Self-Assess No More

Cybersecurity for  Department of Defense (DoD) contractors is an ongoing issue. Now, DoD is issuing an interim rule to implement an Assessment Methodology and Cybersecurity Maturity Model Certification framework. This will assess contractor implementation of cybersecurity requirements and enhance the protection of unclassified information within the DoD supply chain. (Federal Register, DFARS Case 2019-D041 Action: Interim Rule)

The current self-attestation of NIST Special Publication (SP) 800-171 is not working due to a lack of DoD verification. Until the implementation of the interim rule, DoD did not have a mandate to verify contractor basic safeguarding or security requirements prior to contract award.  This regulation changes that. The interim rule adds a process for contractors to  implement cybersecurity requirements. This is to be accomplished while the DoD’s Cybersecurity Maturity Model Certification (CMMC) and the procedures with the Accreditation Body (AB) are solidified. (Meritalk, September 28, 2020)

Questions about how the new rule will affect your contract or upcoming bid and what you can expect? Give us a call.

Pilot Programs to Decrease Bid Cycle Time

Selling to the government can be a difficult and lengthy process for the most patient of vendors. The buying process in private industry might take a week or two whereas federal buying can take a year or more. Added to that, the costs associated with bidding on government contracts, with no guarantee of a contract, often makes doing business with the government less than appealing. Unfortunately, this makes many companies with innovative products and services steer clear of working with the government.

Now two agencies, the Department of Homeland Security (DHS) and the Internal Revenue Service (IRS), are introducing programs to address costly and time-consuming barriers. (Washington Technology, June 2, 2020)

DHS created the Procurement Innovation Lab; its mission to diminish barriers to competition while opening up the competition to nontraditional companies and by creating multiple awards from a single solicitation. Within the lab, teams test Federal Acquisition Regulation (FAR) flexibilities. Working with the Department of Defense GSA, DHS created the Commercial Solutions Opening Pilot. This affords participants greater latitude when purchasing innovative products below $10 million. (ibid)

DHS is also working to greatly reduce the lengthy proposal process through a phased proposal model. Phase one might involve a lightweight proposal of five pages or possibly a 30-minute phone interview. Then DHS would advise the vendor on how competitive their idea is and let the vendor decide whether it makes sense to move forward with a proposal. Additionally, DHS is working to receive oral presentations and product demonstrations using a paperless process. This allows vendors an opportunity to showcase their wares, and gives the government insight into those vendors they might award contracts to.  The phased proposal allows many vendors the opportunity to engage with the government when otherwise they would not be able to afford to do so. It allows the government to stay on top of innovative solutions that they otherwise might have missed out on. (ibid)

The IRS wants to phase in a pilot program as well. Their goal is to work with non-traditional small businesses to rapidly prototype and test emerging technologies. Project phasing will help to circumvent locking into a single vendor’s solutions as new (and often better) solutions are made available. (ibid)

Questions about the DHS and IRS programs and how you might prepare a lightweight proposal? Give us a call.

Industry Looking to GSA for Guidance

Agencies are pressuring GSA to provide guidance for meeting deadlines to modernize telecommunications. The  pandemic has delayed many agency transitions, thus making those deadlines nearly impossible to meet. (FEDSCOOP, May 12, 2020)

COVID-19 slowed task order awards under the Enterprise Infrastructure Solutions (EIS) contract, the government’s $50 billion telecom and network modernization channel. In some cases where task orders have been awarded, agencies can’t provide contractors clear instructions. Many believe the task order award delays impede the move from Networx, Washington Interagency Telecommunications System 3, and local service area contracts.

Legacy contracts are set to expire in May 2023. The GAO expects 19 of the agencies who spend the most on EIS to be transitioned over by the legacy expiration date; however many will not meet the GSA’s more aggressive 30 September 2022 deadline. (ibid)

Allen Hill, executive director of telecom services in the Office of IT Category at GSA believes agencies will make GSA aware of the effects of the pandemic, and GSA will in turn work with agencies on a case by case basis. (ibid)

The Department of Defense has their own strategy. They are beginning to rely on the lowest price technically acceptable (LPTA) source selection for EIS. DoD plans to report the methodology used to award contracts and task orders in June, once the Federal Procurement Data System modification is complete. Meanwhile, the Defense Information Systems Agency executed six EIS awards last month. Most EIS solicitations are “best value” yet agencies need to balance the overall cost of their transition with the time for implementation. (ibid)

Unfortunately, when agencies speed up transition, companies have less time to address task order requirements properly. This puts the risk on industry to provide the best value while accurately responding to agency requirements. Many task orders were written prior to the pandemic, therefore contractors are forced to address network issues while teleworking. The time it takes to address issues is naturally increased. (ibid)

“Agencies are encouraged to examine any gaps in their network infrastructures and ensure they make appropriate adjustments to their EIS task orders to provide needed capabilities. Modern IT demands modern infrastructure,” Hill stated. (ibid)

Have questions concerning a delayed task order or need one? Give us a call.

CMMC not for COTS

A recent modification to DoD’s website spells out a small but very specific change about the Cybersecurity Maturity Model Certification (CMMC): it’s not applicable to DoD suppliers that only provide commercial-off-the-shelf products. (FedScoop, May 5, 2020)

Originally, DoD and CMMC administrators explained that all contractors and subcontractors must be certified under  CMMC by a third-party assessor. However, a few weeks ago, the Office of the Under Secretary of Defense for Acquisition and Sustainment changed the official website. The revised FAQ section states: “Companies that solely produce Commercial-Off-The-Shelf (COTS) products do not require a CMMC certification.” (ibid)

CMMC is in place to certify contractors have the cybersecurity practices in place to work with controlled unclassified information, the actual products themselves. (ibid)

Wondering if CMMC applies to the products and or services you provide? Give us a call.

Agency Spending During the Pandemic

Government contractors are experiencing difficulties as they work through obstacles and uncertainties during the COVID-19 pandemic. However, if you thought spending would slow, think again.

In response to the emergency, spending likely exceeded $100 billion for the month of March, according to a webcast hosted by George Mason University’s Center for Government Contracting (GMU). Because of a standard 90-day reporting lag, that figure is likely to be even higher. (Washington Technology, March 31, 2020)

The department of Health and Human Services is responsible for the bulk of non-defense contracting activity with commitments of approximately $748.5 million under research and development. Eric Lofgren, a GMU research fellow, feels the majority of that is going toward “Other Transaction” contracts, designed for speed of fielding capabilities as they fall outside of traditional acquisition regulations. (ibid)

Orders are also being solicited and placed for Personal Protective Equipment (PPE) as well as services such as testing and cleaning. Orders of this nature could very well rise to over $100 billion in response to the COVID-19 emergency. Non-defense spending, as of 27 March, totaled $15 billion, which is on track for spending during the same timeframe in 2019. However, the recently passed CARES Act stimulus package frees up $2 trillion so agencies have funds available for immediate use. (ibid)

The Department of Defense is looking at how the commercial industry is designing solutions. In March, DoD requested white papers from the academic community and private industry for prototype solutions to prevent, contain, treat, and detect coronavirus as well as other possible bio-threats. Many believe this is just the start as DoD begins to support the federal government’s pandemic response. (ibid)

Jerry McGinn, executive director of the GMU GovCon Center and former head of DoD’s manufacturing and industrial base policy office said, “Initially a lot of industry was in the sources sought phase of solicitations, now you’re starting to see they’re just going straight to solicitations…. They’re publishing notices on one day and requiring responses the next, and this is just going to accelerate.”

Questions about these solicitations and how your company might provide solutions? Give us a call.