CMMC a Plus for Small Businesses?

Katie Arrington, on staff  with the Undersecretary of Defense for Acquisition and Sustainment believes nation-states are actively targeting small businesses digitally. And, she says, we are losing the battle of cyberattacks. (Fifth Domain, October 8, 2019)

According to Arrington, rivals cost the US an estimated $600 billion per year and 5G will multiply that number exponentially by 2025. As a result, Arrington believes the cybersecurity maturity model certification (CMMC) is actually intended for small businesses. (ibid)

CMMC grades company cybersecurity on a scale of one (least secure) to five (most stringent). Small businesses must comply with a tiered rating structure. So a company offering cleaning services may need only comply with CMMC level one while an engineering firm is held to level four

Arrington says that CMMC levels the playing field. Old compliance standards allowed companies to perform their contracts while working on their plan of action to become technically acceptable. This left sensitive systems that require additional security controls vulnerable and with weak spots. Many small businesses do not have the resources to obtain a high CMMC level, ultimately limiting competition in the marketplace; others fear the costs will be so high, that small companies will be priced out of the marketplace and limit their ability to compete on government contracts. 

The most recent Navy breaches targeted contractors without classified information per se, but taken in total the data disclosed sensitive capabilities. This is exactly what the CMMC framework addresses. (ibid)

Requests for proposals are expected to include CMMC requirements, as early as fall 2020.

Questions about CMMC requirements? Give us a call.

CMMC RFI

The Department of Defense (DoD) has issued a request for information for the “long-term implementation, functioning, sustainment, and growth” of the Cybersecurity Maturity Model Certification (CMMC). (FedBizOps.gov, October 3, 2019)

Last month, DoD issued version 0.4 of the CMMC. Contractors may now see the cybersecurity standards required when working on projects with controlled but unclassified information. CMMC will assist DoD to secure more than 300,000 organizations. (Fed Scoop, October 4, 2019)

The accreditation body does not directly perform the assessments but manages third-party organizations that do. It is  a nonprofit that utilizes “revenues generated through dues, fees, partner relationships, conferences, etc.” to fund the work.  The deadline to submit feedback is October 21, 2019. (FedBizOps.gov ibid)

We’d be glad to discuss this RFI with you. Just give us a call.

Specs of the New IT Large Category

In GSA’s new Consolidated Schedule, Information Technology comprises one of the twelve large categories under which you can hold products and services. This large category has seven subcategories, including the following:

  • electronic commerce
  • IT hardware
  • IT services
  • IT software
  • IT solutions
  • IT training
  • telecommunications

Former SINs 132-33 and 132-34 now fall under NAICS code 511210, software licenses. Also, 132-54 and 132-55 now use code 517410, commercial satellite communications solutions (COMSATCOM).

If you submitted a FastLane proposal to IT in the past month or so, it has been put on hold until January 2020.

GSA Updating their e-Market Portal

On October 1st, GSA issued a solicitation requesting proposals from e-marketplace portal providers. The solicitation is for the initial proof of concept of the Commercial Platforms program, part of the foundation of GSA’s Federal Marketplace Strategy (FMP) to simplify federal buying and selling and how federal agencies buy commercial off-the-shelf products. Proof of concept implementation is through partnerships with many commercial e-marketplace platform providers currently offering business-to-business capabilities. This gives federal agencies greater visibility into their online spending. (GSA.gov, October 2, 2019)

GSA Administrator Emily Murphy said, “As federal procurement continues to evolve, simplifying how we purchase basic commodities will allow agencies to focus more on work that directly serves their missions. Federal agencies spent approximately $260 million using online portals last year and it is critical that we use the Commercial Platforms program to better understand and manage this.” (ibid)

The proof of concept is GSA’s kickoff for changing the way federal agencies purchase commercial products via the open market, implementing the requirement of Section 846 in the FY 18 National Defense Authorization Act (NDAA). Last year GSA conducted stakeholder outreach and market research to get a better understanding of the open market place. They determined to take small steps through an iterative program management approach to Commercial Platforms. (ibid)

Proposals are due by November 1, 2019, at 5 PM EST. (FedBizOpps.gov, October 1, 2019)

Are you wondering how the e-marketplace will affect your current contract? Do you provide B2B services in the private sector and have questions about the solicitation? Give us a call.