The Defense Department wants to shake up how it works with value-added resellers.

In a draft memo obtained by Federal News Network, the Pentagon would place a 5% cap on most fees charged by resellers starting with a specific special item number (SIN) for IT products. This cap would only apply to IT products sold through the General Services Administration’s schedule contract.

DoD says it spent about $2 billion in fiscal 2024 through the GSA schedule on these technology products.

The draft memo is one of two expected from the administration to address what it believes are higher than normal costs when buying IT products and services through resellers.

GSA initiated this review and proposed overhaul of the reseller market earlier this year. It started in June with a letter to 10 value-added resellers to collect data to better understand the role of such companies and what it would take for original equipment manufacturers (OEMs) to sell directly to the government. Then in early October, sources said GSA was close to issuing a memo that would establish such a cap on resellers.

While GSA has yet to issue such a memo, this undated draft memo from the undersecretary of Defense for Acquisition and Sustainment, Michel Duffey, offered more specifics into what this market cap and oversight process would look like.

Duffey references GSA’s plans in his draft memo.

Duffey wrote the initiative would “initially entail GSA contracting officers’ use new control measures to support their determinations of price reasonableness for products offered for sale under IT Special Item Number 33411. Specifically, GSA will more closely scrutinize pricing from entities that hold themselves out as resellers.”

It would focus on SIN 33411, which is for the purchasing of new electronic equipment, including desktops, laptops, servers, storage equipment, routers and switches and other communications equipment, audio and video equipment and even two-way radios.

Since this cap would only apply to purchases off the GSA schedule, DoD is returning to the idea that these prices are no longer automatically considered “fair and reasonable.”

This harkens back to 2014 when both DoD and NASA issued deviations to the Federal Acquisition Regulations that said schedule prices shouldn’t be automatically considered fair and reasonable. Several years later, DoD and NASA removed that deviation.

“When placing orders on IT contracts, I expect the department’s contracting officers to independently determine fair and reasonable pricing by considering the unique factors of a given acquisition in the same manner as GSA,” Duffey wrote in the draft memo. “Finally, and in general, we will apply the same common-sense approach to avoid paying excessive pass-through costs and avoid paying non or low-value added price markups across the complete range of the procurement.”

A third change DoD would require is for vendors to disclose in their price proposal the manufacturer or dealer price, the percentage markup from the OEM price. DoD also will require a description of the value provided that compromises the markup amount. Any markup more than 5% would require additional vendor justification and a higher level management attention. The memo doesn’t describe what either of those will look like.

Multiple emails to DoD seeking comment were not returned.

DoD’s reasoning for price caps questioned

Federal acquisition experts and resellers questioned the DoD’s rationale for applying price caps.

Three different executives who work for resellers as well as a former federal acquisition official, all of whom requested anonymity for fear of retaliation and to talk about a pre-decisional memo, said this approach flies in the face of what the Trump administration has been trying to do since January to relieve the burden of federal acquisition and encourage more vendors to participate.

One executive at a reseller says the first thing that DOGE went after was cost plus contracts. Now, DoD wants to take what this person called clean and simple transparent firm fixed price contracts for commercial products and turn these into cost plus type contracts, which the executive said makes no sense.

“Audits, narratives, justifications, additional steps and time, how is this simplifying acquisition and growing the industrial base?” the executive asked. “Are they going to cap gross profit on other items they buy like cars, furniture, office supplies, building materials, heating, ventilation and air conditions (HVAC) systems, lighting, plumbing, tools, safety gear and maintenance supplies next?  Where does it stop? Why are we being targeted?”

The executive says there seems to be a big misunderstanding about the role of resellers and even how the market works.

“It’s competition, not price controls, that drive down price. If that’s the ultimate goal,” the executive said. “Capping margins would drive out the best, service-oriented partners that invest in engineering and innovation — leaving behind low-touch resellers who only process orders. This reduces competition, supplier diversity and access to expertise.”

Another executive at a reseller says determining what constitutes an “excessive mark-up” is subjective. The source said for an administration that wants to keep things moving in a timely pace, giving contracting officers discretion about what is an excessive mark-up will cause more problems than it will solve.

“They are assuming that the contracting officers have the appropriate knowledge and training to do that,” the executive said. “Unfortunately and frequently that isn’t what the contracting officers have. There is a lack of understanding that will end up causing confusion and delays.”

VARs solve problems

A third executive questioned how DoD, or any agency, would oversee this entire initiative.

They asked whether the resellers would not need a cost approved accounting systems? If so, that would add significant costs and burdens.

Finally, the former federal acquisition executive, who spent more than 25 years in the federal government, says resellers provide a lot of value to agencies, partly because OEMs traditionally don’t sell directly to the government nor do they want to, but also because the resellers solve problems for the agency.

“They know the technology. They know the OEMs and can tell you what will work or what will not work. Resellers are invaluable,” the former executive said. “In terms of their markup, you just have to negotiate better. If you get at least two resellers to bid, you will get a good price.”

Is capping profits even legal?

All the sources agreed that if DoD or GSA wants better prices, they should do two things: ensure there is competition at the task order level and train contracting officers and other acquisition workers to be better negotiators.

“If you don’t have contracting officers who can push for better pricing at the task order level, then how are you going to have contracting officers who can make these determinations of the value of the markups that are over 5%?” asked the third executive. “You are better off training contracting officers to go after better prices at the task order level. GSA has ways to help like the 4P tool that combs all over for publicly available prices. But applying caps on fees or profit goes against capitalism. It goes against common sense and it will be detrimental to the government and its industrial base.”

Aside from just questioning the rationale behind the price caps, experts also asked whether the memo would violate the FAR and even some federal laws.

One of the reseller executives highlighted five FAR provisions and/or laws this idea seems to violate.

The executive says this requirement seems to violate the Truth in Negotiations Act (TINA) in the sense that commercial Items are not subject to TINA, which requires contractors to provide certified cost or pricing data to the government during negotiations for other items because the commercial marketplace is presumed to be a competitive environment and should drive a reasonable price.

Another part of the FAR this initiative may violate is Part 2 for the acquisition commercial items. The executive said if the government is obtaining a “fair and reasonable” price, then the focus is not about contractor costs, reasonable mark-up, or profit, it’s about the price the agency is paying.

A third section of the FAR this may violate is under Part 15. This includes a prohibition on obtaining certified cost and price data for commercial items.

Cy Alba, a procurement attorney with the firm Piliero Mazza, said if the government is buying through a firm fixed price contract, then they are not supposed to be asking for cost or price information. He added if it’s awarded through the GSA schedule and it’s below the maximum order threshold then prices are determined to be fair and reasonable by GSA.

