CMMC a Plus for Small Businesses?

Katie Arrington, on staff  with the Undersecretary of Defense for Acquisition and Sustainment believes nation-states are actively targeting small businesses digitally. And, she says, we are losing the battle of cyberattacks. (Fifth Domain, October 8, 2019)

According to Arrington, rivals cost the US an estimated $600 billion per year and 5G will multiply that number exponentially by 2025. As a result, Arrington believes the cybersecurity maturity model certification (CMMC) is actually intended for small businesses. (ibid)

CMMC grades company cybersecurity on a scale of one (least secure) to five (most stringent). Small businesses must comply with a tiered rating structure. So a company offering cleaning services may need only comply with CMMC level one while an engineering firm is held to level four

Arrington says that CMMC levels the playing field. Old compliance standards allowed companies to perform their contracts while working on their plan of action to become technically acceptable. This left sensitive systems that require additional security controls vulnerable and with weak spots. Many small businesses do not have the resources to obtain a high CMMC level, ultimately limiting competition in the marketplace; others fear the costs will be so high, that small companies will be priced out of the marketplace and limit their ability to compete on government contracts. 

The most recent Navy breaches targeted contractors without classified information per se, but taken in total the data disclosed sensitive capabilities. This is exactly what the CMMC framework addresses. (ibid)

Requests for proposals are expected to include CMMC requirements, as early as fall 2020.

Questions about CMMC requirements? Give us a call.

COMET Commeth!

The General Services Administration (GSA) has released the second and much sought after piece of the IT services procurement known as COMET. The solicitation aims to create a multiple-award blanket purchase agreement (BPA) on top of IT schedule 70.

GSA plans to make between 10 and 12 awards with a minimum of 25 percent set aside for small businesses. The BPA will require a host of IT services, including operations and maintenance, cloud and the continued development, and support of the acquisition systems portal beta.SAM.gov. GSA’s goal is a three-step evaluation approach, including an in-person technical challenge.

In April, GSA issued the RFP for the first and substantially smaller piece of COMET focused on architecture, engineering, and advisory support. (FedBizOpps)

Have questions about COMET and how your company fits in? Give us a call at 301-913-5000.

The Eagle (II) is Not Landing

DHS will not be recompeting their EAGLE II IT services contract when it expires in 2020. They are moving toward a strategy called EAGLE Next Gen, which allows them to rely on existing contracts in order to meet IT services needs. Agile development and special or niche mission needs will be met by smaller targeted contracts competed as necessary. (Nextgov, April 20, 2019)

The EAGLE Next Gen strategy is just that, a strategy whereby DHS would use already established governmentwide acquisition contracts or GWACs. These include:

  • the National Institutes of Health’s CIO-SP3 and CIO-SP3 Small Business
  • GSA’s Alliant 2, 8(a) STARS II
  • GSA’s VETS 2

When requirements cannot be met by this strategy, DHS will build in-house contracts.

So far, DHS is beginning to build an in-house contract for cloud and data center optimization. Over 100 responses were received from their initial RFI. Most likely, resulting RFPs will ultimately be the family of contracts under DHS Next Gen, and are expected in the Fall. (ibid)

Some Homeland Security components are still using EAGLE II to support their agile development. Work with each of the components is at various phases of the procurement process. Each component has different requirements; therefore procurements will be specialized to meet individual needs. (ibid)

The future procurement strategy is far from finalized. There may be full and open competition or a blanket purchase agreement using pre-vetted vendors.

Would you like to learn more about the EAGLE Next Gen strategy and where you might fit in? Give us a call at (301) 913-5000.