Helping individuals, companies, and organizations understand key legal and practical considerations for promoting compliance and making better business decisions in these types of federal, state, and local government contracting matters MORE

Lovers of consistency, rejoice! After a few years of administering two separate, yet substantially similar mentor-protégé programs, the Small Business Administration (SBA) has proposed a rulemaking to consolidate the 8(a) Business Development (BD) Mentor-Protégé Program and the All Small Mentor-Protégé Program. On November 8, 2019, SBA published the Consolidation of Mentor Protégé Programs and Other Government Contracting Amendments in the Federal Register. 84 FR 60846.

Most notably, SBA’s proposed rulemaking amends numerous rules to merge its mentor protégé programs. The 8(a) BD and All Small Mentor-Protégé Programs have the same purposes and offer similar benefits. Both are intended to allow approved mentors to enhance the capabilities of protégés by aiding the protégés in competing for government and commercial contracts. Protégés in both programs benefit from business development assistance. Further, joint ventures formed between a mentor and protégé are exempt from affiliation based on joint venturing, so that the joint venture should qualify for small business set-aside awards provided the protégé individually qualifies as small under the applicable size standard. With these big picture similarities in mind, SBA recognizes that navigating the various requirements of the current mentor protégé programs can be confusing and burdensome for both contractors and the Government.

The following highlights the noteworthy aspects of the proposed changes:

  • Eliminates the separate 8(a) BD Mentor-Protégé Program – The proposal revises the applicable rules to recognize that an 8(a) participant is just as any other small business, merging the 8(a) BD Mentor Protégé Program into the All Small Business Mentor-Protégé Program. Further, to effectuate this streamlining, SBA would eliminate the requirement that it must approve joint ventures in connection with sole source 8(a) awards, as it does not currently require prior approval of joint ventures in any other context.
  • Amends requirements for joint ventures – The current rule limits the scope and duration of joint ventures to no more than three contracts over a two year period. The revised rule would eliminate the three contract limit, allowing joint ventures to be awarded any number of contracts within two years from the date of its first contract award.
  • Considers limiting mentors based on annual revenue – SBA is considering whether to restrict the size of mentors to firms having average annual revenues of less than $100 million. While SBA is focused on advancing the business of the protégé, based on recommendations of “mid-size” firms, SBA is considering whether small businesses would be better served by having business development assistance from mentors that are size-limited in this way.
  • Ensures NAICS code of task order issued under a Multiple Award Contract (MAC) reflects order – Currently, if a MAC is assigned a NAICS code, that code flows down to each order under the MAC, even if, for example the underlying MAC’s NAICS code is for services, and the order is for supplies. Instead of merely allowing the flow down of NAICS codes from the MAC to the particular order, which can result in firms qualifying as small for a particular procurement where they shouldn’t, the proposed rule would require that the NAICS code for each task order accurately reflects the contract and order being awarded and performed.
  • Requires recertification of size and/or socioeconomic status for certain MACs – Other than for orders or Blanket Purchase Agreements issued under a Federal Supply Schedule (FSS) contract, SBA would require recertification of size status where there is an order placed under an unrestricted MAC set aside exclusively for small businesses. Further, the proposed rule requires recertification of socioeconomic status where the required status for an order differs from that of the underlying MAC.
  • Authorizes size and/or socioeconomic status protests for certain MACs – The proposed rule specifically authorizes size and/or socioeconomic eligibility protests relating to set-aside orders based on a different size and/or socioeconomic status from the underlying MAC. This change would allow protests where the set-aside is for small business and, if protesting size eligibility, the underlying MAC was awarded on an unrestricted basis. This rule allowing size and/or socioeconomic protests relating to orders would not apply to orders against Blanket Purchase Orders or Federal Supply Schedule contracts.

SBA is accepting comments on this proposed rulemaking received on or before January 17, 2020.

Previously we reported on the Department of Defense (‘DoD”) efforts to develop a Cybersecurity Maturity Model Certification (“CMMC”) program to verify the status of contractor cybersecurity and compliance. The CMMC program contemplates that third party auditors will be qualified and retained to review and certify contractors and suppliers at all tiers on their levels of compliance with the CMMC. It is anticipated that, as part of the CMMC roll out, cybersecurity requirements and evaluation criteria will be included in future procurements starting in the Fall of 2020. These CMMC certifications will be used to establish whether an entity meets the foundational level of cybersecurity required for a particular DoD procurement.

DoD still plans to issue the CMMC in final form by January 2020 and to identify third party certifiers to conduct the CMMC certifications for planned roll out of CMMC provisions in Fall 2020. DoD scheduled a CMMC Accreditation Body Kickoff meeting for interested organizations and/or individuals for November 19, following its issuance of an RFI for information on “how to define the long-term implementation, execution, sustainment and growth of the CMMC Accreditation Body.”