Alba also said if it’s a commercial item, or really anything that has adequate price competition, the market is supposed to make that determination that the price is fair and reasonable. He said if the government thinks the markup is too high, then they don’t have to buy the product or service from the vendor.

The post Draft memo details DoD plans to cap most reseller fees first appeared on Federal News Network.

© AP Photo/Alex Brandon

Since January 2025, the Justice Department has been aggressively holding federal contractors accountable for violating cybersecurity violations under the False Claims Act.

Over the last 11 months, the Trump administration has announced six settlements out of the 14 since the initiative began in 2021.

Sara McLean, a former assistant director of the DOJ Commercial Litigation Branch’s Fraud Section and now a partner with Akin, said the Trump administration has made a much more significant push to hold companies, especially those that work for the Defense Department, accountable for meeting the cyber provisions of their contracts.

“I think there are going to be a lot more of these announcements. There’s been a huge uptick just since the beginning of the administration. That is just absolutely going to continue,” McLean said during Federal News Network’s Risk & Compliance Exchange 2025.

“The cases take a long time. The investigations are complex. They take time to develop. So I think there are going to be many, many, many more announcements, and there’s a lot of support for them. Cyber enforcement is now embedded in what the Justice Department does every day. It’s described as the bread and butter by leadership.”

A range of high-profile cases

A few of the high-profile cases this year so far include a $875,000 settlement with Georgia Tech Research Corp. in September and a $1.75 million settlement in August with Aero Turbine Inc. (ATI), an aerospace maintenance provider, and Gallant Capital Partners, a private equity firm that owned a controlling stake in ATI during the time period covered by the settlement.

McLean, who wouldn’t comment on any one specific case, said in most instances, False Claims Act allegations focus on reckless disregard for the rules, not simple mistakes.

“We’ve seen in some of the more recent announcements new types of fact patterns. What happens is when announcements are made that DOJ has pursued a matter and has resolved a matter, that often leads to the qui tam relators and their attorneys finding more matters like that and filing them,” said McLean who left federal service in October after almost 27 years. “It’ll be interesting to see if these newer fact patterns yield more cases that are similar.”

Recent cases that involve the security of medical devices or the qualifications of cyber workers performing on government contracts are two newer fact patterns that have emerged over the last year or so.

Launched in 2021, the Justice’s Civil-Cyber Fraud initiative uses the False Claims Act to ensure contractors and grantees meet the government’s cybersecurity requirements.

President Joe Biden signed an executive order in May 2021 that directed all agencies to improve “efforts to identify, deter, protect against, detect and respond to” malicious cyberthreats.

130 DOJ lawyers focused on cyber

Justice conducted a 360 review of cyber matters and related efforts, and one of the areas that emerged was to use the False Claims Act to hold contractors and grantees accountable and drive a change in behavior.

“The motivation was largely to improve cybersecurity and also to protect sensitive information, personal information, national security information, and to ensure a level playing field, so that you didn’t have some folks who were meeting the requirements and others who were not,” McLean said.

“It was to ensure that incidents were being reported to the extent the False Claims Act could be used around that particular issue. Because the thought was that would enable the government to respond to cybersecurity problems and that still is really the impetus now behind the enforcement.”

McLean said the Civil-Cyber Fraud initiative is now embedded as part of the DOJ’s broader False Claims Act practice. It has about 130 lawyers, who work with U.S. attorney’s offices as well as agency inspectors general offices.

Typically, an IG begins an investigation either based on a qui tam or whistleblower filing, or a more traditional review of contracts and grants.

The IG will assign agents and DOJ lawyers will join as part of the investigative team.

McLean said the agents are on the ground, interviewing witnesses and applying all the resources that come from the IGs. DOJ then decides, based on the information the IGs bring back, to either take some sort of action, such as intervening in a qui tam lawsuit and taking it over, or to decline or settle with a company.

“They go back to the agency for a recommendation on how to proceed. So it’s really the agencies and DOJ who are really in lockstep in these matters,” she said. “DOJ is making the decision, but it’s based on the recommendation of the agencies and with the total support of the agencies.”

Many times, Justice decides to intervene in a case or seek a settlement depending on whether the company in question has demonstrated reckless disregard for federal cyber rules and regulations.

McLean said a violation of the False Claims Act requires only reckless disregard, not intentional fraud.

“It’s critically important for anyone doing business with the government, especially those who are signing a contract and agreeing to do something, to make sure that they understand what that is, especially in the cybersecurity area,” she said. “What they’ve signed on to can be quite complicated. It can be legally complicated. It can be technically complicated. But signing on the dotted line without that understanding is just a recipe for getting into trouble.”

When a whistleblower files a qui tam lawsuit, McLean said that ratchets up the entire investigation. A whistleblower can be entitled to up to 30% of the government’s recovery, whether through a decision or a settlement.

Self-disclosures encouraged

If a company doesn’t understand the requirements and doesn’t put any resources into trying to understand and comply with them, that can lead to a charge of reckless disregard.

“When it comes to employee qualifications, it’s the same thing. If a contract says that there needs to be this level of education or there needs to be this level of experience, that is what needs to be provided. Or a company can get into trouble,” McLean said.

“The False Claims Act applies to making false claims and causing false claims. It’s not just the company that’s actually directly doing business with the government that needs to worry about the risk of False Claims Act liability, because a company that’s downstream, like a subcontractor who’s not submitting the claims to the government, could be found liable for causing a false claim, or, say, an assessor could be found liable for causing a false claim, or a private equity company could be found liable for causing a false claim. There are individuals who can be found liable for causing and submitting false claims.”

She added that False Claims Act allegations can apply not only to just the one company that has the direct relationship with the government but also to their partners if they are not making a good faith effort to comply.

But when it’s a mistake, maybe an overpayment or something similar, the company can usually claim responsibility and address the problem quickly.

“DOJ has policies of giving credit in False Claims Act settlements for self-disclosure, cooperation and remediation. That is definitely something that is available and that companies have been definitely taking advantage of in this space,” McLean said. “DOJ understands that there’s more focus on cybersecurity than there used to be, and so there are companies that maybe didn’t attend to this as much as they now wish they had in the past. The companies discover that they’ve got some kind of a problem and want to fix it going forward, but then also figure out, ‘How do I make it right and in the past?’ ”

McLean said this is why vendors need to pay close attention to how they comply with the DoD’s new Cybersecurity Maturity Model Certification.

She said when vendors sign certifications that they are complying with CMMC standards without fully understanding what that means, that could be considered deliberate ignorance.

