Back in October and November 2025, with the Department of Defense putting some finishing touches on the Cybersecurity Maturity Model Certification (“CMMC”) Program, we explored the contours of that program and what it means for contractors like you. During this same timeframe, we were not the only ones reviewing the CMMC Program. The GAO also has been in the process of conducting a review of the CMMC Program and recently released its findings. In a report titled, “Defense Contractor Cybersecurity: DOD Should Address External Factors That Could Impede Program Implementation,” GAO’s position on the CMMC Program is pretty clear: Good but needs tweaking. Today, we’ll take a look at those findings and how they might affect the CMMC Program going forward.
Continue readingTag Archives: GAO Report
2022 Bid Protest Report, Success Rate Up, Total Protests Down
GAO’s annual bid protest report is a fall tradition for federal contracting attorneys. It’s perhaps not quite as tasty as stuffing in my book, but always interesting. In it, GAO summarizes its slate of bid protests for the previous fiscal year, and we can glean insights from how the protest numbers have changed from prior years.
Here are some key points from this year: (1) the key effectiveness metric, showing numbers of sustains and corrective actions at GAO, was up again to 51% for the 2022 fiscal year and (2) total bid protest numbers are down slightly, continuing a trend from the last few years.
Continue readingGAO Seeking Feedback from 8(a) Firms
The Government Accountability Office (GAO) has offered participants in the U.S. Small Business Administration’s (SBA) 8(a) Business Development Program the opportunity to tell Congress about their views and experience in the program.
Continue readingGAO Annual Bid Protest Report Shows 51% Effectiveness Rate
In 2020, the GAO Bid Protest effectiveness rate crossed the 50% threshold, higher than we’ve seen it in any recent year. Overall, cases filed went down a mere 2% year over year.
GAO issues its yearly report as a requirement under statute. Congress is particularly concerned with knowing 1) which federal agencies didn’t follow GAO’s recommendations in bid protests and 2) if GAO did not issue a decision in 100 days. As like most years, GAO was “pleased” to report that all agencies followed its recommendations, when given, and that it timely (within 100 days) decided all bid protests.
Continue readingRoom for Improvement: GAO Reviews Agency Oversight of Small Business Subcontracting Plans
Recently, GAO published a report on small business subcontracting plan compliance, concluding that agency oversight of these plans need improvement.
Continue readingComplicated Business Structures Contribute to Set-Aside Fraud, GAO Finds
Fraud is an ever pressing concern in federal contracts, and the federal government goes to great lengths to minimize the risks to introduce fraud into the procurement system.
Unfortunately, a recent GAO report highlighted how complex ownership structures can be leveraged to obscure fraudulent contracting activities. Worse still, complex ownership structures are most frequently leveraged to perpetrate small business set-aside fraud.
Continue readingGAO Recommends Improvements For Comments on Proposed Federal Agency Rules
Have you ever felt like you were screaming into the void when submitting your comments to a proposed rule in the Federal Register? That your well thought out comments were being drowned out by a mass of other comments on a proposed rule or attributed to someone else? Have you wondered what agencies do with all that information you send them when you submit a comment on a proposed rule?
Well, GAO seems to have the same questions and concerns regarding the proposed rule comments process and has taken time these past few months to examine how agencies wade through comments on proposed rules, publish them, and clearly attribute identities to them.
Continue reading