‘Tis the season for holiday cheer and the National Defense Authorization Act (“NDAA”).  The NDAA, commonly referred to as “must pass” legislation, is a key legislative vehicle that Congress uses each year to address a wide variety of issues, from defense spending to small business contracting matters.  And this year is no different.  Based on the recent Conference Report, the 2021 NDAA heading to the President will contain numerous provisions that will impact contractors doing business with the federal government.  There is still some intrigue as to whether the President will sign the bill or if there may be further changes, which we will continue to monitor.  While we continue to monitor those developments, this blog highlights several key provisions in the current version of the 2021 NDAA that are likely to impact government contractors and small businesses in 2021 and beyond.

Section 214 – Updates to Defense Quantum Information Science and Technology Research and Development Program
Section 214 would require the Secretary of each military department to establish programs and enter into agreements with appropriate medium and small businesses with functional quantum computing capabilities to provide such private sector capabilities to government, industry, and academic researchers working on relevant technical problems and research activities. While details on the business agreements are scant at this stage, it is likely that small and medium-sized IT businesses can expect increased government contracting opportunities should this provision become law.

Section 861 – Initiatives to Support Small Businesses in the National Technology and Industrial Base
Section 861 would direct the Secretary of Defense, the Assistant Secretary of Defense for Industrial Base Policy, and other officials to establish several initiatives to help the Department of Defense (DoD) better leverage small business concerns in its efforts to eliminate gaps and vulnerabilities in the national technology and industrial base, as highlighted by the coronavirus pandemic (COVID-19). This section specifically calls for the DoD to enter into agreements with government contractors that already provide services to military departments or any defense agency, indicating that more opportunities for those contractors may be forthcoming.

Section 862 – Transfer of Verification of Small Business Concerns Owned and Controlled by Veterans or Service-Disabled Veterans to the SBA
For many years, we and others have questioned why the government has two separate federal programs for service-disabled, veteran-owned small businesses (SDVOSB), one administered by the Department of Veterans Affairs (VA) and the other by the Small Business Administration (SBA).  Congress has recognized that this creates confusion and unnecessary redundancy and has taken steps in recent years to consolidate the two programs, first with the change a few years ago to one uniform set of SDVOSB regulations under the SBA’s rules.  Congress is now implementing the final stage of the consolidation of the two programs via the 2021 NDAA.  Pursuant to Section 862 of the 2021 NDAA, Congress would eliminate the VA’s separate certification program through the Center for Verification and Evaluation and would require all SDVOSBs, working with VA or any other federal agency, to be certified through the SBA. SBA would also begin certifying VOSBs as well.

The SBA would have two years after the enactment of the 2021 NDAA to consolidate the VA’s database of certified SDVOSBs and VOSBs with its own.  Since the 2021 NDAA will most likely become law by the end of the month, the deadline for this will most likely be sometime in December 2022.

Once the transfer of the database to SBA has occurred in or about December 2022, SDVOSBs and VOSBs would then have a one-year grace period to file an application for certification with the SBA.  SDVOSBs pursuing contracts outside the VA would be able to continue relying on self-certification until the SBA reviews their application and makes a decision.  Consequently, SDVOSBs operating outside of VA may still rely on their own self-certifications for the two years it takes the SBA and VA to transfer over verification services, the one-year grace period to file the certification application, and any additional time is may take for the SBA to review and issue a decision on their applicationThis likely means that self-certification for many SDVOSBs will continue into 2024.

Luckily, currently-certified SDVOSBs need not worry about transferring their certification documents, since that would be handled jointly by the VA and SBA in the two years leading up to the transfer date.  Further, any ongoing certification issues with the VA, such as a SDVOSB status protest, will not be affected by Section 862.

Section 863 – Employment Size Standard Requirements for Small Business Concerns
A few years ago, Congress extended the time period for measuring the size of businesses that operate in industries that have revenue-based size standards, increasing the measuring period from three to five years.  This year, Congress has implemented a comparable change to the measurement period for businesses that operate in industries that have employee-based size standards.  Section 863 would amend the Small Business Act to extend the period of measurement for employee-based size standards from 12 months to 24 months, meaning a company would be small if the average of its employees for each pay period during the prior 24 months is below the applicable size standard.  This welcome change will provide more flexibility to firms in qualify as small even if they have a temporary spike in employment in a given year, but then face a downturn in their employees in the following year (such as due to COVID-19).

Section 864 – Maximum Award Price for Sole Source Manufacturing Contracts
Section 864 would increase the award price threshold for women-owned small business (WOSB) and Historically Underutilized Business Zone (HUBZone) sole-source manufacturing contracts to $7 million.  This figure would match the $7 million limit for 8(a) and SDVOSB sole-source manufacturing contracts and bring all of these small business programs into parity.  However, Congress has not changed the requirement that, to justify a sole source to HUBZone or WOSB firms, an agency must find that there is not a reasonable expectation that two or more small business concerns will submit offers, a requirement that is not applicable for their 8(a) counterparts.

Section 868 – Past Performance Ratings of Certain Small Business Concerns
Section 868 would allow small business concerns that participated in a joint venture (JV) to use the JV’s past performance when submitting an offer on a prime contract regardless of whether the other company in the JV was a large or small business.  This would apply when the small business has no relevant past performance of its own.  If the small business elects to use the past performance of a JV in this scenario, the law would require contracting officers to consider the JV’s past performance when evaluating the small business’s past performance.  Similarly, the law would require prime contractors with subcontracting plans to provide a past performance record for first-tier small business subcontractors, upon the subcontractor’s request.  And, if a small business elects to use such a record of its past performance as a first-tier subcontractor, contracting officers must consider it when evaluating the small business. 

Section 869 – Extension of Participation in 8(a) Program
Section 869 would allow any 8(a) certified firm that has been in the 8(a) program as of September 9, 2020 to extend their participation in it by an extra year. It appears that Congress has recognized the difficulties experienced by many businesses during this year due to COVID-19, so current 8(a) participants will have the opportunity to make up for this “lost year” caused by the pandemic.

Section 1742 – Department of Defense Cyber Hygiene and Cybersecurity Maturity Model Certification Framework
Section 1742 would require the DoD to assess their cybersecurity components against the Cybersecurity Maturity Model Certification (CMMC) and submit a report of their findings to the congressional defense committees. The Comptroller General of the United States would also submit an independent review of the report to those committees, and the DoD would need to brief Congress on implementing certain cybersecurity recommendations from the reports.

Of note is that this section would require the Undersecretary of Defense for Acquisition and Sustainment, in coordination with the DoD’s Chief Cyber Advisor and Chief Information Officer, to develop a plan for implementing the CMMC requirements through procurement contracts. Forty percent of the funds obligated towards implementing the CMMC requirements would be unavailable until the plan is created. These requirements have the potential to slow down the implementation of CMMC, which is already behind schedule from DoD’s original implementation targets.

If you would like to learn more about the 2021 NDAA, please contact Jon Williams or Anna Sullivan, the authors of this alert, or a member of PilieroMazza’s Government Contracts Group.

Special thanks to Firm Paralegal, Emmanuel Elone, for his assistance with this post.