Network Security Big and Small

As many companies have discovered, the Pentagon has increased network security requirements. Small companies are having a tough time with the new rules, as expected, but it appears larger companies are having issues as well. (Government Executive, December 3, 2019)

Some big companies are providing too much data to small subcontractors, which in turn leaves them at risk to foreign hackers. Foreign hackers look at fifth or sixth tier subs to find information — where the biggest “holes” are. (ibid)

In 2016, hackers stole sensitive data on the F-35 Joint Strike Fighter. This is just one of the many cases that prompted the Pentagon to issue new rules for handling sensitive information. By January 1, 2018, all companies doing business with the Pentagon were required to have a plan in place to meet the new standards. (ibid)

In the past, companies needed to only self-certify that they had a plan in place. Unfortunately, no one checked the plans, hence the hacking ensued.

Multi-factor authentication and FIPS-validated encryption seem to be two areas where companies are having a great deal of trouble. Without these working properly, it is much easier for unauthorized access into secure systems.

The Pentagon warned contractors that they will lose business if they and their subcontractors do not meet the updated rules. However, full compliance does not make a company safe from hackers. Individual companies must have an unobstructed view into their own networks as well as ongoing, updated security measures from their subcontractors in order to stay ahead of hackers.

Wondering if you are meeting the Pentagon’s new security rules? We can help you figure it out, give us a call.

New Year, New Mass Mod

At the start of the new year, GSA plans to issue a Mass Modification that will update Schedule contracts to mirror the new consolidated Multiple Award Schedule (MAS) for products and services. The new Multiple Award schedule was released this past October 1st. (GSA Interact, November 25, 2019)

The single Schedule solicitation promotes a simplified format, terms, and conditions along with new categories and Special Item Numbers (SINs). The new Schedule should make it easier for contractors to offer products and services and for agencies to find them. (ibid)

When the Mass Mod is issued, all current Schedule holder’s terms and conditions will align with the new consolidated MAS. The new consolidated MAS solicitation and category attachments are posted on BETA.SAM.gov. Attachments incorporate additional instructions and requirements specific to each large category, subcategory, or SIN. The new consolidated MAS solicitation includes:

  • Solicitation
  • Available Offerings Summary Document
  • Regulations Incorporated by Reference

The Available Offerings and Requirements page on GSA.gov contains templates and attachments for the solicitation. Instructions for each template can be found on Beta.Sam.gov; however individual documents will be housed on GSA.gov. (ibid)

So what do you need to do go get ready? GSA recommends attending one of the following webinars:

Session One:

Date: Thursday, December 19, 2019

Time: 2:30 – 3:30 PM EST

Registration Link: can be found by clicking here.

Session Two:

Date: Thursday, January 9, 2020

Time: 3:00 – 4:00 PM EST

Registration Link: can be found by clicking here. (ibid)

Individuals unable to attend either of the two webinars can find recordings on Interact. In addition, there is an Overview of MAS Consolidation and Consolidated Solicitation Advance Notice training recordings which can be reviewed at any time.

To understand the New Offerings structure, individuals should review the solicitation to understand where specific offerings will fall under the new large categories, subcategories, and SINs. In addition, review of the advance notice for the release of the MAS solicitation, for an overview of clauses, available offerings, and a matrix of clauses included in MAS. (ibid)

GSA recommends questions be submitted to your assigned contracting officer (CO) or the Multiple Award Schedule Program Management Office (MAS PMO) at MASPMO@gsa.gov. (ibid)

Once in receipt of the upcoming Mass Mod, we recommend you review it immediately. Note any exceptions. When responding to the Mass Mod, contractors will be presented with each clause in the consolidated Schedule and may either accept the clause or request an exception. Each exception must include a written justification and be negotiated with the CO. (Contractors should not take exception to clauses that do not apply to them.)

All responses to the Mass Mod are due before July 31, 2020. Those not responding by the due date will find their offerings unavailable on GSA eTools. The contract number, period of performance, products, and services offered as well as the assigned CO will not change as a result of accepting the Mass Mod. (ibid)

Concerns about the Mass Mod and whether or how an exception might affect your current Schedule? Concerned with how to justify an exception? Give us a call.

Shared Service QSMOs

The big takeaway from last week’s Association of Government Accountants’ 2019 shared services summit: it will take a few years to standardize shared services, especially for grants management. (FedScoop, November 14, 2019)

In April, the Office of Management and Budget (OMB) chose four agencies as Quality Service Management Offices (QSMOs):

  • GSA – to oversee a human resources marketplace
  • Department of Treasury – for financial services
  • Department of Health and Human Services – for grants management
  • Cybersecurity and Infrastructure Security Agency – for cybersecurity (FedScoop, April 26, 2019)

QSMOs have started hiring and transitioning from the old payroll system to Software-as-a-Service. This NewPay Initiative tops the list in moving to shared services. GSA awarded a blanket purchase agreement for NewPay in September 2018 to reduce risks and costs and followed up with multi-million dollar task orders. (ibid)

According to Earl Pinto, deputy associate administrator of the Office of Shared Solutions and Performance Improvement within GSA, “these are not short term projects, and I would say that’s probably the biggest challenge because we know we’ve got a process. Standards first … and that has taken, for several mission-support functions, well over a year to get to standards – some over two years.” (ibid)

Some agencies, such as the Interior Business Center are not clear as to whether they will lean towards NewPay or work through current providers, GSA, or a separate appropriation. (ibid)

Some unknown pieces remain. Will agencies always pay for the services delivered or will it be streamlined in some manner? It may be quite some time before we know for sure.

Questions on QSMOs? Call us and we can explain it.

Federal Supply Class Review

What happens when the Defense Logistics Agency (DLA) and the General Services Administrations (GSA) get together to increase efficiencies and effectiveness of the national supply chain? You get the first Federal Supply Class (FSC) review in almost 50 years. (Defense Logistics Agency, October 9, 2019)

So why now, you ask? According to Alan Thomas, commissioner of GSA’s Federal Acquisition Service, it is to “optimize the movement of supplies to our nation’s troops and reduce duplication in the federal supply chain.”

FSC’s review involves all 600 FSCs, or about seven million items used by federal and military consumers and categorizes them by similarity. This review will reduce redundancies and improve purchasing efficiencies as well as customer readiness and responsiveness. Checks and balances will keep both organizations compliant with principles of their original agreement. (ibid)

The 1971 Supply Management Relationship Agreement between DLA and GSA gave DLA authority over supplies within assigned FSCs used by the military regardless of their use by civil agencies. GSA manages items used by federal agencies that are commercially available. Today GSA and DLA  maintain contracts with vendors delivering directly to customers. DLA forecasts demand and then supply chain representatives, vendors and DLA Distribution ensure on-time delivery worldwide.

DLA and GSA are working side by side to put together an automated tool that categorizes FSCs for analysis. The tool will produce summary-level data on all items to ultimately determine if a change in acquisition strategy might lead to improved efficiencies and effectiveness for the government, taxpayers, and customers. Both DLA and GSA must be in agreement to transfer logistics management of any items.

“Regardless of item transfer decisions, the process and tools we’ve developed in conducting this review provide an archive of information that supports FSC management determinations beyond the simple criteria identified in the 1971 agreement,” Jay Schaeufele, GSA account manager for DLA Logistics Operation’s Whole of Government Division, said. “This information is important as we navigate government and acquisition reform initiatives and evaluate potential economic efficiencies without losing vision of DLA’a first priority to warfighter readiness. (ibid)

Jeff Thurston, director of GSA’s Office of Supply Chain Management, said: “GSA’s new business model challenges us to identify new ways to serve environments where stocking product was previously the go-to solution.” (ibid)

The Commercial Platforms Program will update how commercial products are bought by federal agencies via partnerships with commercial e-platform providers. Government agencies will access commercial platforms as part of a whole-of-government approach. This approach will give agencies visibility into online spending, thus reducing supply-chain risk while providing more time for focusing on mission-oriented acquisition.

According to Laura Stanton, deputy assistant commissioner for Category Management in GSA’s Office of Information Technology Category, “this three-year proof of concept will offer federal buyers easy access to e-marketplace providers and commercial products. Additionally, agencies will have better visibility and insight on purchasing patterns to bring one-off spending under management. The Commercial Platform’s proof of concept offers a way for agencies to access commercial platforms as part of a whole-of-government approach, strengthening GSA’s commitment to maximize the government’s buying power through economies of scale.” (ibid)

GSA and DLA are consolidating purchasing, tracking, and spending analysis while taking advantage of government-wide and best-in-class acquisition vehicles. In addition, they are working together to communicate supply chain issues such as cybersecurity, fraud, and counterfeit parts while working with the military to determine optimal shipping routing.

Will this translate into possible changes to your current contract or bid? We’re available to discuss.

Strike Force vs. Collusion

The Justice Department has created a new interagency partnership to battle procurement and antitrust crimes, the Procurement Collusion Strike Force (PCSF). The PCSF is comprised of the Antitrust Division of the U.S. Department of Justice, multiple U.S. Attorneys’ Offices around the country, the Federal Bureau of Investigation (FBI), and the Inspectors General for multiple Federal agencies. (Justice.gov)

The PCSF will “deter, detect, investigate and prosecute antitrust crimes and related criminal schemes,” according to Assistant Attorney General Makan Delrahim. He feels many open investigations are related to procurement crimes. Last year alone, the federal government spent almost $500 billion on contracts for goods and services. The overcharge stemming from illegal actions can be significant not only to the government but to all taxpayers as well.  (Government Executive, November 5, 2019)

Bid-rigging is alive and real. According to the Justice Department, earlier this year five Korean oil companies were prosecuted for bid-rigging contracts to provide fuel to U.S. military bases. The PCSF uses data analytics to identify occurrences of procurement collusion. The website has a complaint form, training materials, and legal resources for anyone who believes they have witnessed suspicious activity. (ibid)

Questions about the new interagency partnership? Give us a call.