CMMC Coming to Solicitations

Cybersecurity Maturity Model Certification (CMMC) requirements may show up in solicitations within six months. (GOVCONWire, May 12, 2020)

A Department of Defense spokesperson expects about 10 DoD RFIs in June to include the new requirements. She said, “As we release the RFIs, we’ll have the certified and trained auditors who will be able to go out to industry and certify companies at the level of maturity required for the work that they’re bidding on.” (ibid)

Additionally, changes to the Defense Federal Acquisition Regulation Supplement 252.204-7012 should be finalized by October. “You will not see the CMMC in any Department of Defense contracts or RFPs until the rule change is completed.” (ibid)

Questions on the Cybersecurity Maturity Model Certification and whether you can bid on upcoming solicitations? Give us a call.

Emergency Rules

Government ontractors and small businesses should be aware of increased opportunities during the current COVID-19 national emergency. The government is permitted, during a national emergency, to set aside solicitations to allow awards “only to offerors residing or doing business primarily in the area affected by …[a] major disaster or emergency.” Contractors can verify if they fall into this category by reviewing Federal Acquisition Regulation 52.226-3(d). (Law360.com, April 13, 2020)

A national emergency declaration allows the government to (restrict) certain solicitations to small businesses in certain areas. These solicitations are either a set-aside or an evaluation preference is given to small businesses. (ibid)

During national emergencies, large contractors should look to team with small businesses, or to current teaming agreements already in place. In addition, contractors who are at the ready to produce/provide goods or services may be called on to contract with agencies to battle COVID-19. (ibid)

Micro purchase thresholds are another acquisition procedure government agencies may use during a national emergency. These allow for a simplified acquisition methodology for specific items or services required under emergency situations, such as the COVID-19 national emergency. (ibid)

State and local governments may also procure under the Stafford Act, wherein state governors request financial relief via federal grants that allow procurement under their own procedures. The Stafford Act authorizes federal contracts for “debris clearance, distribution of supplies, reconstruction, and other major disaster or emergency assistance activities.” In 2006 the Local Community Recovery Act amended the Stafford Act mandating local organizations to be given preference when using full and open competition. The FAR was also amended to align with the Local Community Recovery Act. Under the act, if a contractor does not meet all of the Recovery Act stipulations there are other factors that may be considered. (Contractors may self-certify that they are local.) (ibid)

Other streamlining acquisition procedures are available under federal supply schedule contracts, multi-agency blanket purchase agreements, and multi-agency indefinite-delivery contracts. Additionally, there is an easing of the requirement that a contractor be registered in SAM.gov at the time an offer is submitted to the government. (ibid)

The emergency declaration allows state and local governments to purchase from all GSA schedules. It also encourages accelerated payments to small business contractors.  (ibid)

Additional modified procedures to facilitate swift responses are:

  • Relaxation of qualifications requirements
  • Use of sole-source contracts
  • Use of oral requests for proposals
  • Use of letter contracts
  • Interagency acquisitions
  • Awards to small disadvantaged businesses
  • Retroactive overtime approvals
  • Waivers of bid guarantees when an emergency exists
  • Use of protest overrides where necessary for a contracting process to continue

In order to track procurements related to COVID-19, GSA added a National Interest Action (NIA) code to SAM.gov. To find information on the site, simply type COVID-19 2020 in the search bar. (ibid) Contractors can register with SAM.gov under the disaster response registry, and be sure to monitor the portals most closely aligned to the goods or services you provide.

Have questions about the many opportunities available under the current national emergency? Give us a call.

Easier Contract Awards Paper a Silver Lining

The General Services Administration (GSA), The Department of Veterans Affairs (VA), and IRS raised the micro-purchase threshold (MPT) and the simplified acquisition threshold (SAT) last week, in response to the coronavirus relief effort This allows these agencies to expedite contract award timeframes. (Federal News Network, March 20, 2020)

As required under the 2020 Defense Authorization bill, the Defense Department raised the threshold for sole-source 8(a) contracts up to $100 million as well. The non-emergency threshold for 8(a) contracts is $22 million. (ibid)

GSA and VA have raised their MPT and SAT threshold for purchases both in and outside of the US while the IRS raised theirs for purchases within the US only, to speed up the time it takes to make contract awards.

The MPT is increased to:

  • $20,000 for contracts awarded and performed or purchases made within the U.S.
  • $30,000 for contracts awarded and performed or purchases made outside the U.S.

