Consulting Agreement for Government Contracting

The unique risks of government-contracting consulting

The defining risk is the Procurement Integrity Act. 41 USC 2102(a) makes it a crime for any person to knowingly disclose or obtain contractor bid or proposal information or source selection information before contract award. A consultant who advises two competitors on the same procurement, or who sees agency-side source-selection material at lunch with a former colleague, has just created enterprise-level exposure. The Federal Acquisition Streamlining Act and FAR 3.104 build out the operational rules. Penalties include criminal liability (up to 5 years), civil penalties up to $100,000 per occurrence, and contract termination.

The second risk is organizational conflicts of interest. FAR Subpart 9.5 distinguishes three OCI types: unequal access to information, biased ground rules, and impaired objectivity. A consultant who helped write the SOW for an agency cannot then advise a bidder on responding to that SOW (biased ground rules). A consultant who advises both a prime and an evaluator cannot keep that work clean (impaired objectivity). The standard remedy is a written OCI mitigation plan, which the contract should require the consultant to support.

The third risk is data rights. FAR 52.227-14 gives the government unlimited rights in noncommercial technical data and computer software developed exclusively with government funds, and limited rights in items developed with mixed funding, but only if properly marked with the legend at 52.227-14(g) before delivery. DFARS 252.227-7013 / 7014 add the SBIR data rights and noncommercial item rules for DoD. If the consultant produces a deliverable and the contractor delivers it to the government without proper legends, the government effectively receives unlimited rights — eliminating the company's competitive moat.

The fourth risk is cybersecurity. DFARS 252.204-7012 mandates NIST SP 800-171 Rev. 2 controls for Controlled Unclassified Information; DFARS 252.204-7019/7020/7021 phase in CMMC 2.0 (final rule effective December 16, 2024, with contract-level requirements starting in 2025 Phase 1 and full coverage by 2028). A consultant who handles CUI on a personal laptop or in a non-FedRAMP cloud is breaching the prime's flow-down obligations. The contract has to flow down the cyber clauses verbatim.

Industry-specific clauses to include

• FAR 9.5 OCI Representation & Mitigation Plan: Consultant warrants no unequal access, biased ground rules, or impaired objectivity conflicts; attaches client roster (or sanitized list) for the past 24 months covering the relevant agency and product area; agrees to written mitigation plan if a conflict arises.
• Procurement Integrity Act Acknowledgement (41 USC 2102): Consultant acknowledges criminal and civil penalties for unauthorized disclosure or receipt of source selection information; will not communicate with agency personnel about employment during the procurement.
• Revolving Door Compliance (18 USC 207): Former federal employees warrant compliance with the lifetime ban on representations in matters they personally and substantially participated in, the two-year ban on matters under their official responsibility, and the one-year senior-employee ban on contacts with the former agency. Inspector General & senior-level employees may have additional restrictions.
• Data Rights & Markings (FAR 52.227-14 / DFARS 252.227-7013): Consultant identifies in writing all "developed exclusively at private expense" technical data and asserted-rights data; agrees to apply the limited/restricted rights legend before any delivery to the prime that may go to the government.
• CMMC / DFARS 252.204-7012 Flow-Down: Where the consultant will store, process, or transmit CUI, consultant maintains NIST SP 800-171 Rev. 2 controls (effective immediately) and the corresponding CMMC level (Level 1 self-attest or Level 2 third-party C3PAO assessment as required by the contract), with cyber incident reporting to DC3 within 72 hours of discovery.
• CIRCIA Reporting Support: Consultant assists with the 72-hour cyber incident and 24-hour ransomware payment reports under the Cyber Incident Reporting for Critical Infrastructure Act (rule finalization expected 2026).
• Suspension & Debarment Representation: Consultant warrants neither it nor any subcontractor appears in SAM exclusions list, and will rescreen monthly; immediate termination right if a consultant appears on the SAM exclusions list.
• Small Business Subcontracting Compliance: If the prime has a small business subcontracting plan under FAR 52.219-9, the consulting agreement supports that plan; if the prime is itself a small business under 13 CFR Part 121, the consulting fee structure does not create affiliation that would change size status.
• Service Contract Act / Davis-Bacon: If labor categories may be subject to SCA (41 USC 6701) or Davis-Bacon prevailing wage, the agreement identifies the wage determination and requires consultant compliance.
• GSA Schedule & TAA Compliance: If pricing flows through a GSA Schedule or government-wide contract, consultant's products and services are Trade Agreements Act (19 USC 2501) compliant — country of origin in designated countries — and not on the Buy American or sanctioned-country lists.
• Termination for Convenience (FAR 52.249-2 / 52.249-4 flow-down): Mirrors the prime's exposure to government termination for convenience; pricing convertible to cost-of-work-performed plus a reasonable settlement.

