Migrate to MAS — Or Else!

This is a time-sensitive reminder that before you submit changes to your catalog through SIP/EDI, migrating to MAS is essential. Even if you have updated your Text File information, you must make sure the migration step has been completed for all of your contracts. (GSA, June 16, 2020)

GSA is deleting all legacy catalogs (product and service) from Advantage, on July 31, 2020. You can continue to use the migrate to MAS function in SIP. Additionally, Catalogs pending approval in CORS should not be impacted by the deletion of legacy catalogs.

Beginning 1 July 2020 updates to legacy catalogs will no longer be allowed. They may only be made once you sign the MAS Mass Mod and migrate your catalog to MAS SINs. (ibid)

Need some help with your contract migration? Give us a call.

Oh, the Things beta.sam.gov Can Do!

In January, FedBizOpps moved to beta.SAM.gov. What was once in FBO can now be found under Contract Opportunities in beta.SAM.gov. (GSA Interact, June 9, 2020)

Users can now save “contract opportunity” searches and receive emails when changes occur, which saves time from having to constantly search to see if changes have occurred. The set up for these notifications as well as other frequently asked questions are found under FAQS.

If you are looking for information about NAICS code or PSC, instructions including detailed videos may be found here. In addition, there are instructions for searching by place of performance in this video. (ibid)

Some major improvements, still in the development stages are:

  • Updated keyword search to allow phrase searches. This includes entering phrases in the search bar and obtaining focused results. This function will remove the current requirement of entering multiple terms in quotation marks, which can lead to unrelated results.
  • Development site improvements. The use of micro frontends allows for a superior experience as it minimizes interruptions by allowing individual systems parts to be upgraded rather than the entire site.
  • Future improvements. Look for enhancement to beta.SAM.gov, such as scheduling future searches and the option for filtering federal organization below sub-tier. Additionally, the ability to search for multiple states in a single search is on the horizon. (ibid)

For additional help, videos go to the beta.SAM.gov learning center. Assistance may also be found at the Federal Service Desk from 8 AM to 8 PM EST Monday through Friday at FSD.gov.

Feeling a little overwhelmed by beta.SAM.gov? Give us a call.

Updating Govt Cloud Security

Cloud vendors will soon see standardized security liability language in all government contracts. This is partly due to agencies’ migration to the cloud being sped up once the pandemic hit and increased teleworking, making the need for cybersecurity assurances essential. (Nextgov, May 20, 2020)

Thomas Santucci, the director of the Data Center and Cloud Optimization Infrastructure Program Management Office at GSA, recently elaborated on the subject, “I think there is a need to update our [service level agreements] with the cloud providers and we’re actively working on that within [the General Services Administration]…. OMB has just stood up a [program management office] to work on a cloud SLA template for the federal government to be attached to every contract.” (ibid)

When referring to the pandemic, Santucci said, “Users are now remote rather than in a central building or campus. Agencies that are doing well are mostly in the cloud with little or no impact. Remote users do not need a [virtual private network] to gain access to their emails or files, collaboration products have significantly reduced file duplicates, and bandwidth consumption is between the home internet connection and the cloud. It’s a great success story.” (ibid)

Officials at the National Institute of Standards and Technology (NIST) believe moving to the cloud does not mean security is a “one and done” feature. There are many considerations that customers may be responsible for under contracts. Increased use of cloud services is not 100 percent secure.

Rep. Doris Matsui, D-California recently wrote to NIST Director Walter Copan, requesting NIST work to establish metrics to accompany their Cybersecurity Framework. The framework allows entities to implement security controls based on their needs. Matsui’s letter to Copan asked for ways to evaluate the security implications of those decisions. Matsui states, “with quantifiable measurement tools, cybersecurity strategies can be compared across industries and between entities. Metrics and measurements that facilitate comparisons and assess risk will be valuable for consumers, companies, and governments.” (ibid)

Wondering how your contract or upcoming proposal might be impacted by cloud migration and updated service level agreements? Give us a call.

Industry Looking to GSA for Guidance

Agencies are pressuring GSA to provide guidance for meeting deadlines to modernize telecommunications. The  pandemic has delayed many agency transitions, thus making those deadlines nearly impossible to meet. (FEDSCOOP, May 12, 2020)

COVID-19 slowed task order awards under the Enterprise Infrastructure Solutions (EIS) contract, the government’s $50 billion telecom and network modernization channel. In some cases where task orders have been awarded, agencies can’t provide contractors clear instructions. Many believe the task order award delays impede the move from Networx, Washington Interagency Telecommunications System 3, and local service area contracts.

Legacy contracts are set to expire in May 2023. The GAO expects 19 of the agencies who spend the most on EIS to be transitioned over by the legacy expiration date; however many will not meet the GSA’s more aggressive 30 September 2022 deadline. (ibid)

Allen Hill, executive director of telecom services in the Office of IT Category at GSA believes agencies will make GSA aware of the effects of the pandemic, and GSA will in turn work with agencies on a case by case basis. (ibid)

The Department of Defense has their own strategy. They are beginning to rely on the lowest price technically acceptable (LPTA) source selection for EIS. DoD plans to report the methodology used to award contracts and task orders in June, once the Federal Procurement Data System modification is complete. Meanwhile, the Defense Information Systems Agency executed six EIS awards last month. Most EIS solicitations are “best value” yet agencies need to balance the overall cost of their transition with the time for implementation. (ibid)

Unfortunately, when agencies speed up transition, companies have less time to address task order requirements properly. This puts the risk on industry to provide the best value while accurately responding to agency requirements. Many task orders were written prior to the pandemic, therefore contractors are forced to address network issues while teleworking. The time it takes to address issues is naturally increased. (ibid)

“Agencies are encouraged to examine any gaps in their network infrastructures and ensure they make appropriate adjustments to their EIS task orders to provide needed capabilities. Modern IT demands modern infrastructure,” Hill stated. (ibid)

Have questions concerning a delayed task order or need one? Give us a call.

CMMC not for COTS

A recent modification to DoD’s website spells out a small but very specific change about the Cybersecurity Maturity Model Certification (CMMC): it’s not applicable to DoD suppliers that only provide commercial-off-the-shelf products. (FedScoop, May 5, 2020)

Originally, DoD and CMMC administrators explained that all contractors and subcontractors must be certified under  CMMC by a third-party assessor. However, a few weeks ago, the Office of the Under Secretary of Defense for Acquisition and Sustainment changed the official website. The revised FAQ section states: “Companies that solely produce Commercial-Off-The-Shelf (COTS) products do not require a CMMC certification.” (ibid)

CMMC is in place to certify contractors have the cybersecurity practices in place to work with controlled unclassified information, the actual products themselves. (ibid)

Wondering if CMMC applies to the products and or services you provide? Give us a call.