Skip to content Skip to left sidebar Skip to right sidebar Skip to footer

Tag: CMMC

The Army’s end of year checklist for Small Businesses

Prepare for success in 2025 by reviewing your business strategy and making key updates. Use this checklist to stay on track and position your business for growth.

  • Update Legal Documents and Certifications Keep your licenses, permits, and registrations current. Apply for SBA certifications at Certify.SBA.gov, and refine your Capability Statements to highlight past performance. (Army Office of Small Business December 23, 2024)
  • Explore New Contracting Opportunities Check Acquisition.gov and the GSA Forecast Tool to discover upcoming federal contracts. Use SubNet to find subcontracting opportunities posted by large prime contractors. (ibid)
  • Tap Into Mentorship and Support Connect with your local APEX Accelerator for personalized advice and free resources. SCORE Mentors offer expert insights on strategy, marketing, and operations. (ibid)
  • Plan Your Finances Review financial statements, gather tax documents, and visit IRS.gov for updates. Consider working with a tax professional to maximize deductions and stay compliant. (ibid)

Action taken today can lead to big successes in the year ahead. Find more information at army.mil/osbp. (ibid)

If you would like assistance updating licenses and permits, crafting a capabilities statement, or exploring new opportunities, give us a call.

Three DoD DFARS will soon become permanent rules

According to a recent statement by Katie Arrington, the Pentagon’s CISO for acquisition and sustainment, three Defense Federal Acquisition Regulation Supplements (DFARS) for the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) will soon be permanent rules. (MeriTalk April 15, 2021)

The CMMC program enforces cybersecurity standards in the Defense Industrial Base (DIB) supply chain. The certification requirements will be part of all DoD contract requirements by 2026. (ibid)

The soon-to-be-permanent rules are:

  • DFARS Provision 252.204.7019 requires contractors to complete self-assessments and upload them into the DoD’s Supplier Risk Performance System (SPRS)
  • DFARS Clause 252.204.7020 takes place upon contract completion, allows DoD access to systems, facility, and personnel if DoD assesses the necessity due to risk
  • DFARS Clause 252.204.7012 requires all contractors to maintain adequate security of defense information that is “processed, stored or transmitted” on their network (ibid)

According to Arrington, 300,000 contractors need to get CMMC certified within the next five years. She said, “we have thought carefully about this, and making cybersecurity foundational to acquisition wasn’t something that we just thought “Let’s do it one time.” It has to be an enduring capability.” (ibid)

Questions concerning CMMC certification? Give us a call.

 

CMMC in GWACs

GSA is expected to begin applying the Department of Defense’s Cyber Maturity Model Certification (CMMC) at the order level to governmentwide acquisition contract vehicles. (Govconwire, November 10, 2020)

According to Keith Nakasone, deputy assistant commissioner for acquisition in the General Services Administration Office of IT, future Government Wide Acquisition Contracts (GWACs) will include CMMC requirements, layered in over time. In this video interview, Nakasone explains that the requirements are being added to make sure contracts are within scope for the Department of Defense, the largest GWAC customer. (Government Matters, November 8, 2020)

Nakasone hopes to educate and train industry partners on the CMMC requirements over time. Although he didn’t state outright that CMMC will become part of all future contracts, they are part of the Polaris draft RFP, scheduled for release in December. (ibid)

Need assistance in understanding the CMMC requirements? Give us a call.

Self-Assess No More

Cybersecurity for  Department of Defense (DoD) contractors is an ongoing issue. Now, DoD is issuing an interim rule to implement an Assessment Methodology and Cybersecurity Maturity Model Certification framework. This will assess contractor implementation of cybersecurity requirements and enhance the protection of unclassified information within the DoD supply chain. (Federal Register, DFARS Case 2019-D041 Action: Interim Rule)

The current self-attestation of NIST Special Publication (SP) 800-171 is not working due to a lack of DoD verification. Until the implementation of the interim rule, DoD did not have a mandate to verify contractor basic safeguarding or security requirements prior to contract award.  This regulation changes that. The interim rule adds a process for contractors to  implement cybersecurity requirements. This is to be accomplished while the DoD’s Cybersecurity Maturity Model Certification (CMMC) and the procedures with the Accreditation Body (AB) are solidified. (Meritalk, September 28, 2020)

Questions about how the new rule will affect your contract or upcoming bid and what you can expect? Give us a call.