Veterans Affairs is Getting Cloud-y

The Department of Veterans Affairs is moving all of its new and current applications to the cloud. At the recent ACT-IAC’s Health Innovation Summit, a spokesman said, “the target is 350 applications, which is about roughly half of our portfolio, [to be] moved to the cloud by 2024.”(Fedscoop, April 10, 2019)

This announcement follows the VA’s recent move toward a modernized electronic health record and secure tele-health capabilities. Each of these actions will give veterans the ability to access their information faster and more efficiently. (ibid)

At the recent summit, an example of the importance of moving to the cloud was provided: in 2017  Hurricane Harvey left a number of Veterans Benefits Administration regional offices closed in southern Texas. VA “had just migrated some Veterans Benefits resources and materials into the cloud, and when all of those regional offices and sub-offices were shut down, every one of those rating specialists and the folks in Veterans Benefits Administration was able to continue their work without the facility being in operation.” (ibid)

The Subcommittee on Technology Modernization, within the House Veterans’ Affairs Committee continues to closely watch VA modernization efforts. As recently as last week, the House committee asked about the progress of the tool being developed to give veterans better access to non-VA community care. The representative testified that the tool will be ready by June. (ibid)

Have questions about the Department of Veterans Affairs move to the cloud? Give us a call at 301-913-5000.

GSA is bumping up cybersecurity offerings

GSA recently announced a restructure of the Highly Adaptive Cybersecurity Services (HACS) Special Item Number (SIN) to include a greater range of cyber services. The new format addresses the government’s need to protect high-value assets and enables federal agencies to purchase proactive and reactive cybersecurity services.  (Fifth Domain, April 2, 2019)

According to GSA Acting Assistant Commissioner Bill Zielinski, “The restructured HACS solution on IT Schedule 70 will provide federal agencies with easier access to services and solutions to protect large complex network and data systems, including [high-value assets] that hold sensitive information critical to national and economic security.” (ibid)

GSA is consolidating the four original SINs under HACS into a single SIN with the following five subcategories:

  • High-Value Asset Assessments
  • Risk and Vulnerability Assessment
  • Cyber Hunt
  • Incident Response
  • Penetration Testing (ibid)

Have questions about the restructuring of IT Schedule 70 or if you are affected by the change? Give us a call at 301-913-5000.

 

 

 

It’s Mass Mod Time Everyone!

You knew this was coming. All GSA schedule holders are looking at refreshes this month, the last one before all 24 MAS solicitations are rolled into a single Schedule. Expect the mass modifications to accomplish the following:

  • Update proposal instructions to require order status on GSA Advantage! orders;
  • Update proposal instructions related to Section 508 Standards;
  • Incorporate new Service Contract Act (SCA) Wage Determinations;
  • Update AbilityOne “Essentially the Same” Proposal Instructions;
  • Incorporate minor updates from FAC 2019-01 as applicable (GSA Interact March 26, 2019)

Note: Individual schedules may update additional clauses or provisions to make clarifications, administrative corrections, and other required changes. (ibid)

You will have 90 days to accept the mod once GSA FAS issues them. (ibid)

GSA is hosting a listen-in only webinar on Wednesday, April 10 at 1:00 PM EST to discuss the refreshes. You can register on this link.

Nervous and shaky about this latest mass mod? Give us a call at 301-913-5000.

