Network Security Big and Small

As many companies have discovered, the Pentagon has increased network security requirements. Small companies are having a tough time with the new rules, as expected, but it appears larger companies are having issues as well. (Government Executive, December 3, 2019)

Some big companies are providing too much data to small subcontractors, which in turn leaves them at risk to foreign hackers. Foreign hackers look at fifth or sixth tier subs to find information — where the biggest “holes” are. (ibid)

In 2016, hackers stole sensitive data on the F-35 Joint Strike Fighter. This is just one of the many cases that prompted the Pentagon to issue new rules for handling sensitive information. By January 1, 2018, all companies doing business with the Pentagon were required to have a plan in place to meet the new standards. (ibid)

In the past, companies needed to only self-certify that they had a plan in place. Unfortunately, no one checked the plans, hence the hacking ensued.

Multi-factor authentication and FIPS-validated encryption seem to be two areas where companies are having a great deal of trouble. Without these working properly, it is much easier for unauthorized access into secure systems.

The Pentagon warned contractors that they will lose business if they and their subcontractors do not meet the updated rules. However, full compliance does not make a company safe from hackers. Individual companies must have an unobstructed view into their own networks as well as ongoing, updated security measures from their subcontractors in order to stay ahead of hackers.

Wondering if you are meeting the Pentagon’s new security rules? We can help you figure it out, give us a call.

New Year, New Mass Mod

At the start of the new year, GSA plans to issue a Mass Modification that will update Schedule contracts to mirror the new consolidated Multiple Award Schedule (MAS) for products and services. The new Multiple Award schedule was released this past October 1st. (GSA Interact, November 25, 2019)

The single Schedule solicitation promotes a simplified format, terms, and conditions along with new categories and Special Item Numbers (SINs). The new Schedule should make it easier for contractors to offer products and services and for agencies to find them. (ibid)

When the Mass Mod is issued, all current Schedule holder’s terms and conditions will align with the new consolidated MAS. The new consolidated MAS solicitation and category attachments are posted on BETA.SAM.gov. Attachments incorporate additional instructions and requirements specific to each large category, subcategory, or SIN. The new consolidated MAS solicitation includes:

  • Solicitation
  • Available Offerings Summary Document
  • Regulations Incorporated by Reference

The Available Offerings and Requirements page on GSA.gov contains templates and attachments for the solicitation. Instructions for each template can be found on Beta.Sam.gov; however individual documents will be housed on GSA.gov. (ibid)

So what do you need to do go get ready? GSA recommends attending one of the following webinars:

Session One:

Date: Thursday, December 19, 2019

Time: 2:30 – 3:30 PM EST

Registration Link: can be found by clicking here.

Session Two:

Date: Thursday, January 9, 2020

Time: 3:00 – 4:00 PM EST

Registration Link: can be found by clicking here. (ibid)

Individuals unable to attend either of the two webinars can find recordings on Interact. In addition, there is an Overview of MAS Consolidation and Consolidated Solicitation Advance Notice training recordings which can be reviewed at any time.

To understand the New Offerings structure, individuals should review the solicitation to understand where specific offerings will fall under the new large categories, subcategories, and SINs. In addition, review of the advance notice for the release of the MAS solicitation, for an overview of clauses, available offerings, and a matrix of clauses included in MAS. (ibid)

GSA recommends questions be submitted to your assigned contracting officer (CO) or the Multiple Award Schedule Program Management Office (MAS PMO) at MASPMO@gsa.gov. (ibid)

Once in receipt of the upcoming Mass Mod, we recommend you review it immediately. Note any exceptions. When responding to the Mass Mod, contractors will be presented with each clause in the consolidated Schedule and may either accept the clause or request an exception. Each exception must include a written justification and be negotiated with the CO. (Contractors should not take exception to clauses that do not apply to them.)

All responses to the Mass Mod are due before July 31, 2020. Those not responding by the due date will find their offerings unavailable on GSA eTools. The contract number, period of performance, products, and services offered as well as the assigned CO will not change as a result of accepting the Mass Mod. (ibid)

Concerns about the Mass Mod and whether or how an exception might affect your current Schedule? Concerned with how to justify an exception? Give us a call.