As the Department of Defense (DoD) pushes to overhaul cybersecurity requirements with a new Cybersecurity Maturity Model Certification (CMMC) program to be implemented in the fall of 2020, I recently provided insights for an article in Law360 that highlighted some potential challenges the quick rollout and still-unanswered questions could present. Contractors generally welcome the unified and modernized approach to cybersecurity, but because there are many questions left unanswered since the initial drafts released in May and in September, there are concerns among some that the perceived rush is creating undue stress and confusion.

As a result, the September draft of the CMMC program received a large volume of public comments, which Todd noted was unusual given the limited time available for comment. For solutions the DOD could address in the final rule, I suggested the Department ensure minimum cybersecurity levels are included in contracts as pass-fail threshold requirements, rather than as subjective assessments that potentially open up new grounds for bid protests.

Continue Reading Insight on DoD’s Cybersecurity Plan

Given the continued high volume of mergers and acquisitions (M&A) transactions in the federal marketplace, buyers and sellers need to be aware of the developing body of case law at Government Accountability Office (GAO) and Court of Federal Claims (COFC) regarding how acquisitions are impacting pending bids and the steps that parties can take to protect those bids in certain situations.

This post will highlight recent cases and provide practical guidance on diligence, deal timing and communications with government customers regarding transactions. Additionally, this post will outline bid protest decisions involving asset deals and corporate reorganizations, and their impact on pending bids.

Continue Reading How Do Mergers & Acquisitions Impact Pending Bids?

  • A payment to a government official can take many forms.
  • The SEC charges bank for books and records violation even absent a bribery charge.
  • Industry-wide enforcement is a continuing tactic for U.S. regulators.

On September 27, 2019, Barclays PLC agreed to pay $6.3 million to the Securities and Exchange Commission (SEC) to settle charges that Barclays violated the books and records and internal accounting controls provisions of the Foreign Corrupt Practices Act (FCPA). The Barclays settlement fits a pattern of recent U.S. government enforcement against companies, particularly in the financial services sector, relating to FCPA violations stemming from hiring or providing internships to relatives and friends of government officials.  Penalties have been significant – for example, Credit Suisse Group AG paid a $47 million penalty in 2018 as part of a Justice Department FCPA investigation into their hiring practices in Asia.  We previously wrote about this issue in an August 2015 article about a settlement related to the hiring practices of Bank of New York Mellon.

The Barclays matter is a useful reminder of three things:

  1. What constitutes the giving of a thing of value to a government official is broadly interpreted and goes beyond simply giving money or a gift or other tangible thing directly to an official.
  2. The SEC can – and will – enforce the FCPA when there are deemed to be violations of the books and records provisions of the law, even if no charge of bribery is brought in the matter.
  3. The U.S. government continues to pursue industry-wide enforcement under the (apparently accurate) belief that what one company does in a specific industry is likely something that many companies in that industry also do.

Continue Reading (Another) Big Bank Pays FCPA Penalty for Hiring Practice

A recent decision by the U.S. Court of Federal Claims in Bitmanagement Software GMBH vs. The United States determined the United States was not liable for copyright infringement because, based on the interactions between the parties, the Navy was authorized to copy Bitmanagement’s software on 350,000 computers. Bitmanagement is a German company that develops software for rendering three-dimensional graphics and one of their primary products is a three-dimensional renderer named BS Contact Geo.

Background: Floating Software Licenses Led to Copyright Infringement Allegations

In 2006, the Navy was developing a software application called SPIDERS 3D that provides a virtual reality environment for engineers and technicians to view and optimize configurations of Navy installations. During the development of this application, the Navy realized a need for the inclusion of a three-dimensional visualization software within SPIDERS 3D. To fill this need, the Navy procured BS Contact Geo on three separate occasions in 2006, 2008 and 2012 through a software reseller, Planet 9, who Bitmanagement used to market and sell Bitmanagement’s products in the United States.

Continue Reading Software Developer Acquiescence Dooms Bid for Copyright Infringement against Navy

In 2016, the Small Business Administration (SBA) established a new government wide mentor-protégé program for small businesses called the All Small Mentor-Protégé Program (ASMPP). The purpose of the program was for established government contractors to serve as mentors to protégé small businesses by providing business development assistance and to improve the protégé’s ability to successfully compete for federal contracts.

This relationship between the two companies is intended to be mutually beneficial. For protégés, the program creates a framework under which firms obtain valuable technical, management, financial, and contracting assistance from established government contractors. For mentors, one of the benefits was the ability to form a joint venture with their protégé to pursue small business set aside contracts without the two companies being considered affiliated for purposes of SBA’s small business size standards.

Three Findings from SBA’s OIG Review of ASMPP

The SBA’s Office of Inspector General (OIG) reviewed the ASMPP with the objectives of determining whether SBA implemented effective controls to ensure that it conducted initial application reviews and annual evaluations in accordance with the program regulations and if the SBA successfully measured program success.