More than 2000 comments were submitted in response to the publication of the initial draft CMMC, Version 0.4. In lightning speed, the DoD has turned around the draft and issued the next version of the draft CMMC. Version 0.6 of the CMMC was issued on November 7, 2019. That new version of the draft CMMC covers 17 domains (Access Control, Asset Management, Audit and Accountability, Awareness and Training, Configuration Management, Identification and Authentication, Incident Response, Maintenance, Media Protection, Personnel Security, Physical Protection, recovery, Risk Management, Security Assessment, Situational Awareness, System and Communications Protections System and Information Integrity) and addresses the processes and practices required for levels 1 through 3. DoD advises that it is still working through the comments relating to the higher level certification processes and practices for levels 4 and 5 and that it will issue a follow-on draft addressing those additional levels in the near future.

The latest revisions to the draft CMMC, Version 0.6, make clear that each security level builds on and includes the requirements contained in the lower security level. Thus, Level 1 includes an initial set of practices and processes and Level 2 includes these Level 1 processes and procedures as well as others. Level 2 is classified as a level to assist the contractor in preparing for its transition and compliance with Level 3 requirements, the level that contains the full set of security controls, practices and processes required by NIST SP 800-171, which has been the base standard for cyber security at DoD under DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting.

The draft also references prior statements that levels 4 and 5 will contain additional security controls in order to promote increased protection for critical DoD programs.

The draft CMMC does not, however, answer a number of key questions, including:

  • Will there be programs and contracts that will be subject to the limited level 1 standard? Or will this level be reserved for potential subcontractors that won’t develop or be required to have access to controlled unclassified information (CUI)?
  • Will level 2 be used for the issuance of prime contracts?
  • Will DoD require contractor certification as a foundational precondition to competing in a procurement, or will it allow a contractor to compete subject to successful certification by the start of performance?
  • Must a subcontractor be certified at the same level as that required of the prime contractor for a particular program? When does the subcontractor need to be certified?
  • Will DFARS 252.204-7008, 252.204-7009 and 252.204-7012 be modified or phased out when CMMC goes live?
  • Will there be a pilot period under which the DoD will ramp up its requirements and contractor CMMC certification?
  • How long will the process of obtaining a CMMC certification be?

There are many other questions that will need to be answered before CMMC is implemented. DoD has committed to engaging in formal rulemaking for the CMMC program. However, it has also said that it intends to move forward with an interim rule pending that process.

Given the direction and speed with which CMMC is heading our way, contractors should be looking at whether these draft CMMC processes and practices can be accomplished. Potential opportunities to comment on the draft and during the rulemaking should be considered. In addition, contractors should be taking steps now to prepare for CMMC, including examining what it will take for them to be certified and the level of readiness of their supply chains. Since the current rule indicates that NIST SP 800-171 will apply to levels 3, 4 and 5, and parts of it will apply to the lower levels, contractors might look at how they marry up with those requirements and what would be needed for them to address likely gaps in compliance. Contractors also should be thinking about what they will need from their suppliers and lower level subcontractors, and how they may be able to obtain the information needed to determine whether these supply chains will be able to meet these requirements.

Sound cybersecurity throughout the supply chain is the DoD’s goal. Stay tuned for the next round of CMMC and future rulemaking.

When the FY2017 National Defense Authorization Act (NDAA) was enacted, the prohibition in Section 813(c) against the use of lowest price technically acceptable (LPTA) source selection criteria seemed fairly cut and dry. As time passes and procuring agencies adopt new evaluation schemes, however, the parameters of the prohibition are being tested. The recent Government Accountability Office (GAO) decision in Inserso Corporation, B-417791, B-417791.3 (November 4, 2019) is a case in point.

The matter involved the terms of a Request for Quotations (RFQ) issued by the Department of the Air Force for information technology (IT) and cybersecurity services. Under the RFQ, quotations were to be evaluated using technical acceptability, past performance, and price factors. The RFQ provided that the agency would first rank quotations according to price, from lowest to highest, then evaluate the five lowest-priced quotations as either technically acceptable or unacceptable. Only technically acceptable quotations would proceed to be rated under the past performance factor and a performance confidence assessment rating would be assigned to each. Then the agency would make an award decision based upon a price/past performance best value trade-off. Only quotes deemed to be technically acceptable would be eligible for award.

