The Cybersecurity Maturity Model Certification version 2.0 (CMMC 2.0) is here! Like a song you’ve heard before, the revised standards are a throwback but no less significant change to the standards that have evolved over the past three and a half years. McCarter & English Government Contracts and Global Trade co-leaders Alex Major and Franklin Turner detail the changes coming to federal contractors in a Feature Comment for Thomson Reuters’ The Government Contractor. Set against the recent Beatles documentary, the comment examines the impact of the Department of Defense’s most recent effort while detailing what contractors need to do before its new standards go into effect.
Continue Reading Get Back: DOD Retreats While Revealing Plans for CMMC 2.0

On November 16, 2021, the Government Accountability Office (“GAO”) issued its Bid Protest Annual Report for Fiscal Year 2021 (“FY 2021 Bid Protest Report”). The GAO’s annual Bid Protest Report to Congress—required under the Competition in Contracting Act—provides federal contractors a snapshot of the GAO’s bid protest metrics for the just-ended fiscal year, along with data on the previous four fiscal years for comparison. The following chart from the FY 2021 Bid Protest Report provides a five-year retrospective summary of the GAO’s bid protest statistics: Continue Reading What a Relief: GAO’s FY 2021 Bid Protest Statistics Indicate That Nearly 50 Percent of Protests Are Effective

Judge R. Stan Baker of the US District Court for the Southern District of Georgia issued an order (Order) on December 7, 2021, enjoining the federal government “from enforcing the vaccine mandate for federal contractors and subcontractors in all covered contracts in any state or territory of the United States of America.” This comes on the heels of the November 30, 2021 order by a federal court in Kentucky (see our article here) blocking the federal government’s ability to enforce the obligation embedded in clauses in federal government contracts and other instruments requiring employees of federal contractors with covered contracts in Kentucky, Ohio, and Tennessee to be fully vaccinated by January 18, 2022. Continue Reading Georgia Federal Court Blocks Federal Contractor COVID-19 Vaccine Mandate Nationwide

The Government’s enforcement of contract provisions implementing the COVID-19 vaccine mandate with regard to federal contractors and subcontractors required by President Biden’s Executive Order 14042 (the EO) was preliminarily enjoined by a federal court in Kentucky in a case brought by the states of Kentucky, Ohio, and Tennessee (and two Ohio sheriffs). In his Opinion and Order of November 30, 2021 (the Order), Judge Gregory F. Van Tatenhove of the US District Court for the Eastern District of Kentucky (the Kentucky court) concluded, among other findings, that it was likely that the President exceeded his authority under laws delegating to the President management of federal procurement and requiring federal agencies to engage in “full and open competition” procurements. The court also raised concerns about whether the President’s actions violated the Tenth Amendment of the Constitution and the “nondelegation doctrine,” a constitutional principle recognized by the US Supreme Court that Congress does not have unlimited discretion in delegating to the President the power to make laws. Continue Reading Federal Contractor Vaccine Mandate Enjoined in Kentucky, Ohio, and Tennessee: The Implications

UPDATE: The Safer Federal Workforce Task Force issued updated Guidance on November 10 confirming that the date a covered employee must be fully vaccinated is January 18, 2022.

With the addition of new answers to frequently asked questions (FAQs) on November 1, and the November 4 “Fact Sheet” issued by the White House accompanying the rollout of the Department of Labor’s Occupational Safety and Health Administration (OSHA) and Centers for Medicare & Medicaid Services (CMS) vaccination requirements for, respectively, employers with 100 or more employees and health care workers and facilities participating in Medicare and Medicaid, federal contractors have been given additional breathing room to address recalcitrant covered employees who are resisting the vaccination mandate.

Continue Reading Important Updates on Federal Contractor Vaccine Mandate—Deadline Extended and Flexibility Added

After months of review, on November 4, 2021, the Department of Defense (DoD) finally unveiled its new version of the Cybersecurity Maturity Model Certification (CMMC 2.0). Well, almost. In a blink-and-you’ll-miss-it moment, the Department posted, then quickly removed, new federal regulations in/from the Federal Register highlighting the changes in CMMC. Most of those changes, however, were ultimately described on the OUSD Acquisition & Sustainment website, which remain posted and available. In conducting its review of CMMC 1.0, the DoD focused largely on clarifying the standard and reducing the cost impact on the Defense Industrial Base (DIB). The result? A “been there, already had to do that” standard that should leave the DIB relatively pleased and the burgeoning CMMC accreditation industry mildly perplexed. In place of the five-tiered, third-party-assessed cybersecurity framework addressing data confidentiality, integrity, and availability, the new CMMC 2.0 presents as a three-tiered, largely self-assessed bolstering of the NIST SP 800-171 safeguarding requirements already required to be implemented by contractors in possession of “Covered Defense Information” (CDI) under DFARS 252.204-7012.

