Federal contractors should also be bracing for significant changes in their cybersecurity obligations. In May of 2023, the National Institute of Standards and Technology (NIST) issued a draft update to NIST SP 800-171, which details the cybersecurity benchmarks that will be imposed upon federal contractors whose contracts require them to access certain types of government information. This can include extremely basic data sets and information to Controlled Unclassified Information. This update is part of a government-wide effort to protect federal data on non-federal systems or organizations and to combat the rising tide of cyber-attacks.

In concert with NIST’s updated benchmarks, the US Department of Defense is expected to begin implementing its revised Cybersecurity Maturity Model Certification (CMMC) program in 2023. This new model consolidates the previous five-level model into three levels, with heightened standards for contractors’ progression to each security level. Compliance with CMMC will be a contract requirement once the rulemaking process is completed and will require federal contractors to confirm that their IT policies, standards, and procedures are up-to-date and that all of their cyber assets are known and properly categorized.

It is also likely that federal agencies will continue moving towards a “zero trust” approach, which means that instead of relying on a secure network perimeter, the focus will be on security protocols applying to discrete users, assets, and resources. Many federal contractors will need to update their cybersecurity protocols, including potentially implementing two-factor authentication, biometric access controls, and segregation of data in order to comply. Finally, upon incorporating these changes, the US Department of Defense will require its contractors to have their compliance with CMMC protocols verified by third party assessors, who will be accredited by the Cyber Accreditation Body (often referred to as Cyber AB).

Assessors, in addition to assigning the contractor a “level” based upon its degrees of compliance with CMMC benchmarks, will spotlight areas of improvement and provide feedback to the contractor. These revisions to the CMMC model and benchmarks will likely impose additional costs on federal contractors to obtain the required verification, as well as potential delays in identifying available third-party verifiers. This is an ideal time for federal contractors to take proactive steps to push their IT systems into compliance with recent updates by NIST and with the CMMC protocols. Contractors who fail to take initiative run the risk of being lost in the churn of similar latecomers attempting to rush certification.

There are also ongoing legal challenges to US Small Business Administration (SBA) programs on the grounds that the contracting benefit they provide to minority-owned enterprises, including ANCs, is unconstitutional racial discrimination. On Thursday, July 20, 2023, the United States District Court for the Eastern District of Tennessee issued an order in Ultima, finding that the rebuttable presumption of social disadvantage used in the Small Business Administration’s (SBA) 8(a) program to determine eligibility for individually-owned entities is unconstitutional racial discrimination.

Notably, the District Court did not hold that the 8(a) program as a whole is unconstitutional or that sole source or competitive 8(a) set aside contracts are not permissible. It only held that the SBA is prohibited from applying its current rebuttable presumption of social disadvantage. As such, Ultima’s ruling should have limited direct effect on Native Corporations and Tribally-owned entities who are applying for entry into the 8(a) program because they do not rely on any presumption of social disadvantage for entry into the 8(a) program. They are deemed, by statute, to satisfy the socially disadvantaged and that classification is a political, and not racial, classification. But, all individually-owned entities will, for now and unless the District Court’s ruling is overturned on appeal, have to prove social disadvantage.

A related case is Jeffery Nuziard, et al. v. Minority Business Development Agency, et al., where on June 5, 2023, a federal district court in Texas found that the Minority Business Development Agency’s (“MBDA”) presumption of social or economic disadvantage for certain ethnicities did not survive strict scrutiny and was therefore unconstitutional racial discrimination. This case is one for federal contractors to follow because the presumption of social or economic disadvantage used by the MBDA is very similar to the presumptions used by the SBA for admission to the SBA’s 8(a) government contracting program, and therefore, like Ultima, Nuziard may be used a basis to challenge aspects of the SBA’s 8(a) government contracting program.

Finally, the Biden administration is acting aggressively to advance its perspective on protecting workers’ rights, particularly with regard to non-compete and non-disparagement clauses. The Federal Trade Commission (FTC) has proposed a sweeping ban on non-compete agreements that apply to any employee post-employment, regardless of their position, salary, or other factor. The only exception to the FTC’s broad ban would be non-compete agreements executed in connection with the sale of a business. The FTC received more than 27,000 comments on its proposed ban and is expected to vote on its current form or a version incorporating the received comments in early 2024.

Similarly, the National Labor Relations Board (NLRB) has taken the position that Section 7 of the National Labor Relations Act (NLRA) bars non-compete agreements and broad non-disparagement clauses in employment or separation agreements for employees covered by the NLRA. The NLRB’s general counsel has further claimed that it is an unfair labor practice to even offer an employee an employment or separation agreement that contains these types of provisions. For many federal contractors, the use of non-compete and non-disparagement agreements is common, particularly with senior level and business development focused employees. As such, federal contractors should continue to monitor the efforts by the Biden administration to bar or otherwise limit the use of non-compete, non-disparagement, and similar agreements or provisions.

The rules governing federal contractors are constantly in flux, given the varying executive orders and initiatives from the current administration and resulting litigation challenging some of those actions. Federal contractors should continue to monitor changes in the laws governing federal contractor employees, their cybersecurity obligations, and their opportunities under SBA programs.

This article was republished with permission from the Alaska Business Magazine.