Cybersecurity

CARES Funds Available For Contractors

The Office of Management and Budget (OMB) recently published a supplement to Section 3610 of the CARES Act that allows contractors sick or paid time-off during the national emergency if contractors are not able to access their worksites or telework. (Government Executive, April 17, 2020)

At this time, maximizing telework is advised; however, many contractor jobs involve sensitive and/or classified work, making telework not feasible. Trade associations realized this pretty quickly and asked for additional clarification of the Act. For these specific contractors, agencies are allowed to “modify the terms and conditions of a contract, or other agreement to reimburse at the minimum applicable contract billing rates up to an average of 40 hours per week for any paid leave (including sick leave) a contractor provides to keep its employees or subcontractors in a ready state.”

In addition to the paid leave/sick leave clarification, the updated guidance allows agencies to reimburse contractors from the 27 March (when the CARE Act was signed) through 30 September 2020. The original bill did not include a start date. (ibid)

OMB, via the Office of Federal Procurement Policy, developed a guide to assist agencies when working with contractors to ensure the correct documentation is submitted for proper reimbursement. (ibid)

Don’t know where to start the process of getting paid during this national emergency? Give us a call.

Subcontractor Multifactor Authentication In 5,4,3,2…

By the end of April, all eSRS and FSRS logins will require multifactor authentication. (gsa.gov)

What do you need to do? No action if you use the same email address to log into eSRS.gov or FSRS.gov and login.gov. However, if you use a different email address for your login.gov account than for eSRS and FSRS, you must create a new/different login.gov account that matches the eSRS/FSRS email address. (ibid)

Without matching email addresses data from all accounts won’t connect to login.gov. In addition, you must have a working phone number. Login.gov will send you a security code each time you log in as part of the multifactor authentication. The two-factor authentication is an additional level of security making it that much more difficult for a hacker to obtain unauthorized access to your account.

Your eSRS.gov and FSRS.gov account information will not change. Having the same login.gov email address simply gives you access to all of your records. Additionally, organizations will no longer be able to use one account for multiple users; login.gov requires individual accounts. These changes are all part of adding levels of security to not only protect the government but the security of your records as well. (ibid)

Not sure how to login to your eSRS.gov or FSRS.gov account? Give us a call.

Emergency Rules

Government ontractors and small businesses should be aware of increased opportunities during the current COVID-19 national emergency. The government is permitted, during a national emergency, to set aside solicitations to allow awards “only to offerors residing or doing business primarily in the area affected by …[a] major disaster or emergency.” Contractors can verify if they fall into this category by reviewing Federal Acquisition Regulation 52.226-3(d). (Law360.com, April 13, 2020)

A national emergency declaration allows the government to (restrict) certain solicitations to small businesses in certain areas. These solicitations are either a set-aside or an evaluation preference is given to small businesses. (ibid)

During national emergencies, large contractors should look to team with small businesses, or to current teaming agreements already in place. In addition, contractors who are at the ready to produce/provide goods or services may be called on to contract with agencies to battle COVID-19. (ibid)

Micro purchase thresholds are another acquisition procedure government agencies may use during a national emergency. These allow for a simplified acquisition methodology for specific items or services required under emergency situations, such as the COVID-19 national emergency. (ibid)

State and local governments may also procure under the Stafford Act, wherein state governors request financial relief via federal grants that allow procurement under their own procedures. The Stafford Act authorizes federal contracts for “debris clearance, distribution of supplies, reconstruction, and other major disaster or emergency assistance activities.” In 2006 the Local Community Recovery Act amended the Stafford Act mandating local organizations to be given preference when using full and open competition. The FAR was also amended to align with the Local Community Recovery Act. Under the act, if a contractor does not meet all of the Recovery Act stipulations there are other factors that may be considered. (Contractors may self-certify that they are local.) (ibid)

Other streamlining acquisition procedures are available under federal supply schedule contracts, multi-agency blanket purchase agreements, and multi-agency indefinite-delivery contracts. Additionally, there is an easing of the requirement that a contractor be registered in SAM.gov at the time an offer is submitted to the government. (ibid)