“Some courts have described it as gross negligence. Negligence would be a mistake. I don’t know if that helps for the for the nonlawyers, but corporations which do not inform themselves about the requirements or not taking the steps that are necessary, even if it’s not through necessarily ill intent, but it’s not what the government bargained for, and it’s not just an accident. It’s a little bit more than that, quite a bit more than that,” she said.

“The one thing that’s important about that development is it does involve more robust certifications, and that is something that can be a factor in a case being a False Claims Act and a case being more or less likely to be one that the government would take over. Because signing a certification when the information is not true starts to look like a lie, which starts to look like the more intentional type of fraud … rather than a mistake. It looks reckless to be signing certifications without doing this review to know that the information that’s in there is right.”

Discover more articles and videos now on our Risk & Compliance Exchange 2025 event page.

The post Risk & Compliance Exchange 2025: Former DOJ lawyer Sara McLean on ensuring cyber compliance under the False Claims Act first appeared on Federal News Network.

© Federal News Network

 

Interview transcript:

 

Bob Venero As we look at AI in in the federal government, but also in the companies that support the federal government — like the Northrop Grummans of the world, the Raytheons — AI is extremely important in helping them accomplish mission. Whether that mission is for the warfighter or whether that mission is for the Veterans Administration or any of the other areas within the government. And what we’re seeing is there’s a tremendous amount of pilots that are happening within those government agencies. At the end of the day, AI means something different to everybody, right? And really if you look at it, what is going to be the business outcome of some type of AI strategy or AI automation that you, as an agency or as a federal systems integrator, are trying to accomplish? That’s the key factor. I don’t want to say there’s no magic behind the curtain as it relates to what AI is — it’s things that are going to happen at speed and scale, tied to incredible technologies from companies like NVIDIA. I look at them as the grandfather of AI. And actually, I think next week is NVIDIA’s GTC event in DC, right? Really geared towards the government and you know what AI is doing for them. So as we look at different areas within the different government spaces, automation is key. Having the proper large language models to support what those agencies are trying to do, and then really protecting the security around what those AI models are going to do, and the guardrails that the government has to have, which is different than the bad actors around their AI testing processes and procedures.

Eric White That’s one thing I’ve been curious about as large language models and other AI tools start being implemented and the idea of contractors competing for different jobs. How are government officials going to judge who has the better large language model or who’s piggybacking off of who? Just getting your thoughts on what the future in that realm will look like.

Bob Venero Well, when you look at that … people are saying, hey, prove to me that you didn’t use an AI model to do that, right? And I look at it and say, if I’m smart enough to use that AI model, you should be looking at me because I’m going to be innovative and smart to help accomplish the goal. I don’t necessarily look at it as a bad thing. Who is going to leverage the proper tools that are out there to accomplish the job in the most efficient, effective and cost-based area? And I think that’s key for people to start to look at. You’ll see now when people actually do interviews, they’re asking them, are you doing this interview with AI or not with AI? And they have to attest to that. But to me, that goes counter to what AI is looking to do for everybody, right? It’s about speed, accuracy, and automation. And if someone knows how to leverage it better, that’s probably the person that you want, because those tools are going to be in your environment. It doesn’t necessarily mean that it’s a bad opportunity or they’re a bad contractor or there’s a bad comparative against large language models. It’s who’s using the technology to the best of its ability to accomplish the goals and the business outcomes? That’s the answer.

Eric White How much help will it provide on the bottom line, do you think, as far as budgets are getting tighter and tighter? How much more will this provide?

Bob Venero As we look at what AI can accomplish, automation is a lot of that AI conversation. Because when you can do automation, then you can take people out of the mundane tasks that are just labor-intensive and have them focus on better things to do, that are more thought-provoking, within their environment. So, it will make a difference as far as cost is concerned. Because if I have an individual that we’re paying $150,000 a year, and we had him doing tasks that were mundane because it was a part of his job description and now we can automate that and have him do more thought-provoking things? That’s better for the environment that we’re going to put him in, but it’s also better for the bottom line. Because now I can do things quicker, more efficient, and more effective. And now I can come in under budget potentially. So as budgets become more and more strained, AI becomes a much better tool. But you know, the big fear … am I going to lose my job to AI? That’s a very broad question. You shouldn’t lose your job to AI, and if you do lose your job to AI, then you weren’t focusing on really what your career was in your future. Because if AI can just take the job away, then you haven’t built value for yourself as an individual. It’s about how AI can help you do your job better, faster and right now the question is accuracy, right? Because there’s a lot of mistakes that happen within that model. Whether it’s Grok or ChatGPT, and you ask it a question that you know the answer to, and you know that the answer they gave you is wrong, and then you just say, are you sure? And you prompt that in, and they’re like, oh you’re right, actually, I did make a mistake. Now that I thought about it, here’s what it is. So it’s not even a question of oh, is that model 100% accurate? If you’re taking that as the rule of law, then you’re going to be in a situation where it’s going come back and bite you in the butt.

Eric White We’re speaking with Bob Venero, he’s the president and CEO of Future Tech Enterprise. That’s been the selling point of this technology, faulting whatever the doomsdayers say about loss of jobs, that you know it will help automate and free you up from those mundane tasks. Are we already seeing that or when is that going to kick in? Because I still find myself doing a lot of data entry here, Bob.

Bob Venero I think it’s definitely happening. Not as efficiently and effective as it should, and that’s because we haven’t been educated properly on prompt engineering. If you don’t know how to ask the AI model the question the right way, it’s going to take you longer sometimes to get to the end result. So there’s a whole education cycle that needs to happen on how to create the right prompting, to ask the right questions to get to your end result and goal. And I think that’s going to develop over time. So right now we’re in the infancies of it. I can tell you that it definitely helps in some of the mundane tasks that are tied to, hey, I want to write a brief about something, here is my topic. It gets you 80% there, and then you have to go in and adjust it. But that 80% has saved you a lot of time and effort, from starting it from the beginning to the end. But then you need to validate what it is, the end result, and make sure your answers are correct. So, we’re not quite there yet. I think in the next 12 to 18 months you’ll see a big difference as these models become more and more intelligent in supporting the businesses that they’re handling, the government agencies that they’re handling, whatever the area that it is, because it’s all about the data. And you know … [garbage] in, [garbage] out, right? And that is, from a data perspective, extremely important as these models become trained.

Eric White Let’s zero in on the defense side of things. Where, from a warfighter perspective, could this technology even work out for the Department of Defense? In the procurement contract world, could this technology be of assistance?