Common mistakes in government-contracting consulting agreements

• Hiring a consultant who helped write the SOW. Classic biased-ground-rules OCI. GAO will sustain a protest. The agency may exclude the prime from competition. Run an OCI walk-back before signing.
• Missing the limited rights legend on delivered data. Without the FAR 52.227-14(g) legend, the government gets unlimited rights even in privately developed work. The consulting contract should require the consultant to identify and mark data rights assertions before any delivery.
• Using a personal laptop with CUI. NIST SP 800-171 Rev. 2 controls require enterprise-grade access management, encryption, and audit logging. DOJ has settled multiple FCA cases (Aerojet Rocketdyne settled for $9M in 2022 over alleged 800-171 noncompliance) where the contractor billed the government while not meeting cyber requirements.
• Paying a consultant a contingent or success fee on a contract award. Contingent fees for soliciting or obtaining a federal contract are restricted by FAR 3.404 and 31 USC 1352 (Byrd Anti-Lobbying Amendment) and may violate the covenant against contingent fees in FAR 52.203-5. There are narrow bona-fide-agency exceptions, but most contingent-fee structures are problematic.
• Letting the consultant communicate with the contracting officer without authorization. Statements by the consultant can bind the prime, create false-claim exposure, or constitute unauthorized lobbying under LDA / Byrd Amendment. Channel all CO communications through the prime's program manager.
• Forgetting to disclose former federal employment. 18 USC 207 cooling-off periods are personal to the individual and may invalidate the consultant's involvement on certain matters. The contract should require sworn disclosure of federal employment history.
• Not preserving working papers for the audit period. FAR 4.703(a) generally requires records for 3 years after final payment; DCAA and IG audits routinely reach back further. Working papers, time records, and pricing data should be preserved by the consultant through the prime's full retention period.

Regulatory landscape

Procurement core: FAR (48 CFR Chapter 1), specifically FAR Part 3 (improper business practices), Part 9.5 (OCI), Part 27 (patents, data, copyrights), Part 31 (cost principles), and Part 52 standard clauses. DoD adds DFARS (48 CFR Chapter 2). Civilian agency supplements: GSAM (GSA), HHSAR (HHS), etc. The False Claims Act (31 USC 3729-3733) creates treble damages plus per-claim penalties ($13,946–$27,894 per claim in 2024 inflation-adjusted) and qui tam relator suits. The Anti-Kickback Act (41 USC 8701-8707) prohibits payments to influence subcontract awards. The Procurement Integrity Act (41 USC 2102-2107) governs source-selection information and post-employment restrictions for procurement officials. The Truth in Negotiations Act / Truthful Cost or Pricing Data Act (10 USC 3702, formerly 2306a) governs certified cost or pricing data.

Cyber: NIST SP 800-171 Rev. 2 (with Rev. 3 finalized May 2024 and DFARS clauses still keyed to Rev. 2 as of mid-2026); CMMC 2.0 final rule at 32 CFR Part 170 (effective December 16, 2024) and the corresponding 48 CFR DFARS 252.204-7021 rule effective 2025; FedRAMP for cloud (FedRAMP Authorization Act, 44 USC 3608, enacted December 2022); CIRCIA (6 USC 681b, rule pending). Export controls: ITAR (22 CFR 120-130) for defense articles and services, EAR (15 CFR 730-774) for dual-use, OFAC sanctions across CFR Title 31. Labor: SCA (41 USC 6701), Davis-Bacon (40 USC 3141), executive order minimum wages.

Small business: SBA size standards at 13 CFR Part 121 and the affiliation rules at 13 CFR 121.103 (which can sweep in consulting relationships through "joint venture," "ostensible subcontractor," and "newly organized concern" doctrines); 8(a), HUBZone, SDVOSB, WOSB, EDWOSB program rules at 13 CFR 124, 126, 127, 128; limitations on subcontracting (FAR 52.219-14 / 13 CFR 125.6). Suspension & debarment: FAR Subpart 9.4 and 2 CFR Part 180.

Sample fee structure

Government-contracting consulting fees vary by specialty; the following reflect US federal market data through 2025–2026:

• Capture / business development consultant: $200–$400/hour, or 8–15% of estimated bid value as a flat retainer (subject to FAR 3.404 contingent-fee analysis — generally avoid contingent structures).
• Proposal manager / proposal writer: $150–$300/hour; full proposal $50,000–$300,000 depending on RFP size and color-team count.
• Former agency official / former contracting officer: $400–$800/hour; respect the 18 USC 207 cooling-off windows before engaging on any specific matter they touched.
• Pricing & cost analyst (DCAA-compliant indirect rate work): $200–$500/hour; full TINA/sweep audit support $40,000–$200,000.
• CMMC Level 2 gap assessment: $25,000–$75,000; full Level 2 prep (policies, SSP, POAM, technical implementation) $80,000–$400,000 over 6–12 months.
• FedRAMP authorization support: $250,000–$1.5M+ for moderate baseline; high baseline often $2M+ across 12–24 months including 3PAO assessment fees.
• Mentor-Protege / 8(a) advisory: $5,000–$15,000/month retainer for small business strategic advisory.

Fixed-fee structures generally fare better under FAR 3.404 contingent-fee analysis than success fees. Bona-fide-agency exception applies only if the consultant is an established, bona-fide commercial agency selling within normal channels — the test is fact-specific, and the safer path is hourly or fixed fee.

How to draft this in Word with LexDraft

Open the LexDraft add-in and start from the consulting agreement template, then attach the prime contract or solicitation excerpt as an exhibit. Insert the OCI representation, Procurement Integrity Act acknowledgement, 18 USC 207 disclosure, DFARS 7012/7019/7020/7021 flow-down, FAR 52.227-14 data rights, and SAM exclusions screening from the clause library. For pre-engagement discussions with a teaming partner or sub, use the NDA template with Procurement Integrity Act language layered in. The broader templates library covers structuring across capture, proposal, and delivery phases. Comparing drafting tools? See LexDraft vs Spellbook.

Frequently asked questions