The emergency declaration allows state and local governments to purchase from all GSA schedules. It also encourages accelerated payments to small business contractors. (ibid)

Additional modified procedures to facilitate swift responses are:

Relaxation of qualifications requirements
Use of sole-source contracts
Use of oral requests for proposals
Use of letter contracts
Interagency acquisitions
Awards to small disadvantaged businesses
Retroactive overtime approvals
Waivers of bid guarantees when an emergency exists
Use of protest overrides where necessary for a contracting process to continue

In order to track procurements related to COVID-19, GSA added a National Interest Action (NIA) code to SAM.gov. To find information on the site, simply type COVID-19 2020 in the search bar. (ibid) Contractors can register with SAM.gov under the disaster response registry, and be sure to monitor the portals most closely aligned to the goods or services you provide.

Have questions about the many opportunities available under the current national emergency? Give us a call.

More COVID-19 Guidance

Last week the Office of Management and Budget (OMB) updated its agency guidance for federal contractors, as a response to the COVID-19 pandemic. The three main takeaways are:

Agencies are encouraged to work with their contractors to allow for the maximization of telework.
Agencies must be flexible providing extensions to performance dates if working virtually isn’t possible or if a contractor must quarantine. Agencies should also weigh whether to keep key personnel in a mobile-ready state for national security measures.
Agencies are urged to leverage the special emergency procurement authorized in connection with the emergency declaration under the “Stafford Act”. These include increases to: the micro-purchase threshold; the simplified acquisition threshold; and the threshold for using simplified procedures for certain commercial items. These are designed to reduce discord for contractors, especially small businesses, allowing for a more rapid response to the increasing demands agencies face. (Nextgov, March 22, 2020)

The agency guidance comes after trade groups and lawmakers strongly voiced the need for contractor guidance. The updated guidance includes a section of frequently asked questions, including contractor exposure to COVID-19. (ibid)

OMB also issued technology guidance for use during the COVID-19 national emergency. The technology guidance also includes a FAQ section, with steps to ensure IT and cybersecurity measures are met while working remotely. It urges agencies to continue updating their websites to enable public access to government services.

Need some help figuring out OMBs agency guidance for contractors? Give us a call.

New Cybersecurity Certification Requirements

The Office for the Under Secretary of Defense and Sustainment (OUSD (A&S)) recently released its Cyber Security Maturity model Certification (CMMC). DoD stakeholders, University Affiliated Research Centers (UARCs), Federally Funded Research and Development Centers (FFRDCs) and the Defense Industrial Base (DIB) all had a hand in developing the CMMC model. This model measures cybersecurity maturity using five levels (from basic to advanced) and aligns a set of processes and practices with the type and sensitivity of the information to be protected and any associated threats to that information. (CMMC Model v1.0, January 30, 2020)

DoD’s CMMC enhances the protection of:

Federal Contract Information (FCI) provided or generated by the government, but not intended for public release
Controlled Unclassified Information (CUI), which requires safeguarding or dissemination consistent with laws, regulations and government-wide policies. (ibid)

The CMMC model includes the safeguarding requirements for FCI spelled out in FAR clause 52.204-21 and the security requirements for CUI stated in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 per DFARS clause 252.204-7012 [3,4,5].

Included in the CMMC model is a certification piece verifying the implementation of cybersecurity maturity measure processes and practices. This is intended to deliver assurance to the DoD that contractors and subcontractors can sufficiently protect CUI at a level equal to the risk. (ibid)

To obtain a full overview of the CMMC Model, domains, practices, and processes, please review the Cybersecurity Maturity Model Certification.

Have questions about the effect on your current contract or one in works? Give us a call.

Cybersecurity

CARES Funds Available For Contractors

Emergency Rules

More COVID-19 Guidance

New Cybersecurity Certification Requirements

Testimonial 1

Testimonial 2

DOW Testimonial

NIC Testimonial

Crucible Testimonial

ADDRESS

NAVIGATION

MISSION