Bob Venero Oh, without a doubt. So a lot of times when the agencies like the DoD put out an RFQ for some type of solution, they’ve got criteria that they need to look at and vet each time the respondent is doing what they’re doing. And that criteria now can be handled by AI versus an individual having to compare hundreds or thousands of pages of response, going through it, pulling out the key areas in there, and then evaluating them across each other. And I think that’s very important. As you take a look at the speed of getting things done, what we’re seeing in the organizations, the systems integrators, speed is so important to them. Now to be able to respond to something accurately, efficiently, and be there first versus somebody else who maybe isn’t leveraging those tools is key. If the Department of Defense can use those same tools to evaluate and compare and contrast versus the human eye, it’s a game changer. It really, really is. And it can give you weighted results against each of the potential bidders on there and pick what it believes is the right solution based on your criteria. But then you still have that human intervention that says, okay, let’s really weigh the results here. Thank you for giving me the information. I see it this way, but Northrop Grumman performed better than BAE did on this, or vice versa, and there’s historics that you can take a look at from a DoD perspective. So I think the more and more it’s adopted within that space, the more efficient those agencies can become, the quicker they can give awards, and the better the cost base will be. They it’s going to reduce their costs as well.

Eric White And the bidders may be able to use it if they have to go through a lengthy RFQ, right?

Bob Venero Which without a doubt. Future Tech as a company, we do a lot of RFQs because we support a lot of the federal systems integrators. And we have an AI tool now — we’ve been in business 29 years, so 29 years of responses — and we fed it into the large language model. So now when something comes across the plate, I don’t have to have a team of seven: “Hey, pull from this, pull from that, pull from here, pull from that.” The AI goes in, it looks at the criteria, it then pulls it in and helps us write a draft of what the response is, the key things that we’ve had. And that’s been amazing from a time-reduction perspective and from a personnel and skill perspective.

Eric White Yeah, pointing it back at yourself, you gave that example. What are you having those seven folks do now that you don’t have to have them digging through all of that paperwork?

Bob Venero Here’s a perfect example. The person now who heads up our RFQ team, she wanted to expand and be a part of the onboarding and training for individuals that come into the company. And so now she has a dual role in the organization. That role wasn’t there before, but now we created this additional role, she’s got both of them, she has the time to do it based on the tools that are there. And now from an onboarding and training perspective, we’re going to bring in an AI module that’s going to help her with that as well. So if you’re embracing it properly, it is going to take you to places that are good. I always use this analogy. I’m a boater, right? And years ago, you had two sticks when you had two engines, right? You had sticks for left and right and back and forth, and then they came out with a joystick. And the joystick is just like we know, you turn the joystick left, it goes left, turn it right, back, forward. All intelligence built into it. The key and smart thing about what that has done — I used to get yelled at, “you’re a cheater, you’re a cheater, you know, you’re not learning the old way.” I’m like, no, I’m actually smart — it’s a lot easier to do it this way. I can get to my route quicker and I can park a lot more easy. It’s the same thing with these tools, right? Embrace them. Bring them into your environment, leverage them out there, and it’ll help you as an organization. But also any of the agencies that do it, it will help them be more efficient, effective, and that’s important right now, tied to costs and cost reduction.

The post What comes next for federal workers after AI takes over the mundane tasks first appeared on Federal News Network.

© Getty Images/wildpixel

Interview transcript:

 

Stephanie Kostro It is the end of the calendar year, beginning of the government fiscal year. And this is the time of year when a lot of companies take a step back and evaluate their business strategy and their planning for the next few years. We see a lot folks having off-sites in December or in January to do some of this strategic planning and I’ll be frank with you, I think a lot people will be happy to see 2025 end. And they will celebrate the new year in all sorts of ways, just because of what they’ve been through this year. If your listeners can harken back to earlier this year, the efficiency initiatives really did a number on a lot of the business plans that had been developed among government contracting companies. Some of them had massive de-scoping of their contracts. Some of them had contract terminations. Some, particularly those who worked for agencies like U.S. Agency for International Development, and the Department of Education, some at Health and Human Services really saw a diminution of their planned objectives for throughout the year. And so as we go into the December and January planning cycle for these companies, what they’re really looking for are signs from the government that there is work coming as they start to think through what calendar ’26 looks like. And they start to do their resource planning for personnel and for bid teams to put together proposals. That’s really what they are looking for. And I will have to say, Terry, earlier this year. PSC, the Professional Services Council, we represent services and solutions providers. And typically every year we put together something called our business forecast, which looks at our scorecard, which looks at all of the web-based procurement forecasts put out by agencies. And we would look at tens of agencies and their forecasts and we would rate them based on 15 key attributes, which we developed in industry, about what is useful for those forecasts. This year in 2025, we made the decision that instead of putting out our seventh annual forecast, we skipped this year. The forecasts just weren’t there, and they’re still not there.

Terry Gerton So how is it that agencies put those forecasts out, and what do they base it on? And I guess the third part of that question is, why aren’t they there?

Stephanie Kostro This was a mandate from, among others, from the Office of Federal Procurement Policy, which is a White House office that said, hey, agencies, to the extent that you can, put out forecasts on your websites. And it was really to help drive new companies to join the federal marketplace and to keep those companies that are part of the GovCon community interested. If you could look at a website and say, okay, there is an opportunity coming up in Q1, Q2, Q3, and let’s build towards that opportunity. What happened earlier this year is a lot of those websites went dark. I think it was because as part of the efficiency initiative, it was no longer a useful tool because things were moving very, very quickly. What I find interesting though, is that those websites are still dark. They’re still not there. And so I’m not entirely sure how our government contracting community can put together a reliable business strategy for 2026 and beyond in the absence of that information.

Terry Gerton Well, some estimates are that the contracting workforce itself has been reduced by over 25%. Are we just missing the people who used to do this?

Stephanie Kostro I think that’s part of it, Terry. We’re missing some of the folks who took that deferred resignation or the “fork in the road” option. Some of them did the voluntary early retirement programs. I would also say in many agencies, and I’ll use the phrase “OSDBU”, but I’ll actually speak out the acronym here, the Office of Small and Disadvantaged Business Utilization. Those were usually the offices that had the lead on publishing these websites, and those offices have sort of been dismantled in some agencies. They are certainly de-emphasized in a lot of the agencies. And so it might be … they’re missing the people, that is true, but it’s also they’re also missing the offices that have the lead on putting together these forecasts. And it really is a shame because, you know, the business community uses these forecasts in so many different ways. It helps them do, I mentioned the business planning, but helps them figure out who they want to partner with, who’s going to be their subcontractors or their suppliers, their vendors, etc. This is a real gap in understanding of what the federal marketplace can offer companies. And I do think it will have effects on whether commercial companies want to get involved in government work. They just don’t know what the opportunities are.

