LOCK AND KEY: All Army employees, military and civilian, are charged with protecting classified information. But problems can arise from trying to promote full and open competition while also protecting classified information. (Image by Getty Images/iStockphoto)
What to do when national security and full and open competition for federal contracts collide.
by Dennis P. Longo
The fifth article in the On Contracting series, based on the Competition in Army Contracting course developed by the author for the Office of the Deputy Assistant Secretary of the Army for Procurement.
Information owned by or under the control of the U.S. government may be classified to protect national security only if its unauthorized disclosure could reasonably be expected to cause identifiable or describable damage to the national security.
Unauthorized disclosure is the publishing or distribution by other means an agency’s needs of classified information. According to a July 20, 2020, memorandum from the secretary of defense, unauthorized disclosures jeopardize our DOD personnel, operations, strategies and policies to the benefit of our adversaries. Unauthorized disclosures also distract from mission priorities by redirecting the attention and resources of military commanders. Whether poor operations security (OPSEC) takes the form of careless cyber hygiene, “loose talk” among colleagues, or the willful release of non-public information, the result is the same: unnecessary and increased risk of harm to our fellow Americans and our mission. Such disclosure is a violation of various U.S. government regulations.
Yet, full and open competition is the rule of the Competition in Contracting Act (CICA) when soliciting offers for government contracts. Implementing CICA reduces costs, stimulates commercial innovation and promotes small business participation. CICA requires the use of competitive procedures in obtaining federal contracts unless an exception applies.
Restricting competition based on the national security exception to full and open competition, permissible under CICA and implemented at Federal Acquisition Regulation (FAR) 6.302-6 “National Security,” applies when disclosure of the government’s needs would compromise the national security. In addition, the statutory exception requires agencies to request offers from as many potential sources as is practicable.
Protection of classified information is a responsibility that dominates all Army employees, both military and civilian. Yet promoting full and open competition and limiting competition to protect classified information can be problematic.
Of particular concern to acquisition officials is the disclosure of classified information to commercial sources. That disclosure must be properly authorized to satisfy the government’s requirements when classified information is fundamental to contract performance. Acquisition officials must articulate the government’s needs without ambiguity to solicit offers from as many potential sources as is practicable and, at the same time, protect our nation’s secrets from unauthorized disclosure.
When soliciting offers for the government’s procurement needs, competition may be restricted, according to FAR 6.302-6, to one or a limited number of sources when the disclosure of the agency’s needs would compromise the national security unless the agency is permitted to limit the number of sources from which it solicits bids or proposals.
There are several questions that the acquisition professional needs answers to what constitutes a compromise of national security when soliciting the government’s procurement needs? What security requirements would be violated if disclosure of the government’s needs would compromise national security? What information is “classified” for purposes of soliciting bids or proposals? And, since the national security exception requires agencies to request offers from as many potential sources as is practicable, should disclosure of the government’s classified procurement requirements be released to any potential offeror that possesses a clearance level equivalent to the information being disclosed?
- What constitutes a compromise of national security when soliciting the government’s procurement needs? (It’s worth remembering that if it’s not classified, there is no compromise. Acquisition documents often claim information is classified without providing supporting evidence. The decision cited below emphasizes that point.)
We’ve established that a compromise of national security occurs when the nation’s classified information is knowingly, willfully or negligently disclosed.
When soliciting offers for the government’s procurement needs, the contracting officer must determine whether prospective offerors will require access to classified information. Information cannot be classified simply to restrict competition. The information, then, first must be classified in order for a compromise of national security to occur.
It is a fallacy to assume that the government’s needs should be classified merely because it appears that releasing it would compromise national security.
In 1986 the Marshals Service initiated a procurement to obtain equipment capable of detecting weapons and explosives to be placed in federal buildings and courthouses throughout the U.S. The contracting officer for that procurement executed a justification and approval for other-than full-and-open competition under the national security exception because he believed on the basis that disclosure of the government’s needs in that procurement would threaten national security. The contracting officer then issued the unclassified solicitation to a limited number of firms. A protest to the then-General Accounting Office (GAO, now the Government Accountability Office) soon followed.
