Insights

Congress has not passed funding bills to keep key parts of the government funded for the remainder of Fiscal Year 2026—including the Departments of Defense, State, Treasury, Labor, Health and Human Services, Transportation, Housing and Urban Development, and Homeland Security, as well as independent agencies, the judiciary, and national security and foreign operations functions. As Congress continues to negotiate a deal in advance of the expiration of funds on January 30, parts of the government may still face a short shutdown, given the time needed for both the Senate and the House to consider and approve legislation. In anticipation of that possibility, agencies whose funding is uncertain are preparing for a shutdown; contractors, grant recipients, and companies that work with those agencies should do the same. Our team is ready and available to advise through the shutdown process.

As we previously reported, on January 16, 2026, the Department of War (DoW) announced an audit of 8(a) sole source awards over $20 million, joining the previously-announced audits by the Small Business Administration (SBA) and U.S. Treasury Department (discussed here and here).  A DoW memorandum also dated January 16, 2026 but only recently made public reveals that this audit is much broader in than originally announced.  Any active 8(a) sole source contract, 8(a) set-aside contract, or small business set-aside contract over $20 million is under scrutiny. 

On January 23, 2026, Office of Management and Budget (OMB) Director Russell T. Vought issued OMB Memorandum M-26-05 (Memo). The Memo rescinds prior OMB memoranda (M-22-18 and M-23-16) that required federal agencies to collect the Secure Software Development Attestation Form from entities selling software or products containing software to the U.S. government. The Trump administration previously retracted a Biden administration directive that called for formalization of the Attestation Form collection process in the Federal Acquisition Regulation (FAR). Many in industry saw this as a sign that the Trump administration disfavored the Attestation Form. Now, the Memo has gone one step further to officially terminate agencies’ obligation to collect the Form from their software suppliers.

The Small Business Administration (SBA) has rolled out changes to its 8(a) Program even as it suspends 8(a) participants for failure to respond to the SBA’s December 5, 2025 8(a) audit letters.

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide initiative established to standardize the security assessment, authorization, and continuous monitoring of cloud products and services used by federal agencies. FedRAMP’s primary objective is to ensure that cloud service providers (CSPs) implement robust security controls to protect federal information in cloud environments. By leveraging a consistent framework for security assessment and authorization, FedRAMP is intended to reduce duplication of effort, cost, and time for both agencies and vendors.

On January 16, 2026, U.S. Secretary of War Pete Hegseth posted a video on social media outlining the U.S. Department of War’s (DoW) plan to combat fraud, waste, and abuse in the Small Business Administration’s (SBA) 8(a) Business Development Program. 

On January 14, 2026, the United States filed a lawsuit against the State of Minnesota in federal district court, challenging the state's affirmative action requirements for civil service employment as violations of Title VII of the Civil Rights Act of 1964 (“Title VII”). This action comes almost a year after President Trump issued Executive Order 14173, which rescinded federal affirmative action requirements for federal government contractors and set up a potential conflict between federal requirements and certain state contracting requirements. The United States has designated this case as a matter of general public importance. This entitles the federal government to an expedited review by a three-judge panel at the district court with direct appeal to the United States Supreme Court—setting the path for a show-down on affirmative action in employment at the highest court.

On January 8, 2026, the Trump Administration announced the creation of a new Division for National Fraud Enforcement within the Department of Justice (DOJ). The division will be led by a newly appointed Assistant Attorney General (AAG), pending Senate confirmation, who will report directly to both the President and Vice President and operate out of the White House. Such a reporting structure is unprecedented in the history of the DOJ.

On December 17, 2025, the U.S. Food and Drug Administration (FDA) issued a request for information (RFI) on a proposal designed to help the FDA engage more directly with innovative, venture-backed companies focused on biotechnology, medical devices, AI, and regulatory technology.[i]The RFI includes 19 questions, with responses due by 2:00 p.m. ET on January 18, 2026.

In an important first, the yearly defense policy law, the National Defense Authorization Act (NDAA) for Fiscal Year 2026, directs the Department of Defense (DoD)  to develop and implement a framework addressing the cybersecurity and physical security of artificial intelligence and machine learning technologies (AI/ML) acquired by the Pentagon.

GAO’s key personnel rule is well-known—and often a source of frustration— amongst government contractors.  Proposed key personnel who become “unavailable” prior to contract award—especially where they have accepted employment with a different company—may doom an offeror’s proposal by rendering it noncompliant with solicitation requirements.  But GAO’s recent decision in FYI – For Your Information, Inc., B-423774, B-423774.2 (Dec. 19, 2025) provides some potential relief from that rule. 

Earlier this month, the Department of Justice (DOJ) announced that Swiss Automation Inc., an Illinois-based precision machining company, agreed to pay $421,234 to resolve allegations that it violated the False Claims Act (FCA) by inadequately protecting technical drawings for parts delivered to Department of Defense (DoD) prime contractors.  This settlement reflects DOJ's persistent emphasis on cybersecurity compliance across all levels of the defense industrial base, reaching beyond prime contractors to encompass subcontractors and smaller suppliers.  The settlement is also a reminder to all contractors not to overlook the often confusing relationship between Controlled Unclassified Information (CUI) and export-controlled information.

On December 19, 2025, the Department of Justice (DOJ) announced a $54.4 million settlement with Ceratizit USA, LLC, a distributor of tungsten carbide products, resolving allegations that the company violated the False Claims Act (FCA) by evading customs duties on products imported from China. This settlement is believed to be the largest ever customs-related FCA resolution, and this high-water mark underscores the government’s heightened enforcement focus on tariff evasion.

On December 18, 2025, the Fiscal Year 2026 National Defense Authorization Act (FY 2026 NDAA) (P.L. 119-60) was signed into law. The Act makes significant changes to defense acquisition, sourcing restrictions, and interactions between the Defense Industrial Base (DIB) and the Department of Defense (DOD). 

Bid protest practitioners in recent years have witnessed agencies’ increasing efforts to limit the production of documents and information in response to Government Accountability Office (GAO) bid protests—often will little pushback from GAO. This practice has underscored the notable difference in the scope of bid protest records before GAO versus the Court of Federal Claims. However, in Tiger Natural Gas, Inc., B-423744, Dec. 10, 2025, 2025 CPD ¶ __, GAO made clear that there are limits to the scope of redactions, and GAO will sustain a protest where there is insufficient evidence that the agency’s actions were reasonable.

On December 12, 2025, the U.S. Government Accountability Office (GAO) released its annual report on bid protests for fiscal year 2025, containing the full statistics shown below:

In its recently published FY 2025 Annual Report (Report), the Civilian Board of Contract Appeals (CBCA) provided detailed statistics about appeals involving disputes between contractors and civilian agencies.  This past year, the civilian agencies with the highest number of docketed claims at the Board were the Department of Veterans Affairs (70 appeals), the United States Agency for International Development (43 appeals), the General Services Administration (36 appeals), the Department of State (12 appeals ), and the Department of Education (12 appeals).  These agencies accounted for 173, or approximately 78%, of the 221 Contract Disputes Act (CDA) appeals docketed at the Board. 

Every year since 1979, the Armed Services Board of Contract Appeals (ASBCA) has issued a Report of Transactions and Proceedings (Report), which provides helpful statistics for contractors and practitioners regarding the ASBCA’s docket and success rates for contractor litigation and ADR. The ASBCA published its FY 2025 Report on October 30, 2025. 

On the morning of December 12, 2025, the Eleventh Circuit heard argument in United States ex rel. Zafirov v. Florida Medical Associates, LLC, et al., No. 24-13581 (11th Cir. 2025). This case concerns the constitutionality of the False Claims Act (FCA) qui tam provisions and a groundbreaking September 2024 opinion in which the United States District Court for the Middle District of Florida held that the FCA’s qui tam provisions were unconstitutional under Article II. See United States ex rel. Zafirov v. Fla. Med. Assocs., LLC, 751 F. Supp. 3d 1293 (M.D. Fla. 2024). That decision, penned by District Judge Kathryn Kimball Mizelle, was the first success story for a legal theory that has been gaining steam ever since Justices Thomas, Barrett, and Kavanaugh indicated they would be willing to consider arguments about the constitutionality of the qui tam provisions in U.S. ex rel. Polansky v. Exec. Health Res., 599 U.S. 419 (2023). In her opinion, Judge Mizelle held (1) qui tam relators are officers of the U.S. who must be appointed under the Appointments Clause; and (2) historical practice treating qui tam and similar relators as less than “officers” for constitutional purposes was not enough to save the qui tam provisions from the fundamental Article II infirmity the court identified. That ruling was appealed and, after full briefing, including by the government and a bevy of amici, the litigants stepped up to the plate this morning for oral argument.

On December 5, 2025, the Small Business Administration (SBA) sent letters to 4,300 current and recent participants in the 8(a) Business Development Program requiring production by January 5, 2026, of financial records, contracting and subcontracting agreements, and employee records.  Below we discuss the genesis of the U.S. Government’s focus on fraud in small business programs, the new SBA request for documents, the coming Treasury audit of preference-based contracts, and more.