The National Defense Authorization Act (NDAA) is what funds the Department of Defense (DoD). Every year, in addition to the funding, Congress uses the bill to make other changes. And, not surprisingly, many of those other changes impact government contractors.
This year, the NDAA for Fiscal Year 2021 (NDAA2021), has had an interesting path. Initially passed by the U.S. House of Representatives back in July, the defense spending bill stalled in the Senate during the fall election season. In mid-November, the Senate passed its version, with changes. The bill then went to Conference Report – where the two chambers reconciled their differences with the bill, eventually passing on Dec. 8 and 11, sending it on to President Trump. President Trump had threatened to veto the bill because it did not include a repeal of Section 230, a law that currently shields internet companies from liability around content posted on their websites. Additionally, the Trump administration expressed concern over other provisions related to the border wall and renaming military bases. Ultimately, on Dec. 23, President Trump vetoed the spending bill.
Congress then considered overriding the President’s veto. On Dec. 28, the House of Representatives did so 322-87, meeting the supermajority requirement. The Senate followed suit in a rare New Year’s Day session, overriding the veto 81-13.
The $740 billion bill is now law. Below is a summary of the NDAA2021 as it pertains to defense contractors.
- Section 815: Prompt payment of contractors: The NDAA removes language from the prompt payment to subcontractors statute which had limited the accelerated payment (within 15 days) to instances where a separate date was not established by the contract. This modification is effective for both DoD small business prime contractors and subcontractors. The new language requires the DoD to pay small businesses within 15 days after receipt of proper invoice to the fullest extent permitted by law.
- Section 861: Initiatives to support small businesses in the national technology and industrial base: The NDAA directs the DoD to develop a small business strategy to shore up the link between and use of small businesses in the national technology and industrial base, or more specifically, the defense supply chain. Implementation is required by 2023, but plans will be due during 2021. The primary DoD agency is the Defense Logistics Agency (DLA).
- Section 862: Transfer of verification of small business concerns owned and controlled by veterans or service-disabled veterans to the Small Business Administration (SBA): This new provision establishes a process to determine the “transfer date” when a veteran sells his/her business.
- Section 863: Employment size standard requirements for small business concerns: The NDAA makes an interesting change to the calculation for whether or not a business is small. NAICS codes are generally divided into two camps – revenue-based and employee-based (or head count-based). The NDAA2019 adjusted the look-back period for the revenue-based NAICS codes.
Now, the NDAA2021 makes an adjustment for employee-based NAICS codes. Instead of calculating for the period of 12 months, companies will now calculate for the period of 24 months. Further, this provision will go into effect on Jan. 1, 2022, one year after the NDAA2021 is passed into law. Such a provision will help companies that are growing, but may harm those that are shrinking. Companies should be aware of the new two-year lookback if there are significant changes in the workforce, or if they hover near the head-count threshold.
- Section 864: Maximum award price for sole source manufacturing contracts: The NDAA2021 increases the maximum award price for sole source manufacturing set-asides: from $5 million to $7 million.
- Section 868: Past performance ratings of certain small business concerns: Under the NDAA2021, if a small business previously was part of a joint venture (JV), and now proposes on a solicitation/quote/bid, the small business will have the choice (affirmative election) of counting that previous experience as its own past performance, if it otherwise has no relevant past performance.
- Section 869: Extension of participation in 8(a) program: During the pandemic, 8(a) firms have been permitted to voluntarily elect to “pause” or suspend their participation in the 8(a) program due to the economic impact of the pandemic leading to lack of business opportunity, labor shortages, supply chain issues, etc. This provision will extend all 8(a) small business’ eligibility for a one-year extension due to COVID, regardless of whether or not they elected to “pause” eligibility.
Technical Data Rights
- Section 833: Listing of Other Transaction Authority (OTA) is located under Section C – Provisions relating to Software and Technology. This provision requires the Secretary of Defense, within 90 days, to maintain a list of all consortia used by the DoD to announce or solicit OTA opportunities on a single Government-wide point of entry. This should make it easier for the DoD to push these OTA opportunities out to a larger audience quicker. It also will make it easier for companies — whether traditional government contractors or high tech companies unfamiliar with working with the DoD — to find OTA opportunities from the entirety of the DoD by going to this one site.
