National Defense Authorization Act for Fiscal Year 2020 Includes New Acquisition Programs and Changes to Existing Laws Impacting Contractors

December 26, 2019

WHAT: On December 20, 2019, President Trump signed into law the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2020 (Pub. L. No. 116-92), which sets funding levels and outlines policy priorities for the U.S. Department of Defense (DOD). This iteration of the NDAA creates several new acquisition programs and makes key changes to existing laws that impact contractors. Among other important developments, the law directs the Secretary of Defense to establish new software acquisition and integration pathways, modifies the existing justification and approval requirement for sole-source contracts awarded by DOD under the U.S. Small Business Administration’s (SBA) 8(a) program, and reauthorizes DOD’s Mentor-Protégé Program for small businesses.

WHEN: President Trump signed the bill into law on December 20, 2019.

WHAT DOES IT MEAN FOR INDUSTRY: Given the law’s size and scope, it is not surprising that the FY20 NDAA addresses many areas of importance to government contractors, including acquisition policy and management, supply chain and industrial base matters, cybersecurity, and small business issues. 

Acquisition Policy and Management

  • New Software Acquisition and Integration Pathways (Section 800): The NDAA directs the Secretary of Defense to establish pathways providing for the speedy acquisition, development, integration, and delivery of secure software. While it grants the Secretary authority to establish as many pathways as the Secretary deems appropriate, the law mandates, at a minimum, the creation of pathways for applications software and embedded systems software. With a streamlined and coordinated requirements, budget, and acquisition process, each pathway will support rapid fielding of software applications and upgrades for operational use within one year.
  • Pilot Program to Use “Alpha Contracting Teams” for Complex Requirements (Section 802): The NDAA directs the Secretary to select at least two, and up to five, initiatives to participate in a pilot program that uses “alpha contracting teams,” drawing on the expertise of third parties, to craft complex contract technical requirements for services. Each team shall focus on developing “achievable technical requirements that are appropriately valued and identifying the most effective acquisition strategy to achieve those requirements.”
  • Review Use of Fixed-Price Contracts (Sec. 807): The Under Secretary of Defense for Acquisition and Sustainment must review DOD decision-making on the use of fixed-price contracts to ensure that such decisions are made strategically and consistently. The review should focus on the use of various types of fixed-price contracts, including fixed-price incentive contracts. While the statute does not call for any immediate changes, it signals a potential shift in DOD’s future use of these contract vehicles.
  • Repeal of Continuation of Data Rights During Challenges (Sec. 808): This provision repeals Section 866 of the FY19 NDAA, which permitted DOD to “authorize use” of disputed technical data during an appeal at the Armed Services Board of Contract Appeals or suit at the U.S. Court of Federal Claims if the Secretary determined that “compelling mission readiness requirements” did not permit awaiting a final decision by the Board or Court. Even after this repeal, however, under the remaining provisions of 10 U.S.C. § 2321, contractors that assert data use or release restrictions against DOD that are later found not to be substantially justified will be liable to the government for the cost of reviewing and challenging the asserted restrictions.

Pilot Program to Streamline Decision-Making Processes for Major Weapon Systems (Sec. 831)

  • The NDAA directs the Acquisition Executive for each military service to recommend to the Secretary of Defense at least one major weapon systems acquisition program for a pilot program focused on streamlining the entire milestone decision process for major weapons acquisition programs. The results of the pilot program will be evaluated and reported for potential wider use in those very large procurements.

Supply Chain and Industrial Base Matters

  • Requiring Defense Microelectronics Products and Services Meet Trusted Standards (Sec. 224): The NDAA instructs DOD to ensure, by January 1, 2023, that microelectronics purchased by DOD meet certain supply chain and operation security standards. The standards, which must be developed by January 1, 2021, will systematize best practices relevant to (1) manufacturing location, (2) company ownership, (3) workforce composition, (4) access during manufacturing, suppliers’ design, sourcing, packaging, and distribution processes, (5) reliability of the supply chain, and (6) other matters germane to supply chain and operational security. Additionally, the NDAA directs DOD to consult with microelectronics suppliers and representatives of the defense industrial base in developing these standards and to ensure to the greatest extent practicable that microelectronics suppliers can sell these same products commercially. The NDAA does not include a definition of “microelectronics product or service” or indicate how these requirements would affect, if at all, contractors’ obligations under DFARS 252.246-7007 to detect and avoid counterfeit electronic parts in items delivered to the Department of Defense.

