New Cybersecurity Certification Requirements

The Office for the Under Secretary of Defense and Sustainment (OUSD (A&S)) recently released its Cyber Security Maturity model Certification (CMMC). DoD stakeholders, University Affiliated Research Centers (UARCs), Federally Funded Research and Development Centers (FFRDCs) and the Defense Industrial Base (DIB) all had a hand in developing the CMMC model. This model measures cybersecurity maturity using five levels (from basic to advanced) and aligns a set of processes and practices with the type and sensitivity of the information to be protected and any associated threats to that information. (CMMC Model v1.0, January 30, 2020)

DoD’s CMMC enhances the protection of:

  • Federal Contract Information (FCI) provided or generated by the government, but not intended for public release
  • Controlled Unclassified Information (CUI), which requires safeguarding or dissemination consistent with laws, regulations and government-wide policies. (ibid)

The CMMC model includes the safeguarding requirements for FCI spelled out in FAR clause 52.204-21 and the security requirements for CUI stated in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 per DFARS clause 252.204-7012 [3,4,5].

Included in the CMMC model is a certification piece verifying the implementation of cybersecurity maturity measure processes and practices. This is intended to deliver assurance to the DoD that contractors and subcontractors can sufficiently protect CUI at a level equal to the risk. (ibid)

To obtain a full overview of the CMMC Model, domains, practices, and processes, please review the Cybersecurity Maturity Model Certification.

Have questions about the effect on your current contract or one in works? Give us a call.

Phase 2: Resistance is Futile

Although we covered this last month, it’s worth another review  as GSA moves to phase two of the MAS consolidation.

As you know, GSA is merging the Multiple Award Schedule (MAS) program contracts from 24 different schedules into one. Notices of changes to terms and conditions for current contract holders under the MAS program should be received by contract holders in the coming months.

The consolidated schedule makes it simpler for the government to make purchases and will roll out in three parts:

  1. Creation of a new contract vehicle for all future acquisitions
  2. Bring current contract holders onto the new consolidated schedule
  3. Consolidate those businesses that have multiple contracts across many schedules(Federal Times January 31, 2020)

Terms and conditions are being standardized and all current contract holders and contractors, placed on the consolidated schedule, must respond to them by July 31, 2020. (ibid)

Questions about the consolidation and how you and your contracts are affected? Give us a call.

Make a pitch, win a prize

In 2018, the Army acquisition office set up the Expeditionary Technology Search or xTechSearch. The Army has continued to use these pitch days to find small and nontraditional businesses with useful technologies. (Federal News Network, January 16, 2020)

In a pitch search, businesses propose their new technologies and ideas to the government in phases. Phase One is a white paper. Generally, 50 companies make it through the white paper phase and onto phase two. Companies chosen to move onto phase two receive a $5,000 prize which may be used to help defer the cost of engaging with government. The second phase is a 15-minute in-person pitch to a panel. Up to 24 companies can move from phase two to phase three, with the highest-ranking company receiving a $10,000 prize. Phase three participants are invited to a conference and provided exhibit space and asked to provide a proof-of-concept demonstration. Up to 12 participants move forward, with the highest-ranking business plan and proof-of-concept demonstration plan to receive a prize of $120,000. The technology solution and transition plans are presented during phase four, the final phase. Currently, xTechSearch 4.0 is in its second phase.

The grand prize winner will be announced in October at the Association of the United States Army annual meeting in Washington, DC. The grand prize winner receives a prize of $250,000, similar to the size of a Small Business Innovation Research grant.

Want to learn more about pitch days? Give us a call.

****Important Mass Mod****

GSA will release a mass modification tomorrow, 31 January 2020, to support the new MAS Consolidated Schedule. This isn’t your “normal” mass modification: it will entail many steps.

BEFORE you Sign the Mass Mod make sure you familiarize yourself with the Available Offerings Attachment and understand where your SINs will map under the new MAS structure; make sure you have the correct NAICS codes, as approved by beta.sam.gov; catalog exceptions taken in your current Schedule; make sure you do not have any pending Add or Delete SIN mods.

When signing the mass mod, you must respond to every clause for each Schedule you hold. Additionally, there are a number of actions you must take after signing the mass mod, including ensuring that your Schedule shows in eLibrary under the new MAS vehicle and working with your CO to delete new SINs you don’t need among a number of other actions.

Confused or nervous you may leave something out? Schedule a conference call or consultation with our Proposal Specialists by calling 301-913-5000.

 

FAR 51 Deviation Authority is expired!

Here’s what you need to know.  Contracting officers were permitted to give contractors access to the Federal Supply Schedule (FSS) and GSA Global Supply Programs if appropriate, for the fulfillment of their agency requirements. They used the FAR 51 Deviation Authority vehicle for this purpose. On 23 October, the FAR 51 Deviation expired. It will no longer be used on orders placed after this date. Under Refresh 1, clause CI-FSS-056 Federal Acquisition Regulation (FAR) Part 51 Deviation Authority (Federal Supply Schedules) (Jan 2010) is deleted.

In lieu of FAR 51 Deviation, agencies may use Order Level Material (OLM) procedures to acquire other direct costs (OCDs) and material support items to meet specific order requirements. Additional information for OLMs may be found at www.gsa.gov/olm.

Many question if a contracting officer can issue a letter of authority (required by the Deviation) anytime during the life of the order, if the order or BPA was awarded on or before 23 October 2019. The short answer is yes, as long as the order was issued prior to the 23 October Deviation expiration date. However, if the BPA was awarded prior to then, and subsequent award terms were awarded after 23 October, those subsequent award terms may not use the deviation.

Wondering if you are grandfathered in and still able to take advantage of the FAR 51 Deviation Authority? Give us a call.