Insights

On May 12, 2025, the Defense Counterintelligence and Security Agency (DCSA) released a new SF-328[1] consisting of 9 questions and 6 pages of instructions that detail the types of supporting documentation requested and identify information required by different responding entities (e.g., corporate, non-profit, academic, etc.). With this SF-328, DCSA is seeking certain frequently requested information and documents with initial SF-328 submissions rather than obtaining these documents through communications or revised SF-328 submissions. Additionally, when completed, the new SF-328 is considered Controlled Unclassified Information (CUI).

On May 12, 2025, the U.S. Small Business Administration (SBA) announced that it is holding a tribal consultation meeting and requesting comments and input on topics relating to the 8(a) and mentor-protégé programs. The tribal consultation will be held on June 13, 2025 in Anchorage, Alaska, and SBA is anticipating that the meeting will cover a range of topics relevant to 8(a) and mentor-protégé program participants.

On May 7, 2025, the Defense Counterintelligence and Security Agency (DCSA or the “Agency”) announced the approval[1] of a revised and expanded Standard Form (SF) 328, Certificate Pertaining to Foreign Interests. Contractors and subcontractors engaged in work involving classified information use the SF-328 for disclosures relating to foreign ownership, control, or influence—and the form will soon be required for contractors and subcontractors in the unclassified space for certain covered contracts. Publication of the updated form has not yet occurred but is expected as soon as this weekend (May 10-11). New SF-328 forms will be required for initial and changed condition packages initiated on or after May 12 according to a National Industrial Security System (NISS) communication today.

On May 1, 2025, the Department of Defense announced the release of the long-anticipated 81-page Intellectual Property Guidebook for DoD Acquisition, which is aimed primarily at assisting acquisition professionals to develop, execute, and manage IP strategies that support functional area requirements and objectives across program life cycles. The Guidebook also provides guidance on the implementation of IP laws and regulations, describes operational challenges related to IP, and promotes industry partnerships. Crowell will provide more details regarding the Guidebook and its potential impacts in the coming days.

On February 24, 2025, the Small Business Administration (SBA) issued a “Day One” memo outlining SBA Administrator Kelly Loeffler’s priorities. 

On December 17, 2024, the Small Business Administration (SBA) published a final rule amending multiple aspects of all of the SBA’s small business size and status programs.  Among other notable changes, SBA (1) introduced a new rule that changes the impact of a recertification as other than small or as other than the relevant small business status following a merger or acquisition, and (2) introduced a standardized set of permissible negative controls for minority shareholders in all types of small businesses, thereby significantly expanding the controls investors may have in service-disabled veteran-owned small businesses (SDVOSBs), women-owned small businesses (WOSBs), and participants in the SBA’s 8(a) Business Development Program. 

On January 15, 2025, the Federal Acquisition Regulatory Council issued a Proposed Rule that would implement changes to the Federal Acquisition Regulation (FAR) Organizational Conflict of Interest (OCI) rules as required by the 2022 Preventing Organizational Conflicts of Interest in Federal Acquisition Act (P.L. 117-324).  Comments on the Proposed Rule are due on March 17, 2025.  (Note that pursuant to President Trump’s January 20, 2025 “Regulatory Freeze Pending Review” Executive Order, the Proposed Rule is subject to further review, which may result in revisions and an extension of the 60-day comment period.)

In Bitmanagement Software GMBH v. United States, Case No. 23-1506 (Fed. Cir. Jan. 7, 2025), the U.S. Court of Appeals for the Federal Circuit (Federal Circuit) denied the appeal of Bitmanagement Software Gmbh (Bitmanagement) challenging the Court of Federal Claims’ (COFC) $154,400 damages award, and denying its demand for $85 million in damages resulting from the Navy’s infringement of Bitmanagement’s software copyright.  The Federal Circuit affirmed the COFC’s (1) use of a hypothetical negotiation approach to compute damages; and (2) decision to award damages using a “per use” rather than a “per copy” approach.

On December 17, 2024, the Department of Defense (DOD) published a final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to implement the data rights portions of the Small Business Innovation Research Program (SBIR) and Small Business Technology Transfer (STTR) Program Policy Directive, which itself was most recently amended in May 2023.  The changes from this final rule will be effective as of January 17, 2025. 

Recently, there has been a significant increase in scams targeting users of the System for Award Management (SAM.gov).  Active SAM registrations are required for federal government contractors, including to receive contracts and payments.  The non-public portions of these registrations include bank account information, tax information, and other sensitive information about a company.  Recent phishing scams and efforts to gain access to registrations indicate sophisticated actors are attempting to manipulate SAM registrations, possibly for access to payments from the government, among other reasons.  Company SAM registration Administrators should protect the company’s SAM registration from unauthorized access to the greatest extent possible.

