Three DoD DFARS will soon become permanent rules

According to a recent statement by Katie Arrington, the Pentagon’s CISO for acquisition and sustainment, three Defense Federal Acquisition Regulation Supplements (DFARS) for the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) will soon be permanent rules. (MeriTalk April 15, 2021)

The CMMC program enforces cybersecurity standards in the Defense Industrial Base (DIB) supply chain. The certification requirements will be part of all DoD contract requirements by 2026. (ibid)

The soon-to-be-permanent rules are:

  • DFARS Provision 252.204.7019 requires contractors to complete self-assessments and upload them into the DoD’s Supplier Risk Performance System (SPRS)
  • DFARS Clause 252.204.7020 takes place upon contract completion, allows DoD access to systems, facility, and personnel if DoD assesses the necessity due to risk
  • DFARS Clause 252.204.7012 requires all contractors to maintain adequate security of defense information that is “processed, stored or transmitted” on their network (ibid)

According to Arrington, 300,000 contractors need to get CMMC certified within the next five years. She said, “we have thought carefully about this, and making cybersecurity foundational to acquisition wasn’t something that we just thought “Let’s do it one time.” It has to be an enduring capability.” (ibid)

Questions concerning CMMC certification? Give us a call.

 

CPARS is getting a refresh

For over a decade, the Office of Federal Procurement Policy (OFPP) has encouraged government agencies to increase their research and evaluation of contractor performance on contracts, with little effect. (Federal News Network April 12, 2021)

The general consensus is that the current Contractor Performance Assessment Reporting Systems (CPARS) is broken. Contractors and Contracting Officers feel it inaccurately rates performances while also being burdensome. For the past two years, Mike Smith, a former DHS director of strategic sourcing and now an executive vice president at GovConRx, has led an effort to rebuild CPARS. His goal, “make sure it results in good information and the information is more strategic and tactically used.” (ibid)

What are some of the problems with CPARS? Many contracting officers rate contractor performances as satisfactory because it takes too much of their time to verify exceptional or outstanding performance and too much time trying to explain why a rating might be below average or poor. (ibid)

DHS is looking to solve this problem through a pilot application of artificial intelligence (AI). DHS recently awarded contracts to five companies to demonstrate their ability to build production-ready software. User groups will view demos using software-as-a-service (SaaS). The user groups are, The departments of Commerce, Energy, Interior, Veterans Affairs, and Health and Human Services as well as GSA, NASA, the Air Force, and the U.S. Agency for International Development. The agencies gave the 5 companies in the pilot, 50,000 anonymous procurement records, to assist in training the AI. The goal is to decide which technologies will move to phase 3 in June with an actual launch in January 2022. (ibid)

GSA has some barriers to overcome too. Contracting officers must see the value in vendors providing self-assessments on certain projects. GSA senior procurement executive Jeff Koses sent a memo in February recommending the use of vendor self-assessments s one step in the overall CPARS process. The memo is a permission slip, of sorts, for contracting officers to begin asking for self-assessments as one part of the CPARS process. This should alleviate some of the burden on contracting officers.(ibid)

Mike Smith, a former DHS director of strategic sourcing and current executive vice president at GovConRX said, “you wouldn’t believe how many contracting officers refuse to take input from industry because they think they aren’t allowed to. As a contracting officer, I’d rather have a back and forth at least by midyear, if not before, so we can adjust course and have a common understanding at the end of the performance period and there are no surprises about ratings and the basis of that rating.” Most agree that good contractors will jump at the opportunity to do a self-assessment because they will finally be able to have input into the process. (ibid)

CPARS should also help small businesses. When contracting officers see the small business has done larger jobs and done them well, through a relevancy search and high CPARS, they are a lot more likely to award them a contract. This in turn helps the contracting officer make better-informed decisions through the use of data. (ibid)

Questions concerning self-assessments and the intricacies involved? Give us a call.

 

 

EZ-ier requirements for COVID efforts at GSA says EZGSA

GSA’s Multiple Award Schedule (MAS) program may be used by state and local governments to procure commercial products, services, and solutions necessary to respond to the pandemic. GSA is providing additional support by issuing Acquisition Letter (AL) MV-21-03 and Supplement to further aid America in response to COVID-19. (GSA Interact April 14, 2021)

AL achieves this by:

  • Temporarily waiving (3) MAS solicitation requirements in MAS provision SCP-FSS-001 when a company is proposing products/services to support COVID-19 efforts.
  • The AL waives:
  1. The requirement to possess two years of Corporate Experience
  2. The requirement to submit a Relevant Project Experience for each SIN proposed
  3. The requirement to submit an Annual Financial Statement for the previous two years (ibid)

The AL, however, does not change the following:

  • Certain vendor instructions regarding the submission of a Corporate Experience narrative, Letter of Commitment/Supply, Past Performance Information, Quality Control Plans
  • Category/SIN specific technical requirements outlined in the MAS Solicitation category attachments
  • A Contracting Officer’s overarching responsibilities especially determining fair/reasonable pricing, ensuring compliance with vendor instructions, and making a responsibility determination in accordance with FAR subpart 9.1 (ibid)

AL applies to all MAS large categories, subcategories, and SINs under the following conditions:

  • New vendors proposing products, services, and/or solutions in direct support of COVID-19 efforts
  • Current MAS contractors adding service SINs in direct support of COVID-19 efforts (ibid)

AL does not apply under the following conditions:

  • Any offers or modifications which include products, services/solutions that do not directly support COVID-19 efforts
  • To VA MAS for medical equipment, pharmaceutical services, or supplies (ibid)

GSA is doing a number of things to support the ongoing COVID-19 efforts. The following are to name a few:

  • Deferring MAS contract cancellations when minimum sales haven’t been met under I-FSS-639 Contract Sales Criteria
  • Issuing a non-availability determination for Trade Agreement, Buy American Statute Class Determination, allowing contracting officers to temporarily award non-TAA compliant product to support COVID-19 requirements
  • Purchase Exceptions from the AbilityOne Program
  • Implementation of Emergency Acquisition Flexibilities (ibid)

GSA/FAS has many mechanisms for its Federal Partners to access the vital supplies and services required to meet the COVID-19 pandemic. For companies who would like to reach the government market beyond the MAS program, the Commercial Platforms program provides options to partner with several commercial e-marketplace platforms. It is also possible to partner with an existing MAS contractor as a subcontractor, providing part of a total solution to an agency’s COVID requirements. (ibid)

Questions concerning AL, what it does, doesn’t do, or do you now qualify for GSA? Give us a call.

 

 

 

 

COVID-19 actually helped small businesses do business

Due to the pandemic, the federal government has expanded remote network access to assist a dispersed workforce. This in turn has motivated reforms to the procurement system.

According to Roya Konzman, acting division director for solutions development at General Services Administration’s Federal Acquisition Service (FAS), “suddenly there was a need for new hardware, software and network access security, so we advised our Small Business Administration, Department of Veteran Affairs and Social Security Administration on their procurement strategies. GSA empowered its contracting officers to expand its rated orders authority. These orders are issued in accordance with the defense priorities and allocation system, and rated orders applied to IT capabilities included teleworking and health care solutions such as VPN accounts, virtual desktop infrastructure solutions, laptops, and mobile devices, and also covered personal protective equipment such as medical products hand sanitizers and disposable gloves.” (GovernmentCIO Media & Research April 6, 2021)

A national emergency allows the use of rated order authority. It authorizes GSA to prioritize a solicitation on behalf of an agency to buy goods and services. If a contractor receives a rated order, the contractor must prioritize that order ahead of other orders in the queue. (ibid)

There were so many rated orders issued to large contractors that individual suppliers often had a hard time meeting demands within the allotted timeframe. The result was federal agencies looked to enlarge their contracting base to include specialized smaller and mid-sized contractors. (ibid)

Because smaller firms do not have the “red tape’ that larger firms have, they can often change directions quickly. This makes smaller firms extremely valuable during times of national crisis. (ibid)

The federal government invested in video conferencing software and remote connectivity during the pandemic. This affords vendors the opportunity to demonstrate their products to various procurement offices. Additionally, agencies can quickly evaluate a large range of potential contractors. Which helps potential contractors who might have otherwise been overshadowed by larger vendors with preexisting relationships. (ibid)

Do you have a specialized product that the federal government needs? Give us a call.

 

NIST looking for a Small Cybersecurity Business – Do you qualify?

The National Institute of Standards and Technology (NIST) is looking for a small business to assist with the creation of privacy and cybersecurity standards that will apply to federal agencies. Additionally, NIST hopes to gain assistance with the development and modeling of software and applications for various tools, including the National Vulnerability Database.(Nextgov March 29, 2021)

The sources sought notice posted on beta.SAM.gov states, “with a new and re-energized national emphasis on information security, the NIST Information Technology Laboratory’s (ITL) Computer Security Division (CSD) is uniquely positioned to ensure that new technology initiatives are selected, deployed, and operated in a manner that does not increase the risk to organizational missions, individuals and the Nation.” (ibid)

“NIST expects the requirements of its mission to expand and anticipates the need for support in meeting these requirements. The support needed to ensure a successful mission ranges from internal programmatic support to technical expertise and research consulting in a wide range of cyber and information security areas.” (ibid)

Do you qualify for the cybersecurity SINs? Give us a call.