Open Ratings Closed

Open Ratings stopped accepting new orders for Past Performance Evaluations as of Friday, 6 December 2019. All Multiple Award Schedule (MAS) offerers must now demonstrate a sample of past performance by using one of the methods outlined by the solicitation:

  1. verify in eOffer there are three or more CPARS assessment reports that meet the solicitation criteria outlined in SCP-FSS-001 (j)(2)(ii)(A) or
  2. submit a past performance record and list of customer references as outlined in SCP-FSS-001 (j)(2)(ii)(C) when the offeror does not have CPARS assessments that satisfy the solicitation criteria in SCP-FSS-001 (j)(2)(ii)(A).  GSA will contact all customer references and request they complete a past performance questionnaire. Note – offerors should not upload completed past performance questionnaires with the MAS offer. (GSA Interact, December 18, 2019)

An offeror’s demonstration of past performance is limited to the methods spelled out in the solicitation. Additionally, GSA will not accept Dun & Bradstreet reports in lieu of the Past Performance Evaluation prepared by Open Ratings. Any offerors who ordered an Open Ratings Past Performance Evaluation on or before December 6, 2019, can use SCP-FSS-001 (j)(2)(ii)(B) to demonstrate a pattern of Past Performance if the Open Ratings Past Performance Evaluation uploaded to the offer is dated within one year of the offer submission and the offeror had no CPARS assessments that satisfied the solicitation criteria as spelled out in the SCP-FSS-001 (j)(2)(ii)(A). (ibid)

Is this all perfectly clear? If not, give us a call and we can walk you through the steps to demonstrate the acceptable Past Performance for a MAS offer.

You Are an Unique Entity!

You’ve heard (ad nauseum, probably) about replacing your DUNS number with the unique entity identifier (UEI) by  December 2020. Contractors will request and be assigned the new identifiers through SAM.gov. (To learn more about the transition, click here.) (GSA Interact, December 10, 2019)

Contractor award data, including UEI data, interfaces with many systems outside of the government interface. To assist contractors as well as other agencies, GSA published a first and second set of UEI/EVS specifications. For instance, Group 1 includes:

  • beta.SAM Entity Management. APE has updated schemas for a second version of the API. The second version allows  systems to pull information automatically. Differences between versions are marked as v1 (current version) or v2 (future version). Specs may be found here.
  • New EVS and UEI changes will not be updated to SAM Entity Management Web Services. Users of this web service should migrate to beta.SAM Entity Management API to retrieve UEI and new EVS information. 
  • The SAM public RESTful API will not be updated to incorporate UEI or new EVS changes. Users of RESTful API should migrate to beta.SAM Entity Management API to retrieve new EVS and UEI information.

Group 2 includes:

  • The beta.SAM Exclusions. API has updated schemas for version 2, which allows interfacing systems to pull information about the exclusions automatically.  Differences between the versions are marked as v1 for the current version and v2 for the future version. Specs may be found here.
  • The SAM Exclusions Search Web Services will not be updated to incorporate UEI or new EVS changes. Users of this web service should move to the beta.SAM Exclusions API in order to retrieve UEI and new EVS information concerning exclusions via interface.

The public will continue to receive UEI/EVS specifications as they are updated. IAE will release its testing plan by 30 December 2019. Additionally, IAE will complete the issuance of updated technical specifications interfacing systems. Contractors should start developing plans to allow for the interface changes and begin development for testing with IAE. (ibid)

Users with questions specific to interface testing should contact newsamtesting@gsa.gov. Users with questions specific to the SAM-generated UEI or entity validation services should contact entityvalidation@gsa.gov. (ibid)

Wanna Connect a Hybrid Cloud?

The Department of Defense (DoD) wants a hybrid cloud environment to serve as the cornerstone for department-wide use of artificial intelligence. The Joint Artificial Intelligence Center (JAIC) issued two sources sought notices from all business that can provide system engineering and integration “to support the procurement, implementation, and operation of a hybrid and multi-cloud deployable development and production platform for Artificial Intelligence and Machine Learning (AI/ML) solutions.” (Fedscoop, November 25, 2019)

This hybrid cloud environment will form the basis of the Joint Common Foundation (JCF), a DoD/Government  AI/ML development platform, containing Data, Tools, and Processes. JCF will include shared data, reusable tools, frameworks, and standards. Additionally, it will include cloud and edge services to develop, secure, test and evaluate, deliver, and sustain capabilities. “The JCF will incorporate the architecture and software artifacts of the Enterprise Development, Security and Operations (DevSecOps) initiative and evolve toward enabling the DoD Artificial Intelligence Strategy.” (ibid)

Proposed vendors answer specific questions about past experience integrating multiple cloud providers at scale with continuous development and integration while meeting security compliance standards. A solicitation conference will be held in early 2020, followed by a request for quotation, and award by the end of September 2020.

The award of JCF will move swiftly. Give us a call if we can answer any questions or assist with your proposal efforts.

Network Security Big and Small

As many companies have discovered, the Pentagon has increased network security requirements. Small companies are having a tough time with the new rules, as expected, but it appears larger companies are having issues as well. (Government Executive, December 3, 2019)

Some big companies are providing too much data to small subcontractors, which in turn leaves them at risk to foreign hackers. Foreign hackers look at fifth or sixth tier subs to find information — where the biggest “holes” are. (ibid)

In 2016, hackers stole sensitive data on the F-35 Joint Strike Fighter. This is just one of the many cases that prompted the Pentagon to issue new rules for handling sensitive information. By January 1, 2018, all companies doing business with the Pentagon were required to have a plan in place to meet the new standards. (ibid)

In the past, companies needed to only self-certify that they had a plan in place. Unfortunately, no one checked the plans, hence the hacking ensued.

Multi-factor authentication and FIPS-validated encryption seem to be two areas where companies are having a great deal of trouble. Without these working properly, it is much easier for unauthorized access into secure systems.

The Pentagon warned contractors that they will lose business if they and their subcontractors do not meet the updated rules. However, full compliance does not make a company safe from hackers. Individual companies must have an unobstructed view into their own networks as well as ongoing, updated security measures from their subcontractors in order to stay ahead of hackers.

Wondering if you are meeting the Pentagon’s new security rules? We can help you figure it out, give us a call.