As Crowell covered in a recent alert, the Department of Defense (DoD) on October 11, 2024 released a final rule (the “Final Program Rule”) formalizing the requirements, assessment processes, and related governance for its Cyber Maturity Model Certification Program (CMMC).

On August 23, 2024, the Small Business Administration (SBA) posted a proposed rule to update and clarify aspects of various SBA small business programs, including but not limited to the HUBZone Program and 8(a) Business Development Program.  This proposed rule followed SBA’s July 22, 2024 notification of tribal consultation meeting and request for comments (which Crowell covered here). 

On July 22, 2024, the Small Business Administration (SBA) posted a notification of tribal consultation meeting and request for comments regarding updates to the HUBZone and 8(a) Business Development Programs.  Of critical importance for any contractors participating in the SBA’s Mentor-Protégé Program, SBA is also seeking comments on prospective policy changes addressing joint venture participation in SBA's programs.  SBA has identified perceptions that:

On May 13, 2024, the Department of Defense (DoD) issued an instruction implementing policies and procedures that DoD will use to identify contractors (including uncleared contractors) requiring foreign ownership, control, and influence (FOCI) determinations, review related information, and address FOCI concerns.  These policies and procedures were put in place pursuant to Section 847 of the 2020 National Defense Authorization Act[1] (Section 847).  These FOCI requirements will, for the first time, subject many uncleared DoD contractors to rigorous disclosure requirements, scrutiny, and potential mitigation by the Defense Counterintelligence and Security Agency (DCSA). 

The National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2024, signed into law on December 22, 2023, makes numerous changes to acquisition policy. Crowell & Moring’s Government Contracts Group discusses the most consequential changes for government contractors here. These include changes that impose a new conflict of interest regime for government contractors with a connection to China, impose new restrictions and requirements, require government reporting to Congress on acquisition authorities and programs, and alter other processes and procedures to which government contractors are subject. The FY 2024 NDAA also includes the Federal Data Center Enhancement Act, the American Security Drone Act, and the Intelligence Authorization Act for FY 2024.

On October 5, 2023, the Information Security Oversight Office issued Joint Notice 2024-01: Joint Ventures and Entity Eligibility Determinations (Joint Notice) with the Small Business Administration (SBA) and in coordination with the Department of Defense (DoD) to provide government contractors with additional guidance concerning joint ventures (JVs) seeking access to classified information (an Entity Eligibility Determination (EED) or Facility Clearance (FCL)).  Among other things, this Joint Notice clarifies that companies should not rely on the SBA’s regulations for the proposition that a small business JV will never need to hold an EED. 

On October 4, 2023, Deputy Attorney General (DAG) Lisa O. Monaco announced the Department of Justice’s (DOJ) new safe harbor policy for voluntary self-disclosures made in connection with mergers and acquisitions (Safe Harbor Policy).  Following other announcements from DOJ over the past two years aimed at encouraging voluntary self-disclosures, the Safe Harbor Policy was adopted because DOJ does not want to “discourage companies with effective compliance programs from lawfully acquiring companies with ineffective compliance programs.”  Through this new policy, DOJ is aiming to incentivize acquirers to timely disclose misconduct discovered during the M&A process (including pre-closing diligence and post-closing integration).

The Small Business Administration has begun outreach to current participants in its 8(a) Business Development Program regarding the impact of the U.S. District Court for the Eastern District of Tennessee’s July 19, 2023 decision enjoining SBA from applying a rebuttable presumption of social disadvantage to individuals of certain racial and ethnic groups.

On June 23, 2023, a coalition of companies, including venture capital firms like Kleiner Perkins, General Catalyst and Founders Fund, and start-up defense technology companies, published an open letter to the Department of Defense (DoD), addressed to Secretary Lloyd J. Austin, petitioning DoD to consider procurement reform to help “overcome barriers to innovation.”  The group asserts these barriers create “antiquated methods for developing requirements and selecting technologies that have drastically limited” DoD’s access to “the best commercial innovation.”  In particular, the coalition endorsed adopting four recommendations pulled from a report by The Atlantic Council, a non-partisan international affairs think tank.

On June 27, 2023, the Small Business Administration (SBA) Office of Inspector General (OIG) reported its estimate that SBA disbursed over $200 billion of potentially fraudulent COVID relief, including Economic Injury Disaster Loans (EIDL) and Paycheck Protection Program (PPP) loans.  These possibly fraudulent loans represent at least 17% of all EIDL and PPP funds—or 21% of all loans and grants--disbursed.  The SBA OIG estimates that the SBA disbursed $64 billion in potentially fraudulent PPP loans.