- Section 1833: Proprietary contractor data and rights in technical data: At this point, all Section 1833 is really doing is moving language, as is, to a new set of sections. Or, from 10 U.S.C. §§2320-2321 to §§ 3771-3771, 3781-3786, and 3791-3794. Largely, there are no meaningful changes, because the majority of the changes are based on location within the public law and formatting. New subchapters will group guidance to the Government on the validation of contractors’ technical data restrictions and the thornier issues related to the Government’s management of its IP, commercial IP protections, and the interface with the Freedom of Information Act (FOIA). Notably, Congress has included a provision technical data rights for non-FAR-based agreements. Most experts assume this provision is to address the rising number of Other Transactions (OTs) that almost always have significant technical data rights at stake and establish a more uniform approach.
- Section 816. Documentation pertaining to commercial item determinations: Adds a new subsection to 10 U.S.C. 2380 to permit Contracting Officers to request support from the Defense Contract Management Agency (DCMA), the Defense Contract Audit Agency (DCAA), or other appropriate experts in the Department, and to consider the views of appropriate public and private sector entities, when making a determination whether a product or service is a commercial product or commercial service. Section 816 also requires Contracting Officers, consistent with the policies and regulations of the Department, to submit a written memorandum which summarizes and includes a detailed justification for the determination, within 30 days after contract award.
- Section 1821: Acquisition of commercial products and commercial services: This section redesignates 10 USC §§ 2375, 2376, 2377, 2379, 2380, and 2380a to 10 USC §§ 3452, 3451,3453, 3455. 3456, and 3457, respectively. 10 USC § 2380b is also combined into the new 10 USC § 3457.
- Section 837: Safeguarding defense-sensitive United States IP, technology, and other data and information: Sec. 837 is a direct response to ongoing concerns about cyber-related espionage by the government of China. This provision calls on the Secretary of Defense to identify all existing policies and procedures protecting defense-sensitive U.S. intellectual property, technology, and other data and information, including hardware and software, from acquisition by the government of China. It also permits the Secretary of Defense to develop additional policies and procedures to the extent the current policies are deemed to be insufficient. Sec. 837 also mandates that the Secretary of Defense establish and maintain a list of critical national security technology that may require certain restrictions on current or former employees, contractors, or subcontractors of the DoD that contribute to such technology from seeking post-employment opportunities with companies wholly owned by or controlled by the government of China.
- Section 1738: Assistance for small manufacturers in the defense industrial supply chain on matters relating to cybersecurity: This new provision gives the DoD authority to make grants to small businesses that are trying to meet new Cybersecurity Maturity Model Certification (CMMC) requirements. The critical thing here is that this is authorizing language, not appropriating language. So the DoD will have permission to make grants, but it does not yet have funding. Further, this authority sunsets in five years, which makes sense because the CMMC requirements must be fully implemented in five years anyway.
- Section 1742: DoD cyber hygiene and cybersecurity maturity model certification framework: Speaking of CMMC, Congress is requiring the DoD to assess its own cybersecurity in 2021 and report back. The report shall include information for each component that does not achieve at least level 3 status (referred to as ‘‘good cyber hygiene’’ in CMMC Model ver. 1.02). There is an additional hook – Congress included a spending cap of 60% on CMMC funding until the DoD submits the briefing report. Much of this spending involves outside contractors and vendors.
- Section 3131: Reporting on penetrations of networks of contractors and subcontractors: Sec. 3131 of the NDAA2021 amends Sec. 4511 of the Atomic Energy Defense Act to add language requiring DOD to establish new reporting procedures and requirements for contractors and subcontractors to follow when a “covered network” is penetrated by a cyberattack. Sec. 3131 mandates that any such report must include (1) a description of the technique or method used, (2) a sample of the malicious software involved, and (3) a summary of any DOD information that may have been compromised. If a contractor or subcontractor is unable to obtain this information within 60 days after the penetration, Sec. 3131 allows them to provide whatever information is available as of that date and to work on an ongoing basis to provide additional information as it becomes available. Additionally, Sec. 3131 requires the DoD to establish policies and procedures to enhance access to Government-owned equipment and information and to limit the dissemination of information related to the penetration to affected entities, those that may be called upon to diagnose, detect, or mitigate the cyber event, and those that conduct counterintelligence or law enforcement investigations.
