On Dec. 19, 2014, President Obama signed into law the Carl Levin and Howard P. “Buck” McKeon National Defense Authorization Act for Fiscal Year 2015. See Pub. L. No. 113-291. As with every NDAA since FY 2010, the FY 2015 NDAA stalled in Congress before being enacted months after the start of its fiscal year. In this regard, H.R. 3979 was originally introduced on Jan. 31, 2014 as the “Protecting Volunteer Firefighters and Emergency Responders Act.” When the Senate passed an amended version of H.R. 3979 on April 7, 2014, the bill was entitled, “The Emergency Unemployment Compensation Extension Act of 2014.” On Dec. 4, 2014, H.R. 3979 became the vehicle for this year’s NDAA after negotiators for the lame duck 113th Congress attached a reconciled version of S. 2410 and H.R. 4435. The FY 2015 NDAA includes several significant procurement-related reforms and changes, most (but not all) of which are included, as usual, in “Title VIII—Acquisition Policy, Acquisition Management, and Related Matters.” Although Title VIII includes 37 provisions specifically addressing procurement issues, with the exception of the 13 procurement-related provisions in the FY 2014 NDAA, this is fewer than in recent years. For example, the FY 2012 and FY 2013 NDAAs included 49 and 44 such provisions, respectively. Many of these FY 2015 NDAA statutory changes will not become effective until the FAR and DFARS (and possibly certain other regulations) are amended. The FY 2015 NDAA probably includes fewer procurement-related provisions because of Congress’ apparent focus on comprehensive procurement reform in the upcoming FY 2016 NDAA. As in past years, certain provisions in other titles of the FY 2015 NDAA are also important to procurement law. This Feature Comment focuses on the FY 2015 NDAA’s more significant procurement-related provisions. Section 801: Modular Open Systems Approaches – Section 801 requires the Under Secretary of Defense for Acquisition, Technology, and Logistics (DOD Under Secretary) to, by Jan. 1, 2016, submit a report to the House and Senate Armed Services Committees detailing a plan to develop standards and define architectures necessary to enable “open systems approaches” (OSA). OSA integrate business and technical strategies to employ a modular design and use widely supported and consensus-based standards for key interfaces, are subject to successful validation and verification tests, and use a system architecture that allows components to be added, modified, replaced, removed or supported by multiple vendors throughout a system’s lifecycle. This section further requires, within 180 days of the NDAA’s enactment, the DOD Under Secretary to review current acquisition guidance, and modify such guidance as necessary, to ensure that acquisition programs include OSA in the product design and acquisition of information technology (IT) systems to the maximum extent practicable. For any IT system not using an OSA, Section 801 requires a written justification in the contract file to explain why an OSA was not used.GREENBERG TRAURIG, LLP | ATTORNEYS AT LAW | WWW.GTLAW.COM 2 While the Senate committee-reported version of Section 801 mandated use of OSA by 2016 absent an exception based on cost and practicality, the enacted version instead requires a report detailing a plan to implement OSA by 2016. DOD has attempted to employ OSA since at least November 1994, when the DOD Under Secretary established the Open Systems Joint Task Force. OSA are currently established in certain DOD acquisition policies, including DoD Instruction 5000.02, Operation of the Defense Acquisition System (Jan. 7, 2015), and DoD Open Systems Architecture Contract Guidebook for Program Managers, Version 1.1 (June 2013). Section 801 does not address whether OSA means: (i) simply enabling one supplier’s parts to be removed and replaced with parts from another supplier, or (ii) enabling a competitor to reproduce a supplier’s parts. While Section 801 codifies OSA as a way to increase downstream competition in defense systems, OSA’s longstanding presence in DOD policy may mean that Section 801 results in little change to DOD’s acquisition practices. Contractors should be aware that OSA is here to stay and expect it to extend beyond the realm of software and into hardware development contracts. Additionally, contractors should not be surprised to see more procurement solicitations that contain evaluation criteria addressing whether, and to what degree, an offeror’s proposed solution is OSA compatible. Section 811: Advanced Component Development & Prototype Units – Section 811 expands and extends an authorization that was initially established in the FY 2010 NDAA, Pub. L. No. 111-84, 123 Stat. 2409. Subject to certain limitations, FY 2010 NDAA § 819 authorized DOD and the military departments to include in competitively awarded contracts for basic research a line item or option for the provision of advanced component development or prototype of technology developed under the contract, or delivery of an initial prototype, or delivery of additional prototype items. Section 811 extends this authority until Sept. 30, 2019 and expands it to include an option for the delivery of initial production of technology. Section 812: DARPA’s Authority to Carry Out Certain Prototype Projects – Section 812 broadens the scope of DARPA’s other transaction authority (OTA) under Section 845(a)(1) of the FY 1994 NDAA, Pub. L. No. 103-160, 107 Stat. 1547. This OTA had been limited to prototypes “directly relevant to weapons or weapon systems proposed to be acquired or developed by [DOD], or to improvement of weapons or weapon systems in use by the Armed Forces.” Section 812 expands this authority to include prototypes “directly relevant to enhancing the mission effectiveness of military personnel and the supporting platforms, systems, components, or materials proposed to be acquired or developed by [DOD], or to improvement of platforms, systems, components, or materials in use by the Armed Forces.” In addition to “nontraditional defense contractors,” see 10 U.S.C. § 2302(9), this section now makes OTA available for small business contracts as defined in 15 U.S.C. § 632. To qualify as a nontraditional defense contractor, a firm cannot have, within the twelve months preceding “the solicitation” – which we interpret (based on the regulations) to likely mean the date of the OTA, see 32 C.F.R. §3.4 – performed: (i) a contract or subcontract with DOD that was subject to full Cost Accounting Standards coverage, or (ii) any other contract in excess of $500,000 where the firm was required to submit certified cost or pricing data. Although some small businesses may have held contracts that required them to submit certified cost or pricing data, Section 812’s changes nevertheless increase the number of firms eligible for contracts under this OTA. Of course, agreements entered into under OTA are not subject to the FAR or DFARS. Section 813: Extension of Limitations on DOD Contractor Services Spending – As FY 2014 NDAA § 802 did, see Pub. L. No. 113-66; Schaengold & Deschauer, Feature Comment, “The Impact Of The National Defense Authorization Act For Fiscal Year 2014 On Federal Procurement,” 56 GC ¶ 50, Section 813 amends FY 2012 NDAA § 808 to extend for one year (i.e., through FY 2015) the temporary limit on the GREENBERG TRAURIG, LLP | ATTORNEYS AT LAW | WWW.GTLAW.COM 3 funds DOD may spend for most contract services to the amount requested for contract services in the President’s FY 2010 budget. This section further requires that each DOD agency continue, during FY 2015, the 10-percent-per fiscal-year reductions in spending for contracts “for the performance of functions closely associated with inherently governmental functions” and for “staff augmentation contracts.” It mandates that any unimplemented amounts of the 10-percent reductions for FYs 2012 and 2013 be implemented in FY 2015. In its Joint Explanatory Statement, Congress observed that GAO has “stated that the military departments and defense agencies generally have not developed plans to use the inventory of contracted services, mandated since 2008 in [10 U.S.C. § 2330a,]” and that GAO has attributed this deficiency, in part, to the military’s lack of accurate and reliable data, which Congress noted could be provided if a DOD-wide common data-system is implemented as directed by existing DOD guidance. The Joint Explanatory Statement further noted that “[i]n the absence of a plan of action with milestones and timeframes to establish a common data system to collect contractor manpower data, we are leaving the caps on contractor spending in place for fiscal year 2015.” Section 814: Improvement in DOD Design-Build Construction Process – Section 814 amends 10 U.S.C. § 2305a(d) to require that Contracting Officers provide a written justification and obtain approval from the HCA, which is delegable to no lower than the senior contracting official within the contracting activity, before allowing more than five offerors to participate in Phase II of design-build source selections where the contract value exceeds $4,000,000. Under FAR 36.303-1, Contracting Officers currently have independent discretion to permit more than five offerors to participate in Phase II. By limiting when more than five firms can submit Phase II proposals, this section is designed to increase participating firms’ likelihood of being awarded a contract, which should in turn increase these firms’ willingness to participate in design-build procurements and submit comprehensive Phase II proposals. Section 815: Permanent Authority for Simplified Acquisitions for Certain Larger Dollar Commercial Item Procurements – Section 815 makes permanent the authority to use simplified acquisition procedures for the purchase of certain commercial supplies and services, in excess of the simplified acquisition threshold, see FAR 2.101 (defining “simplified acquisition threshold”), up to $6.5 million, or $12 million if used in support of a contingency operation or to respond to a nuclear, biological, or chemical attack. This authority is currently implemented in FAR Subpart 13.5. Although Section 4202 of the Clinger-Cohen Act of 1996, Pub. L. No. 104-106, 10 U.S.C. 2304 note, contained a three-year limitation on this authority, subsequent Acts of Congress have extended this authority. Most recently, FY 2013 NDAA § 822 extended this authority until Jan. 1, 2015. Section 817: Avoiding Counterfeit Electronic Parts – Section 817 clarifies that, under FY 2012 NDAA § 818(c)(3), 10 U.S.C. § 2302 note, suppliers are permitted to “obtain electronic parts from alternate suppliers if such parts are not available from original manufacturers, their authorized dealers, or suppliers identified as trusted suppliers.” Previously, suppliers were required to obtain electronic parts from the original manufacturers of the parts, their authorized dealers, or from trusted suppliers “whenever possible.” This section also replaces the term “trusted supplier” with the phrase “suppliers identified as trusted suppliers in accordance with [applicable regulations which are to be issued].” Section 818: Proof of Concept Commercialization Pilot Program – Section 818 amends a commercialization pilot program initiated in FY 2014 NDAA § 1603(a). Under this five-year pilot program, non-profit institutions and federal laboratories can receive competitive awards to “accelerate the commercialization of basic research innovations.” Section 818 replaces the requirement that awardees agree to use a review board “comprised of industry, start-up, venture capital, technical, and business GREENBERG TRAURIG, LLP | ATTORNEYS AT LAW | WWW.GTLAW.COM 4 experts and university technology transfer officials” to oversee use of awardee funds, with the requirement for “rigorous review of commercialization potential or military utility of technologies, including through use of outside expertise.” This section now permits the secretaries of the military departments, in addition to the Assistant DOD Secretary for Research and Engineering, to establish and implement the program; previously, this responsibility was solely held by the Assistant DOD Secretary. Section 818 also increases the award amount from $500,000 to $1 million and extends the program from Sept. 30, 2018 until Sept. 30, 2019. Section 821: “Test Program” for “Comprehensive” Small Business Subcontracting Plans – Section 821 modifies and extends for three years, until Dec. 31, 2017, a “test program” that has been in place for 25 years. Section 821 continues to allow contractors to develop and report subcontracting plans on a plant, division or comprehensive basis rather than contract-by-contract. Beginning in FY 2016, Section 821 will prohibit DOD from negotiating a comprehensive small business subcontracting plan with contractors who fail to meet their subcontracting goals under the previous fiscal year’s plan. This section further requires contractors with “comprehensive” subcontracting plans to semi-annually report certain fairly detailed subcontracting data to DOD and requires GAO to report, by Sept. 30, 2015, test program results to several congressional committees. Finally, this section states that failing to make good faith efforts to comply with a comprehensive plan shall be a considered when evaluating an offeror’s past performance. Section 822: Improving Data on Bundled or Consolidated Contracts – No later than Oct. 1, 2015, Section 822 requires the SBA Administrator, in consultation with the Small Business Procurement Advisory Council, the OFPP Administrator and the GSA Administrator, to develop a plan “to improve the quality of data reported on bundled or consolidated contracts in the Federal procurement data system [described in 41 U.S.C. § 1122(a)(4)(A)].” Section 822 describes what this plan must include, such as recommended policy changes, recommended data verification requirements and recommended data responsibilities. In combination with the data improvement requirements in the recently enacted Digital Accountability and Transparency Act (“DATA Act”) of 2014, Pub. L. No. 113-101, 128 Stat. 1146 (May 9, 2014), this section could considerably improve the data available to policymakers, acquisition officials and the public. Section 824: Reverse Auctions – Section 824 requires the Secretary of Defense to clarify reverse auction regulations to ensure that: (1) single bid contracts comply with existing regulations and guidance; (2) offerors can submit revised bids throughout the auction; (3) contractors do not perform inherently governmental functions when conducting reverse auctions, and any past performance or financial responsibility data contactors create is made available to offerors; and (4) reverse auctions are not used for design-build military construction contracts that require a specific congressional authorization. GAO’s Dec. 2013 Report, “Reverse Auctions: More Guidance is Needed to Maximize Competition and Achieve Cost Savings,” GAO-14-108, at 10 (available at http://www.gao.gov/assets/660/659530.pdf), found that, in FY 2012, 95 percent of reverse auction awards were for $150,000 (the simplified acquisition threshold) or less, and 86 percent of such awards were to small businesses. Section 825: Sole Source Contracts for Women Owned Small Businesses – Section 825 amends the Small Business Act provisions related to women-owned small business concerns, 15 U.S.C. § 637(m). For example, Section 825(a) no longer permits Contracting Officers to rely on a WOSBs self-certification as demonstrating qualification for that status. Under Section 825(a), each of the concerns must now be “certified by a Federal agency, a State government, the [SBA] Administrator, or a national certifying entity approved by the [SBA] Administrator as a small business concern owned and controlled by women.” GREENBERG TRAURIG, LLP | ATTORNEYS AT LAW | WWW.GTLAW.COM 5 Section 825(a)(3) adds new authority under 15 U.S.C. § 637(m) that now enables Contracting Officers to award certain sole source contracts, up to $6,500,000 including options, to: (i) “economically disadvantaged” WOSBs, or (ii) WOSBs in an industry in which the SBA Administrator has determined that WOSBs are “substantially underrepresented,” provided that for (i) and (ii), above, the Contracting Officer does not have a reasonable expectation that two or more of such WOSBs will submit offers. Section 825(b) concerns reporting of goals for sole source contracts awarded to WOSBs and amends Government reporting requirements under 15 U.S.C. § 644(h) to account for the new authority described above. Interestingly, an October 2014 GAO report, “Women-Owned Small Business Program: Certifier Oversight and Additional Eligibility Controls Needed,” GAO-15-54 (available at http://www.gao.gov/assets/670/666431.pdf), recommended increased certification oversight and commented that numerous stakeholders recommended sole-source contracts as a way to increase the effectiveness of the Women-Owned Small Business Program. Unfortunately, WOSBs may not immediately benefit from the new sole source authority because, absent some interim authority, the SBA’s regulations and the FAR will need to be amended to implement these FY 2015 NDAA changes. Section 831: Chief Information Officer Authority – Subtitle D of Title VIII, encompassing Sections 831-37, comprises the Federal Information Technology Acquisition Reform portion of the FY2015 NDAA. This subtitle comes largely from H.R. 1232, “Federal Information Technology Acquisition Reform Act” (FITARA). FITARA passed the House and was reported in the Senate before major portions of it were added to the FY 2015 NDAA. Section 831 requires that 24 federal agencies (defined as “covered agencies”) ensure that the CIO has a significant role in IT acquisition planning, programing, budgeting, and execution, as well as the management, governance and oversight processes for IT. The Departments of Veteran’s Affairs, Homeland Security, Justice, and Health and Human Services are among the agencies impacted by this provision. DOD, however, is largely exempt from § 831’s requirements. The CIO of each covered agency other than DOD must approve the agency’s IT budget request. Additionally, covered agencies other than DOD may not enter into any contract or agreement for major information technology investments without CIO approval. Approval of contracts or agreements for non-major information technology investments, as that term is defined annually by OMB capital planning guidance, may be delegated to an individual who reports directly to the CIO. Covered agency CIOs, other than the DOD CIO, also have the non-delegable responsibility to approve requests to reprogram IT funds. In contrast to these approval requirements for other covered agencies, the DOD CIO provides recommendations to the Secretary of Defense on DOD’s IT budget request. In addition, section 831 requires each covered agency CIO, including the DOD CIO, to certify that the agency’s IT investments are “adequately implementing incremental development.” However, none of section 831’s requirements apply to IT that is fully or jointly funded under the National Intelligence Program or the Military Intelligence Program. In sum, this section increases most covered agency CIO’s importance in deciding what IT an agency purchases and how those purchases are made. Although this section does enhance the DOD CIO’s role in decision-making with respect to IT purchases, the DOD CIO’s role is more limited as compared to the CIOs of other covered agencies. The DOD CIO’s stature within the DOD, however, is enhanced by FY 2015 NDAA § 901, as discussed below.GREENBERG TRAURIG, LLP | ATTORNEYS AT LAW | WWW.GTLAW.COM 6 Section 832: Enhanced IT Transparency & Improved Risk Management – Section 832 requires the OMB Director to make publicly available a list of each major IT investment, except for certain national security systems or other IT fully funded with specified intelligence funds, for all 24 covered federal agencies listed in 31 U.S.C. § 901(b). Section 832 further requires the OMB Director to issue guidance to these agencies for reporting data on major IT investments in a standardized format. The list of major IT investments will include information about each investment’s cost, schedule, performance and risk, and will include information on new IT acquisitions as well as operations and maintenance of existing IT. As noted in the Senate Committee on Homeland Security and Governmental Affairs Report on FITARA (H.R. 1232), S. Rep. No. 113-262, at 14 (2014), this section codifies the IT Dashboard initiative OMB launched in June 2009. Section 832 also requires that CIOs certify each quarter that the information is current, accurate and reflects the risks associated with each investment and to identify significant data quality issues. In addition, section 832 contains a risk management provision setting forth a review process for major IT investments that receive a high or moderately high risk rating for four consecutive quarters. If within one year of the date of completion of this review process, the investment is still categorized by the agency CIO as high risk, the OMB Director must deny any request for future development, modernization and enhancement funding until such time as the agency CIO certifies that the root causes have been addressed and there exists sufficient capability to deliver on the investment within the planned cost and schedule. As discussed in S. Rep. No. 113-262, at 7, and Congressional testimony GAO provided on June 10, 2014, see “Information Technology: Reform Initiatives Can Help and Improve Efficiencies and Effectiveness,” GAO-14-671T (available at (http://www.gao.gov/assets/670/664030.pdf), Section 832’s risk management provisions are modeled on the TechStat reviews OMB began conducting in January 2010. Section 832 sunsets five years after its enactment. Section 833: Portfolio Review – Section 833 requires the 24 covered agencies to annually review their IT investments to identify waste, duplication and cost savings. This annual review only applies to DOD’s business systems IT portfolio (such as payroll, finance, logistics and personnel management) and not its national security systems. This section also requires the OMB Director to develop metrics and performance indicators that agencies must use in their annual portfolio review. These portfolio reviews may result in anticipated follow-on contracts disappearing as agencies decide to discontinue certain IT investments. Section 833 sunsets five years after the FY 2015 NDAA’s passage. Section 834: Federal Data Center Consolidation – Section 834 codifies the Federal Data Center Consolidation Initiative (FDCCI) that OMB described in a Feb. 26, 2010 Memorandum. This section establishes annual data center consolidation reporting requirements for 24 agencies, including DOD. Each year, agencies are required to submit to OMB a data center inventory and multiyear strategy to consolidate and optimize their data centers. The strategy must include performance metrics, a consolidation timeline and cost-saving estimates. Each agency is then required to implement the consolidation strategies submitted to OMB and provide quarterly updates to OMB on the implementation process. Data center consolidation must proceed in accordance with federal guidelines on cloud computing security, including guidance published by the NIST and the Federal Risk and Authorization Management Program. DOD can use its data center and information systems reduction plan under FY 2012 NDAA § 2867(b)(2) for the implementation strategy required under Section 834. In addition, Congress’ Joint Explanatory Statement directs the DOD CIO, in consultation with the military department CIOs, to identify and prioritize the software applications in use throughout DOD that should GREENBERG TRAURIG, LLP | ATTORNEYS AT LAW | WWW.GTLAW.COM 7 be considered for migration to a cloud computing environment and to submit a report on the results of this assessment to the House and Senate Armed Services Committees by Dec. 15, 2015. Section 835: Training & IT Cadres – Section 835 requires the OFPP Administrator and the E-Government and Information Technology Administrator to work with 23 federal agencies (other than DOD) to update their acquisition human capital plans originally developed pursuant to Oct. 27, 2009 OFPP Guidance issued in furtherance of FY 2009 NDAA § 869. The update must address, among other things, development of an IT acquisition cadre, development of personnel assigned to IT acquisition roles and use of a specialized career path for IT acquisition professionals. Section 836: Federal Strategic Sourcing Initiative – Section 836 mandates that the OFPP Administrator prescribe regulations within 180 days of the FY 2015 NDAA’s enactment that require purchases of services and supplies offered under the Strategic Sourcing Initiative, but not purchased through the Initiative, to include in the contract file “a brief analysis of the comparative value, including price and nonprice factors, between the services and supplies offered under such Initiative and services and supplies offered under the source or sources used for the purchase.” Section 837: Governmentwide Software Purchasing Program – Section 837 requires the GSA Administrator to develop a federal strategic sourcing initiative to enhance Government acquisition, shared use and dissemination of software, as well as compliance