Skip to content Skip to left sidebar Skip to right sidebar Skip to footer

Contract management

DUNS is done!

For roughly 57 years, DUNS numbers, created by Dun & Bradstreet, have been the official entity verification for government contractors and private industry.  It was indexed in the Federal Acquisition Regulation (FAR) in 1998. GSA, the administrator of the program, issued an RFP in 2019, to replace DUNS. Ernst & Young was awarded the new contract, this past March. (Nextgov, July 2019)

What does this all mean? For starters, Ernst & Young will be responsible for administering a new “Unique Entity ID” as well as managing the transition from DUNS. Every organization, including vendors, grantees, and coops doing business with federal agencies will have a new, 12 character identifier, 3 characters longer than the current DUNS number. The Unique Entity ID  is a mix of numbers and letters following a specific set pattern.

A new process is also effective with the updated verification number. Organizations will request a Unique Entity ID when registering with SAM.gov, instead of  applying through a vendor such as Dun & Bradstreet.  To assist with the transition, GSA has released the Unique Entity ID Standard, set up a virtual meeting for July 25, and created a webpage dedicated to the transition for those who would like to know more. (ibid)

The Unique Entity ID is structured to avoid confusion with the old numbers, tax ID numbers and Commercial and Government Entity (CAGE) codes. All systems using the current 9 digit format will require an update to use the longer Unique Entity ID number. (ibid)

Questions about the new Unique Entity ID? Wondering what to do with your old DUNS and how it affects your current contract or one you are bidding on now? Give us a call and we can explain.

 

Scrubbing the FAR

The Federal Register Publications requests comments on the following three proposed Federal Acquisition Regulation (FAR) rules:

  1. FAR Case 2015-002 – the rule proposes to amend the FAR to require electronic submission of DD Form 254, Contract Security Classification Specification. This form is used to communicate security requirements to contractors when the performance of contract requirements requires access to classified information and the form acts to automate processes and workflows. (This form is also used by prime contractors to communicate in the same manner to subcontractors.) Comments should be submitted by September 10, 2019, via the Federal eRulemaking portal. (Acquisition.gov)
  2. FAR Case 2018-007 – the rule proposes to amend the FAR  by revising thresholds subject to inflation adjustments so that the periodic inflation adjustments will apply to existing contracts and subcontracts that contain the revised clauses. The next rule raising thresholds for inflation is planned to go into effect, October 2020. Comments are due by August 23rd, via the Federal eRulemaking portal. (Acquisition.gov)
  3. FAR Case 2018-003 – the rule proposed by NASA, GSA, and DOD is to amend the FAR to implement section 1614 of the National Defense Authorization Act for the Fiscal year 2014 and regulatory changes made by the Small Business Administration (SBA). (Section 1614 addresses credit for lower-tier small business subcontracting.) (ibid) 

Additionally, the following are up for review.

  • Section 1614 of the NDAA for FY 2014 amended the Small Business Act when a prime contractor has an individual subcontracting plan for a contract with a single executive agency, the prime contractor receives credit towards its subcontracting goals for awards made to small business concerns at any tier by subcontractors with individual subcontracting plans. Additionally,  section 1614 provides new assurances for offerors relating to activities to be performed by the contractor to monitor the performance of subcontractors subcontracting plans, and by subcontractors to monitor the performance of their subcontractors subcontracting plans. Section 1614 requires the contractor to demonstrate procedures established to ensure subcontractors at all tiers comply with their subcontracting plans. Section 1614 also revised the definition of “subcontract” in the Small Business Act. (Acquisition.gov)
  • Per SBA’s final rule, the prime contractor’s performance under an individual subcontracting plan will be evaluated based on its combined performance under the first-tier and lower-tier goals. Additionally, the final rule implements the statutory requirements related to the new assurances and written statement to be included in subcontracting plans. Comments are due by August 26th via the Federal eRulemaking portal. (regulations.gov)

Working through how these FAR changes will affect your current contract, or future bidding/contracts? Give us a call and we can explain.

Modding the Mods

Sign of things to come? Who knows. But if your GSA Schedule falls under Region 2 (the Northeast and Caribbean), new required interactive modification templates have been released. Schedules affected include:

  • 00CORP
  • 738 X
  • 736
  • 67
  • 75
  • 76
  • 81 I B

With the new one-Schedule-fits-all release in less than three months, we’re betting this new method for submitting mods will take over all Schedules sooner rather than later.

Got questions? Give us a call!