- Section 835: Balancing security and innovation in software development and acquisition: Sec. 835 attempts to strike a balance between innovation in software development and the growing risk of security concerns. To this end, the statute calls on the Under Secretary of Defense for Acquisition and Sustainment to develop software security requirements to be included in solicitations for commercial and developmental solutions along with appropriate methods for evaluating bids submitted in response to such solicitations. Sec. 835 also mandates the establishment and enforcement of secure coding practices, the management of supply chain risks and third-party software sources and component risks, and other security measures, including procedures to review the security of code developed in support of government contracts and other additional procedures to implement the pilot program established by Sec. 875 of the NDAA2018.
- Section 1863: Contractor workforce: Similar to the restructuring under Section 1833, Section 1863 pulls language from 10 U.S.C. §§2409, 2409a, 2410j, and 2410k into the new chapter with §4701-4704. These sections will continue to address whistleblower protections, qualified training programs, displacement of contractor employees, and employment listings, but just in a new location in the public law.
- Section 804: Implementation of modular open systems approaches: Sec. 804 directs the Under Secretary of Defense for Acquisition and Sustainment to issue further regulations and guidance to facilitate the DoD’s utilization of modular interfaces for major defense acquisitions. Congress and the DoD have long sought to improve the use of a Modular Open Systems Approach (MOSA) for the acquisition of weapon systems because of the perception that it decreases sustainment costs and allows for plug-and-play style adaptability of complex systems. Sec. 804 seeks to improve MOSA acquisitions by granting the DoD government purpose rights in modular system interfaces and by directing the DoD to expand MOSA and its data rights framework to software acquisitions, including business systems and cybersecurity systems. Sec. 804 does state, however, that modular systems developed exclusively at private expenses shall be negotiated so that a contractor receives “appropriate and reasonable compensation” for the technical data.
- Section 820: Contract closeout authority for services contracts: Sec. 820 amends several parts of Sec. 836 of the NDAA2017. That provision, passed in 2016, provided a streamlined process to close out old contracts without having to complete a reconciliation audit or other normally required corrective actions. It allowed agencies to group old contracts together and offset balances due in some against balances owed in others and without regard to year or type of appropriation. Sec. 836(b) made the closeout option available to contracts entered prior to fiscal year 2000 — or at least seven years prior to the NDAA2017. It also required that all required supplies or services had been delivered. Sec. 820 revises Sec 836(b) to allow this procedure to apply to any contract awarded seven years prior to the current fiscal year – removing the year “2000” which was seven years prior to the NDAA2017. For military construction or shipbuilding, this closeout method would be available for contracts at least 10 fiscal years before the current fiscal year, since they generally take longer to closeout. However, Sec. 820 now requires delivery of required goods or services had to have been completed “at least four years before the current fiscal year.” This revision provides further definition to the parameters of an expedited/quick closeout for very old(ish) contracts.
- Section 888: Revision to the requirement to use firm fixed-price contracts for foreign military sales: This section repeals Section 830 of the NDAA2017 which required the use of firm fixed-price contracts when entering into a contract for a foreign military sale.
- Section 3309: Prohibition on release of contractor proposals: This section re-designates 10 USC §2305, subsections (e), (f), and (g) to 10 USC § 3309 subsections (a), (b), and (d) respectively and adds titles to the various subsections.
