Skip to content Skip to left sidebar Skip to right sidebar Skip to footer

Cybersecurity

Higher federal procurement standards for IT providers – Are you ready?

The White House is spearheading an interagency endeavor concentrating on software development that will determine federal procurement of information technology (IT). In the coming weeks, vendors can expect to see new IT security standards, governmentwide. This comes after many tech companies complained that the effort under the Trump administration limited the import of information and communications technology from “foreign adversaries.” While leaving the definition of the term “foreign adversary” up to the Commerce Secretary. In addition, the rule as it stands today is broad and raises concerns over due process.

The SolarWinds breach will ultimately raise the bar on vendor security, banning tech from many countries, not just China. It also focuses on vendors and the possibility of vulnerability disclosure policies that encourage reporting weaknesses in their products. Ultimately, vendors providing IT products and services to federal agencies must have the proper level of cybersecurity in place.

Cybersecurity and Infrastructure Security Agency Acting Director Brandon Wales said agencies are working together to ensure consistency in the government’s approach to supply chain security across the Commerce Department rule, an executive order aimed at removing foreign adversaries from the bulk power sector. Wales also said, “the administration is counting on higher federal procurement standards to elevate security across the private sector as well.”

Are your IT products compliant? Give us a call.

 

 

CTA and Small Businesses

In January, Congress enacted the 2021 National Defense Authorization Act. It includes amendments to the U.S. Anti-Money Laundering Act, the most noteworthy of which is the Corporate Transparency Act (CTA). (JDSupra, March 22, 2021)

The most significant elements of the CTA to know now:

  • CTA legislation requires “beneficial” business owners to report specific information to the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN). A beneficial owner directly or indirectly controls at least 25 percent of the company. Beneficial owners must report their full name, date of birth, current address, and unique identification number. This information will help  prevent the formation of shell companies and money laundering as well as terrorist organization funding.
  • Unless exempt, all privately held businesses in the U.S. are subject to the CTA reporting requirements.
  • CTA becomes effective 1 January 2022. Businesses formed after that time must submit reports within two years.  All business changes are required to be reported within one year.
  • Businesses should add beneficial owner information collection into their operations especially when there are multiple qualifying beneficial owners, as reporting/update deadlines can be cumbersome.
  • Failure to report or update beneficial owner information may include civil penalties up to $500 per day until the violation is corrected as well as criminal fines up to $10,000 and imprisonment for up to two years. (ibid)

The good news is that business entities have almost a full year to get their CTA reporting controls in place, to meet the 1 January 2022 effective date.

Have some CTA regulation reporting questions? Give us a call.

 

Security Clearance Due Process Streamlining

The Defense Department is streamlining process procedures for individual security clearances. (Defense Systems, January 27, 2021). On 19 January, the Under Secretary of Defense issued a memorandum to “simplify, centralize and unify the established administrative process for unfavorable security clearance eligibility hearings and appeals. The memo directs DoD unit heads to allow applicants to: “cross-examine” those who made negative statements about them, and receive documentation on the administrative due process. However, all unit heads retain the ability to “deny or suspend” access to classified information or Special Access Programs if an individual is found to be “inconsistent with protecting the national security.” (ibid)

“The policy is effective upon DoD General Counsel (GC) certification to USD (I&S) that DOHA has prepared, but no later than September 30, 2022.” (ibid)

Was your application for a security clearance revoked and you are not sure what to do next? Give us a call.

Polaris Replacing Alliant 2

This past July, GSA put to rest the Aliant 2 Small Business contract. The just last week, GSA released a draft RFP named Polaris, a Governmentwide Acquisition Contract (GWAC) to provide customized Information Technology (IT) services-based solutions.  The draft RFP breaks out small business contractors into specific “pools,” for Small Business, HUBZone Small Businesses, and Women Owned Small Businesses. GSA reserves the right to add additional pools when deemed necessary. (beta.SAM.gov, December 31, 2020)

According to the draft RFP, Polaris will provide agencies with customized IT services and IT services-based solutions, which can be tailored to meet particular mission needs and may include any combination of IT services and new and emerging technologies. (ibid)

GSA encourages contractors to provide innovative solutions to task order requirements prioritizing emerging technologies.  Examples of emerging technologies included within the draft RFP are:

  • Advanced and Quantum Computing — cryptography/encryption, secure communications, design of high-performance computers, computer clusters, and networks, Quantum Machine Learning
  • Artificial intelligence (AI) — Computer Vision, Deep Learning, Machine Learning, Natural Language Processing (NLP),  Spatial Computing, Speech Recognition
  • Automation technology — Robotic Process Automation (RPA), Automated Messaging Services, Data Cleaning Scripts, Interactive Voice Response (IVR), Smart Notification
  • Distributed ledger technology — Blockchain Implementation Solutions, DLT Network Design Services, Smart Contract Programming Services
  • Edge computing — 5G Implementation Services, Edge Analytics, Edge Application Services, Edge Computing Architecture Design Services, Internet of Things (IoT) Services
  • Immersive technology  — Virtual Reality, Augmented Reality

Examples of Performance areas within the draft RFP are as follows:

  • Cloud Services
  • Cybersecurity
  • Data Management
  • Information and Communications Technologies
  • IT Operations and Maintenance
  • Software Development
  • System Design

Contractors may “provide ancillary support as necessary to offer an IT services-based solution,” but, as with the GSA Schedule, only “when it is integral to and necessary for the IT services-based effort.” (ibid)

Contractors should take note of the security considerations as purchasers may be from the Department of Defense as well as civilian agencies. In particular, the Defense Department’s Cybersecurity Maturity Model Certification is a developing regulation and requirement included in the draft RFP. Additional Cybersecurity and Supply Chain Risk Management (SCRM) requirements are expected to also be included. (ibid)

All draft RFP feedback is due by 4:00 PM Central Time, January 29, 2021.

Have questions concerning the draft RFP, who can respond, and how? Give us a call.