Line Item: Cybersecurity

We knew it would eventually happen. DoD is finally looking to permit cybersecurity costs as “allowable” on certain types of government contracts. (Federal News Network, June 2019)

Katie Arrington, the special assistant to the Assistant Secretary of Defense for Acquisition for Cyber in the Office of the Under Secretary of Acquisition and Sustainment in DoD, recently spoke at the Professional Services Council (PSC) gathering in Virginia. Ms. Arrington is the lead for the DoD effort to develop and institutionalize the new Cybersecurity Maturity Model Certification (CMMC) standard for vendors. She told attendees that she wants to enact a legitimate standard for cybersecurity allowable costs. (ibid)

During a recent webinar, Arrington spoke about cyber attacks and the need for the defense industrial base to defend themselves against nation-state attacks. DoD is aiming at not just it’s 200,000 prime contractors but all vendors (approximately 300,000) that comprise the DoD supply chain. (ibid)

Arrington is working with the Johns Hopkins University Applied Physics Lab and Carnegie Mellon University’s Software Engineering Institute to generate initial requirements. The draft will require DoD vendors to be certified through third-party assessment organizations. The standard incorporates existing requirements from NIST, the Federal Risk Authorization Management Program (FedRAMP), and other models.  (ibid)

Arrington expects DoD to carry out 12 webinars across the country over the summer. She aims to receive feedback from industry experts with a draft standard by the end of summer and third-party assessors to start certifying vendors in January. (CMMC requirements will be added to requests for information by June of 2020 and become a standard in solicitations by September 2020.) (ibid)

According to Alan Chvotkin, senior vice president and general counsel for PSC, the certification of contractors will be a very competitive discriminator in the marketplace. His main concern is whether DoD will only certify the big six contractors and what is going to take place for the prime and a subcontractor. (ibid)

Congress recognizes that risks to the supply chain need to be reduced. The Senate version of the 2020 National Defense Authorization Act, includes a provision requiring DoD to move to a broader cybersecurity standard with its contractors. Currently, DoD mandates defense contractors meet the requirements of NIST Special Publication 800-171; however, there is no current audit for compliance. Oversight of subcontractors by prime contractors is also a reasonable concern as is the lack of information available on subcontractors. The committee feels prime contractors should be held responsible and accountable for securing DoD technology and sensitive information and ultimately delivering uncompromised products and capabilities. This is seen as a first step in securing the supply chain. (ibid)

The Senate Armed Services Committee (SASC) believes DoD should provide direct technical assistance to contractors, based on risk, and in such a way as to not harm the industrial base while at the same time providing incentives/penalties for non-compliance of vendors’ cyber performance. DoD is being asked to provide the SASC with a briefing by March of 2020 and quarterly briefings on how the standard is being implemented by both vendors and the DoD. (ibid)

Although security has always been an allowable overhead cost, it will now be used as an incentive to get vendors to more quickly align themselves to the CMMC standard. The incentive doesn’t force companies to trade off security for other expenses. It appears the government will offer some reimbursement for some share of the cost, hopefully bringing all vendors up to the same level. (Firm-fixed-price contracts do not fall under the allowable cost umbrella in the same manner, as cyber is counted as general overhead in the final cost to the government.) (ibid)

Eager to learn a little more about the cyber standard and how it might affect your current contract or an upcoming bid? Give us a call at 301-913-5000.

 

 

Self Certification — No More ;-(

The 2015 National Defense Authorization Act mandated that the Small Business Administration (SBA) discontinue self-certification of women-owned and other small businesses. In 2020, SBA plans to finalize a self-certification rule that closes a loophole allowing participants in the SBA’s Women-Owned Small Business (WOSB) program to self-certify. (Federal News Network, June 2019)

Approximately one-quarter of all federal contracts are held by small businesses, which over the past six years has helped federal agencies to  exceed  SBA’s governmentwide small business contracting goal. This year’s spending of more than $120 billion on small business contracts surpasses last year’s spending by nearly $15 billion.

The Government Accountability Office reported in March that almost 40 percent of WOSB-certified businesses were ineligible. Meanwhile, SBA’s Office of Inspector General June 2018 audit found 89 percent of sole-source (50 out of 56 contracts) did not meet all program criteria. Basically, there is currently no way to know if the contracts, listed in the chart below, were actually eligible for the sole-source awards. (ibid)

Rob Wong, SBA’s associate administrator of the Office of Government promotes a formal certification to  give the program some much-needed integrity. Wong said, “simply put, the wrong companies were receiving our contracts, we want to make sure that, if a company receives a contract through these programs, they’re actually eligible to receive it.” (ibid)

SBA has subsequently published a proposed rule in the Federal Register eliminating self-certification and providing a free online certification application to WOSB. Comments on the proposed rule are being accepted until July 15. In Wong’s opinion, it is high time to streamline the vetting process for the many other set-aside programs, all of which have different sets of eligibility criteria. Wong feels that going to three formal certifications for 8(a), Historically Underutilized Business Zones, women-owned, and service-disabled veterans will unify the processes. The rule with set-aside screening is expected to take a year for the changes to take effect. (ibid)

Do you have questions about the new certification process and how it may affect your current contract or an upcoming opportunity? Give us a call at 301-913-5000.