In B-224258, Feb. 4, 1987, 66 COMP.GEN. 228, GAO found that the contracting officer unnecessarily relied on the national security exception because the solicitation included the required performance capabilities as well as the salient characteristics of the detection equipment that was being procured. The GAO concluded that the disclosure of the procurement to other firms would not have compromised the national security.
It is a violation of procurement regulations to restrict competition based on the national security exception when the information necessary for contract performance does not compromise national security. Indeed, information necessary for contract performance must be classified in order for the national security exception to apply.
- What security requirements would be violated if disclosure of the government’s needs would compromise national security? (The security classification guide conforms to classification requirements and standards contained in AR 380-5 and DOD regulations.)
The FAR’s national security exception applies when disclosure of the government’s needs would violate security requirements.
Numerous regulations and manuals address security requirements. For example, DOD Instruction (DODI) 5200.01 requires national security information to be classified, safeguarded and declassified in accordance with DOD Manual 5200.01. According to DOD Manual 5200.01, information shall be classified only when necessary in the interests of national security. Those accessing classified information must have the appropriate security clearance and a valid need to know in performance of a lawful and authorized governmental function. DODI 5200.01 requires that classified information released to industry must be safeguarded in accordance with DODI 5220.00. The FAR 4.403(a) requires contracting officers to review all proposed solicitations to determine whether access to classified information may be required by offerors.
What is the primary document (authority) that identifies the conditions for releasing classified information without violating security requirements?
A security classification guide is the primary document that identifies the specific government-owned information that must be protected from unauthorized disclosure to protect the national security. Each system, plan, program, project or mission involving classified information, according to Army Regulation (AR) 380-5, needs a security classification guide. The guide conforms to standards contained in AR 380-5 and DOD regulations issued under DODM 5200.01, Volume 1.
The security classification guide identifies specific items or elements of information to be protected and the classification level to be assigned each item or element.
- What information is classified for purposes of soliciting bids or proposals? (Some portions of the requirement may be classified and some not based on the security classification guide.)
Of primary concern to acquisition officials is the authorized disclosure of classified information to commercial sources to satisfy the government’s requirements when classified information is fundamental to contract performance. How does an acquisition official identify information that is classified? What documentation is available to confirm that the government’s procurement needs are classified and at what level? Who is responsible for classifying the government’s procurement needs?
To establish safeguards to protect against unauthorized disclosure of that information, the government must classify the information that it seeks to protect. The authority to classify information may be exercised only by specifically authorized individuals, usually by an “original classification authority.” The security classification guide communicates the decision by that authority to designate certain information as classified, at a particular level, and for a particular duration of time.
That document establishes classification guidance issued by an original classification authority that identifies the elements of information regarding a specific subject that must be classified, the associated classification level, e.g., confidential, secret, top secret, and the duration of classification for each element.
A particular government procurement requirement may include both classified and unclassified specifications or elements that describe the government’s procurement need. The guide will identify those specifications or elements that must be protected from unauthorized disclosure.
The justification and approval (J&A) documents the decision to limit full and open competition for federal contracting opportunities. To demonstrate that disclosure of the government’s needs would compromise national security, the J&A must identify the applicable security classification guide by title and date. To address the FAR’s national security exception, the J&A must explain that restricting disclosure of the specific classified information is necessary to protect the national security.
Competition must not be limited merely because the acquisition is classified, or merely because access to classified matter will be necessary to submit a proposal or to perform the contract. Competition may be limited only to the extent necessary to satisfy the needs of the agency or as authorized by law. Consistent with the provisions of the security classification guide, the contracting officer must describe the government’s procurement needs in such a way that the solicitation would not disclose the nation’s secrets or compromise national security in order to promote full and open competition.
- How should a potential offeror obtain and protect the government’s classified procurement requirements? (There’s no substitute for understanding what it means to need to know.)
Acquisition officials must articulate the government’s need to prevent divulging the nation’s secrets, and at the same time, must solicit offers from as many potential sources as is practicable. The national security exception to full and open competition in the FAR requires agencies to request offers “from as many potential sources as is practicable under the circumstances.”
Unquestionably, many interested contractors may have the personnel and facilities authorized to receive classified information and may concurrently be actively engaged in performing similar, highly classified work, perhaps at levels far higher than the classification level applied to the government’s requirement.