Inserso Corporation protested the RFQ, asserting that the agency was using lowest-priced, technically acceptable (LPTA) award criteria in violation of Section 813(c) of the FY 2017 NDAA, which states that, “To the maximum extent practicable, the use of [LPTA] source selection criteria shall be avoided in the case of a procurement that is predominately for the acquisition of [among other things] information technology services, cybersecurity services, . . . or other knowledge-based professional services.” According to Inserso, the agency would use LPTA criteria in the solicitation because the RFQ fails to provide for a tradeoff between price and technical factors. Inserso interprets the RFQ evaluation criteria to require an agency—in procurements for IT services—to affirmatively use a tradeoff between price and technical factors as the basis for award and not eliminate offers without making a tradeoff between technical factors and price. In other words, ranking offerors by price and evaluating the five lowest-priced offerors for technical acceptability, as the agency planned to do here, should be deemed to be an improper use of LPTA criteria under Inserso’s approach.

The Air Force countered that its solicitation does not violate Section 813(c) because it does not utilize lowest-priced, technically acceptable source selection criteria (as defined in FAR 15.101-2) as the basis for award—and because it is performing a best-value tradeoff, but that tradeoff is between price and past performance instead of price and technical factors.

In response to Inserso’s multiple supporting citations and arguments, the GAO found Inserso’s interpretation of Section 813 reasonable. However, although there was no dispute that the Air Force was conducting the procurement using technical acceptability and price as elements in a price versus past performance tradeoff, the GAO still concluded that the agency did not violate Section 813(c) of the FY 2017 NDAA. The GAO’s analysis continues the established precedent to afford the agency broad discretion so long as its interpretation is reasonable and based on a permissible construction of the statute. Where, as here, an agency’s statutory interpretation is found reasonable, the fact that there are alternative interpretations of the statute is irrelevant, even if these alternative interpretations are also reasonable.

The GAO noted that the protester had not identified anything in Section 813 or in regulations that specifically preclude the RFQ’s selection criteria. As a result, it held that the RFQ’s evaluation scheme, which uses a price/past performance tradeoff as the basis of source selection, does not violate procurement law. Going forward, offerors should expect to see more creative uses of evaluation criteria by agencies—and to have less opportunity to challenge them as violating Section 813 of the FY2017 NDAA.

Disappointed offerors sometimes attempt to challenge contract awards by arguing that the agency did not properly take into account a particular aspect of their proposals. As the recent Government Accountability Office (GAO) decision in Red River Science & Technology, LLC, B-417798.2 (October 24, 2019) makes clear, however, protesters need to make sure that their proposal supports their argument in the context of the solicitation. The GAO will likely not reward a challenge that attempts to “rewrite” the proposal to support the asserted protest grounds.

The procurement involved the issuance of an order by the Department of the Army, Army Materiel Command for maintenance, supply, and transportation logistics support services at Fort Jackson, South Carolina. The underlying solicitation stated that the Army would make award based on three factors: (1) technical acceptability; (2) past performance; and (3) cost/price. Under the solicitation, the Army was to first evaluate proposals for technical acceptability on a pass/fail basis, then evaluate the three lowest-priced offerors under the past performance factor. The past performance evaluation was to entail “a qualitative assessment of the past performance of recent and relevant contracts performed by the offeror, and by any subcontractors proposed to perform 20 percent or more of the total proposed cost/price.” The Army would then assign the three lowest-priced, technically acceptable offerors a past performance confidence rating, the highest of which was “substantial confidence,” and identify the lowest-priced firm with a past performance rating of substantial confidence. If none of the technically acceptable offerors received a substantial confidence rating, the solicitation required the Army to conduct a best-value tradeoff based on all the factors.

In evaluating past performance, the agency would consider both examples of recent and relevant past contract efforts submitted by offerors and information it obtained about the offerors from other sources. “Recent contracts” were those performed within three years of the solicitation’s closing date. “Relevant contracts” were those reflecting similar experience, magnitude and complexity. In order to demonstrate similar experience, a past performance example had to reflect the performance of work in one of three functional areas required by the solicitation–maintenance, supply, or transportation. For magnitude and complexity, the solicitation established minimum average annual dollar value thresholds for past performance examples to be considered relevant. The solicitation also provided that the past performance record of offerors that proposed to use subcontractors would “be assessed in its totality to determine the Offeror’s past performance rating” and explained that the Army evaluators would take into account “the specific functional areas the offeror and its proposed subcontractors have performed, the areas each is proposed to perform, and the overall percentage of participation proposed for the offeror and any subcontractors.”

The Army received seven timely proposals, including those of Red River and the awardee, Bowhead Operations & Maintenance Solutions, LLC, which were both among the three proposals evaluated as technically acceptable. Of the three, Red River had the lowest price.

In its proposal, Red River made clear that it would perform the transportation functional area and a portion of the supply functional area itself, totaling approximately 54 percent of its proposed price. The remaining 46% of the price was attributed to its subcontractor, The Logistics Company (TLC), which was to perform all of the work under the maintenance functional area and a portion of the supply functional area. In other words, Red River proposed only its own personnel to perform work for the transportation functional area. But during evaluation the Army found that only half of its eight past performance examples involved transportation work, and none of those four met the solicitation’s minimum dollar thresholds to be considered similar in magnitude and complexity. In contrast, the Army found that TLC had very positive, recent and relevant past performance in all three functional areas, including transportation.

