So you want to acquire a government contractor? Makes sense, and you’re not alone. Over the past few years, the federal contracting landscape continues to evolve as a result of mergers and acquisitions (M&A), primarily involving the acquisition of small and midsize contractors by larger entities as a means to quickly expand into new federal markets. This trend is especially prevalent in the information technology (IT) market, where the acquisition of small or midsize IT firms with new capabilities can provide larger firms with shiny new toys to share with their roster of government clients to gain a larger share of the federal IT “pie,” if not create—almost overnight—new IT market leaders in areas such as cloud computing, cybersecurity, software, and predictive intelligence.


Continue Reading

As we reported last month, the Department of Defense (DoD) has been engaging in an unusual rollout of its new cybersecurity certification program by way of  road tours—led by Katie Arrington, the Special Assistant to the Assistant Secretary of Defense for Acquisition and Sustainment for Cyber—that address the tiered, five-level Cybersecurity Maturity Model Certification (CMMC). At bottom, DoD intends for the CMMC to help streamline the acquisition process by providing acquiring agencies and consenting contractors with more exacting cybersecurity requirements for future acquisitions. What’s unique about the CMMC rollout is the lack of written guidance on the program. DoD representatives have orally provided a majority of publicly available information about CMMC only during various webinars and defense-industry events held over the past couple of months. Indeed, a quick Google search for “CMMC” indicates that, at this time, hard facts about the program appear to be limited to FAQs on a DoD website.

Continue Reading

Cough…cough…ahem…cough… Any contractor who has had the misfortune of dealing with the Defense Contract Audit Agency (DCAA) likely knows all too well that the agency is the Will Rogers of costs – it never met a cost it didn’t question.  Indeed, DCAA auditors typically question costs with reckless abandon and based often on a patent misreading of applicable regulations.  The net effect, of course, is that contractors have to expend significant time and money trying to explain to boards and courts why DCAA’s auditors are…uh…incorrect as a matter of fact and law.  A recent Memorandum for Regional Directors (MRD) provides some transparency into why this sort of thing happens with unfortunate regularity. Issued on May 14, 2019, the MRD (No. 19-PAC-002(R)), corrects…er…“revises” internal guidance issued in 2014 and 2015 relating to the identification of expressly unallowable costs.  The newly issued memo sets out DCAA’s current stance on identifying expressly unallowable costs under the cost principles codified at Federal Acquisition Regulation (FAR) Part 31 and Defense Federal Acquisition Regulation Supplement (DFARS) Part 231.  This MRD – like all MRDs – is intended to be used as a tool by well-meaning (but often overzealous) auditors when reviewing a contractor’s compliance with federal cost principles.  Contractors should, thus, pay careful attention to this MRD in order to be prepared for questions that may arise during DCAA-led frolics and detours.

Continue Reading

Cybersecurity. It’s never over, is it? In what can only be described as a “soft” release, the Department of Defense (DoD) has slowly and quietly begun to reveal its intent to provide federal contractors with formal cybersecurity certification as early as next year. The program, known as the Cybersecurity Maturity Model Certification (CMMC), is an effort to streamline the acquisition process by providing acquiring agencies and consenting contractors with more exacting cybersecurity requirements for forthcoming acquisitions.

Continue Reading