ver the past forty years, federal government contracting has cemented its status as one of the primary drivers of the Alaska economy. Alaska Business’ annual Top 49ers routinely showcases businesses for whom federal government contracting comprises a significant portion of their revenue, establishing federal government contracting as a keystone of some of the top economic engines in Alaska. In fact, one study identified seventy-nine Alaska Native corporations (ANCs) (all thirteen regional corporations and sixty-six village corporations) that collectively owned a total of 1,396 enterprises engaged in some form of federal government contracting. These ANCs are estimated to have received more than $11 billion dollars in federal contracting revenue in 2021 alone for federal government contracting in Alaska, the Lower 48, and across the world.
While Alaska businesses’ share of federal government contracting dollars may be increasing, a combination of executive orders, regulatory actions by the Biden administration, and legal challenges raise significant issues that may impact operations in the future.
In concert with NIST’s updated benchmarks, the US Department of Defense is expected to begin implementing its revised Cybersecurity Maturity Model Certification (CMMC) program in 2023. This new model consolidates the previous five-level model into three levels, with heightened standards for contractors’ progression to each security level. Compliance with CMMC will be a contract requirement once the rulemaking process is completed and will require federal contractors to confirm that their IT policies, standards, and procedures are up-to-date and that all of their cyber assets are known and properly categorized.
It is also likely that federal agencies will continue moving towards a “zero trust” approach, which means that instead of relying on a secure network perimeter, the focus will be on security protocols applying to discrete users, assets, and resources. Many federal contractors will need to update their cybersecurity protocols, including potentially implementing two-factor authentication, biometric access controls, and segregation of data in order to comply. Finally, upon incorporating these changes, the US Department of Defense will require its contractors to have their compliance with CMMC protocols verified by third party assessors, who will be accredited by the Cyber Accreditation Body (often referred to as Cyber AB).
Assessors, in addition to assigning the contractor a “level” based upon its degrees of compliance with CMMC benchmarks, will spotlight areas of improvement and provide feedback to the contractor. These revisions to the CMMC model and benchmarks will likely impose additional costs on federal contractors to obtain the required verification, as well as potential delays in identifying available third-party verifiers. This is an ideal time for federal contractors to take proactive steps to push their IT systems into compliance with recent updates by NIST and with the CMMC protocols. Contractors who fail to take initiative run the risk of being lost in the churn of similar latecomers attempting to rush certification.
Notably, the District Court did not hold that the 8(a) program as a whole is unconstitutional or that sole source or competitive 8(a) set aside contracts are not permissible. It only held that the SBA is prohibited from applying its current rebuttable presumption of social disadvantage. As such, Ultima’s ruling should have limited direct effect on Native Corporations and Tribally-owned entities who are applying for entry into the 8(a) program because they do not rely on any presumption of social disadvantage for entry into the 8(a) program. They are deemed, by statute, to satisfy the socially disadvantaged and that classification is a political, and not racial, classification. But, all individually-owned entities will, for now and unless the District Court’s ruling is overturned on appeal, have to prove social disadvantage.
A related case is Jeffery Nuziard, et al. v. Minority Business Development Agency, et al., where on June 5, 2023, a federal district court in Texas found that the Minority Business Development Agency’s (“MBDA”) presumption of social or economic disadvantage for certain ethnicities did not survive strict scrutiny and was therefore unconstitutional racial discrimination. This case is one for federal contractors to follow because the presumption of social or economic disadvantage used by the MBDA is very similar to the presumptions used by the SBA for admission to the SBA’s 8(a) government contracting program, and therefore, like Ultima, Nuziard may be used a basis to challenge aspects of the SBA’s 8(a) government contracting program.
Similarly, the National Labor Relations Board (NLRB) has taken the position that Section 7 of the National Labor Relations Act (NLRA) bars non-compete agreements and broad non-disparagement clauses in employment or separation agreements for employees covered by the NLRA. The NLRB’s general counsel has further claimed that it is an unfair labor practice to even offer an employee an employment or separation agreement that contains these types of provisions. For many federal contractors, the use of non-compete and non-disparagement agreements is common, particularly with senior level and business development focused employees. As such, federal contractors should continue to monitor the efforts by the Biden administration to bar or otherwise limit the use of non-compete, non-disparagement, and similar agreements or provisions.
The rules governing federal contractors are constantly in flux, given the varying executive orders and initiatives from the current administration and resulting litigation challenging some of those actions. Federal contractors should continue to monitor changes in the laws governing federal contractor employees, their cybersecurity obligations, and their opportunities under SBA programs.
This article summarizes aspects of the law and does not constitute legal advice. For legal advice, contact an attorney.