Skip to content Skip to left sidebar Skip to right sidebar Skip to footer

Small Business

BAA TAA SBA Huh?

It appears the Buy American Act (BAA) and the Trade Agreements Act (TAA) may, under certain instances, actually reduce the federal market accessibility for US manufacturers. (Federal News Network, October 28, 2019)

In order to be considered for a small-business set-aside, end-items must be manufactured in the U.S. Or the company can qualify as a non-manufacturer (13 CFR 121.406) if:

  • The company is principally engaged in the retail or wholesale  of the product and normally sells the type of product being supplied
  • The company takes ownership of the item with its personnel, equipment or facilities consistent with industry practice and
  • The company supplies the end item of a small business manufacturer, processor or producer made in the U.S. or obtains a waiver of the requirement. (ibid)

Non-manufacturers may receive an individual waiver if the Small Business Administration (SBA) accepts the contracting officer’s determination that no small business manufacturer “reasonably can be expected to offer a product meeting the solicitation specifications.” Additionally, the SBA Administrator may provide a class waiver if she determines that no small business manufacturer “product or class of products is available to participate in the Federal procurement market.”

Of course, TAA restricts product acquisition to manufacturers in the U.S. and certain “designated countries,” (those companies that have a Free Trade Agreement with the U.S. or participate in the World Trade Organization Government Procurement Agreement (WTO GPA)). Therefore, products from non-signatory countries such as China are ineligible for award.  Per FAR 25.101(a), BAA restricts the purchase of non-domestic end-products as well. Some exceptions provide more access to foreign end-products than under the TAA; for instance, BAA makes exceptions where the domestic offer is not the low offer (FAR 25.103) as well as in certain instances of public interest for non-availability in the U.S., and at an unreasonable cost. (ibid)

TAA does not apply to small business set-asides, FAR 25.401, leaving the BAA in place. The waiver of the non-manufacturer rule for a set-aside gives a somewhat illogical result. This makes the TAA inapplicable to set-asides, and the BAA applicable to set-asides where the non-manufacturer rule has been waived. This might result in the Government purchasing an item, such as a medical/surgical product, manufactured in a non-designated country that has subsidized its price to assure the product’s selection. Therefore, the intended law restricting non-domestic products actually facilitates more access to those products. This includes products of manufacturers from non-designated countries, rather than providing controlled access over non-domestic end-products. (ibid)

Ultimately, this could harm small and non-small manufacturers producing domestically. This may also open up small business set-asides to products made in China that would otherwise be ineligible for purchase if the TAA applied. A good deal more statutory guidance and analysis are warranted. (ibid)

Do you have questions about your compliance obligations under an upcoming proposal or current contract? Give us a call.

Modernizing and Funding IT

GSA will continue IT modernization through the new fiscal year, according to Suzette Kent, Federal Chief Information Officer, and Emily Murphy, GSA Administrator. (Federal Times, October 21, 2019)

While Kent and Murphy were speaking at the American Council for Technology-Industry Advisory Imagine Nation conference, the Technology Modernization Fund (TMF), announced $8 million of funding to be made available for the Department of Agriculture and $4 million for the Equal Employment Opportunity Commission (EEOC). (TMF provides funding to agencies for IT projects.) TMF recently granted GSA $20 million for its New Pay HR system.

The EEOC will implement a Cloud-based charge and case management system while the Agriculture project will replace an outdated, manual IT system used for food inspection and certification. Both of these systems have thousands of touch points around the country. The Office of Management and Budget has said both agencies will leverage modern commercial capabilities to move their digital modifications. (ibid)

Interested in the upcoming GSA RFQ or DoA or EEOC opportunities? Give us a call.

Cybersecurity Knowledge for Free

Who should understand cybersecurity? According to the Department of Homeland Security, everyone.  Whether or not you work in IT,  a basic understanding of cybersecurity is necessary. Now, thanks to the National Security Agency (NSA) and Penn State University, you can learn online at no charge. (Federal News Network, October 11, 2019)

NSA and Penn State, as part of an undertaking directed by the Department of Homeland Security, have created an online course to educate people on cybersecurity operations, law, and policy. Geared toward non-lawyers, no technical background is required. The entire course can be taken as a whole or in modules. In addition, anyone interested in the course can teach it or take it. It is offered through the Clark Center, with a variety of other cybersecurity courses.

The course begins with an overview of the U.S. government and the legal system and how they operate, providing a legal framework around cyber operations and cybersecurity. It gives similar overviews of technology concepts, then steps into the legal foundations for modern cyber law and policy focusing on the Constitution and the Bill of Rights and their application to these concepts. 

The third and final module reviews cyber operations. This is taught as a cyber threat response framework using real-world cases to keep students engaged. Many examples are taken from actual current events and show how domestic law, national security, and technology intersect. (ibid)

Wondering if you should hone up on your cyber education? Give us a call and we can discuss it with you.

CMMC a Plus for Small Businesses?

Katie Arrington, on staff  with the Undersecretary of Defense for Acquisition and Sustainment believes nation-states are actively targeting small businesses digitally. And, she says, we are losing the battle of cyberattacks. (Fifth Domain, October 8, 2019)

According to Arrington, rivals cost the US an estimated $600 billion per year and 5G will multiply that number exponentially by 2025. As a result, Arrington believes the cybersecurity maturity model certification (CMMC) is actually intended for small businesses. (ibid)

CMMC grades company cybersecurity on a scale of one (least secure) to five (most stringent). Small businesses must comply with a tiered rating structure. So a company offering cleaning services may need only comply with CMMC level one while an engineering firm is held to level four

Arrington says that CMMC levels the playing field. Old compliance standards allowed companies to perform their contracts while working on their plan of action to become technically acceptable. This left sensitive systems that require additional security controls vulnerable and with weak spots. Many small businesses do not have the resources to obtain a high CMMC level, ultimately limiting competition in the marketplace; others fear the costs will be so high, that small companies will be priced out of the marketplace and limit their ability to compete on government contracts. 

The most recent Navy breaches targeted contractors without classified information per se, but taken in total the data disclosed sensitive capabilities. This is exactly what the CMMC framework addresses. (ibid)

Requests for proposals are expected to include CMMC requirements, as early as fall 2020.

Questions about CMMC requirements? Give us a call.