Higher federal procurement standards for IT providers – Are you ready?

The White House is spearheading an interagency endeavor concentrating on software development that will determine federal procurement of information technology (IT). In the coming weeks, vendors can expect to see new IT security standards, governmentwide. This comes after many tech companies complained that the effort under the Trump administration limited the import of information and communications technology from “foreign adversaries.” While leaving the definition of the term “foreign adversary” up to the Commerce Secretary. In addition, the rule as it stands today is broad and raises concerns over due process.

The SolarWinds breach will ultimately raise the bar on vendor security, banning tech from many countries, not just China. It also focuses on vendors and the possibility of vulnerability disclosure policies that encourage reporting weaknesses in their products. Ultimately, vendors providing IT products and services to federal agencies must have the proper level of cybersecurity in place.

Cybersecurity and Infrastructure Security Agency Acting Director Brandon Wales said agencies are working together to ensure consistency in the government’s approach to supply chain security across the Commerce Department rule, an executive order aimed at removing foreign adversaries from the bulk power sector. Wales also said, “the administration is counting on higher federal procurement standards to elevate security across the private sector as well.”

Are your IT products compliant? Give us a call.

 

 

Security Clearance Due Process Streamlining

The Defense Department is streamlining process procedures for individual security clearances. (Defense Systems, January 27, 2021). On 19 January, the Under Secretary of Defense issued a memorandum to “simplify, centralize and unify the established administrative process for unfavorable security clearance eligibility hearings and appeals. The memo directs DoD unit heads to allow applicants to: “cross-examine” those who made negative statements about them, and receive documentation on the administrative due process. However, all unit heads retain the ability to “deny or suspend” access to classified information or Special Access Programs if an individual is found to be “inconsistent with protecting the national security.” (ibid)

“The policy is effective upon DoD General Counsel (GC) certification to USD (I&S) that DOHA has prepared, but no later than September 30, 2022.” (ibid)

Was your application for a security clearance revoked and you are not sure what to do next? Give us a call.

Polaris Replacing Alliant 2

This past July, GSA put to rest the Aliant 2 Small Business contract. The just last week, GSA released a draft RFP named Polaris, a Governmentwide Acquisition Contract (GWAC) to provide customized Information Technology (IT) services-based solutions.  The draft RFP breaks out small business contractors into specific “pools,” for Small Business, HUBZone Small Businesses, and Women Owned Small Businesses. GSA reserves the right to add additional pools when deemed necessary. (beta.SAM.gov, December 31, 2020)

According to the draft RFP, Polaris will provide agencies with customized IT services and IT services-based solutions, which can be tailored to meet particular mission needs and may include any combination of IT services and new and emerging technologies. (ibid)

GSA encourages contractors to provide innovative solutions to task order requirements prioritizing emerging technologies.  Examples of emerging technologies included within the draft RFP are:

  • Advanced and Quantum Computing — cryptography/encryption, secure communications, design of high-performance computers, computer clusters, and networks, Quantum Machine Learning
  • Artificial intelligence (AI) — Computer Vision, Deep Learning, Machine Learning, Natural Language Processing (NLP),  Spatial Computing, Speech Recognition
  • Automation technology — Robotic Process Automation (RPA), Automated Messaging Services, Data Cleaning Scripts, Interactive Voice Response (IVR), Smart Notification
  • Distributed ledger technology — Blockchain Implementation Solutions, DLT Network Design Services, Smart Contract Programming Services
  • Edge computing — 5G Implementation Services, Edge Analytics, Edge Application Services, Edge Computing Architecture Design Services, Internet of Things (IoT) Services
  • Immersive technology  — Virtual Reality, Augmented Reality

Examples of Performance areas within the draft RFP are as follows:

  • Cloud Services
  • Cybersecurity
  • Data Management
  • Information and Communications Technologies
  • IT Operations and Maintenance
  • Software Development
  • System Design

Contractors may “provide ancillary support as necessary to offer an IT services-based solution,” but, as with the GSA Schedule, only “when it is integral to and necessary for the IT services-based effort.” (ibid)

Contractors should take note of the security considerations as purchasers may be from the Department of Defense as well as civilian agencies. In particular, the Defense Department’s Cybersecurity Maturity Model Certification is a developing regulation and requirement included in the draft RFP. Additional Cybersecurity and Supply Chain Risk Management (SCRM) requirements are expected to also be included. (ibid)

All draft RFP feedback is due by 4:00 PM Central Time, January 29, 2021.

Have questions concerning the draft RFP, who can respond, and how? Give us a call.

CARES Funds Available For Contractors

The Office of Management and Budget (OMB) recently published a supplement to Section 3610 of the CARES Act that allows contractors sick or paid time-off during the national emergency if contractors are not able to access their worksites or telework. (Government Executive, April 17, 2020)

At this time, maximizing telework is advised; however, many contractor jobs involve sensitive and/or classified work, making telework not feasible. Trade associations realized this pretty quickly and asked for additional clarification of the Act. For these specific contractors, agencies are allowed to “modify the terms and conditions of a contract, or other agreement to reimburse at the minimum applicable contract billing rates up to an average of 40 hours per week for any paid leave (including sick leave) a contractor provides to keep its employees or subcontractors in a ready state.”

In addition to the paid leave/sick leave clarification, the updated guidance allows agencies to reimburse contractors from the 27 March (when the CARE Act was signed) through 30 September 2020. The original bill did not include a start date. (ibid)

OMB, via the Office of Federal Procurement Policy, developed a guide to assist agencies when working with contractors to ensure the correct documentation is submitted for proper reimbursement. (ibid)

Don’t know where to start the process of getting paid during this national emergency? Give us a call.

 

 

 

More COVID-19 Guidance

Last week the Office of Management and Budget (OMB) updated its agency guidance for federal contractors, as a response to the COVID-19 pandemic. The three main takeaways are:

  • Agencies are encouraged to work with their contractors to allow for the maximization of telework.
  • Agencies must be flexible providing extensions to performance dates if working virtually isn’t possible or if a contractor must quarantine. Agencies should also weigh whether to keep key personnel in a mobile-ready state for national security measures.
  • Agencies are urged to leverage the special emergency procurement authorized in connection with the emergency declaration under the “Stafford Act”. These include increases to: the micro-purchase threshold; the simplified acquisition threshold; and the threshold for using simplified procedures for certain commercial items. These are designed to reduce discord for contractors, especially small businesses, allowing for a more rapid response to the increasing demands agencies face. (Nextgov, March 22, 2020)

The agency guidance comes after trade groups and lawmakers strongly voiced the need for contractor guidance. The updated guidance includes a section of frequently asked questions, including contractor exposure to COVID-19. (ibid)

OMB also issued technology guidance for use during the COVID-19 national emergency. The technology guidance also includes a FAQ section, with steps to ensure IT and cybersecurity measures are met while working remotely. It urges agencies to continue updating their websites to enable public access to government services.

Need some help figuring out OMBs agency guidance for contractors? Give us a call.