Skip to content Skip to left sidebar Skip to right sidebar Skip to footer

Tag: compliance

The Rule of Two to Transform Small Businesses

The SBA proposed a rule on October 25, 2024, aiming to transform small business contracting by requiring agencies to apply the “Rule of Two” to task and delivery orders under multiple-award contracts (MACs). The Rule of Two ensures contracts go to small businesses when at least two qualified small firms can meet price, quality, and delivery standards. This rule will apply to orders exceeding the micro-purchase threshold, with exemptions for orders placed under the General Services Administration’s Federal Supply Schedule or in cases where there are supply chain risks or national security concerns. (HSToday.US November 7, 2024)

Driven by concerns over declining small business participation, the SBA estimates this rule could increase small business contracts by $6.1 billion annually. It supports the Biden administration’s goal of 15% federal contract spending with small disadvantaged businesses (SDBs) by 2025. In fiscal 2023, 28.4% of federal contract dollars went to small businesses, yet new entrants to federal contracting have dropped nearly 60% since 2010. (ibid)

The SBA proposal requires agencies to document their decision when they choose not to set aside a contract under the Rule of Two. Agencies must conduct market research, justify their rationale, and coordinate with small business specialists. For orders under MACs with fewer than two small business contract holders, agencies must explain their decision, with exceptions for contracts under the Federal Supply Schedule and other specific exemptions. (ibid)

This proposal builds on a January 2024 memorandum from the Office of Federal Procurement Policy, which directed agencies to document such decisions. The SBA aims to address inconsistencies in applying the Rule of Two, which arose from differing interpretations by the Court of Federal Claims and the GAO regarding its use in MACs.aiming to improve compliance and Public comments are open until December 24, 2024, with the SBA encouraging input from stakeholders. If adopted, the rule promises to level the playing field, boost small business participation, and diversify the federal supply chain. (ibid)

Questions concerning the Rule of Two? Give us a call.

Network Security Big and Small

As many companies have discovered, the Pentagon has increased network security requirements. Small companies are having a tough time with the new rules, as expected, but it appears larger companies are having issues as well. (Government Executive, December 3, 2019)

Some big companies are providing too much data to small subcontractors, which in turn leaves them at risk to foreign hackers. Foreign hackers look at fifth or sixth tier subs to find information — where the biggest “holes” are. (ibid)

In 2016, hackers stole sensitive data on the F-35 Joint Strike Fighter. This is just one of the many cases that prompted the Pentagon to issue new rules for handling sensitive information. By January 1, 2018, all companies doing business with the Pentagon were required to have a plan in place to meet the new standards. (ibid)

In the past, companies needed to only self-certify that they had a plan in place. Unfortunately, no one checked the plans, hence the hacking ensued.

Multi-factor authentication and FIPS-validated encryption seem to be two areas where companies are having a great deal of trouble. Without these working properly, it is much easier for unauthorized access into secure systems.

The Pentagon warned contractors that they will lose business if they and their subcontractors do not meet the updated rules. However, full compliance does not make a company safe from hackers. Individual companies must have an unobstructed view into their own networks as well as ongoing, updated security measures from their subcontractors in order to stay ahead of hackers.

Wondering if you are meeting the Pentagon’s new security rules? We can help you figure it out, give us a call.