Congressional, Executive, and Legal Developments for Government Contractors to Consider
On November 24, 2020, Congress approved H.R. 1668, the IoT Cybersecurity Improvement Act of 2020, which now awaits the President's signature. If finalized, this bill would require the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB) to implement certain requirements to increase the cybersecurity of Internet of Things (IoT) devices. IoT devices are internet-connected physical devices used by federal government employees when carrying out their work. Specifically, NIST is directed to develop minimum cybersecurity standards for any internet-connected device that the federal government uses and manage any vulnerabilities relating to the use of such devices. If the Act is adopted, OMB would then issue guidelines to federal agencies to implement NIST's standards.
On November 17, 2020, the U.S. House of Representatives passed an amended version of S. 1869, the Secure Federal Leases from Espionage and Suspicious Entanglements Act. The bill would require potential lessors of "high-security leased space" to disclose to the government whether any immediate or highest-level owner of a federal high-security leased space is a foreign person or a foreign entity. Lessors of high-security leased spaces must also update their ownership information annually. The amended bill will now return to the Senate, where it will likely be adopted before heading to the President.
On November 25, 2020, the Office of the Under Secretary of Defense published a memorandum "to ensure workforce awareness and understanding" that DoD agencies are required to monitor and enforce defense contractor implementation of cybersecurity. Venable previously discussed the interim rule here. The interim rule is effective November 30, 2020. Consequently, the memorandum advises contracting officers to take certain steps prior to awarding a contract or executing an option period to verify compliance with cybersecurity requirements, such as the Cybersecurity Maturity Model Certification (CMMC) framework.
On November 19, 2020, OMB issued M-21-08, Review of Federal Contracting and Hiring Practices Under Executive Order 13940. This memorandum builds on previous executive actions "to strengthen the Administration's policy to buy American and hire American." Of note, the memorandum provides guidance for conducting reviews of federal contractors' hiring practices, including use of temporary foreign labor and potential offshoring of contract performance. As part of the OMB mandate, the memorandum directs agencies to prioritize the 25 service contractors with which each agency has the most obligations during fiscal years 2018 and 2019.
On November 23, 2020, the U.S. Government Accountability Office (GAO) publicly released a report on the U.S. Department of Labor's enforcement of the Service Contract Act (SCA). The report found that the DOL found violations of the SCA totaling over $220 million in back wages between fiscal years 2014 and 2019. The report made six recommendations, including that DOL improve its information sharing with contracting agencies on SCA debarments and investigation outcomes to reduce the risk that excluded contractors continue to receive contracting opportunities.
On November 24, 2020, the U.S. Court of Federal Claims denied a request that the Federal Emergency Management Agency (FEMA) suspend contract performance pending resolution of a timely filed bid protest. Comprehensive Health Services, LLC (CHS) had protested in a timely manner FEMA's decision to award a sole source contract for COVID-19 testing services to a competitor. Citing urgent and compelling circumstances relating to the ongoing pandemic, FEMA decided to override the CICA stay of performance, which CHS challenged before the court. The court denied the request, finding that CHS had not met its burden for issuing a temporary restraining order or a preliminary injunction. Of note, the court found unpersuasive CHS's argument that the urgent circumstances were due to FEMA's own actions and "lack of advance planning and execution."
On November 9, 2020, the GAO dismissed a protest by the MayaTech Corporation ("MayaTech") for lack of jurisdiction. MayaTech challenged the issuance of a task order by the U.S. Department of Health and Human Services, but the amount of the task order was below the $10 million threshold. The GAO's statutory authority to hear protests of task orders issued by civilian agencies is limited to task orders in excess of $10 million or where the task order increases the scope, period, or maximum value of the contract. See 41 U.S.C. § 4106(f). To avoid dismissal, MayaTech argued that the agency had expanded the scope of the base contract by issuing a task order "without regard to the base contract's ordering clause." The GAO dismissed MayaTech's protest, finding that MayaTech's argument was effectively a disagreement with the agency's evaluation of proposals, which did not constitute a challenge to the scope of the contract.
On November 4, 2020, the GAO denied a protest by the incumbent contractor, PAE Applied Technologies, LLC (PAE), challenging the agency's evaluation of its proposal. The agency rejected PAE's proposal because one of PAE's proposed "key personnel" was apparently unavailable. On June 8, 2020, after submission of final proposals, the key personnel submitted a letter of resignation. After submission of the proposal, but before the award decision had been made, PAE informed the government of the departure. Consequently, the Source Selection Authority determined PAE's proposal was unacceptable. Of note, the GAO gave no weight to a subsequent protest filing wherein PAE submitted a declaration from the departed key personnel stating that he was willing to return to work on the contract. Consequently, the GAO found the agency reasonably found protester's proposal ineligible for award.
On November 6, 2020, the U.S. Court of Federal Claims denied protester's motion for attorneys' fees and bid preparation and proposal costs. EndoSoft, LLC ("EndoSoft"), the protester, had previously successfully challenged the U.S. Department of Veterans Affairs (VA) decision to award a sole source contract to a competitor. The VA then issued a revised solicitation, which EndoSoft promptly challenged in a bid protest before the court. The VA then canceled the solicitation. While the court noted that EndoSoft "sought and obtained VA's cancellation of the solicitation[,]" because there was no underlying decision on the merits of the protest, the Court found that it lacked the authority to award attorneys' fees and other costs. Thus, the Court not only denied EndoSoft's request for costs; it also dismissed the protest as moot.