Terry Gerton I’m speaking with Stephanie Kostro, president of the Professional Services Council. Stephanie, one more question on this. I mean, GSA has gone through a lot of work to centralize procurement and forecasting. Would you expect that GSA will take this over perhaps and share their forecast?

Stephanie Kostro I love that you asked this question, Terry, because as I mentioned the last time we put out our forecast, it was in 2024 and we had actually at PSC highlighted GSA as a model for putting out these forecasts. We mentioned that GSA has something called their Acquisition Gateway, which sets a high bar for government business forecasting and it encourages the migration to the GSA tool for other departments. So Department of Labor, Department of Justice, they were using the GSA Acquisitions Gateway. So I think this is a fantastic opportunity to go back to that gateway and have GSA take the lead.

Terry Gerton Speaking of forecasts, PSC’s got a big session coming up starting on December 1st. Your vision federal market forecast. Tell us about that.

Stephanie Kostro I love that our entire segment here is devoted to forecasting, because the procurement dork in me is celebrating here. So PSC has this conference and it’s actually run by our foundation, which is our 501c3 nonprofit affiliate dedicated to education. And so it is a year-long process where we have so many teams come together. There are 21 different study teams, they focus on things like Health and Human Services, or Customs and Border Protection as part of the Homeland Security team. And this year of agency discussions, they speak to think tank folks, they speak procurement officials within the government, and it culminates in this conference and it’s happening in person on December 1st. It’s a virtual day for December 2nd and 3rd. It is where these 21 different study teams present their findings. So it’s not just tied to a web-based procurement forecast, but rather these discussions that they’re having with officials. We had over 400 volunteers as part of this process, and I’m just very excited. It is a great opportunity to really hear what’s going on in the procurement world, not just for opportunities, but what the dynamics look like, what impact inflation is having, etc. And to be honest, what impact these efficiency initiatives have had on the federal marketplace. So I highly recommend this conference. Again, it’s December 1st through the 3rd, and December 1 is the only in-person day here in Arlington.

Terry Gerton It sounds like in the absence of the agency forecast that we were talking about at the beginning of our conversation, this may be a great opportunity for contractors, those who are considering government work, to find out from inside sources what’s going on.

Stephanie Kostro It’s a perfect opportunity to get some business intelligence. It’s also a great networking opportunity because we do have government folks come to this conference as well to hear about what other agencies are doing. And so I highly commend it to folks who are listening, but I’m certainly going to be there and soaking up all of the knowledge that I can. I’m particularly looking forward to the Defense Services presentation in light of the Secretary of War Hegseth and his arsenal of freedom speech that he gave about transforming the processes for requirements and acquisition. I’m really looking forward to that. And I always look forward sort of to the top-line and the IT modernization teams as well. So if I were going to recommend three sessions, those are the top three. But they’re all very, very interesting and I’m looking forward to it.

Terry Gerton So how do people who want to attend find out about it and register?

Stephanie Kostro They can go to PSCouncil.org, and you can also search for Vision Federal Market Forecast and the sessions will pop up. There is a fee, obviously, for this, but it is open to the public. It is a widely attended gathering which allows government folks to attend. That is how they can connect with this conference.

The post Federal agency business forecasts have gone dark, and companies are struggling to plan without them first appeared on Federal News Network.

© Federal News Network

While much attention across the federal community has been focused on the Office of Personnel Management’s strategy to consolidate 119 different human capital systems across government, the agency, at the same time and with little fanfare, kicked off another major human resources modernization effort.

OPM is planning to revamp the USA Hire platform, which provides candidate-assessment tools for agency hiring managers, with the goal of making evaluations more efficient and leading to higher-quality applicants.

OPM, working with the General Services Administration, issued a request for information on Oct. 7 and has been meeting with vendors over the last few weeks to determine what commercial technologies and systems are available. The RFI closed on Oct. 21.

“This RFI is part of OPM’s ongoing effort to ensure agencies have access to cutting-edge, high-quality assessment tools that help identify and hire the best talent across the federal government—advancing a truly merit-based hiring system in line with the president’s Merit Hiring Plan and Executive Order 14170, Reforming the Federal Hiring Process and Restoring Merit to Government Service,” said an OPM spokesperson in an email to Federal News Network. “OPM also anticipates making additional improvements to USAJOBS and USA Staffing to enhance the applicant experience and better integrate assessments into job announcements.”

OPM says in fiscal 2024, USA Hire customer agencies used the program to assess approximately 1 million applicants for over 20,000 job opportunity announcements.  It provides off-the-shelf standard assessment tests covering more than 140 federal job series, access to test center locations worldwide and a broad array of assessment and IT expertise.

“USA Hire currently offers off-the-shelf assessment batteries covering over 800 individual job series/grade combinations, off-the-shelf assessment batteries covering skills and competencies shared across jobs (e.g., project management, writing, data skills, supervisory skills), and custom assessment batteries targeting the needs of individual agencies, access to test center locations worldwide, and a broad array of assessment and IT expertise,” OPM stated in the RFI.

In the RFI, OPM asked industry for details on the capabilities of their assessment systems, including:

• Delivering assessments in a secure, unproctored asynchronous environment
  Delivering online video-based interviews
• Using artificial intelligence/machine learning in assessment development and scoring
• Minimizing and/or mitigating applicant use of AI (e.g, AI chatbots) to improve assessment performance
• Integrating and delivering assessments across multiple assessment platform

“OPM seeks an assessment delivery system that can automatically score closed-end and open-ended responses, including writing samples. The online assessment platform shall be able to handle any mathematical formula for scoring purposes,” the RFI stated. “Based on the needs of USA Hire’s customers, OPM requires an assessment platform that supports static, multi-form, computer-adaptive (CAT), and linear-on-the-fly (LOFT) assessments delivered in un-proctored, in-person, and remote proctored settings.”

An industry executive familiar with USA Hire said OPM, through the RFI, seems to want to fix some long-standing challenges with the platform.

“RFI suggests OPM will allow third parties to integrate into USA Staffing, which has been a big problem for agencies who weren’t using USA Hire. But I’ll believe it when I see it,” said the executive, who requested anonymity in order to talk about a program they are involved with. “Agencies are not mandated to use USA Hire, but if they don’t use it, they can’t use USA Staffing because of a lack of integration.”