When a potential offeror requires access to classified information, the contracting officer must ensure that the solicitation contains a draft Department of Defense (DD) Form 254, “DOD Contract Security Classification Specification”, the “Security Requirements” clause at FAR 52.204-2, as well as detailed instructions to potential offerors on how they may request access to the classified information.
The government uses the DD Form 254 to convey security requirements to contractors when contract performance requires access to classified information.
The “Security Requirements” clause at FAR 52.204-1 requires the successful contract awardee to comply with the DD Form 441 “Security Agreement” and the “National Industrial Security Program Operating Manual,” DOD 5220.22-M.
- Should possession of the required personnel and facility clearances permit an individual or entity unconditional access to classified procurement information?
In 2016 the Air Force issued a classified justification and approval for award of a sole-source contract to L3 Technologies based on FAR 6.302-6. The Boeing Co. challenged the Air Force’s justification and approval in a protest to the GAO, arguing that the rationale for citing the national security exception in the justification and approval unreasonably relied on a finding that the classified information to which L3 has access could not be shared with other contractors. Boeing pointed out in its protest that it had the personnel and facilities to receive the classified information and further pointed out that classified work it had performed for the government on previous contracts involved information classified at levels far higher than the secret level applied to the levels applied to the justification and approval.
The GAO denied Boeing’s protest regarding the justification and approval, concluding that the Air Force reasonably made a need-to-know determination that precluded the transfer of classified information to an additional contractor. See B-414706; B-414380.2, Aug 25, 2017.
Persons are allowed access to classified information only if they (1) possess a valid and appropriate security clearance, (2) have executed an appropriate nondisclosure agreement, (3) have a valid need to know the information in order to perform a lawful and authorized government function. According to AR 380-5, Army personnel are personally responsible for determining that all three are true.
It is a fallacy to believe that just because someone has a clearance means they have a need to know. Need to know is a determination made by an authorized holder of classified information that a prospective recipient requires access to specific classified information in order to perform or assist in a lawful and authorized governmental function.
Need-to-know provisions may preclude the clearance of additional sources for the purpose of solicitation and performance of work, even to those sources that might possess access to information classified at equivalent or higher levels on other programs.
When limiting competition based on the national security exception and need-to-know provisions apply, the justification and approval must explain the need-to-know restriction when access to classified information to commercial sources is fundamental to contract performance and disclosure of classified information is limited on a need-to-know basis.
Fallaciously invoking the national security exception to limit full and open competition comes with risk of expending agency resources and delays in awarding and executing contracts.
Limiting competition for federal contracting opportunities based on national security isn’t solely a matter of keeping secrets safe, but by recognizing what actions or omissions may or may not constitute a compromise of national security when soliciting for the government’s procurement needs.
The security classification guide is the primary document that identifies and regulates disclosure of classified information for purposes of soliciting bids or proposals. Understanding need-to-know requirements before disclosing the government’s classified procurement requirements will avoid an unlimited and unauthorized release of classified information to any potential offeror that may possess a clearance level equivalent to the information being disclosed.
For more information, view the Competition in Army Contracting course at https://go.usa.gov/xvy7z. This site is CAC enabled.
DENNIS P. LONGO is the advocate for competition, task and delivery order ombudsman and senior procurement analyst for Army Contracting Command at Aberdeen Proving Ground, Maryland. A member of the Army Acquisition Corps, he holds a bachelor’s degree from the University of Baltimore and is Level III certified in contracting. His assignments include acquisition specialist at the Program Manager for Chemical Demilitarization within the U.S. Army Chemical Materials Activity and procurement analyst at U.S. Army Legal Services Agency. He served in the military from 1971 to 1973 at the Southern European Task Force, Italy, and was deployed to Iraq as a civilian in 2003. He authored the DAU Continuous Learning DOD Purchase Card Tutorial in 2002 and the DASA (P) Competition in Army Contracting course in 2019 and the Defense Acquisition University CON 0160 Competition in Contracting course. He has been teaching courses on competition in contracting since 2004. The first of the author’s On Contracting articles appeared in the Winter 2020 edition of Army AL&T.