Skip to content Skip to left sidebar Skip to right sidebar Skip to footer

Federal Contracting

Modernizing and Funding IT

GSA will continue IT modernization through the new fiscal year, according to Suzette Kent, Federal Chief Information Officer, and Emily Murphy, GSA Administrator. (Federal Times, October 21, 2019)

While Kent and Murphy were speaking at the American Council for Technology-Industry Advisory Imagine Nation conference, the Technology Modernization Fund (TMF), announced $8 million of funding to be made available for the Department of Agriculture and $4 million for the Equal Employment Opportunity Commission (EEOC). (TMF provides funding to agencies for IT projects.) TMF recently granted GSA $20 million for its New Pay HR system.

The EEOC will implement a Cloud-based charge and case management system while the Agriculture project will replace an outdated, manual IT system used for food inspection and certification. Both of these systems have thousands of touch points around the country. The Office of Management and Budget has said both agencies will leverage modern commercial capabilities to move their digital modifications. (ibid)

Interested in the upcoming GSA RFQ or DoA or EEOC opportunities? Give us a call.

Update on GSA’s Schedule Consolidation

Stephanie Shutt, who is spearheading the GSA Schedule consolidation, recently spoke about the effort’s three phases. On October 1, GSA completed the first phase of the consolidation and released the new single solicitation. (Nextgov, October 9, 2019)

Phase one organizes the Multiple Award Schedule Consolidation into categories that correspond to OMB’s category management approach. This allowed GSA to work with a template instead of starting from nothing. During the Schedule review, duplicates were removed as were multiple versions of specific contract clauses. (ibid)

To date, the Schedules had been divided into service and supply subcategories or Special Item Numbers (SINs). Duplicate SINs were removed, about 600 in all. The new SINs structure is based on the North American Industry Classification System (NAICS) which many agencies already use. (ibid)

Phase two, set to begin after the new year, will focus on existing contract holders completing a mass modification to update their base terms and conditions, which will ultimately moving most current holders to the new Schedule. Updates do not apply to negotiated elements of contracts, such as warranties or periods of performance. They will, however, impact the baseline terms and conditions. Vendors will also see a relocation of SINs and have the opportunity to select SINs that previously were across separate Schedules. Look for an advanced notice regarding mass modifications from GSA in early November. (ibid)

Phase three is slated to launch in July 2020. During this time, contracting officers will assist multiple Schedule holders with more than five years remaining on their contracts to consolidate into a single contract under the new Schedule. (ibid)

Shutt stressed that vendors with one contract under MAS or multiple contract holders that see completion within the next five years will have reviewed and completed the process by signing the “mass mod” during phase two. Phase three affects only contractors with multiple contracts, especially those with more than five years remaining on the contract. Those particular contractors will receive support directly from Shutt’s team to devise a plan to funnel all products and services down to one contract. (ibid)

Questions about how these phases might affect your current contract or a current bid? Give us a call.

CMMC a Plus for Small Businesses?

Katie Arrington, on staff  with the Undersecretary of Defense for Acquisition and Sustainment believes nation-states are actively targeting small businesses digitally. And, she says, we are losing the battle of cyberattacks. (Fifth Domain, October 8, 2019)

According to Arrington, rivals cost the US an estimated $600 billion per year and 5G will multiply that number exponentially by 2025. As a result, Arrington believes the cybersecurity maturity model certification (CMMC) is actually intended for small businesses. (ibid)

CMMC grades company cybersecurity on a scale of one (least secure) to five (most stringent). Small businesses must comply with a tiered rating structure. So a company offering cleaning services may need only comply with CMMC level one while an engineering firm is held to level four

Arrington says that CMMC levels the playing field. Old compliance standards allowed companies to perform their contracts while working on their plan of action to become technically acceptable. This left sensitive systems that require additional security controls vulnerable and with weak spots. Many small businesses do not have the resources to obtain a high CMMC level, ultimately limiting competition in the marketplace; others fear the costs will be so high, that small companies will be priced out of the marketplace and limit their ability to compete on government contracts. 

The most recent Navy breaches targeted contractors without classified information per se, but taken in total the data disclosed sensitive capabilities. This is exactly what the CMMC framework addresses. (ibid)

Requests for proposals are expected to include CMMC requirements, as early as fall 2020.

Questions about CMMC requirements? Give us a call.

CMMC RFI

The Department of Defense (DoD) has issued a request for information for the “long-term implementation, functioning, sustainment, and growth” of the Cybersecurity Maturity Model Certification (CMMC). (FedBizOps.gov, October 3, 2019)

Last month, DoD issued version 0.4 of the CMMC. Contractors may now see the cybersecurity standards required when working on projects with controlled but unclassified information. CMMC will assist DoD to secure more than 300,000 organizations. (Fed Scoop, October 4, 2019)

The accreditation body does not directly perform the assessments but manages third-party organizations that do. It is  a nonprofit that utilizes “revenues generated through dues, fees, partner relationships, conferences, etc.” to fund the work.  The deadline to submit feedback is October 21, 2019. (FedBizOps.gov ibid)

We’d be glad to discuss this RFI with you. Just give us a call.