Skip to content Skip to left sidebar Skip to right sidebar Skip to footer

Small Business

CMMC a Plus for Small Businesses?

Katie Arrington, on staff  with the Undersecretary of Defense for Acquisition and Sustainment believes nation-states are actively targeting small businesses digitally. And, she says, we are losing the battle of cyberattacks. (Fifth Domain, October 8, 2019)

According to Arrington, rivals cost the US an estimated $600 billion per year and 5G will multiply that number exponentially by 2025. As a result, Arrington believes the cybersecurity maturity model certification (CMMC) is actually intended for small businesses. (ibid)

CMMC grades company cybersecurity on a scale of one (least secure) to five (most stringent). Small businesses must comply with a tiered rating structure. So a company offering cleaning services may need only comply with CMMC level one while an engineering firm is held to level four

Arrington says that CMMC levels the playing field. Old compliance standards allowed companies to perform their contracts while working on their plan of action to become technically acceptable. This left sensitive systems that require additional security controls vulnerable and with weak spots. Many small businesses do not have the resources to obtain a high CMMC level, ultimately limiting competition in the marketplace; others fear the costs will be so high, that small companies will be priced out of the marketplace and limit their ability to compete on government contracts. 

The most recent Navy breaches targeted contractors without classified information per se, but taken in total the data disclosed sensitive capabilities. This is exactly what the CMMC framework addresses. (ibid)

Requests for proposals are expected to include CMMC requirements, as early as fall 2020.

Questions about CMMC requirements? Give us a call.

CMMC RFI

The Department of Defense (DoD) has issued a request for information for the “long-term implementation, functioning, sustainment, and growth” of the Cybersecurity Maturity Model Certification (CMMC). (FedBizOps.gov, October 3, 2019)

Last month, DoD issued version 0.4 of the CMMC. Contractors may now see the cybersecurity standards required when working on projects with controlled but unclassified information. CMMC will assist DoD to secure more than 300,000 organizations. (Fed Scoop, October 4, 2019)

The accreditation body does not directly perform the assessments but manages third-party organizations that do. It is  a nonprofit that utilizes “revenues generated through dues, fees, partner relationships, conferences, etc.” to fund the work.  The deadline to submit feedback is October 21, 2019. (FedBizOps.gov ibid)

We’d be glad to discuss this RFI with you. Just give us a call.

GSA Updating their e-Market Portal

On October 1st, GSA issued a solicitation requesting proposals from e-marketplace portal providers. The solicitation is for the initial proof of concept of the Commercial Platforms program, part of the foundation of GSA’s Federal Marketplace Strategy (FMP) to simplify federal buying and selling and how federal agencies buy commercial off-the-shelf products. Proof of concept implementation is through partnerships with many commercial e-marketplace platform providers currently offering business-to-business capabilities. This gives federal agencies greater visibility into their online spending. (GSA.gov, October 2, 2019)

GSA Administrator Emily Murphy said, “As federal procurement continues to evolve, simplifying how we purchase basic commodities will allow agencies to focus more on work that directly serves their missions. Federal agencies spent approximately $260 million using online portals last year and it is critical that we use the Commercial Platforms program to better understand and manage this.” (ibid)

The proof of concept is GSA’s kickoff for changing the way federal agencies purchase commercial products via the open market, implementing the requirement of Section 846 in the FY 18 National Defense Authorization Act (NDAA). Last year GSA conducted stakeholder outreach and market research to get a better understanding of the open market place. They determined to take small steps through an iterative program management approach to Commercial Platforms. (ibid)

Proposals are due by November 1, 2019, at 5 PM EST. (FedBizOpps.gov, October 1, 2019)

Are you wondering how the e-marketplace will affect your current contract? Do you provide B2B services in the private sector and have questions about the solicitation? Give us a call.

Dun(s) Dun Dun Dun … No More

After almost 60 years of utilizing a DUNs number, every organization doing business with the government will receive a new identification number. Beginning in December 2020, the number and the process to acquire the Unique Entity Identifier (UEI) will change. The new identifier will be generated through SAM.gov; however, DUNS numbers will be retained for historical purposes and Dunn & Bradstreet open data limitations remain in effect in perpetuity.

GSA is moving to a new, non-proprietary identifier, a 12 character alpha-numeric value, will be assigned by the System for Award Management. The Federal Register announced the new (UEI), including the identifier standards. Additional updates to the UEI can be found here: gsa.gov/entityid. (GSA.gov Unique Entity Identifier Update, September 9, 2019)

As you can imagine, many questions surround the upcoming change, and GSA’s recent online meeting answered some of them. Those that missed the meeting or want to listen again can find the presentation at beta.SAM.gov  and selecting the UEI video link. All questions submitted and answers provided are also available on this downloadable pdf.

The transition phase began in July of 2019, but DUNS will continue as the official identifier until December 2020. During the transition, all existing entity registrations will automatically be assigned a new UEI which will be displayed in SAM.gov and no one will be required to re-enter this data. (ibid)

Thinking this small change can lead to a lot of confusion? Have some questions that didn’t get asked or answered during the GSA public meeting? Give us a call.

Program UnSupport Center

Back in June, the Health and Human Services Department (HHS) announced it would halt assisted acquisition services for non-HHS customers after September 30, 2020. Until the announcement, HHS provided assistance through the Program Support Center (PSC). After the deadline, all 19 agencies (with more than $1.4 billion in contracts per year) who had contracts administered by HHS will have to look elsewhere or figure out how to administer the contracts themselves. (Government Executive, September 13, 2019)

PSC lacks the procedures, policies, and internal controls to work with agencies outside of HHS. In addition, questions have been raised as to whether the PSC is actually legally authorized to administer contracts for agencies outside of HHS. (ibid)

Many questions remain unanswered, such as the fate of bids in the process of evaluation. Unfortunately, the PSC is not communicating with customers at this time, according to Federal News Network. This is surprising, as the Office of the Assistant Secretary of Administration focused on the need for “continuous communication” in customer service. (ibid)

So where will all of these contracts be administered? An EPA spokesperson said EPA contracts will either placed on new or existing EPA contract vehicles or handled through interagency agreements with other federal agencies. The Office of Special Counsel is partnering with Merit Systems Protection Board to process a number of mission-critical procurements. In 2020 GSA is assisting OSC with their procurement requirements. (ibid)

If you have questions about how this affects a current bid or your current HHS-administered contract, give us a call.