Continue Reading CMMC 2.0: Throwback Cybersecurity — Everything Old Is New Again

The Government Contracts and Global Trade Group is pleased to provide a summary of some of the key class deviations and other memoranda published by U.S. Government agencies implementing the federal contractor COVID-19 vaccine mandate (Executive Order 14042). You may find a complete listing of all class deviations at Acquisition.gov.

To view summary click here.

 

The General Services Administration (GSA) released its Class Deviation CD-2021-13 (the GSA Deviation), which, effective immediately, “provides instructions for the GSA acquisition workforce on when to include a new clause [i.e., Federal Acquisition Regulation (FAR) 52.223-99] (the Clause) in GSA solicitations and contracts and contract-like instruments.” Unlike the recent instructions and directions provided by the Civilian Agency Acquisition Council (CAAC) and the Department of Defense (DoD) and its DFARS Class Deviation (discussed in detail here), the GSA provided “GSA-specific implementation timelines for solicitations, new contracts, and existing contracts” to ensure that by October 8, 2021, all covered solicitations, new contracts, and existing contracts subject to Executive Order 14042, “Ensuring Adequate COVID Safety Protocols for Federal Contractors” (EO 14042), adhere to its mandates and the evolving guidance issued by the Safer Federal Task Force. This implementation includes the insertion of the Clause into new and existing GSA solicitations and Federal Supply Schedule (FSS) contracts awarded after October 15, 2021, and new contracts and leases awarded after November 14, 2021. The instruction applies broadly even to solicitations or contracts that have a value equal to or less than the simplified acquisition threshold (SAT) or are for the supply of products (either solely for products or for products and services). Moreover, the GSA is instructing its contracting officers to issue a letter to all existing contractors asking for their consent to a modification including the Clause. The end result is the expectation that virtually all GSA contracts and contract-like instruments will require all covered employees to be fully vaccinated by December 8, 2021. An analysis of the GSA Deviation’s key points, highlighting the confusion related to subcontract flow-downs, follows below.

Continue Reading This Will Only Hurt a Bit: The GSA Mandates COVID-19 Vaccines in Nearly All Existing Contract Types

Four memoranda, released in the last several business days, provide federal contracting officers guidance and suggested clauses to implement President Biden’s Executive Order 14042 (the Executive Order) in federal contracts imposing mandatory vaccination and workplace safety protocols for covered federal contractors and their employees as early as October 15, 2021. Issued by the Federal Acquisition Regulatory Council (FAR Council) (the FAR Council Memo), the Civilian Agency Acquisition Council (CAAC) (the CAAC Memo), the Principal Director, Defense Pricing and Contracting for the Department of Defense (DoD) (the DoD Memo), and the General Services Administration’s Senior Procurement Executive (the GSA Memo) (which we will be discussing in a separate posting), the memoranda move quickly to provide all procuring activities the necessary tools to ensure that by October 8, all solicitations and contract subject to the Executive Order adhere to its mandates and the evolving guidance issued by the Safer Federal Workforce Task Force (issued September 24) (Task Force Guidance). For those unfamiliar with the Executive Order and the resulting Task Force Guidance, please feel free to review our prior discussions of those issues here and here.

Continue Reading The Clauses Implementing Vaccination Mandate for Federal Contractors Are Out—Key Considerations for Contractors

This article appeared in Law360

The Safer Federal Workforce Task Force issued on Sept. 24 its guidance for federal contractors and subcontractors[[1] as required by President Joe Biden’s Sept. 9 executive order on ensuring adequate COVID-19 safety protocols for federal contractors.[2] The guidance was approved by the Office of Management and Budget on the same day.[3]

The guidance contains three key provisions:

  • Mandatory vaccination of covered contractor employees who are not legally entitled to accommodation;
  • Masking and physical distancing while in covered contractor workplaces in accordance with Centers for Disease Control and Prevention guidelines; and
  • The designation by each covered contractor of a point person or persons to coordinate COVID-19 workplace safety efforts at covered contractor workplaces.[4]

Continue Reading Broad Categories of Employees of Federal Contractors Now Required to Be Fully Vaccinated by December 8–Law360