Skip to content Skip to left sidebar Skip to right sidebar Skip to footer

Contract management

Updating Govt Cloud Security

Cloud vendors will soon see standardized security liability language in all government contracts. This is partly due to agencies’ migration to the cloud being sped up once the pandemic hit and increased teleworking, making the need for cybersecurity assurances essential. (Nextgov, May 20, 2020)

Thomas Santucci, the director of the Data Center and Cloud Optimization Infrastructure Program Management Office at GSA, recently elaborated on the subject, “I think there is a need to update our [service level agreements] with the cloud providers and we’re actively working on that within [the General Services Administration]…. OMB has just stood up a [program management office] to work on a cloud SLA template for the federal government to be attached to every contract.” (ibid)

When referring to the pandemic, Santucci said, “Users are now remote rather than in a central building or campus. Agencies that are doing well are mostly in the cloud with little or no impact. Remote users do not need a [virtual private network] to gain access to their emails or files, collaboration products have significantly reduced file duplicates, and bandwidth consumption is between the home internet connection and the cloud. It’s a great success story.” (ibid)

Officials at the National Institute of Standards and Technology (NIST) believe moving to the cloud does not mean security is a “one and done” feature. There are many considerations that customers may be responsible for under contracts. Increased use of cloud services is not 100 percent secure.

Rep. Doris Matsui, D-California recently wrote to NIST Director Walter Copan, requesting NIST work to establish metrics to accompany their Cybersecurity Framework. The framework allows entities to implement security controls based on their needs. Matsui’s letter to Copan asked for ways to evaluate the security implications of those decisions. Matsui states, “with quantifiable measurement tools, cybersecurity strategies can be compared across industries and between entities. Metrics and measurements that facilitate comparisons and assess risk will be valuable for consumers, companies, and governments.” (ibid)

Wondering how your contract or upcoming proposal might be impacted by cloud migration and updated service level agreements? Give us a call.

Industry Looking to GSA for Guidance

Agencies are pressuring GSA to provide guidance for meeting deadlines to modernize telecommunications. The  pandemic has delayed many agency transitions, thus making those deadlines nearly impossible to meet. (FEDSCOOP, May 12, 2020)

COVID-19 slowed task order awards under the Enterprise Infrastructure Solutions (EIS) contract, the government’s $50 billion telecom and network modernization channel. In some cases where task orders have been awarded, agencies can’t provide contractors clear instructions. Many believe the task order award delays impede the move from Networx, Washington Interagency Telecommunications System 3, and local service area contracts.

Legacy contracts are set to expire in May 2023. The GAO expects 19 of the agencies who spend the most on EIS to be transitioned over by the legacy expiration date; however many will not meet the GSA’s more aggressive 30 September 2022 deadline. (ibid)

Allen Hill, executive director of telecom services in the Office of IT Category at GSA believes agencies will make GSA aware of the effects of the pandemic, and GSA will in turn work with agencies on a case by case basis. (ibid)

The Department of Defense has their own strategy. They are beginning to rely on the lowest price technically acceptable (LPTA) source selection for EIS. DoD plans to report the methodology used to award contracts and task orders in June, once the Federal Procurement Data System modification is complete. Meanwhile, the Defense Information Systems Agency executed six EIS awards last month. Most EIS solicitations are “best value” yet agencies need to balance the overall cost of their transition with the time for implementation. (ibid)

Unfortunately, when agencies speed up transition, companies have less time to address task order requirements properly. This puts the risk on industry to provide the best value while accurately responding to agency requirements. Many task orders were written prior to the pandemic, therefore contractors are forced to address network issues while teleworking. The time it takes to address issues is naturally increased. (ibid)

“Agencies are encouraged to examine any gaps in their network infrastructures and ensure they make appropriate adjustments to their EIS task orders to provide needed capabilities. Modern IT demands modern infrastructure,” Hill stated. (ibid)

Have questions concerning a delayed task order or need one? Give us a call.

CMMC not for COTS

A recent modification to DoD’s website spells out a small but very specific change about the Cybersecurity Maturity Model Certification (CMMC): it’s not applicable to DoD suppliers that only provide commercial-off-the-shelf products. (FedScoop, May 5, 2020)

Originally, DoD and CMMC administrators explained that all contractors and subcontractors must be certified under  CMMC by a third-party assessor. However, a few weeks ago, the Office of the Under Secretary of Defense for Acquisition and Sustainment changed the official website. The revised FAQ section states: “Companies that solely produce Commercial-Off-The-Shelf (COTS) products do not require a CMMC certification.” (ibid)

CMMC is in place to certify contractors have the cybersecurity practices in place to work with controlled unclassified information, the actual products themselves. (ibid)

Wondering if CMMC applies to the products and or services you provide? Give us a call.

GSA, Pandemic Style

GSA is moving quickly to enact several initiatives while responding to the COVID-19 pandemic. Because the current state of emergency necessitates the Federal Acquisition Service to purchase medical supplies and other equipment at a fast clip, Contracting Officers have no choice but to react with a fair amount of speed and flexibility. (Federal News Network, May 1, 2020)

This includes:

  • changing policies for prompt payment and onboarding/offboarding of contractors
  • construction of the new e-commerce marketplace platform, which was paused during the first few weeks of the pandemic, is now moving forward, albeit at a much slower pace
  • monitoring other initiatives possibly impacting by the pandemic, such as Enterprise Infrastructure Solutions (EIS)
  • continuing corrective actions on Alliant 2 revised proposals
  • expanding the small business innovation research (SBIR) program, part three

Some government markets, like travel, have declined; however cleaning products and enhanced screening services have increased exponentially. (ibid)

Any questions about getting your product or service in front of government buyers? Give us a call.

PPP Payback?

Last week, the Small Business Administration (SBA) launched a second round of the Paycheck Protection Program. PPP allows banks to “forgive” government-guaranteed loans to small businesses struggling due to the pandemic. Unfortunately, government guidance on necessary documentation/calculations to ensure forgiveness is sorely lacking.

Many small business owners expect their loans to ultimately be forgiven “but it is not that simple,” according to Paul Merski, of the Independent Community Bankers of America. He advises that everyone keep “their information and paperwork in order.”(Reuters, May 1, 2020)

The PPP regulation states the following:

  • Borrowers must spend 75 percent of the loan on payroll costs like salaries, tips, leave, severance pay, and health insurance, within the first two months.
  • Borrowers must spend the remaining 25 percent on other “running” costs, such as utilities and rent.

All money spent on non-qualifying expenses must be repaid within two years at a one percent annual interest rate. (ibid)

Confusion and uncertainty surround the re-payment or forgiveness process itself. Who certifies that borrowers actually meet the 75 percent threshold and using borrowed funds as required? Will SBA will issue standard guidelines for forgiveness? Small business owners need to know which documents to maintain and records to keep. EZGSA, like all of you, await some clarity on next steps.

Are you unclear on your Small Business loan payback? We will let you know as soon as we do. In the mean time, feel free to give us a call.