Updating Govt Cloud Security

Cloud vendors will soon see standardized security liability language in all government contracts. This is partly due to agencies’ migration to the cloud being sped up once the pandemic hit and increased teleworking, making the need for cybersecurity assurances essential. (Nextgov, May 20, 2020)

Thomas Santucci, the director of the Data Center and Cloud Optimization Infrastructure Program Management Office at GSA, recently elaborated on the subject, “I think there is a need to update our [service level agreements] with the cloud providers and we’re actively working on that within [the General Services Administration]…. OMB has just stood up a [program management office] to work on a cloud SLA template for the federal government to be attached to every contract.” (ibid)

When referring to the pandemic, Santucci said, “Users are now remote rather than in a central building or campus. Agencies that are doing well are mostly in the cloud with little or no impact. Remote users do not need a [virtual private network] to gain access to their emails or files, collaboration products have significantly reduced file duplicates, and bandwidth consumption is between the home internet connection and the cloud. It’s a great success story.” (ibid)

Officials at the National Institute of Standards and Technology (NIST) believe moving to the cloud does not mean security is a “one and done” feature. There are many considerations that customers may be responsible for under contracts. Increased use of cloud services is not 100 percent secure.

Rep. Doris Matsui, D-California recently wrote to NIST Director Walter Copan, requesting NIST work to establish metrics to accompany their Cybersecurity Framework. The framework allows entities to implement security controls based on their needs. Matsui’s letter to Copan asked for ways to evaluate the security implications of those decisions. Matsui states, “with quantifiable measurement tools, cybersecurity strategies can be compared across industries and between entities. Metrics and measurements that facilitate comparisons and assess risk will be valuable for consumers, companies, and governments.” (ibid)

Wondering how your contract or upcoming proposal might be impacted by cloud migration and updated service level agreements? Give us a call.

Industry Looking to GSA for Guidance

Agencies are pressuring GSA to provide guidance for meeting deadlines to modernize telecommunications. The  pandemic has delayed many agency transitions, thus making those deadlines nearly impossible to meet. (FEDSCOOP, May 12, 2020)

COVID-19 slowed task order awards under the Enterprise Infrastructure Solutions (EIS) contract, the government’s $50 billion telecom and network modernization channel. In some cases where task orders have been awarded, agencies can’t provide contractors clear instructions. Many believe the task order award delays impede the move from Networx, Washington Interagency Telecommunications System 3, and local service area contracts.

Legacy contracts are set to expire in May 2023. The GAO expects 19 of the agencies who spend the most on EIS to be transitioned over by the legacy expiration date; however many will not meet the GSA’s more aggressive 30 September 2022 deadline. (ibid)

Allen Hill, executive director of telecom services in the Office of IT Category at GSA believes agencies will make GSA aware of the effects of the pandemic, and GSA will in turn work with agencies on a case by case basis. (ibid)

The Department of Defense has their own strategy. They are beginning to rely on the lowest price technically acceptable (LPTA) source selection for EIS. DoD plans to report the methodology used to award contracts and task orders in June, once the Federal Procurement Data System modification is complete. Meanwhile, the Defense Information Systems Agency executed six EIS awards last month. Most EIS solicitations are “best value” yet agencies need to balance the overall cost of their transition with the time for implementation. (ibid)

Unfortunately, when agencies speed up transition, companies have less time to address task order requirements properly. This puts the risk on industry to provide the best value while accurately responding to agency requirements. Many task orders were written prior to the pandemic, therefore contractors are forced to address network issues while teleworking. The time it takes to address issues is naturally increased. (ibid)

“Agencies are encouraged to examine any gaps in their network infrastructures and ensure they make appropriate adjustments to their EIS task orders to provide needed capabilities. Modern IT demands modern infrastructure,” Hill stated. (ibid)

Have questions concerning a delayed task order or need one? Give us a call.

In the Navy (with Small Business)

The U.S. Navy, Office of Naval Research is offering $30 million in grants through 31 May to companies providing advanced technology. Through this effort, the Navy is funding its supply chain to ensure that their contractors can stay in business during the pandemic. An additional $250 million in small business awards is expected over the next 90 days. (FedScoop, April 28, 2020)

Awards are through the Small Business Innovation Research and Small Business Technology Transfer grant programs, which get money to small businesses more quickly than traditional solicitations. The following technologies are of interest:

  • modernization and sustainment
  • digital logistics
  • deployable manufacturing
  • resilient communications (ibid)

James Geurts, the Navy’s lead acquisition official, said the department is monitoring its supply chain in real-time with new tools to maintain stability. Many worry that a faltering economy and the shelter in place regulation will affect the supply chain and the military’s readiness. Guerts says the Navy is closely watching its research and development for emerging technology so as to stay a step ahead. (ibid)

Other Navy research offices are also serving as “technology enablers.” The Naval Expeditions Agility Office is looking for ways to better connect warfighters to tech experts and small businesses. Here again, the goal is to bring advanced technology solutions to national security challenges while helping small businesses to continue working with the Navy. (ibid)

Are you a small business with advanced technologies the Navy can use? Give us a call.

