Skip to content Skip to left sidebar Skip to right sidebar Skip to footer

Cybersecurity

CTA and Small Businesses

In January, Congress enacted the 2021 National Defense Authorization Act. It includes amendments to the U.S. Anti-Money Laundering Act, the most noteworthy of which is the Corporate Transparency Act (CTA). (JDSupra, March 22, 2021)

The most significant elements of the CTA to know now:

  • CTA legislation requires “beneficial” business owners to report specific information to the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN). A beneficial owner directly or indirectly controls at least 25 percent of the company. Beneficial owners must report their full name, date of birth, current address, and unique identification number. This information will help  prevent the formation of shell companies and money laundering as well as terrorist organization funding.
  • Unless exempt, all privately held businesses in the U.S. are subject to the CTA reporting requirements.
  • CTA becomes effective 1 January 2022. Businesses formed after that time must submit reports within two years.  All business changes are required to be reported within one year.
  • Businesses should add beneficial owner information collection into their operations especially when there are multiple qualifying beneficial owners, as reporting/update deadlines can be cumbersome.
  • Failure to report or update beneficial owner information may include civil penalties up to $500 per day until the violation is corrected as well as criminal fines up to $10,000 and imprisonment for up to two years. (ibid)

The good news is that business entities have almost a full year to get their CTA reporting controls in place, to meet the 1 January 2022 effective date.

Have some CTA regulation reporting questions? Give us a call.

 

Security Clearance Due Process Streamlining

The Defense Department is streamlining process procedures for individual security clearances. (Defense Systems, January 27, 2021). On 19 January, the Under Secretary of Defense issued a memorandum to “simplify, centralize and unify the established administrative process for unfavorable security clearance eligibility hearings and appeals. The memo directs DoD unit heads to allow applicants to: “cross-examine” those who made negative statements about them, and receive documentation on the administrative due process. However, all unit heads retain the ability to “deny or suspend” access to classified information or Special Access Programs if an individual is found to be “inconsistent with protecting the national security.” (ibid)

“The policy is effective upon DoD General Counsel (GC) certification to USD (I&S) that DOHA has prepared, but no later than September 30, 2022.” (ibid)

Was your application for a security clearance revoked and you are not sure what to do next? Give us a call.

Polaris Replacing Alliant 2

This past July, GSA put to rest the Aliant 2 Small Business contract. The just last week, GSA released a draft RFP named Polaris, a Governmentwide Acquisition Contract (GWAC) to provide customized Information Technology (IT) services-based solutions.  The draft RFP breaks out small business contractors into specific “pools,” for Small Business, HUBZone Small Businesses, and Women Owned Small Businesses. GSA reserves the right to add additional pools when deemed necessary. (beta.SAM.gov, December 31, 2020)

According to the draft RFP, Polaris will provide agencies with customized IT services and IT services-based solutions, which can be tailored to meet particular mission needs and may include any combination of IT services and new and emerging technologies. (ibid)

GSA encourages contractors to provide innovative solutions to task order requirements prioritizing emerging technologies.  Examples of emerging technologies included within the draft RFP are:

  • Advanced and Quantum Computing — cryptography/encryption, secure communications, design of high-performance computers, computer clusters, and networks, Quantum Machine Learning
  • Artificial intelligence (AI) — Computer Vision, Deep Learning, Machine Learning, Natural Language Processing (NLP),  Spatial Computing, Speech Recognition
  • Automation technology — Robotic Process Automation (RPA), Automated Messaging Services, Data Cleaning Scripts, Interactive Voice Response (IVR), Smart Notification
  • Distributed ledger technology — Blockchain Implementation Solutions, DLT Network Design Services, Smart Contract Programming Services
  • Edge computing — 5G Implementation Services, Edge Analytics, Edge Application Services, Edge Computing Architecture Design Services, Internet of Things (IoT) Services
  • Immersive technology  — Virtual Reality, Augmented Reality

Examples of Performance areas within the draft RFP are as follows:

  • Cloud Services
  • Cybersecurity
  • Data Management
  • Information and Communications Technologies
  • IT Operations and Maintenance
  • Software Development
  • System Design

Contractors may “provide ancillary support as necessary to offer an IT services-based solution,” but, as with the GSA Schedule, only “when it is integral to and necessary for the IT services-based effort.” (ibid)

Contractors should take note of the security considerations as purchasers may be from the Department of Defense as well as civilian agencies. In particular, the Defense Department’s Cybersecurity Maturity Model Certification is a developing regulation and requirement included in the draft RFP. Additional Cybersecurity and Supply Chain Risk Management (SCRM) requirements are expected to also be included. (ibid)

All draft RFP feedback is due by 4:00 PM Central Time, January 29, 2021.

Have questions concerning the draft RFP, who can respond, and how? Give us a call.

CMMC in GWACs

GSA is expected to begin applying the Department of Defense’s Cyber Maturity Model Certification (CMMC) at the order level to governmentwide acquisition contract vehicles. (Govconwire, November 10, 2020)

According to Keith Nakasone, deputy assistant commissioner for acquisition in the General Services Administration Office of IT, future Government Wide Acquisition Contracts (GWACs) will include CMMC requirements, layered in over time. In this video interview, Nakasone explains that the requirements are being added to make sure contracts are within scope for the Department of Defense, the largest GWAC customer. (Government Matters, November 8, 2020)

Nakasone hopes to educate and train industry partners on the CMMC requirements over time. Although he didn’t state outright that CMMC will become part of all future contracts, they are part of the Polaris draft RFP, scheduled for release in December. (ibid)

Need assistance in understanding the CMMC requirements? Give us a call.