Vaccine requirements for federal contractors: What we know today

By Jeff Ellinport, Division Counsel

In the next 10 days, expect specific guidance on how federal contractors will need to respond to the COVID vaccine mandate from the Biden administration.

On September 9, 2021, President Biden issued an Executive Order “Ensuring Adequate COVID Safety Protocols for Federal Contractors” (the “EO”). This order will require many federal contractors to have their employees either fully vaccinated or subject to regular COVID-19 testing.

Here is what we know 

The EO leaves some of the details regarding the requirements for federal contractors to others. Specifically, the Department of Labor’s Occupational Safety and Health Administration (OSHA) is to issue an Emergency Temporary Standard (ETS) in a few weeks, and the recently created Safer Federal Workforce Task Force (the “Task Force”) is to issue specific federal contractor guidance by September 24.

Read more of this post

What is CMMC?

By Jeff Ellinport, Division Counsel

Although CMMC has been around for more than a year, it never hurts to review what it is and why those who sell into DOD and the rest of the federal government should care.

CMMC stands for Cybersecurity Maturity Model Certification and is a new certification process to measure a company’s ability to protect sensitive government data. It is a unified standard for implementing cybersecurity across the defense industrial base. CMMC is a way for DOD — and soon after, probably civilian agencies as well — to address intellectual property theft, cybercrime and national security threats of the type evidenced by the recent SolarWinds attack.

Once fully implemented, CMMC will be an acquisition foundation, required for almost every contractor transacting business with the U.S. government.

CMMC Maturity Levels

CMMC has five maturity levels, with basic cybersecurity hygiene at a Level 1 to very robust requirements at a Level 5. These certification levels reflect the maturity and reliability of a company’s cybersecurity infrastructure to safeguard sensitive government information on contractors’ information systems. The five levels build upon each other’s technical requirements such that each level requires compliance with the lower-level requirements and then implementation and documentation of additional processes employing more rigorous cybersecurity practices.

Read more of this post

GSA Unpriced Schedules – A Welcome Change Is Coming

By Jeff Ellinport, Division Counsel

The General Services Administration (GSA) might soon make a shift in federal procurement from contract-level pricing to order-level competition. That’s good for vendors because it could reduce the time it takes to get products on contract.

The Advanced Notice of Proposed Rulemaking for Section 876 of the 2019 National Defense Authorization Act (Pub. L. 115-232) was issued by GSA on August 19. It allows GSA to implement “unpriced schedules.” On Oct. 20, GSA kicked off the first of several industry “listening sessions” on how to best implement this authority.

Currently, before a GSA Schedule contract is awarded or new items added to an existing one, GSA contracting officers determine fair and reasonable prices of supplies or services (fixed price or hourly). Negotiation follows after offerors submit various data, information and documentation to support their pricing.

Read more of this post

CMMC – Will the COTS Exception Apply to Me?

By Jeff Ellinport, Division Counsel

CMMC, DOD’s Capability Maturity Model Certification, will require almost all government contractors doing business with the Department of Defense to be independently certified by a third party as meeting one of five cyber security standards. This requirement will apply to every link in the government’s supply chain – including OEMs, distributors and resellers.

To the relief of many contractors, DOD updated its CMMC FAQs a few months ago to provide this exception (the only one so far): CMMC certification will not be required for companies that only provide commercial off-the-shelf (COTS) items. 

Under NIST SP 800-161, COTS is defined as “Software and hardware that already exists and is available from commercial sources.” Under FAR 2.101, COTS means any item of supply, other than real property, that is: Read more of this post

Do You Qualify for the New Small Business Size Standards?

Jeff Ellinport_Gov Sales Insider_65 x 88by Jeff Ellinport, Deputy General Counsel

The Small Business Administration (“SBA”) is changing its revenue based size standards to account for more than five years of inflation since the last adjustment. The new size standards take effect on July 14, 2014 and affect almost one-half of the NAICS code industries including services, information, construction and retail. With this adjustment, theSBA Seal largest revenue-based small business size standards will be $38.5 million, up from $35.5 million. This adjustment is separate from the SBA’s comprehensive review of all size standards required every five years by the Small Business Jobs Act of 2010. Businesses may want to review the new size standards to determine whether they now qualify as a small business concern. Additionally, current government contractors should make sure their certifications are up to date based on these new size standards in the System for Award Management (SAM). You can read the SBA’s announcement here:  http://www.sba.gov/content/what%27s-new-with-size-standards

%d bloggers like this: