Contractors eying potential opportunities in a new round of COVID-19
relief funding may want to focus elsewhere. House and Senate negotiators are reportedly
wide apart on the specifics of any “Phase IV” relief package. A self-imposed
deadline of July 31st is rapidly approaching. What that means for the long-term is unclear
as self-set deadlines can always be extended.
In the interim, however, some benefits and money will expire without a
short-term extension, something that even itself seems to be doubtful. The
shape of any long-term deal is also uncertain.
Money for unrelated projects, such as the building of a new FBI
Headquarters, has drawn sharp disapproval from Senate Republicans, making the
passage of anything not directly tied to COVID-19 problematic. Even there, however, discussions are at an
impasse. It is also worth
remembering that House leaders have previously said that there will not be
additional funds for defense contractors to pay for previously-authorized CARE
should instead focus on already-identified money and opportunities in their
pipelines. Congress may very
well decide to pass some sort of relief measure at the last second (either
before the August recess or closer to the Fall elections), but that should not
be a distraction from a company’s core business, especially during the end of
the year. Appropriations will also
be late this year, so prepare to start FY’21 under a Continuing Resolution
until sometime after the November election.
Companies selling to the Department of Defense have been gearing up to
become Cybersecurity Maturity Model Certification (CMMC) approved. Even GSA is eying the inclusion of CMMC
requirements for some of its contracts as DOD is often their largest user. Now, however, the National Institute
for Standards and Technology (NIST) has come out with new requirements (https://csrc.nist.gov/publications/detail/sp/800-172/draft) that will eventually
be incorporated into certain CMMC levels.
How that will impact companies among the first to be certified under the
current guidance is unknown. Guidance from
DOD, especially for companies that provide cloud services, is also changing. Don’t even start with the cybersecurity
requirements that Commercial Off the Shelf (COTS) procurements are and are not
exempt from. It’s enough to make a
contractor seek an easier career like commercial fishing. What is clear is that FAR clause 52.204-21 on
Federal Contract Information (FCI) is increasingly being incorporated into a
wide range of government contracts, including those for commercial items. Make
sure your company can comply with the 15 basic NIST security requirements
referenced in the clause. Not all cyber guidance has found its way to the FAR
yet, though. DOD contractors need to
increasingly examine DFAR clauses to ensure they understand the cybersecurity
and cloud standards required of them and those standards that need to be passed
down to subcontractors. There are
many key terms to know, but two of the most frequent are Covered Defense
Information (CDI) and Controlled Unclassified Information (CUI). CUI is actually included in the definition of
CDI, so if your company meets standards on how such information needs to be
handled, it likely meets the other.
While COTS providers are, in fact, exempt from CMMC and some other
requirements, that differentiation may be lost on DOD buyers and prime contractors. Such companies will need to be prepared to
answer why they feel they are exempt from certain compliance standards, or
become compliant. The situation is
changing, but ensuring that your company follows the changes and stays
compliant with applicable rules is critical to doing continued government
Have you ever seen the movies where the car breaks through the first
barrier, then the second and third, keeps ploughing down a road it obviously
shouldn’t be on and then sails off the unfinished bridge and into a lake? Think you would never do that? Think again.
This is exactly the type of behavior many contractors engage in
when it comes to ensuring proper contract compliance. We understand that companies are in
business to do business, but part of conducting that business is making sure
all contractual requirements are fulfilled. Just like the out of control car, contractors
may get multiple warnings to stop, slow down, turn around or otherwise get back
on the right path. Some get the
message by the second or third sign.
That’s late, but usually not too late to prevent truly bad outcomes that
disrupt the business you’re trying to pursue.
Some companies believe that their car could make the jump over the
missing bridge span – akin to reaching safety without having to change
practices. Many, though, end up in the
lake. Unfortunately, that ruins not just
your business but the livelihoods of those who work at the company. A damaged business also upsets investors who
provided money with the expectation that the company would be run
properly. While stopping your car
short of the lake may still result in a ticket and a small repair bill, that’s
certainly preferable to having the entire car wrecked and paying to get
it out of the water. Effective
contract compliance systems are truly a “pennies on the dollar’ investment that
help your business stay on the open road.
Not every government contract issue is a months-long
project. Sometimes you just need a
sanity check or have a question that can be answered in five minutes. Allen Federal can help. We offer “Check-In” service at reasonable
rates for people who need answers and insights on contract terms, new federal
developments, or just sanity checks to ensure their positions are
defensible. We’ve answered hundreds of
questions for a wide variety of companies.
If you’re just not sure what a key term or requirement means, we can
help. Contact us today at email@example.com.
Publicly available data federal contract spending data shows that
there are thousands of professional service and technology services companies
in government contracting, but that most business is conducted by a much
smaller sub-set. A quick look at
the numbers comes up with a reasonable estimate of over 26,000 professional
services contractors. Less than 900,
though, account for 80% of obligated dollars.
In IT services the numbers are 11,250 and 445, respectively. The most
successful companies each manage multiple contracts. The information shows what experienced contractors
have long-known: Relationships and experience matter in federal contracting.
Federal buyers like to have trust in their suppliers and minimize risk. Innovation cannot be totally discounted but,
as we have said before, “innovation” means something different in most of the
federal market than it does in its commercial counterpart. It is usually best understood as being
innovative in comparison to something a federal agency, itself, hasn’t tried
yet. The take-away for companies
that would like to crack into the top 80% is not to necessarily have a better
mouse-trap. Rather, make sure your brand
is recognizable in the market.
Attend even virtual contractor-related gatherings. Partner with companies that have an
established market presence. Get known
and get trusted. While there are newer
market entries that succeed by promoting their solutions, that’s a steep hill
and one that requires a federal customer to like it so much that they’re
willing to take a chance on something no other agency has yet done. It may take a bit longer to develop
relationships and a reputation, but the road is not as steep and can actually
get smoother over time for those that dedicate the necessary resources.