Skip to content Skip to left sidebar Skip to right sidebar Skip to footer

Contract Awards

CMMC a Plus for Small Businesses?

Katie Arrington, on staff  with the Undersecretary of Defense for Acquisition and Sustainment believes nation-states are actively targeting small businesses digitally. And, she says, we are losing the battle of cyberattacks. (Fifth Domain, October 8, 2019)

According to Arrington, rivals cost the US an estimated $600 billion per year and 5G will multiply that number exponentially by 2025. As a result, Arrington believes the cybersecurity maturity model certification (CMMC) is actually intended for small businesses. (ibid)

CMMC grades company cybersecurity on a scale of one (least secure) to five (most stringent). Small businesses must comply with a tiered rating structure. So a company offering cleaning services may need only comply with CMMC level one while an engineering firm is held to level four

Arrington says that CMMC levels the playing field. Old compliance standards allowed companies to perform their contracts while working on their plan of action to become technically acceptable. This left sensitive systems that require additional security controls vulnerable and with weak spots. Many small businesses do not have the resources to obtain a high CMMC level, ultimately limiting competition in the marketplace; others fear the costs will be so high, that small companies will be priced out of the marketplace and limit their ability to compete on government contracts. 

The most recent Navy breaches targeted contractors without classified information per se, but taken in total the data disclosed sensitive capabilities. This is exactly what the CMMC framework addresses. (ibid)

Requests for proposals are expected to include CMMC requirements, as early as fall 2020.

Questions about CMMC requirements? Give us a call.

CMMC RFI

The Department of Defense (DoD) has issued a request for information for the “long-term implementation, functioning, sustainment, and growth” of the Cybersecurity Maturity Model Certification (CMMC). (FedBizOps.gov, October 3, 2019)

Last month, DoD issued version 0.4 of the CMMC. Contractors may now see the cybersecurity standards required when working on projects with controlled but unclassified information. CMMC will assist DoD to secure more than 300,000 organizations. (Fed Scoop, October 4, 2019)

The accreditation body does not directly perform the assessments but manages third-party organizations that do. It is  a nonprofit that utilizes “revenues generated through dues, fees, partner relationships, conferences, etc.” to fund the work.  The deadline to submit feedback is October 21, 2019. (FedBizOps.gov ibid)

We’d be glad to discuss this RFI with you. Just give us a call.

Specs of the New IT Large Category

In GSA’s new Consolidated Schedule, Information Technology comprises one of the twelve large categories under which you can hold products and services. This large category has seven subcategories, including the following:

  • electronic commerce
  • IT hardware
  • IT services
  • IT software
  • IT solutions
  • IT training
  • telecommunications

Former SINs 132-33 and 132-34 now fall under NAICS code 511210, software licenses. Also, 132-54 and 132-55 now use code 517410, commercial satellite communications solutions (COMSATCOM).

If you submitted a FastLane proposal to IT in the past month or so, it has been put on hold until January 2020.

It’s Heeeeere…

The new, single GSA Multiple Award Schedule solicitation was released today, 1 October, and it’s mostly what we expected.

Solicitation number 47QSMD20R0001, refresh 00 (!!) points you to the correct NAICS number for your product or service. The first page of the solicitation references the MAS Roadmap, which includes a guide to preparing your offer and required forms such as the:

  • Agent authorization letter
  • Letter of supply
  • Categories and appropriate NAICS (formerly SIN) numbers
  • Labor category matrix

as well as information about the:

  • Price proposal template, pricing narrative, and pricing support
  • Financial statements
  • Subcontracting plan
  • Technical proposal
  • Professional compensation plan
  • Commercial supplier agreements
  • Previous cancellation and rejection letters
  • Commercial sales practices
  • Commercial or market pricing

You must download separate documents, depending on your proposed product/service. Option categories include: office management, facilities, furniture and furnishings, human capital, industrial products and services, information technology, miscellaneous, professional services, scientific management and solutions, security and protection, transportation and logistics, and travel.

The old standards survive. You must submit via eOffer, the pilot TDR still applies, and you must sell $25,000 per year from the Schedule to keep it. Pathways to Success and the Readiness Assessment remain, as does AbilityOne and SCA.

All service AND product offers must now provide corporate experience and quality control narratives. Furthermore, you now have the option to submit CPARS reports instead of Open Ratings or even a narrative if your company hasn’t six references required by Open Ratings. One positive: GSA now requires only one past project description per service.

The following ominous clause has been included: “The offeror must provide a full and broad array of proposed products/services. An offer will not be accepted with limited product/service offerings unless it represents a total solution for the offeror or proposed product/service offering.” Will small, niche businesses have a more difficult time obtaining an award? Hope not.

Also, until SAM has added representations for the new FAR clause regarding covered telecommunication equipment and services (see our Blog post from 10 September) from particular Chinese companies, proposal submissions must include a statement noting compliance with n 52.204-24 Representation Regarding Telecommunications and Video Surveillance Services or Equipment.

Once awarded, yearly increases for contractors will be capped at four percent for the Human Capital Category, five percent for Professional Services and Travel, and ten percent for all others.

Yes, it’s complicated, and yes we have a handle on it. We are primed and ready to answer all your questions either about a new proposal or your current Schedule. Just give us a call.