USA Staffing, like USA Hire, is run by OPM’s HR Solutions Office on a fee-for-service basis. The agency says it provides tools to help agencies recruit, evaluate, assess, certify, select and onboard more efficiently.

RFI is a good starting point

The executive said this lack of integration has, for some agencies, been a problem if they are using other assessment platforms.

For example, the Transportation Security Administration issued a RFI back in 2024 for an assessment capability only to decide to use USA Hire after doing some market research.

“USA Hire is adequate for most things the government does. It’s fine for certain types of programs, but if you get out of their swim lanes, they have trouble, especially with customization or configurations. I think getting HR Solutions to do any configurations or customization is a yeomen’s effort,” the executive said. “My concern about USA Hire is it’s a monopoly and when that happens any organization gets fat and lazy. Maybe the Department of Government Efficiency folks kicked them in the butt a little and that’s maybe why we are seeing the RFI.”

The executive said the RFI is a positive step forward.

“It could be good for some companies if it comes to fruition and OPM brings in a legitimate way for other providers with some unique competencies or services to expand the offering from USA Hire,” the executive said. “It’s too early to tell if there will be a RFP, but if they do come out what are they buying? Are they trying to bring on new assessment providers? I think a lot of us would like to know what OPM is looking for or what holes they are seeking to fill in these new solutions.”

Other industry sources say OPM has laid out a tentative schedule for a new USA Hire support services solicitation. Sources say OPM is planning to release a draft request for proposals in January with a final solicitation out in October.

This means an award will not happen before 2027.

“Due to the complexity of requirements and the amount of market research that needs to be conducted, the USA Hire PMO expects the competition timeline to be more than a year long,” OPM said in a justification and approval increasing the ceiling of the current USA Hire contract. “The government estimates that transition could take up to two years depending on the awardee’s solution.”

OPM adds $182M to current contract

OPM released the J&A at the same time it issued the RFI. In a justification and approval, OPM increased the ceiling of its current USA Hire support contract with PDRI, adding $182.7 million for a total contract value of $395 million.

OPM says the need to increase the ceiling is because of the Transportation Security Administration’s (TSA) adoption of USA Hire and its need to fill thousands of vacant positions after the COVID-19 pandemic.

“Because of the EO, the need for USA Hire assessments has far exceeded the initial estimated amount, which has grown at a pace far faster than anticipated when the contract requirements and needs were first drafted and awarded,” OPM stated in the J&A. “OPM planned for the steady growth of USA Hire throughout all options of the contract; however, TSA alone has consumed 95% of the requirement in option year 2 and option year 3. The government issued a modification to realign ceiling value to support the additional assessments; however, the delivery of the assessments has increased significantly.”

An email to PDRI seeking comment on the increased ceiling and the RFI was not returned.

The OPM spokesperson said the agency expects the use of USA Hire to continue to grow over the next few years as agencies implement skills-based assessments as required under the Merit Hiring Plan and Chance to Compete Act.

OPM said in its J&A that it expects USA Hire to provide assessment services to 300,000 applicants for TSA, 10,000 entry level investigators for U.S. Immigration and Customs Enforcement, along with smaller customer agencies spanning cybersecurity positions, tax fraud investigations, entry level credit union examiners and HR specialists.

The post OPM’s HR modernization strategy sets next sight on USA Hire first appeared on Federal News Network.

© Getty Images/iStockphoto/ArtemisDiana

The founder and executive chairman of Govini, a provider of acquisition data and software to the government, has been arrested and charged with four felonies, including multiple counts of unlawful contact with a minor.

Eric T. Gillespie, 57, of Pittsburgh, allegedly used an online chat platform to attempt to solicit sexual contact with a pre-teenage girl.

The Pennsylvania’s Attorneys General Office says at arraignment, a magisterial district judge denied Gillespie bail, citing flight risk and public safety concerns.

The attorneys general says one of their agents “posed as an adult in an online chat platform often utilized by offenders attempting to arrange meetings with children, and engaged in a conversation with Gillespie. Gillespie then made attempts to arrange a meeting with a pre-teenage girl (in Lebanon County).”

Govini said in an updated statement late on Wednesday that it had fired Gillespie.

“On November 12, 2025, the Govini Board of Directors terminated Eric Gillespie from the organization, including as a member of the Board, effective immediately. Mr. Gillespie stepped down from the role of CEO almost a decade ago and had no access to classified information,” a company spokesperson said. “Govini is an organization that has been built by over 250 people who share a profound commitment to America’s national security, including veterans, reservists, and people who have dedicated their lives to causes greater than themselves. The actions of one depraved individual should not in any way diminish the hard work of the broader team and their commitment to the security of the United States of America.”

Poplicus Inc., which does business as Govini, had 26 contracts with the government in fiscal 2025 worth about $52 million, according to the USASpending.gov platform. The vast majority of the awards came from the Defense Department, with two other smaller contracts coming from the departments of Commerce and Energy.

Govini’s main DoD customers include the Army, the Defense Information Systems Agency and the Navy.

Since 2021, Govini has won 107 awards worth more than $255 million.

The company said in October that it surpassed $100 million in annual recurring revenue (ARR) and secured a $150 million investment from Bain Capital.

Gillespie launched Govini in 2013 after launching Recovery.org back in the early days of the American Reinvestment and Recovery Act.

If convicted, Gillespie would spend at a minimum seven years in jail and face up to $15,000 in fines. After serving time, he would have to register as a sex offender for at least 10 years under Pennsylvania law.

The post Govini founder charged with 4 felonies first appeared on Federal News Network.

© AP Photo/Matt Rourke

A veteran-owned small business in the northwest part of the country is waiting for the government to pay them about $20 million in contract invoices.

The company executive, who requested anonymity for fear of retaliation, said their line of credit will only last so much longer before the banks and other creditors come asking for payment.

“Once we hit our limit, we are stuck and the only thing we can do is work with vendors to let them know we are good for money once the government reopens,” the executive said in an interview with Federal News Network. “Once you cross a certain threshold, banks want to see certain things because you are using 80% of your line of credit. They want to know why you’re past due on your receivables, so they want to see reports. Some banks do not understand the government resell process and the fact that we do not operate as a traditional business.”

This IT product reseller, which is located in a Historically Underutilized Business Zone (HUBZone), is one of thousands of companies, both large and small, suffering an extra level of pain during the partial government shutdown.

Not only are firms facing stop work orders, reduced contract scopes or terminations of convenience altogether, but many are waiting to get paid from invoices submitted on or before Sept. 30.