  • Modernization of Acquisition Processes to Ensure Integrity of Industrial Base (Sec. 845): The NDAA orders DOD to streamline and digitize the existing DOD approach for identifying and mitigating risks to the defense industrial base by creating a continuous model that uses digital tools, technologies and approaches designed to ensure the accessibility of data to key decision-makers. More specifically, DOD must develop an analytical framework for risk mitigation across the acquisition process that includes characterization and monitoring of (1) supply chain risks, (2) risks posed by unlawful contractor behavior, (3) current DOD acquisition processes and procedures, and (4) the financial and governance health of the defense industrial base. Further, the NDAA directs DOD to assess the extent to which existing systems are producing, exposing, and timely maintaining reliable data for risk assessment activities and to develop a plan for modernizing these systems where appropriate.

  • Mitigating Risks Related to Foreign Ownership, Control, or Influence (FOCI) of DOD Contractors and Subcontractors (Sec. 847): The NDAA orders DOD to improve its processes and procedures for the assessment and mitigation of risks related to FOCI of DOD contractors and subcontractors. This provision requires, among other things, that (1) covered contractors and subcontractors disclose their beneficial ownership and whether they are under FOCI to the Defense Counterintelligence and Security Agency, (2) contracts include clauses providing for and enforcing disclosures related to changes in FOCI or beneficial ownership during performance of the contract or subcontract, and (3) DOD explore whether to establish a special standard of responsibility relating to FOCI risks for covered contractors and subcontractors. These requirements will not apply to acquisitions of commercial products and services unless a senior DOD official specifically determines that the risks involved in a specific commercial item procurement merit close scrutiny of possible FOCI issues.

  • Prohibition on Operation or Procurement of Foreign-Made Drones (Sec. 848): This provision is similar to the restriction in the FY19 NDAA on procurement of certain telecommunications equipment from specific Chinese companies. Here, the NDAA prohibits DOD from operating, entering into, or renewing a contract for the procurement of an unmanned aircraft system (UAS) and any related services or equipment that (1) is manufactured in, (2) uses certain equipment (flight controllers, radios, cameras, etc.) manufactured in, (3) uses a ground control system or operating software developed in, or (4) uses network connectivity or data storage located in or administered by, the People’s Republic of China or an entity domiciled in China. Similar prohibitions also apply to UAS detection or identification systems. The Secretary may grant waivers on a case-by-case basis if the operation or procurement “is required in the national interest of the United States.”

  • Provisions Related to Chinese Telecommunications Companies (Secs. 1260I & 1260J): In May 2019, the U.S. Department of Commerce’s (Commerce) Bureau of Industrial Security (BIS) added Huawei to the Bureau’s Entity List, which prohibited exports, reexports, and transfers of U.S. goods, software, and technology to Huawei. Sec. 1260I of the NDAA prohibits the Secretary of Commerce from removing Huawei from the Entity List unless and until the Secretary certifies to the appropriate congressional committees that (1) Huawei has sufficiently resolved or settled, pursuant to the removal standards in the Export Administration Regulations, the charges that were the basis of its addition to the Entity List, (2) Huawei has sufficiently resolved or settled any other charges that it violated U.S. sanctions, (3) regulations have been implemented that sufficiently restrict exporting to, and importing from, the United States items that pose a national security threat to domestic telecommunications systems, and (4) the United States has mitigated other national security threats posed by Huawei to the maximum extent possible.

    Also, in Sec. 1260J, the NDAA instructs the President to submit to Congress an annual report on the compliance of ZTE with the Superseding Settlement Agreement reached between ZTE and the Department of Commerce. Wiley Rein previously reported on the Superseding Settlement Agreement here.

  • Provisions Aimed at Improving Cybersecurity in the Defense Space (Secs. 1648, 1657, & 6307): In Section 1648, the NDAA directs DOD to develop a consistent, comprehensive framework to enhance cybersecurity for the defense industrial base. The framework must identify unified cybersecurity standards, regulations, metrics, ratings, third-party certifications and requirements to be imposed on contractors for the purposes of assessing their cybersecurity. Additionally, the framework will include procedures for establishing and ensuring compliance with cybersecurity standards, deconflicting existing cybersecurity standards, and managing elements of the acquisition process related to cybersecurity standards. In developing the framework, DOD must consult with industry groups and contractors in the defense industrial base.

    In Section 1657, the NDAA directs the secretaries of the military departments to each appoint an independent Principal Cyber Advisor who will advise on implementing DOD’s Cyber Strategy and oversee execution of cybersecurity policies and programs, including the acquisition of offensive and defensive cyber capabilities and cybersecurity tools and capabilities.