Emergency Rules

Government ontractors and small businesses should be aware of increased opportunities during the current COVID-19 national emergency. The government is permitted, during a national emergency, to set aside solicitations to allow awards “only to offerors residing or doing business primarily in the area affected by …[a] major disaster or emergency.” Contractors can verify if they fall into this category by reviewing Federal Acquisition Regulation 52.226-3(d). (Law360.com, April 13, 2020)

A national emergency declaration allows the government to (restrict) certain solicitations to small businesses in certain areas. These solicitations are either a set-aside or an evaluation preference is given to small businesses. (ibid)

During national emergencies, large contractors should look to team with small businesses, or to current teaming agreements already in place. In addition, contractors who are at the ready to produce/provide goods or services may be called on to contract with agencies to battle COVID-19. (ibid)

Micro purchase thresholds are another acquisition procedure government agencies may use during a national emergency. These allow for a simplified acquisition methodology for specific items or services required under emergency situations, such as the COVID-19 national emergency. (ibid)

State and local governments may also procure under the Stafford Act, wherein state governors request financial relief via federal grants that allow procurement under their own procedures. The Stafford Act authorizes federal contracts for “debris clearance, distribution of supplies, reconstruction, and other major disaster or emergency assistance activities.” In 2006 the Local Community Recovery Act amended the Stafford Act mandating local organizations to be given preference when using full and open competition. The FAR was also amended to align with the Local Community Recovery Act. Under the act, if a contractor does not meet all of the Recovery Act stipulations there are other factors that may be considered. (Contractors may self-certify that they are local.) (ibid)

Other streamlining acquisition procedures are available under federal supply schedule contracts, multi-agency blanket purchase agreements, and multi-agency indefinite-delivery contracts. Additionally, there is an easing of the requirement that a contractor be registered in SAM.gov at the time an offer is submitted to the government. (ibid)

The emergency declaration allows state and local governments to purchase from all GSA schedules. It also encourages accelerated payments to small business contractors.  (ibid)

Additional modified procedures to facilitate swift responses are:

  • Relaxation of qualifications requirements
  • Use of sole-source contracts
  • Use of oral requests for proposals
  • Use of letter contracts
  • Interagency acquisitions
  • Awards to small disadvantaged businesses
  • Retroactive overtime approvals
  • Waivers of bid guarantees when an emergency exists
  • Use of protest overrides where necessary for a contracting process to continue

In order to track procurements related to COVID-19, GSA added a National Interest Action (NIA) code to SAM.gov. To find information on the site, simply type COVID-19 2020 in the search bar. (ibid) Contractors can register with SAM.gov under the disaster response registry, and be sure to monitor the portals most closely aligned to the goods or services you provide.

Have questions about the many opportunities available under the current national emergency? Give us a call.

GSA Allowing Some non-TAA Compliant Products

Demand for essential supplies during the COVID-19 pandemic has escalated to the point that GSA Senior Procurement Executive (SPE) has issued a Class Determination and Findings (D&F) that temporarily allows procurement of non-Trade Agreement Act (TAA) compliant products through the GSA Schedule contracts. Unavailability of the Federal Supply Classes found in GSA’s SPE memo dated 3 April 2020 is cited as the rationale for the change in contractor procedures. (GSA Interact, April 15, 2020)

All MAS contractors with access to products under these FSCs and able to meet the urgent need should submit a stand-alone modification request via eMod. Information and detailed instructions for submitting the modification along with required templates can be found on the GSA.gov, MAS Contractor and Modification Requirements page. (ibid)

The Federal Acquisition Service will email contractors to which the D&F may apply . If you do not receive an email or your authorized negotiator is not up to date, please contact your Procurement Contracting Officer (PCO). A PCO listing may be found by searching your contract number or company name on gsaelibrary.gsa.gov.

Are you able to meet the urgent needs of the government but do not know how to navigate the MAS Contractor and Modification Requirements? Give us a call.