Continue Reading First Small Business Administration OIG Review of the All Small Mentor-Protégé Program Finds Areas for Improvement

As we noted in a blog post in December 2016, “LPTA Out, Fixed Price Contracts In,” the Department of Defense (DoD) has been moving to restrict the Lowest Price Technically Acceptable (LPTA) evaluation methodology, which requires award to the lowest-price offeror that meets the minimum requirements regardless of whether more expensive solutions are optimal.  Further, in 2016 legislation went into effect requiring that limitations on the use of LPTA evaluations be codified in the Defense Federal Acquisition Regulation Supplement (DFARS).

New Restrictions on LPTA Evaluations

On September 26, 2019, DoD issued a final rule that amends the DFARS to implement that legislation.  The new rule, which was mandated by Section 813 of the National Defense Authorization Act (NDAA) for 2017, as amended by section 822 of the NDAA for 2018, establishes that the LPTA evaluation methodology shall only be used when the following conditions are met: Continue Reading DoD Implements Statutory Restrictions on LPTA Evaluations

A major shift in cybersecurity requirements for Department of Defense (DoD) contractors is about to come into effect—earlier this month the DoD released for public comment the long-anticipated Version 0.4 of the draft Cybersecurity Maturity Model Certification (CMMC). This new framework to safeguarding controlled unclassified information (CUI), which includes a certification requirement by a third-party auditor, presents both significant opportunities and challenges for DoD contractors.

In an overview briefing on the new model, DoD emphasized that the new framework will impose a unified cybersecurity standard for all DoD acquisitions and, in so doing, “reduce exfiltration of [CUI] from the Defense Industrial base.” To achieve this goal, the new model significantly bolsters the existing compliance regime around cybersecurity—which currently, for the most part, requires compliance with the security standards set forth in NIST SP 800-171 through DFARS 252.204-7012.

Continue Reading DoD’s Recently Released Draft Framework Signals Significant Changes in Cybersecurity Requirements

I am looking forward to presenting at ETEBA’s 2019 Business Opportunities & Technical Conference (BOTC) which takes place at the Knoxville Convention Center on October 8-10, 2019. More than 400 participants will gather at the 20th annual BOTC to learn about upcoming opportunities with prime contractors and government procurement officials in the energy, environmental and defense markets, and to build contacts and relationships with key decision-makers, teaming partners, and potential clients.

In addition, there will be technical and training sessions featuring outstanding speakers who will showcase their specialized technical expertise, new and unique technological advances, and project success stories. My session is titled, “Mentor Protégé Joint Ventures – the new ‘Small Business’ Frontier – but only if Done Right!”

Stop by the exhibit hall to visit Bass, Berry & Sims at booth number 121.

  • U.S. government continues to impose sanctions on parties supporting Iran
  • One Cypriot and three Panamanian companies sanctioned for connection to Venezuela
  • European bank fined for prohibited transactions involving Sudan

The U.S. Treasury Department, Office of Foreign Assets Control (OFAC), the main U.S. government body that administers U.S. economic sanctions and embargoes, continues to be busy.  In September 2019 alone, OFAC has announced new sanctions designations, new penalties, and new regulations on a nearly daily basis.

Many of these actions are largely administrative in nature.  For example, in the September 4 Federal Register, OFAC announced new U.S. sanctions on Nicaragua.  While the regulations (at 31 CFR Part 582) are in fact new, the prohibitions contained in the regulations are not: the regulations merely implement Executive Order 13,851, which was issued by President Trump in November 2018.

We nonetheless want to briefly summarize three actions taken by OFAC to date in September 2019.  As described below, we think these actions provide useful insight into how OFAC is operating currently.

Continue Reading Sanctions Update: Additional Iran and Venezuela Designations, Penalty for Sudan Violations

A recent decision in Sotera Defense Solutions, Inc. v. Department of Agriculture, CBCA 6029, 6030, by the United States Civilian Board of Contract Appeals (CBCA), upheld a contract provision that imposed greater obligations on the government than required by the Service Contract Act (SCA). The validity of this contract provision ultimately proved dispositive in the outcome of the case with the CBCA holding the government liable for costs.

In 2012, the National Institutes of Health (NIH) awarded Sotera a contract for the provision of information technology (IT) services. The contract stated that the positions in the contract were exempt from the SCA but advised that a contracting officer would have to determine whether the SCA applied to any positions requested within the task order. The Department of Agriculture (USDA) issued three task orders against the NIH contract to Sotera in which the USDA sought IT operations and maintenance support for offices located throughout the United States.

Continue Reading Equitable Adjustment Appropriate Where Agency Assumed Contractor’s Duty to Identify SCA Positions

From the Bass, Berry & Sims Blog Network
From the Bass, Berry & Sims Blog Network

Thought Leadership by our Attorneys.