    Under Section 6307, whenever the head of an element of the Intelligence Community enters into an intelligence-sharing agreement with a foreign government or foreign entity, the agency head must consider the pervasiveness of telecommunications and cybersecurity infrastructure, equipment, and services provided by adversaries of the United States, particularly Russia and China, to that government or entity.

  • Supply Chain and Counterintelligence Risk Management Task Force (Sec. 6306): The NDAA orders the Director of National Intelligence to establish a Supply Chain and Counterintelligence Risk Management Task Force to standardize information sharing between the Intelligence Community and the government’s acquisition personnel with respect to supply chain and counterintelligence risks. The task force must deliver an annual report to several congressional committees.

Post-Award Explanations for Unsuccessful Offerors for Certain Contracts (Sec. 874)

  • For task orders or delivery orders over the simplified acquisition threshold and less than or equal to $5,500,000, the NDAA directs amendment of the Federal Acquisition Regulation (FAR) to require contracting officers, upon written request from an unsuccessful offeror, to provide a brief explanation as to why the offeror was unsuccessful. The explanation must include a summary of the rationale for the award and an evaluation of the significantly weak or deficient factors in the offeror’s proposal.

Small Business Issues

  • Modification of Justification and Approval Requirements for 8(a) Sole-Source Contracts (Sec. 823): This provision loosens the justification and approval requirements for sole-source contracts awarded by DOD under SBA's 8(a) program. Sec. 811 of the FY10 NDAA required an amendment to the FAR to prohibit all agencies, including DOD, from awarding 8(a) sole-source contracts valued over $20,000,000 unless (a) the contracting officer justified the use of a sole-source contract in writing and (b) the justification was approved by the appropriate supervisory official. Sec. 823 of the FY20 NDAA raises the justification and approval threshold to $100,000,000 for DOD. As such, no justification and approval is required for DOD-awarded sole-source 8(a) contracts under $100,000,000.
  • Reauthorization and Improvement of DOD’s Mentor-Protégé Program (Sec. 872): The NDAA reauthorizes DOD’s mentor-protégé program through September 30, 2024 for the formation of mentor-protégé agreements and through September 30, 2026 for reimbursements and credit towards the attainment of subcontracting goals. It also instructs DOD’s Office of Small Business Programs to establish performance goals and metrics for the program and changes the size standard for disadvantaged small business concerns from “less than half the size standard corresponding to its primary North American Industry Classification System code” to “is not more than the size standard corresponding to its primary North American Industry Classification System code.”
  • Accelerated Payments for Small Businesses (Sec. 873): The NDAA requires all agencies, including DOD, to establish an accelerated payment date for small business prime contractors, with a goal of 15 days after a proper invoice is received if a specific payment date is not established by contract. The statute also requires agencies to establish a similar accelerated payment schedule for small business subcontractors, assuming a specific payment date is not established by contract and the prime contractor agrees to the payment schedule.
  • Modification to the Defense Research and Development Rapid Innovation Program (Sec. 878): The NDAA modifies DOD’s Rapid Innovation Program to include technologies developed pursuant to phase II Small Business Technology Transfer Program projects, raises the funding maximum for any given project from $3,000,000 to $6,000,000, and directs DOD to develop guidance for the program that prioritizes funding small business concerns.

Contractor Compliance

  • Guidance to Contractors on Sex Discrimination (Sec. 885): The NDAA instructs the Under Secretary of Defense for Acquisition and Sustainment to conduct a review of contractors’ implementation of policies ensuring nondiscrimination on the basis of sex pursuant to Executive Order 11246. The review will consider, at a minimum, existing processes and tools for oversight of contracts (i.e., responsibility determinations) and the extent to which best practices for contractors have been incorporated into DOD policies and procedures.
  • Policies and Procedures for Contractors to Report Violations of Human Rights (Sec. 888): The NDAA directs the Secretary to update DOD policy, guidance, and the Defense Supplement to the FAR to provide specific guidance to DOD employees and contractors on monitoring and reporting allegations of gross violations of internationally recognized human rights. The term “gross violations of internationally recognized human rights” is defined in Sec. 502B(d)(1) of the Foreign Assistance Act of 1961 (22 U.S.C. § 2304) to include “torture or cruel, inhuman, or degrading treatment or punishment, prolonged detention without charges and trial, causing the disappearance of persons by the abduction and clandestine detention of those persons, and other flagrant denial of the right to life, liberty, or the security of person.”

Wiley Rein’s Government Contracts and TMT practices stand ready to help clients navigate any of the issues addressed by the statute.

Nicholas Perry, a Law Clerk in the Government Contracts practice, contributed to this alert.

Read Time: 12 min
Jump to top of page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.