The SAT is increased to:

  • $750,000 for contracts performed or awarded and purchases made within the U.S.
  • $1.5 million for contracts awarded, performed or purchases made outside the U.S.

The SAT supporting contingency operations or major disaster recovery is increased to $13 million.

All thresholds, in place through at least 30 June, give agencies the ability to be nimble and make purchases quickly. They are “specific to only to support the designated National Emergency COVID-19. FAR Part 6 also provides the opportunity to expedite purchases after justifying exceptions to competition. There may also be opportunities to use existing contracts by negotiating a bilateral modification to allow for additional quantities of goods or a surge for services included in concurrent awards,” according to Angela Billups, VA’s executive director in the Office of Acquisition and Logistics and senior procurement executive. (ibid)

To track acquisition costs for the coronavirus response, the Federal Acquisition Regulations Council set up a new code in the Federal Procurement Data System, P20C. (ibid)

Jeff Koses, GSA’s senior procurement executive stated in a recent memo that local set-aside rules are not applicable because this is a national emergency and not a strictly local one. According to Koses, some exceptions that allow agencies to restrict or limit competition are:

  • phoning a reasonable number of vendors
  • obtaining “on the spot” quotes
  • keeping the period of performance brief (ibid)

The changes to the MPT and SAT were made prior to the Defense Production Act being invoked. The Defense Production Act, authorizes certain agencies providing specific products or services with relation to the coronavirus relief efforts, to move to the front of the line. However, GSA strongly advises contracting officers to verify pricing and contractor details on GSA Advantage and GSA eLibrary. (ibid)

Interested in contracting for relief efforts? Give us a call.

New Cybersecurity Certification Requirements

The Office for the Under Secretary of Defense and Sustainment (OUSD (A&S)) recently released its Cyber Security Maturity model Certification (CMMC). DoD stakeholders, University Affiliated Research Centers (UARCs), Federally Funded Research and Development Centers (FFRDCs) and the Defense Industrial Base (DIB) all had a hand in developing the CMMC model. This model measures cybersecurity maturity using five levels (from basic to advanced) and aligns a set of processes and practices with the type and sensitivity of the information to be protected and any associated threats to that information. (CMMC Model v1.0, January 30, 2020)

DoD’s CMMC enhances the protection of:

  • Federal Contract Information (FCI) provided or generated by the government, but not intended for public release
  • Controlled Unclassified Information (CUI), which requires safeguarding or dissemination consistent with laws, regulations and government-wide policies. (ibid)

The CMMC model includes the safeguarding requirements for FCI spelled out in FAR clause 52.204-21 and the security requirements for CUI stated in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 per DFARS clause 252.204-7012 [3,4,5].

Included in the CMMC model is a certification piece verifying the implementation of cybersecurity maturity measure processes and practices. This is intended to deliver assurance to the DoD that contractors and subcontractors can sufficiently protect CUI at a level equal to the risk. (ibid)

To obtain a full overview of the CMMC Model, domains, practices, and processes, please review the Cybersecurity Maturity Model Certification.

Have questions about the effect on your current contract or one in works? Give us a call.

FAR 51 Deviation Authority is expired!

Here’s what you need to know.  Contracting officers were permitted to give contractors access to the Federal Supply Schedule (FSS) and GSA Global Supply Programs if appropriate, for the fulfillment of their agency requirements. They used the FAR 51 Deviation Authority vehicle for this purpose. On 23 October, the FAR 51 Deviation expired. It will no longer be used on orders placed after this date. Under Refresh 1, clause CI-FSS-056 Federal Acquisition Regulation (FAR) Part 51 Deviation Authority (Federal Supply Schedules) (Jan 2010) is deleted.

In lieu of FAR 51 Deviation, agencies may use Order Level Material (OLM) procedures to acquire other direct costs (OCDs) and material support items to meet specific order requirements. Additional information for OLMs may be found at www.gsa.gov/olm.

Many question if a contracting officer can issue a letter of authority (required by the Deviation) anytime during the life of the order, if the order or BPA was awarded on or before 23 October 2019. The short answer is yes, as long as the order was issued prior to the 23 October Deviation expiration date. However, if the BPA was awarded prior to then, and subsequent award terms were awarded after 23 October, those subsequent award terms may not use the deviation.

Wondering if you are grandfathered in and still able to take advantage of the FAR 51 Deviation Authority? Give us a call.