Foreign Ownership, Control, or Influence
- Section 819: Modification to mitigating risks related to foreign ownership, control, or influence of DoD contractors and subcontractors: Sec. 819 expands on the NDAA2020’s Foreign Ownership, Control, or Influence (FOCI) provisions by authorizing the Secretary of Defense to require reports and conduct periodic examinations of covered contractors or subcontractors to assess their FOCI compliance. Sec. 819 also requires the Secretary of Defense to provide the congressional defense committees with a plan and schedule detailing the timeline for the issuance of implementing regulations, the development of training, and the development of systems for reporting beneficial ownership and FOCI by covered contractors or subcontractors. This will necessarily lead to revisions of the Department of Defense Federal Acquisition Regulation Supplement to fully implement these requirements and those of Sec. 847 of the NDAA2020.
- Section 6403: Beneficial ownership information reporting requirements: This section adds a new item, 31 USC § 5336 – Beneficial ownership information reporting requirements to the Code. This section requires reporting to the Financial Crimes Enforcement Network (FinCEN) on owners of 25% or more of companies based or operating in the U.S., as well as anyone who receives a “substantial economic benefit” from such companies. This provision should be seen as a tool in the U.S.’s ability to enforce its Anti-Money Laundering laws. The Treasury will need to further define in enabling regulations what is meant by “substantial economic benefit,” as that term is not defined in the NDAA. Existing entities will have until Jan. 1, 2023, two years after enactment, to file the required reports with FinCEN, while new entities must comply during the formation of the entity.
There are, however, multiple broad exemptions from this reporting requirement, including: nonprofit organizations; government entities; public companies or those otherwise subject to SEC reporting; entities that can show U.S. person(s) are the exclusive beneficial owner(s); and entities which employ more than 20 people in the U.S. on a full-time basis, have a U.S. physical presence, and have previously filed tax returns demonstrating more than $5 million in gross receipts.
Additionally, this new section requires any federal contractor with a contract valued at above the simplified acquisition threshold to file a report by Jan. 1, 2023, two years after enactment, and with any proposal for a contract above the simplified acquisition threshold.
Contractor Business Systems
- Section 806: Definition of material weakness for contractor business systems: In 2011, Congress first identified a need to improve the quality of contractor business systems, such as accounting and purchasing systems, to ensure that such systems provide timely, reliable information for the management of DOD programs. Since then, there have been several incremental changes to the statutory and regulatory requirements for contractor business systems in various NDAAs and the Defense Federal Acquisition Regulation Supplement. Sec. 806 continues these efforts at incremental improvement by replacing all references to the term “significant deficiencies” in Sec. 893 of the NDAA2011 with “material weaknesses.” As a result, DCMA and DCAA will not approve contractor business systems that have “material weaknesses,” which Sec. 806 defines as “a deficiency or combination of deficiencies in internal control over information in contractor business systems, such that there is a reasonable possibility that a material misstatement of such information will not be prevented, or detected and corrected, on a timely basis.” Sec. 806 further defines “reasonable possibility” as when “the likelihood of an event is probable or is more than remote but less than likely.”
- Section 807: Space system acquisition and the adaptive acquisition framework: Sec. 807 introduces important new statutory authority for the nascent U.S. Space Force. Specifically, Sec. 807 requires the Secretary of Defense to take necessary actions to integrate space system acquisition into the adaptive acquisition framework set forth in Defense Instruction 5000.2, “Operation of the Adaptive Acquisition Framework.” By tailoring these acquisition pathways to space systems, Congress hopes to accelerate the space system acquisition process which will lead to more rapid fielding of critical space end-to-end capabilities — including commercial space capabilities. Sec. 807 also establishes reporting requirements for the Secretary of Defense related to the proposed Fiscal Year 22 Space Force budget line items and various other program management and governance requirements.
Defense Industrial Base
- Section 848. Supply of strategic or critical materials for the Department of Defense: Requires the Secretary of Defense, to the maximum extent practicable, to acquire strategic and critical materials required to meet the defense, industrial, and essential civilian needs of the U.S. first from sources located within the U.S.; second from sources located within the national technology and industrial base (as defined in section 2500 of title 10, United States Code); and third from other sources as appropriate. It also establishes several goals for the Secretary of Defense to meet by Jan. 1, 2035:
- Ensure access to secure sources of supply for strategic and critical materials that will —
- Fully meet the demands of the domestic defense industrial base;
- Eliminate the dependence of the U.S. on potentially vulnerable sources of supply for strategic and critical materials; and
- Ensure that the DoD is not reliant upon potentially vulnerable sources of supply for the processing or manufacturing of any strategic and critical materials deemed essential to national security.