with end user license agreements. Traditionally, Government agencies have not had an effective interagency mechanism to share information about the Government’s software/data rights. This initiative could apply the same purchasing power leverage the Government uses to purchase office supplies to software end user license agreements. Section 841: Prohibition on Providing Funds to the Enemy – Subtitle E of Title VIII, encompassing FY 2015 NDAA §§ 841-43, addresses requirements for never contracting with the enemy. The Senate and House each considered versions of a “Never Contract with the Enemy Act,” S. 675 and H.R. 1688, respectively. Neither bill was enacted as stand-alone legislation, but the substance of S. 675 was incorporated into the Senate version of the FY 2015 NDAA. As discussed in “The Impact Of The National Defense Authorization Act For Fiscal Year 2014 On Federal Procurement,” 56 GC ¶ 50, Section 831 of the FY 2014 NDAA contained a prohibition on contracting with the enemy that built upon Section 841 of the FY 2012 NDAA’s prohibition of the same activities. Section 841of the FY 2015 NDAA supersedes these prior authorities and repeals them, effective 270 days after enactment of the FY 2015 NDAA. Despite this repeal, the new Section 841 specifically states that the implementing regulations for the superseded legislation may be modified and used to implement the new Section 841. This is because, in part, much of the new legislation is similar to the old legislation. Section 841 requires the Secretary of Defense to, “in conjunction with the Director of National Intelligence and in consultation with the Secretary of State, establish in each covered combatant command a program to identify persons or entities,” that (1) “provide funds received under a covered contract, grant, or cooperative agreement … directly or indirectly to a covered person or entity”; or (2) “fail to exercise due diligence to ensure that none of the funds received under a covered contract, grant, or cooperative agreement … are provided directly or indirectly to a covered person or entity.” Section 843 provides the definitions applicable to Section 841. While the definition of “covered person” remains unchanged from the FY 2014 NDAA and means “a person or entity that is actively opposing United States or coalition forces involved in a contingency operation in which members of the Armed Forces are actively engaged in hostilities,” the definitions of “covered combatant command” and “covered contract, grant, or cooperative agreement” have changed. Section 843 adds the United States Transportation GREENBERG TRAURIG, LLP | ATTORNEYS AT LAW | WWW.GTLAW.COM 8 Command to the list of covered commands, which also include each geographical U.S. combatant commands outside of North America, i.e., the Africa Command, Central Command, European Command, Pacific Command and Southern Command. Section 843 now defines a “covered contract, grant, or cooperative agreement” as “a contract, grant, or cooperative agreement with an estimated value in excess of $50,000 that is performed outside the United States, including its possessions and territories, in support of a contingency operation in which members of the Armed Forces are actively engaged in hostilities.” (Emphasis added.) Under the FY 2014 NDAA, a “covered contract, grant, or cooperative agreement” was defined as “a contract, grant, or cooperative agreement with an estimated value in excess of $50,000.” In implementing FY 2014 NDAA § 831 through class deviations (available at http://www.acq.osd.mil/dpap/policy/policyvault/USA005533- 14-DPAP.pdf), DOD only applied the provisions to contracts performed in the theater of operations of one of the covered combatant commands. Although the Joint Explanatory Statement does not address the reason for adding the requirement that the contract, grant, or agreement be “in support of a contingency operation in which members of the Armed Forces are actively engaged in hostilities,” this requirement will probably limit the section’s applicability. The new Section 841 is more expansive than its predecessors in that heads of executive agencies, or their designees, now have authorities and responsibilities similar to those of DOD covered combatant commanders to take action to prevent contracting with the enemy. However, some of the authority remains permissive. For example, after receipt of notice of the identification of such covered persons, the head of the cognizant executive agency and the commander of the relevant combatant command “may notify the heads of contracting activities, or other appropriate officials of the agency or command, in writing, of such identification.” (Emphasis added.) The FAR, DFARS and relevant Grant/Cooperative Agreement regulations, see 2 C.F.R. Chapter I, shall be amended within 270 days of the FY 2015 NDAA’s passage to provide that, upon notice from the head of an executive agency or the combatant commander, “the head of contracting activity …, or other appropriate official, may”: (1) restrict the award of contracts, grants or cooperative agreements of the executive agency “upon a written determination by the head of contracting activity ... or other appropriate official that the contract, grant, or cooperative agreement would provide funds received under such [instruments] directly or indirectly to a covered person or entity;” (2) terminate for default any contract, grant or cooperative agreement of the executive agency “upon a written determination by the head of contracting activity or other appropriate official that the contractor, or the recipient of the grant or cooperative agreement, has failed to exercise due diligence to ensure that none of the funds received under [such instruments] are provided directly or indirectly to a covered person or entity;” and/or (3) void in whole or in part any contract, grant, or cooperative agreement of the executive agency “upon a written determination by the head of contracting activity or other appropriate official that the contract, grant, or cooperative agreement provides funds directly or indirectly to a covered person or entity.” (Emphasis added.) Significantly, no reference is made in this statute to suspension or debarment. Similar to Section 831 in last year’s NDAA, Section 841 requires that the FAR, DFARS and relevant Grant/Cooperative Agreements regulations