“There isn’t anyone working at the pay centers to approve invoices. A lot of what we do is net 30 stuff that goes through the Invoice Processing Platform (IPP) or other payment portals. We usually submit our invoices and the government approves them, but there isn’t anyone there to do that,” the executive said. “We have one instance where we need additional information before submitting our invoice, but no one is there to give us that information, so can’t submit the invoice. In general, we are submitting invoices and seeing what happens. Then our accounting team is doing outreach after 30 days, and that’s when we are getting bounce backs from emails.”

The company executive said agencies made a lot of purchases on Sept. 30, which means not only are the invoices more than 30 days old, but the vendors they bought from are expecting to get paid regardless of whether or not the government pays first.

“That is creating problems for us in terms of having to make changes and manage cash flow,” the executive said. “The majority of the vendors we deal with know the government space, they are aware of shutdown and they are being friendly about the situation. They aren’t hounding us about past due bills, but with others we are floating the money. We have to use our line of credit or make partial payments to keep them happy.”

Interest penalties accruing

Adding to the challenge of waiting for payments when the government reopens is that vendors are entitled to interest on late payments under the Prompt Payment Act.

The Treasury Department says the interest rate for calendar year 2025 is 4.625%.  This means that the small business which is owed $20 million in outstanding invoices would be owed about $74,000 in interest as of Nov. 10.

This one example is just the tip of the Prompt Payment Interest iceberg that agencies will face when they reopen.

Tim Soltis, a former federal financial management executive who worked at the Office of Management and Budget, Treasury and the Education Department during his 25-year career in federal service, said there usually isn’t money to pay for these interest payments, so agencies will have make to cuts elsewhere.

“They may have to cut overtime or cut hiring to make room for these payments,” he said. “At Education, I ran both the financial and contracting side and budget and contracting work hand-in-hand in many cases. The budget has to be adjusted before an invoice is paid and it must draw from the same appropriation line. With the shutdown happening at the beginning of the fiscal year, agencies probably have money to pay the interest, but they will have less things to spend on during the year.”

Soltis said over the last decade through IPP or other electronic payment processing systems, the government has basically solved the issue of late payments to contractors, which is why Congress passed the Prompt Payment Act in 1982.

He said a lot of agencies may have to figure out how to calculate and pay the interest because it’s been so long since they’ve had to do it.

When is the invoice accepted?

Eric Crusius, a procurement attorney and partner with Hunton law firm, said he rarely hears from clients about prompt payment issues. But contractors need to be prepared to claim interest when the government reopens.

“If the invoice was submitted before the shutdown, then it’s supposed to be applied automatically,” he said. “I’d recommend first sending an email to the contracting officer about the interest that is due, and then lodge a claim with the contracting officer if they don’t accept it. Unless the contract has some other terms and conditions, usually there is a seven-day invoice acceptance period no matter if the government is open or not. Now, the government could make the argument that there wasn’t anyone there to receive the invoice or product or service. I’d recommend to make a claim and argue it should be automatically accepted.”

The issue of when the government “accepts” a company’s invoice is one of the biggest, and most concerning, questions that vendors need to understand.

Soltis said an agency accepting an invoice is usually dependent on how the contract is set up.

“There are specific terms in the contract for invoice acceptance and that is what would drive it. But in general, the contracting officer technical representative or contracting officer usually is the one that has to accept an invoice. And legally if the government doesn’t respond within seven days, it’s considered constructive receipt,” he said. “But a lot of times it’s later than that, and a lot of contractors don’t want to get a customer upset over when an invoice is officially accepted.”

Soltis said the issues become more complicated with products where there needs to be someone at a receiving dock or in the agency to accept the package, validate it and match it to the invoice.

In fact, Dell Technologies and its partner Carahsoft said in an email to a vendor supplier, which Federal News Network obtained, that the order placed by the supplier would be on hold until they receive confirmation that the agency customer will be on site to accept the delivery.

Vendors should document all expenses

Solstis said another challenge will be that agencies will face a backlog of invoices when they return to the office.

“Contractors who are holding their invoices could be sabotaging themselves. What people will tell you is to submit it and let the government sit on it. Then you can say you submitted it and the government delayed paying. But if you hold your invoices, then you can’t claim interest,” he said. “When the government reopens, I would have a meeting with all contractors and go through their issues to make sure we are on the same page. It’s a two-step process. First, what invoices need to be paid? Second, how do you get the contractors whole? Which ones need to get paid with interest? That will become a budget issue because you have to figure out where the money comes from, how to move it around and how to prioritize payments.”

The industry executive said they really don’t know when the clock starts for invoices on Sept. 30 or those submitted during the shutdown.

“If no one is there to accept the invoice, does it start when the government comes back?” the executive said. “Our success rate on getting prompt payment penalties is very small. The majority of the time the agency says they accepted invoice on specific date and that is when the clock starts. Sometimes, they will wait until day 28 or 30 and reject the invoice, which starts the clock over again. I feel like DoD takes advantage of rejecting it and forcing us to resubmit it, and then they have more time to accept it and then 30 days to pay it.”

Crusius said this is why it’s imperative for contractors to log their expenses and costs associated with their contracts during the entire shutdown.

“They can file claims when they need to, and with certain contracts there are ongoing expenses even if they have tried to pair them down. A lot of that will be dependent on whether they received a stop work order or had their contract scope reduced or received a termination for convenience,” he said. “Contractors have to be diligent in writing down their costs so they can try to collect them.”

The post Shutdown brings reemergence of prompt payment penalties first appeared on Federal News Network.

© Getty Images/iStockphoto/Morakot Kawinchan

Interview transcript:

Jared Serbu: Dan, we now have a final rule, actually multiple final rules, telling us where the Defense Department is headed with CMMC. It’s been a long time coming. As we sit here in the fall of 2025, I mean, generally, how would you assess the level of clarity that folks have about how this is going to play out once we start really moving into the implementation stage here?

Dan Ramish: Well, Jared, I would say there are some questions about how the rollout will take place and the final rule included in Title 48 actually created some new questions. So one of the big questions, there are two central pieces of the CMMC program, really. One of them is that over time, these verification requirements will be implemented and that’ll include for most contractors that have contracts involving CUI, a certified third-party assessment, but the other piece of CMMC is that contractors are actually going to have to have a passing score that they are implementing cybersecurity requirements whereas currently, they only need to do an assessment and report the summary scores of that assessment without reference to having a particular passing score, having implemented a certain number of the security requirements. So this is going to be a big deal starting November 10th. Some contracts will require contractors to have a certain level of cybersecurity implementation with regard to the 110 cybersecurity requirements in this data 171. The question is which contracts will have the CMMC clause and which won’t. And it’s going to matter so much because again it’s going to be an issue of eligibility for award. So you could lose out on a contract if you don’t have sufficient cybersecurity compliance. And the uncertainty here stems from the fact that there is language in the Title 32 rule and the Title 48 rule that is different. So the Title 32 rule suggests that DoD, as of Phase 1, which begins on November 10th, 2025, intended to include the CMMC statuses in clauses in all contracts and solicitations. Whereas the Title 48 rule, that came out in September, says that during the first three years the CMMC requirement will be included in only certain contracts. So it’s unclear which contracts will or won’t have it, or whether all contracts will have the CMMC clause or not.