Oh 72a, We Hardly Knew Ya

You’re used to it, right? So it’s time to change! As of July 2019, the FAS Sales Reporting Portal (SRP) replaces our familiar  72A reporting system for GSA Schedule sales and Industrial Funding Fees (IFF) remission. Terms and conditions remain the same. And if you have an active claim, your contract will be held in the 72A system for now. (GSA Interact, March 18, 2019)

A three-step process directly impacts when and where a company reports sales over the next two reporting periods as well as the migration of historical data. The three steps are as follows:

Step 1: Reporting April 2019 sales and remittance of any IFF in the 72A System

  • When: April 1, 2019, through April 30, 2019
  • Contractor Action: Companies are now in the reporting period that covers January 2019 through March 2019. This is the last time companies will report sales and remit IFF, in the legacy 72A System. After this cycle, all reporting will take place in the FAS Sales Reporting Portal.
  • Change: None. There is no change to the current reporting process for FY19 Q2 reporting.
  • Impact: This will be the final time companies report in 72A and all future reporting will be in the FAS SRP. (ibid)

Step 2: Transition to the FAS Sales Reporting Portal

  • When: Starting May 1, 2019
  • Contractor Action: Contracts will be visible in the new system as of May 1, 2019. At that time, go to the FAS SRP website and register for the required multi-factor authentication process. Anyone listed on a contract as an IFF POC, Contract Administrator, or Authorized Negotiator can register for access into FAS SRP. (Access to the portal does not require digital certification.) Registration to the portal begins May 1, 2019, and runs through the first time a company reports sales in the FAS SRP.
  • Change: Contracts will be moved to the FAS Sales Reporting Portal (SRP).
  • Impact: Effective July 2019, companies will report all sales and remit any owed IFF in the FAS SRP, covering the reporting period from April 2019 through June 2019. (ibid)

Step 3: migration of Historical Data from 72A to the FAS SRP System

  • Contractor Action: None
  • Change: Once April 2019 sales and IFF are reported into the 72A System, GSA is migrating all historical sales and payment record into the FAS SRP.
  • Impact: All historical records will be held in the FAS SRP. This will be maintained for the life of the contract. (ibid)

Note: Sales adjustments will no longer be allowed in 72A after April 1, 2019. (ibid)

Not so onerous, really, but we understand you may have questions. Please feel free to call us at 301-913-5000.

Are you practicing “safe cybersecurity”?

The Department of Defense (DoD) is working to extend its own cybersecurity expertise and infrastructure to small and medium-sized businesses. Their current plan is to build a “secure cloud” for company data instead of leaving it to the responsibility of the contractor. (Federal News Network, March 25, 2019)

DoD plans to use their 2020 research and development budget for the Defense Industrial Base (DIB) Secure Cloud Managed Services Pilot. The project will start by making the cloud service available to a specified number of small and medium companies that support prioritized, critical DoD missions/programs. (ibid)

Ellen Lord, the undersecretary for acquisition and sustainment said, “In contract terms, the Department would treat the secure cloud as Government Furnished Equipment (GFE).” She believes larger companies are already quite savvy and have the funds to create a hardened environment. Ms. Lord is most concerned with small, innovative companies. She said, “we sit down and talk to them about cybersecurity, and sometimes we hear – no kidding, ‘my nephew does my cybersecurity.’ That gets us a little bit worried. And we know that we will either put these small companies out of business, or we will drive them away from the Department of Defense if we give them very, very onerous regulations to meet.” (ibid)

In 2017 DoD began inserting clauses into contracts that require firms to implement the security controls in NIST Special Publication 800-171. Prime contractors are required to impose the same requirements on their subcontractors as they are expected to meet when coming in contact with sensitive, unclassified information. (ibid)

It does not appear as though verification of a company’s compliance with the standards has been accomplished, thus far. However, going forward, spot checks are likely to take place with the hope of getting to a point where DoD certifies third-party cybersecurity examiners to help verify contractors systems meet the existing requirements and that their systems are adequately protected. Currently, about 800,000 systems should be regularly audited. (ibid)

We do know that information is being stolen; but classification levels make it hard to investigate in a reasonable time frame. The details of any individual data theft are classified, making specifics about nature and volume difficult to determine. We also know that sufficient cybersecurity capabilities to protect information must be in place sooner rather than later in order for small and medium-sized businesses to remain contractors to DoD.

Call us with any questions regarding this project at 301-913-5000.