- Provide incentives for the defense industrial base to develop robust processing and manufacturing capabilities in the U.S. to refine strategic and critical materials for DoD purposes.
- Maintain secure sources of supply for strategic and critical materials required to maintain current military requirements in the event that international supply chains are disrupted.
- Section 849. Analyses of certain activities for action to address sourcing and industrial capacity: Requires the Secretary of Defense, by Jan. 15, 2022, to analyze and report on whether the Department needs to take actions such as restricting procurement, increasing research and development or procurement activities to expand production capacity, diversifying sources of supply, promoting alternative approaches for addressing military requirements, and/or prohibiting procurement from selected sources or nations, regarding the following high priority goods and services:
- Goods and services covered under existing restrictions, where a waiver, exception, or domestic non-availability determination has been applied.
- Printed circuit boards and other electronics components, consistent with the requirements of other provisions of this Act.
- Pharmaceuticals, including active pharmaceutical ingredients.
- Medical devices.
- Diagnostic medical equipment and consumables, including reagents and swabs.
- Ventilators and related products.
- Personal protective equipment.
- Strategic and critical materials, including rare earth materials.
- Natural or synthetic graphite.
- Coal-based rayon carbon fibers.
- Aluminum and aluminum alloys.
- Section 851. Report on strategic and critical materials: For purposes of Section 851, the term ‘‘strategic and critical materials’’ means materials, including rare earth elements, that are necessary to meet national defense and national security requirements, including requirements relating to supply chain resiliency, and for the economic security of the U.S.
Section 851 requires the Secretary of Defense, by March 1, 2021, to submit to the House and Senate Armed Services Committees, a report describing strategic and critical materials, including the gaps and vulnerabilities in supply chains of such materials. The report is to include the following information:
- The strategic and critical materials that are currently used by the DoD.
- The overall annual tonnage of each strategic or critical material that was used by the DoD between 2010 and 2020.
- Domestic and international sources for the strategic and critical materials.
- The risks relating to access to the strategic and critical materials from supply chain disruptions due to geopolitical, economic, and other vulnerabilities.
- An evaluation of the benefits of a robust domestic supply chain for providing strategic and critical materials to manufacturers in the defense industrial base.
- An evaluation of the effects of the use of waivers by the Strategic Materials Protection Board on the domestic supply of strategic and critical materials.
- Recommendations for policies and procedures to ensure a capability within the DoD to secure strategic and critical materials necessary for emerging technologies, as well as antimicrobial products, minerals, and metals for use in medical equipment and other technologies.
- Improvements required to the National Defense Stockpile to ensure the Secretary of Defense has access to the strategic and critical materials.
- An evaluation of the domestic processing and manufacturing capacity needed to supply the strategic and critical materials in an economic and secure manner.
- Domestic locations with existing commercial manufacturing interests that are already verified to contain large supplies of the strategic and critical materials.
- An assessment of the feasibility of partnerships with institutions of higher education that receive grants for the purpose of enhancing the security and stability of the supply chain for strategic and critical materials for the National Defense Stockpile, including an identification of barriers to such partnerships and recommendations for improving such partnerships.
- Any other matter relating to strategic and critical materials that the secretary considers appropriate.
- Section 852. Report on aluminum refining, processing, and manufacturing: Requires the Secretary of Defense to submit to the Committee on Financial Services of the House of Representatives and the Committee on Banking, Housing, and Urban Affairs of the Senate, by March 1, 2022, information on — (1) how authorities under the Defense Production Act of 1950 (50 U.S.C. 4501 et seq.) could be used to provide incentives to increase activities relating to refining aluminum and the development of processing and manufacturing capabilities for aluminum; and (2) whether a new initiative would further the development of such processing and manufacturing capabilities for aluminum.