Jared Serbu: But I think part of the take-home message there is you as a potential bidder or potential offer on any of these contracts have no control over what DoD ends up doing on any particular contract and whether the clauses are going to be included or not. So that probably means it’s time to be ready no matter what.

Dan Ramish: That’s right. Contractors shouldn’t be rolling the dice and potentially losing out on an important contract opportunity that may include the CMMC clause.

Jared Serbu: And so what do we know about, as you just did a great job of taking us through, there’s a lot of murkiness about which contracts are going to include this or not. But what do we know about sort of the process DoD is going to use to decide whether those clauses are going end up going into those contracts, at least during this first phase where they’re leaving themselves quite a bit of discretion?

Dan Ramish: So the Title 48 rule basically says that it’ll be up to the requiring activity to make the determination of CMMC that the CMMC program office will direct the component program offices as to inclusion of the requirement. The other issue, besides whether the clause will be in the contract at all, is whether self-assessment will be included or whether some contracts may include certification assessment for CMMC Level 2 and there’s discretion in that as well. There is a little bit more guidance as to that piece of it, when the decision might be made to include a certification assessment requirement. DoD’s frequently asked questions says that PMs should only make use of the discretion to include C3PAO assessment during Phase 1. When informed by adequate market research, there’s reason to believe there are enough qualified offerors, including their subcontractors, to provide adequate competition. So if there are enough contractors that have a certification assessment for a particular requirement, then there’s a greater chance that DoD might decide to include a certification assessment and you could lose out even if you have self-assessed and are compliant, either conditionally or fully compliant.

Jared Serbu: Yeah and one of the things that comes to mind here is it may be an incentive against over-classification in some cases here, of course, a problem that has been existent in the government for a long time. If you run into a situation now where whether you’re designating things as CUI or not could determine whether or not you need to have CMMC in a contract, that could be a fairly powerful force on the government side to at least make you take a second look at the requirements in your contract and say, ‘Hey, is this really CUI or not?’

Dan Ramish: Yes. Well, and the backdrop to that is that a significant portion of the defense industrial base isn’t at the full passing score as yet for CMMC Level 2. And there have been a number of studies, one of them fairly recently from a company called CyberSheath, that suggested that the median SPRS score based on 300 survey respondents was 60, whereas the full compliance score is 110. So a lot of contractors have work to do and DoD requiring activities, of course, want to get their products and services from the contractors. And so on the one hand, the cybersecurity concerns are real, the national security implications of cybersecurity are real. But on the other hand, the Department of Defense needs to get their stuff. And so this has always been the tension all along. And I hope that you’re right that as the stakes increase with the CMMC clause that the government will take a more serious look at what really needs to be marked as CUI and be more discerning in that. But part of the challenge is that there isn’t at this stage a standardized method for indicating, identifying what CUI will be involved in the given contract. That’s something that’s addressed in the FAR CUI proposed rule. But that is kind of on hold with the whole Revolutionary FAR Overhaul that’s taking place. So there’s still going to be some challenge and some need for informal communication between prime contractors and the government or between subcontractors and prime contractors to figure out even what is going to be CUI under a contract.

Jared Serbu: Yeah, I want to make sure I’ve got my head around that last piece. So you as a vendor, when you see an RFP, you may not necessarily know just based on those solicitation documents whether or not there’s going to be CUI involved in performance of the work. And you may not know at the outset whether or at what level you need to be compliant with CMMC. Is that the upshot of all that?

Dan Ramish: Well, so there will be a designation of what CMMC level is required. The clause will designate which CMMCs level is required, but just because CMMC Level 2 is designated for a given solicitation or contract, doesn’t mean that all information that is provided by the government or that’s generated in performance is going to be controlled on classified information and it’s important to know what specific information is subject to handling and dissemination controls because contractors need to take appropriate precautions and they may have CUI on some information systems and not on others. And so ensuring that they are properly directing the flow of materials that are actually CUI is critical for compliance with the cybersecurity requirements. And so if they don’t have that information, if that’s not clearly indicated in the contract because there is no standardized form for that to happen, as yet, that creates a challenge.

Jared Serbu: Yeah, and you mentioned earlier that this is not the time to roll the dice anymore. But are there some areas or windows where, depending on the type of work you do, you can get away with completely avoiding CMMC altogether? Are there places where contractors really can still play and not worry about anything that we’ve been talking about the last 10 minutes?

Dan Ramish: So this is a big point of debate because, so CMMC Level 1 is actually going to apply to the largest portion of the Defense Industrial Base. And CMMC Level 1 corresponds to the basic safeguarding requirements that are currently in the FAR and those requirements are intended to be less onerous, but they are government-unique requirements. And to get out of even CMMC Level 1, there are really two ways around it. One of them is, there is an exception for COTS items. So if a contract is solely for a COT, commercially available off the shelf, that’s one exception. There’s going to maybe be greater need to drill down on what specifically is COTS. Of course, we live in an age where if you’re buying something off the shelf, there may be different options, and if the same options are available to the government as are available in the commercial marketplace, does that still make it COTS? There are questions like that where there could be gray areas. The other piece is federal contract information. If there’s no federal contract information, then CMMC Level 1 isn’t going to be required, assuming there also is CUI. Federal contract information is just non-public government information that’s involved in the contract. And the way that is interpreted by the government is going to important because, of course, a lot of the information that is involved in contract performance is going to be accessible through the Freedom of Information Act. But the Department of Defense declined to say that anything that’s foible is not FCI. So it may be challenging to demonstrate that you don’t have any non-public federal information. There are going to be some exceptions if the government makes the information publicly available like on a public website or certain financial payment information isn’t going to be FCI. But short of that, I think it will be interesting to see whether there are questions about getting out of CMMC altogether based on the lack of FCI.

The post New CMMC rules take effect Monday, with contractors facing uncertainties first appeared on Federal News Network.

© Amelia Brust/Federal News Network