include a clause that: (1) requires the contractor, or the grant or cooperative agreement recipient, “to exercise due diligence to ensure that none of the funds, including goods and services, received under” a contract, grant or cooperative agreement “are provided directly or indirectly to a covered person or entity”; and (2) notifies the contractor, or the grant or cooperative agreement recipient, “of the authority of the head of the contracting activity, or other appropriate official, to terminate or void the contract, grant, or cooperative agreement, in whole or in part.” This clause is required to “be included in each covered contract, grant, and cooperative agreement GREENBERG TRAURIG, LLP | ATTORNEYS AT LAW | WWW.GTLAW.COM 9 of an executive agency that is awarded on or after the date that is 270 days after the date of enactment of this Act.” Further, “to the maximum extent practicable, each covered contract, grant, and cooperative agreement of an executive agency that is awarded before the date of the enactment of this Act shall be modified to include th[is] clause.” While the FY 2015 NDAA appropriately states that “the process for revising [these] regulations” “shall include an opportunity for public comment, including an opportunity for comment on standards of due diligence required by this section,” it somewhat oddly places responsibility on “[t]he President” to “ensure” that this occurs. Also similar to Section 831 in last year’s NDAA, the new Section 841 mandates a FAR, DFARS or Grant/Cooperative Agreement regulatory provision: (a) requiring written notice to the contractor, or recipient of the grant or cooperative agreement, of the adverse action; and (b) permitting the contractor, or recipient of a grant or cooperative agreement, subject to such adverse action, “an opportunity to challenge the action by requesting administrative review under the procedures of the executive agency concerned not later than 30 days after receipt of notice of the action.” This new language provides marginally more information about the administrative review because last year’s legislation provided no details about the form of the administrative review or who would conduct such a review. No reference to an opportunity for public comment, including comment “ensure[d]” by “[t]he President,” is made for these specific regulations. Similarly, like FY 2014 NDAA § 831(e), the new Section 841 recognizes that, if classified information is involved, a contractor may review it only if a “court of competent jurisdiction established under Article I or Article III” issues an appropriate protective order. This would suggest that a contractor involved in litigation under this section should avoid the boards of contract appeals, which could not issue an appropriate protective order, and litigate (if possible) in the Court of Federal Claims or a District Court. New Section 841(h) contains a provision directing the Secretary of Defense, in coordination with the OMB Director, to “carry out a program” that will “facilitate and encourage” the heads of executive agencies to share with covered combatant commanders information about risks and threats posed by persons or entities who may be covered persons. Industry sought a provision that would expressly permit the Government to exchange information with contractors so that contractors would know with whom they should not be contracting. Although the legislation did not include this provision, the Defense Procurement and Acquisition Policy Office currently maintains an “Identified Enemy List” of prohibited contracting entities under FY 2012 NDAA § 841 and FY 2014 NDAA § 831 (available at http://www.acq.osd.mil/dpap/pacc/cc/policy.html). Since, at the time of publication of this article, the list was most recently updated in December 2013, it appears unlikely that contractors can safely rely on it to make subcontracting decisions. Although industry requested Congress to develop a framework or guidance to define what constitutes “due diligence,” Congress declined to provide any such guidance or to mandate that the executive branch do so through the rulemaking process. Instead, as noted, Congress merely directed that the rulemaking “include an opportunity for public comment, including an opportunity for comment on standards of due diligence.” Section 841(k) provides a national security exception that states the section is inapplicable to “authorized intelligence or law enforcement activities of the United States Government.” Presumably, this would enable the Government to pay certain informants or possibly persons embedded with the enemy (but acting on behalf of the U.S.). Finally, Section 841(n) extends the sunset date for these provisions by one year, until Dec. 31, 2019.GREENBERG TRAURIG, LLP | ATTORNEYS AT LAW | WWW.GTLAW.COM 10 Section 842: Additional Access to Records – Section 842 requires certain regulatory revisions, within 270 days of passage of the FY 2015 NDAA, so as to provide a clause that can be inserted into covered contracts, grants and cooperative agreements, enabling the head of an executive agency concerned to examine contractor, grantee, cooperative agreement holder and their subs’ records “to the extent necessary to ensure that funds, including goods and services … are not provided directly or indirectly to a covered person or entity” under Section 841. (Emphasis added.) This clause “may also be included in,” i.e., may be flowed down to, “any subcontract or subgrant” with an estimated value exceeding $50,000. Even though no regulatory clause is currently available (i.e., as of the publication of this article), Section 842 states that it is applicable to contracts, grants and cooperative agreements “awarded on or after the date of the enactment of” the FY 2015 NDAA. This record examination authority “may be exercised only upon a written determination by the contracting officer, or comparable official responsible for a grant or cooperative agreement, upon a finding by the” combatant commander or the head of an executive agency that “there is reason to believe that funds, including goods and services, available under the contract, grant, or cooperative agreement concerned may have been provided directly or indirectly to a covered person or entity.” (Emphasis added.) Section 842 further requires the OMB Director to issue an annual report to Congress