Wanna Connect a Hybrid Cloud?

The Department of Defense (DoD) wants a hybrid cloud environment to serve as the cornerstone for department-wide use of artificial intelligence. The Joint Artificial Intelligence Center (JAIC) issued two sources sought notices from all business that can provide system engineering and integration “to support the procurement, implementation, and operation of a hybrid and multi-cloud deployable development and production platform for Artificial Intelligence and Machine Learning (AI/ML) solutions.” (Fedscoop, November 25, 2019)

This hybrid cloud environment will form the basis of the Joint Common Foundation (JCF), a DoD/Government  AI/ML development platform, containing Data, Tools, and Processes. JCF will include shared data, reusable tools, frameworks, and standards. Additionally, it will include cloud and edge services to develop, secure, test and evaluate, deliver, and sustain capabilities. “The JCF will incorporate the architecture and software artifacts of the Enterprise Development, Security and Operations (DevSecOps) initiative and evolve toward enabling the DoD Artificial Intelligence Strategy.” (ibid)

Proposed vendors answer specific questions about past experience integrating multiple cloud providers at scale with continuous development and integration while meeting security compliance standards. A solicitation conference will be held in early 2020, followed by a request for quotation, and award by the end of September 2020.

The award of JCF will move swiftly. Give us a call if we can answer any questions or assist with your proposal efforts.

Network Security Big and Small

As many companies have discovered, the Pentagon has increased network security requirements. Small companies are having a tough time with the new rules, as expected, but it appears larger companies are having issues as well. (Government Executive, December 3, 2019)

Some big companies are providing too much data to small subcontractors, which in turn leaves them at risk to foreign hackers. Foreign hackers look at fifth or sixth tier subs to find information — where the biggest “holes” are. (ibid)

In 2016, hackers stole sensitive data on the F-35 Joint Strike Fighter. This is just one of the many cases that prompted the Pentagon to issue new rules for handling sensitive information. By January 1, 2018, all companies doing business with the Pentagon were required to have a plan in place to meet the new standards. (ibid)

In the past, companies needed to only self-certify that they had a plan in place. Unfortunately, no one checked the plans, hence the hacking ensued.

Multi-factor authentication and FIPS-validated encryption seem to be two areas where companies are having a great deal of trouble. Without these working properly, it is much easier for unauthorized access into secure systems.

The Pentagon warned contractors that they will lose business if they and their subcontractors do not meet the updated rules. However, full compliance does not make a company safe from hackers. Individual companies must have an unobstructed view into their own networks as well as ongoing, updated security measures from their subcontractors in order to stay ahead of hackers.

Wondering if you are meeting the Pentagon’s new security rules? We can help you figure it out, give us a call.

New Year, New Mass Mod

At the start of the new year, GSA plans to issue a Mass Modification that will update Schedule contracts to mirror the new consolidated Multiple Award Schedule (MAS) for products and services. The new Multiple Award schedule was released this past October 1st. (GSA Interact, November 25, 2019)

The single Schedule solicitation promotes a simplified format, terms, and conditions along with new categories and Special Item Numbers (SINs). The new Schedule should make it easier for contractors to offer products and services and for agencies to find them. (ibid)

When the Mass Mod is issued, all current Schedule holder’s terms and conditions will align with the new consolidated MAS. The new consolidated MAS solicitation and category attachments are posted on BETA.SAM.gov. Attachments incorporate additional instructions and requirements specific to each large category, subcategory, or SIN. The new consolidated MAS solicitation includes:

  • Solicitation
  • Available Offerings Summary Document
  • Regulations Incorporated by Reference

The Available Offerings and Requirements page on GSA.gov contains templates and attachments for the solicitation. Instructions for each template can be found on Beta.Sam.gov; however individual documents will be housed on GSA.gov. (ibid)

So what do you need to do go get ready? GSA recommends attending one of the following webinars:

Session One:

Date: Thursday, December 19, 2019

Time: 2:30 – 3:30 PM EST

Registration Link: can be found by clicking here.

Session Two:

Date: Thursday, January 9, 2020

Time: 3:00 – 4:00 PM EST

Registration Link: can be found by clicking here. (ibid)

Individuals unable to attend either of the two webinars can find recordings on Interact. In addition, there is an Overview of MAS Consolidation and Consolidated Solicitation Advance Notice training recordings which can be reviewed at any time.

To understand the New Offerings structure, individuals should review the solicitation to understand where specific offerings will fall under the new large categories, subcategories, and SINs. In addition, review of the advance notice for the release of the MAS solicitation, for an overview of clauses, available offerings, and a matrix of clauses included in MAS. (ibid)

GSA recommends questions be submitted to your assigned contracting officer (CO) or the Multiple Award Schedule Program Management Office (MAS PMO) at MASPMO@gsa.gov. (ibid)

Once in receipt of the upcoming Mass Mod, we recommend you review it immediately. Note any exceptions. When responding to the Mass Mod, contractors will be presented with each clause in the consolidated Schedule and may either accept the clause or request an exception. Each exception must include a written justification and be negotiated with the CO. (Contractors should not take exception to clauses that do not apply to them.)

All responses to the Mass Mod are due before July 31, 2020. Those not responding by the due date will find their offerings unavailable on GSA eTools. The contract number, period of performance, products, and services offered as well as the assigned CO will not change as a result of accepting the Mass Mod. (ibid)

Concerns about the Mass Mod and whether or how an exception might affect your current Schedule? Concerned with how to justify an exception? Give us a call.

Shared Service QSMOs

The big takeaway from last week’s Association of Government Accountants’ 2019 shared services summit: it will take a few years to standardize shared services, especially for grants management. (FedScoop, November 14, 2019)

In April, the Office of Management and Budget (OMB) chose four agencies as Quality Service Management Offices (QSMOs):

  • GSA – to oversee a human resources marketplace
  • Department of Treasury – for financial services
  • Department of Health and Human Services – for grants management
  • Cybersecurity and Infrastructure Security Agency – for cybersecurity (FedScoop, April 26, 2019)

QSMOs have started hiring and transitioning from the old payroll system to Software-as-a-Service. This NewPay Initiative tops the list in moving to shared services. GSA awarded a blanket purchase agreement for NewPay in September 2018 to reduce risks and costs and followed up with multi-million dollar task orders. (ibid)

According to Earl Pinto, deputy associate administrator of the Office of Shared Solutions and Performance Improvement within GSA, “these are not short term projects, and I would say that’s probably the biggest challenge because we know we’ve got a process. Standards first … and that has taken, for several mission-support functions, well over a year to get to standards – some over two years.” (ibid)

Some agencies, such as the Interior Business Center are not clear as to whether they will lean towards NewPay or work through current providers, GSA, or a separate appropriation. (ibid)

Some unknown pieces remain. Will agencies always pay for the services delivered or will it be streamlined in some manner? It may be quite some time before we know for sure.

Questions on QSMOs? Call us and we can explain it.