and regulators when the current crisis has eased, particularly with respect to reviewing foreign investment in the United States.  (Such investment, when it could implicate U.S. national security, is subject to review and approval by the Committee on Foreign Investment in the United States.)

DHS Outlines Essential Businesses for Quarantine Purposes

On March 19, the Department of Homeland Security (DHS) issued guidance to identify those industries and businesses considered to be “essential” for U.S. continued operational purposes.  That Guidance on the Essential Critical Infrastructure Workforce was published by the Cybersecurity and Infrastructure Security Agency (CISA), which forms part of DHS.  The guidance is available here.


Continue Reading

The federal government has taken and will continue to take a host of actions to deal with the COVID-19 crisis.  Our Government Contracts Practice Group at Bass, Berry & Sims is carefully monitoring these developments and will keep you updated through our blog and through our Firm’s COVID-19 Response website page.

While the health of our citizens is, as it must be, the primary focus of the response, Congress and the Executive Branch are scrambling to ensure that companies have sufficient liquidity to continue operations, and continue employing people, notwithstanding the global economic shutdown that could run for months.  Given that the federal procurement budget is in the hundreds of billions of dollars and government contracting involves hundreds of thousands of workers nationwide, our government procurement workers play an important role in facing this crisis.


Continue Reading

As we noted in a blog post in December 2016, “LPTA Out, Fixed Price Contracts In,” the Department of Defense (DoD) has been moving to restrict the Lowest Price Technically Acceptable (LPTA) evaluation methodology, which requires award to the lowest-price offeror that meets the minimum requirements regardless of whether more expensive solutions are optimal.  Further, in 2016 legislation went into effect requiring that limitations on the use of LPTA evaluations be codified in the Defense Federal Acquisition Regulation Supplement (DFARS).

New Restrictions on LPTA Evaluations

On September 26, 2019, DoD issued a final rule that amends the DFARS to implement that legislation.  The new rule, which was mandated by Section 813 of the National Defense Authorization Act (NDAA) for 2017, as amended by section 822 of the NDAA for 2018, establishes that the LPTA evaluation methodology shall only be used when the following conditions are met:
Continue Reading

A major shift in cybersecurity requirements for Department of Defense (DoD) contractors is about to come into effect—earlier this month the DoD released for public comment the long-anticipated Version 0.4 of the draft Cybersecurity Maturity Model Certification (CMMC). This new framework to safeguarding controlled unclassified information (CUI), which includes a certification requirement by a third-party auditor, presents both significant opportunities and challenges for DoD contractors.

In an overview briefing on the new model, DoD emphasized that the new framework will impose a unified cybersecurity standard for all DoD acquisitions and, in so doing, “reduce exfiltration of [CUI] from the Defense Industrial base.” To achieve this goal, the new model significantly bolsters the existing compliance regime around cybersecurity—which currently, for the most part, requires compliance with the security standards set forth in NIST SP 800-171 through DFARS 252.204-7012.


Continue Reading

The Department of Defense (DoD) Inspector General recently issued a report summarizing the findings of an audit into the protection of Controlled Unclassified Information (CUI) on contractor networks.  Based on an in-depth review into nine contractors, the audit uncovered some common practices that fall short of meeting the standards set forth in NIST SP 800-171, which contractors are obligated to follow under DFARS 252.204-7012.

Shortcomings Discovered in DoD Audit

These common lapses include the following, among others:

  • Inconsistent tracking of cybersecurity threats
  • Failure to consistently mitigate network vulnerabilities
  • Uneven use of strong passwords
  • Inconsistent use of multifactor identification


Continue Reading

Bass, Berry & Sims attorney Richard Arnholt provided insight into delays to the procurement timeline in the Department of Defense’s (DoD) important $10 billion "JEDI" cloud procurement due to pending and potential protests.I recently provided insight into delays to the procurement timeline in the Department of Defense’s (DoD) important $10 billion “JEDI” cloud procurement due to pending and potential protests.

In a recent court filing, DoD said it would not award the contract until at least July 19, but the resolution of Oracle’s pending suit, as well as other potential related actions, may push the award and implementation dates out past this summer.


Continue Reading

In 2016, Congress instructed the Department of Defense (DoD) to review its procurement regulations by convening a panel of procurement professionals—from both the public and private sectors. This panel became known as the Section 809 Panel (809 Panel). Congress instructed the 809 Panel to recommend amendments or repeals of defense procurement regulations. The 809 Panel’s objective was to help streamline or improve the efficiency and effectiveness of the defense acquisition process while still maintaining an advantage in defense technology. While Congress and the DoD are not required to adopt these recommendations, the report shows an attempt to define the issues in modern federal procurement and improve upon the old system.
Continue Reading

The Government recently indicted an Army veteran for allegedly using his status as a service-disabled veteran to help a company qualify as a service-disabled veteran-owned small business and falsely obtain nearly $40 million in healthcare facility construction task orders from the Department of Defense.

The indictment is an indication that the government is continuing to aggressively pursue small businesses that fail to comply with set-aside requirements, and is a reminder that businesses benefiting from small business programs must be fully compliant with the complex regulations governing those socio-economic programs. It is also a reminder that the consequences of failing to meet those requirements are real – the Army veteran, Joseph Dial Jr., is facing over a century in prison.


Continue Reading

As recent malware, ransomware and distributed denial of service attacks have made clear, the cyber threats posed to governments and commercial entities are real and growing. Critical infrastructure such as power plants, airports and communication systems are vulnerable to attacks on the cyber battlefield, as are banks, manufacturers, and law firms, among other commercial entities. In an attempt to address these risks, the U.S. government is imposing heightened cyber-security requirements on contractors, some of which are summarized below. But, in light of the growing cyber threats posed by nation states, subnational groups and bored teenagers, even companies that are not subject to these new requirements should evaluate the sufficiency of their current cyber security protocols and consider taking steps such as the simplified four-step “starter plan” – train, maintain, test and repeat – laid out below to address vulnerabilities.

Continue Reading