in 2016, 2017 and 2018 identifying when this clause was used to obtain access to records. Section 851: Rapid Acquisition/Deployment for U.S. Special Operations Command – Section 851 authorizes the Secretary of Defense to establish procedures to rapidly acquire and deploy items for the U.S. Special Operations Command (SOCOM) that are currently under development by DoD or commercially available and are: “(1) urgently needed to react to an enemy threat or to respond to significant and urgent safety situations; (2) needed to avoid significant risk of loss of life or mission failure; or (3) needed to avoid collateral damage risk where the absence of collateral damage is a requirement for mission success.” These procedures will include a “process for streamlined communication between the” SOCOM Commander “and the acquisition and research and development communities,” and methods “for demonstrating, rapidly acquiring, and deploying” relevant items. No more than “low-rate initial production of the system” can be procured under this authority and no more than $50,000,000 can be expended under this authority in any fiscal year. This authority is similar to that authorized by Section 806 of the FY 2003 NDAA (Pub. L. No. 107-314; 10 U.S.C. § 2302 note), and implemented through DOD Directive 5000.71, “Rapid Fulfillment of Combatant Commander Urgent Operational Needs,” Aug. 24, 2012. Notably, the authority under Section 851 is only available to the SOCOM Commander, while the authority under the FY 2003 NDAA is available to all combatant commanders. Section 852: Corrosion Control in Preliminary Design Review – Section 852 requires the DOD Under Secretary to “ensure” that DOD Instruction 5000.2 and other applicable guidance “require full consideration, during preliminary design review,” “of metals, materials, and technologies that effectively prevent or control corrosion over” a product’s “life cycle.” The Joint Explanatory Statement commented that Congress expects the instructions and regulations will “be tailored to apply only to products likely to corrode and not to every item or system purchased by the DOD.” Section 854: Operational Metrics for Joint Information Environment – Section 854 requires, within 180 days of the FY 2015 NDAA enactment, the DOD CIO to “issue guidance for measuring the operational effectiveness and efficiency of the Joint Information Environment.” This section defines “Joint Information Environment” as “the initiative of [DOD] to modernize information technology networks and systems within the Department.” The Joint Explanatory Statement indicates this section is designed to GREENBERG TRAURIG, LLP | ATTORNEYS AT LAW | WWW.GTLAW.COM 11 focus on tying requirements to “operational outcomes for the warfighting community” rather than ITcommunity generated performance measures. Section 856: Whistleblower Protection for Grantee & Subgrantee Employees – Section 856 makes the whistleblower protections in 10 U.S.C. § 2409, which previously had been applicable only to contractor and subcontractor employees, applicable to employees of grantees and subgrantees. Under 10 U.S.C. § 2409, individuals who initiate or provide evidence of fraud, waste, or abuse related to DOD or NASA funds or contracts may not be discharged, demoted or otherwise suffer retaliation or reprisal if the report was based upon a reasonable belief and made to one of the enumerated officials (e.g., a Member of Congress, an Inspector General, the GAO). Additionally, a person who believes s/he engaged in protected activity and was subjected to retaliation for that activity may submit a complaint to the cognizant Inspector General. Section 857: Prohibition on Contractor Reimbursement for Certain Congressional Investigations – Section 857 amends 10 U.S.C. § 2324 to make unallowable “[c]osts incurred by a contractor in connection with a congressional investigation or inquiry into an issue that is the subject matter of a proceeding resulting in a”: criminal conviction; finding of civil liability (for fraud or similar misconduct) or imposition of monetary penalty or corrective action order related thereto; decision to suspend or debar the contractor, rescind or void the contract, or terminate a contract for default; or a “disposition of the proceeding by consent or compromise if such action could have resulted in” any of the above actions. Section 858: Requirement to Provide U.S. Photovoltaic Devices – Section 858 mandates that “covered contracts” “include a provision requiring that any photovoltaic device installed under the contract be manufactured in the United States substantially all from articles, materials, or supplies mined, produced or manufactured in the United States.” “[C]overed contracts” include “a contract awarded by [DOD] that provides for a photovoltaic device to be – (A) installed inside the United States on [DOD] property or in a facility owned by [DOD]; or (B) reserved for the exclusive use of [DOD] in the United States for the full economic life of the device.” A “photovoltaic device” “converts light directly into electricity through a solid-state, semiconductor process.” This Section contains exceptions as required by the Trade Agreements Act of 1979, and permits the “head of the department or independent” agency to determine on a case-by-case basis that this requirement should not be imposed because it is “inconsistent with the public interest or involves unreasonable costs.” Although not referenced in Section 858, Section 846 of the FY 2011 NDAA, Pub. L. No. 111-383, established sourcing requirements for photovoltaic devices. This earlier legislation included similar definitions of “photovoltaic device” and “covered contract” (without the geographic limitation in Section 858’s definitions) and required covered contracts to comply with the Buy American Act, subject to the Trade Agreement Act of 1979’s exceptions. DOD implemented this earlier requirement through DFARS 252.225-7017 and DFARS 252.225-7018. A review of the list of designated countries in DFARS 252.225- 7017(a) and the restrictions set forth in -7017(c) reveals that Section 858 limits DOD’s potential sources of photovoltaic devices. Despite Section 858’s new limitations, the Joint Explanatory Statement somehow describes it as “a provision that would provide additional acquisition opportunities for [DOD] with respect to photovoltaic devices.” While it is unclear how there will be any “additional acquisition opportunities” for DOD, this provision will certainly help domestic manufacturers and producers of these devices. Section 860: 3 Year Extension of Joint Urgent Operational Needs Fund – The “Joint Urgent Operational Needs Fund” is “available to the Secretary of Defense for capabilities that are determined by the Secretary … to be suitable for rapid fielding in response to urgent operational needs.” 