Despite TLC’s demonstrated favorable performance in all three functional areas, Red River’s lack of relevant past performance in the transportation functional area created “some uncertainty about its ability to perform the Ft. Jackson effort.” In this regard, the Army concluded that TLC’s ability to perform the transportation functional area had “no impact” on the evaluation because Red River did not propose TLC to perform that work but instead proposed itself, with TLC performing work in the other functional areas. Because of the uncertainty about Red River’s handling the transportation functional area, the evaluators ultimately gave its proposal a past performance rating of satisfactory confidence.

Even though its price was higher, Bowhead was awarded the order because it had the lowest-price offer receiving a past performance rating of substantial confidence. Following a debriefing, Red River filed the subject protest, challenging the Army’s evaluation of its past performance as only acceptable, arguing that the agency failed to reasonably consider the past performance of its proposed subcontractor as required by the terms of the solicitation.

More particularly, Red River argued that the agency should have considered TLC’s demonstrated relevant past performance in the transportation area even though Red River’s proposal did not identify TLC as performing the transportation work. It pointed to the repeated references “throughout its proposal” to TLC as its “teammate” and maintained that it “could have received TLC’s assistance in the transportation functional area.” Red River also asserted that the solicitation required the Army to base its past performance rating on the combined performance record of itself and TLC without regard to the areas of work for which TLC was proposed.

The GAO rejected both arguments.

First, with respect to the notion that the Army should have given Red River credit for TLC’s past performance because they were teammates and TLC could have assisted in the transportation functional area, the GAO held that the agency reasonably considered only Red River’s transportation experience because Red River’s proposal (organization chart, staffing plan, etc.) specified that Red River would self-perform the transportation work itself, and gave no indication that TLC would provide assistance of any kind. In other words, there was no reason for the Army to have considered TLC’s past performance in that area and the satisfactory confidence rating was reasonable.

Red River’s contention that the solicitation required the Army to base its past performance rating on the combined performance record of itself and TLC without regard to the areas of work for which TLC was proposed fared no better. Red River relied on the solicitation language stating that “[i]f an Offeror proposes the use of Subcontractors the Offeror’s past performance record will be assessed in its totality to determine the Offeror’s past performance rating.” In response, the GAO pointed out that immediately following that sentence the solicitation established that the Army may consider the specific functional areas previously performed by an offeror and its subcontractor(s), the specific functional areas an offeror and its subcontractor(s) were proposed to perform, and the offeror and its subcontractor(s)’ overall percentage of participation for the requirement. Reading the solicitation in its entirety and in a manner that gives effect to all its provisions, as the GAO does in such cases, the GAO found nothing objectionable about the agency’s consideration of the anticipated division of work between Red River and TLC in its past performance evaluation.

While the facts and arguments in this matter may have presented a much closer case (we’ll likely never know), the decision casts Red River as a protester that got tripped up by a proposal that did not say what the proposal needed to say to support its protest arguments. In order to avoid similar problems, offerors should carefully review solicitation requirements, conduct an honest self-evaluation of their (and their team’s) strengths and weaknesses, and, to the extent possible tailor their proposals to address any weaknesses or gaps they find. That way, even if the agency makes what you consider to be a bad award decision, you’ll have more ammunition to fight it.

On October 2, 2019, DoD, GSA and NASA issued a proposed rule amending the FAR to implement Section 811 of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2018. The amendment increases the threshold for requesting certified cost or pricing data from $750,000 to $2 million for contracts entered into after June 30, 2018.

Truth in negotiations, 10 U.S.C. 2306a, and Required cost or pricing data and certification, 41 U.S.C. 3502, require that the Government obtain certified cost or pricing data for certain contract actions listed at FAR 15.403-4(a)(1), such as negotiated contracts, certain subcontracts and certain contract modifications. Section 811 amends 10 U.S.C. 2306a and 41 U.S.C. 3502 to increase the certified cost or pricing threshold to $2 million. The threshold remains $750,000 for changes and modifications to a prime contract entered into before July 1, 2018, with one exception. Upon request from a contractor that was required to submit certified cost or pricing data in connection with a prime contract—including for modifications of sealed bid contracts—entered into before July 1, 2018, the contracting officer must modify the contract, without requiring consideration, to reflect the $2 million threshold.

The proposed changes are not applicable to contracts at or below the simplified acquisition threshold or to contracts for the acquisition of commercial items.

Interested parties should submit written comments in response to FAR Case 2018-005 on or before December 2, 2019 to be considered in the formation of the final rule. Submission procedures are detailed in the proposed rule.