10 U.S.C. § GREENBERG TRAURIG, LLP | ATTORNEYS AT LAW | WWW.GTLAW.COM 12 2216a(c). A “merit-based process” is used “for identifying equipment, supplies, services, training, and facilities suitable for funding through the Fund.” Id. In order to accomplish the above purposes of the Fund, Fund Amounts “may be transferred by the Secretary of Defense from the Fund to”: (A) DOD “Operation and maintenance accounts;” (B) DOD “Procurement accounts;” and/or (C) DOD “Research, development, test, and evaluation accounts.” 10 U.S.C. § 2216a(d). Section 860 extends the expiration date for this authority from Sept. 30, 2015 to Sept. 30, 2018. * * * The FY 2015 NDAA also includes provisions in other titles that affect contractors doing business with DOD and other federal agencies. Some of the more important of these provisions are discussed below. Section 901: DOD CIO Becomes DOD Under Secretary With Added Responsibilities – Section 901 implements a DOD proposal to combine the positions of DOD Deputy Chief Management Officer and CIO into the new position of “Under Secretary of Defense for Business Management and Information.” This new Under Secretary will oversee IT projects and policies, business operations, business strategic planning and performance improvement, and will be a civilian appointed by the President and subject to Senate confirmation. According to the Joint Explanatory Statement, “[t]his change would not take place until the next administration [i.e., Feb. 1, 2017], however, to allow for leadership continuity in [DOD] through the current administration’s term in office.” Section 1270: Expansion of FAPIIS to Include Persons Identified by OFAC – “With respect to a covered person,” Section 1270 amends 41 U.S.C. § 2313(c) so that the Federal Awardee Performance and Integrity Information System (FAPIIS) database “shall include information” “for the most recent 5-year period regarding” “[w]hether the person is included on any of the following lists maintained by the Office of Foreign Assets Control [OFAC] of the Department of the Treasury:” (A) “The specially designated nationals and blocked persons list (commonly known as the ‘SDN list’);” (B) “The sectoral sanctions identification list;” (C) “The foreign sanctions evaders list;” (D) “The list of persons sanctioned under the Iran Sanctions Act of 1996” (Pub. L. No. 104–172; 50 U.S.C. § 1701 note) “that do not appear on the SDN list (commonly known as the ‘Non-SDN Iranian Sanctions Act list’);” or (E) “The list of foreign financial institutions subject to” 31 C.F.R Part 561. Section 1632: Reporting on DOD Cyber Incidents by Operationally Critical Contractors – Section 1632 directs the Secretary of Defense to designate “operationally critical contractors,” and notify such contractors of their designation. “Operationally critical contractor” appears to be narrowly defined as a contractor designated by the Secretary of Defense as a “critical source of supply for airlift, sealift, intermodal transportation services, or logistical support that is essential to the mobilization, deployment, or sustainment of the Armed Forces in a contingency operation.” Once contractors have been notified of their designation as an operationally critical contractor, designated contractors will be required to “rapidly report” “cyber incidents” that actually or have the potential to adversely affect their information or information systems. Reports must include: an assessment of the effect of the cyber incident on the contractor’s ability to meet DOD’s contractual requirements; “the technique or method used in the cyber incident;” a sample of any malicious software involved in the cyber incident, if such malicious software is discovered and isolated by the contractor; and “a summary of information compromised” by the cyber incident. Section 1632 also provides that the procedures established for reporting cyber incidents shall GREENBERG TRAURIG, LLP | ATTORNEYS AT LAW | WWW.GTLAW.COM 13 provide for the “reasonable protection” “of contractor trade secrets, commercial or financial information, and information that can be used to identify a specific person.” It also limits the dissemination of information obtained to entities “(A) with missions that may be affected by such information; (B) that may be called upon to assist in the diagnosis, detection, or mitigation of cyber incidents; (C) that conduct counterintelligence or law enforcement investigations; or (D) for national security purposes, including cyber situational awareness and defense purposes.” An “operationally critical contractor is only required to provide [DOD] access to” its “equipment or information” “to determine whether information created by or for [DOD] in connection with any [DOD] program was successfully exfiltrated from a network or information system of such contractor and, if so, what information was exfiltrated.” DOD is required to issue procedures for the reporting of cyber incidents within 90 days of the NDAA’s enactment. The Joint Explanatory Statement “direct[s] the Secretary to ensure that contractor reporting to DOD, and the dissemination of such reporting, is coordinated with reporting to the Director of National Intelligence and other government agencies.” This Feature Comment was written for The Government Contractor by Mike Schaengold (email@example.com), Aaron Ralph (firstname.lastname@example.org), and Melissa Prusock (email@example.com), who are resident in the Washington, D.C. office of Greenburg Traurig LLP (“GT”). Mike, a Shareholder, is Co-Chair of GT’s Government Contracts & Projects Practice. Aaron and Melissa are Associates in that practice group. Mike serves on the Advisory Councils to the U.S. Court of Federal Claims and U.S. Court of Appeals for the Federal Circuit. This Feature Comment is for general information purposes only and should not be used as a substitute for consultation with professional advisors.