Skip to content Skip to left sidebar Skip to right sidebar Skip to footer

Tag: cybersecurity

Three DoD DFARS will soon become permanent rules

According to a recent statement by Katie Arrington, the Pentagon’s CISO for acquisition and sustainment, three Defense Federal Acquisition Regulation Supplements (DFARS) for the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) will soon be permanent rules. (MeriTalk April 15, 2021)

The CMMC program enforces cybersecurity standards in the Defense Industrial Base (DIB) supply chain. The certification requirements will be part of all DoD contract requirements by 2026. (ibid)

The soon-to-be-permanent rules are:

  • DFARS Provision 252.204.7019 requires contractors to complete self-assessments and upload them into the DoD’s Supplier Risk Performance System (SPRS)
  • DFARS Clause 252.204.7020 takes place upon contract completion, allows DoD access to systems, facility, and personnel if DoD assesses the necessity due to risk
  • DFARS Clause 252.204.7012 requires all contractors to maintain adequate security of defense information that is “processed, stored or transmitted” on their network (ibid)

According to Arrington, 300,000 contractors need to get CMMC certified within the next five years. She said, “we have thought carefully about this, and making cybersecurity foundational to acquisition wasn’t something that we just thought “Let’s do it one time.” It has to be an enduring capability.” (ibid)

Questions concerning CMMC certification? Give us a call.

 

NIST looking for a Small Cybersecurity Business – Do you qualify?

The National Institute of Standards and Technology (NIST) is looking for a small business to assist with the creation of privacy and cybersecurity standards that will apply to federal agencies. Additionally, NIST hopes to gain assistance with the development and modeling of software and applications for various tools, including the National Vulnerability Database.(Nextgov March 29, 2021)

The sources sought notice posted on beta.SAM.gov states, “with a new and re-energized national emphasis on information security, the NIST Information Technology Laboratory’s (ITL) Computer Security Division (CSD) is uniquely positioned to ensure that new technology initiatives are selected, deployed, and operated in a manner that does not increase the risk to organizational missions, individuals and the Nation.” (ibid)

“NIST expects the requirements of its mission to expand and anticipates the need for support in meeting these requirements. The support needed to ensure a successful mission ranges from internal programmatic support to technical expertise and research consulting in a wide range of cyber and information security areas.” (ibid)

Do you qualify for the cybersecurity SINs? Give us a call.

Higher federal procurement standards for IT providers – Are you ready?

The White House is spearheading an interagency endeavor concentrating on software development that will determine federal procurement of information technology (IT). In the coming weeks, vendors can expect to see new IT security standards, governmentwide. This comes after many tech companies complained that the effort under the Trump administration limited the import of information and communications technology from “foreign adversaries.” While leaving the definition of the term “foreign adversary” up to the Commerce Secretary. In addition, the rule as it stands today is broad and raises concerns over due process.

The SolarWinds breach will ultimately raise the bar on vendor security, banning tech from many countries, not just China. It also focuses on vendors and the possibility of vulnerability disclosure policies that encourage reporting weaknesses in their products. Ultimately, vendors providing IT products and services to federal agencies must have the proper level of cybersecurity in place.

Cybersecurity and Infrastructure Security Agency Acting Director Brandon Wales said agencies are working together to ensure consistency in the government’s approach to supply chain security across the Commerce Department rule, an executive order aimed at removing foreign adversaries from the bulk power sector. Wales also said, “the administration is counting on higher federal procurement standards to elevate security across the private sector as well.”

Are your IT products compliant? Give us a call.

 

 

Alliant 2 is Out/Polaris is In

After a year of protests and federal court hearings, the Government Accountability Office has canceled its $15 billion Alliant 2 Small Business contract. GAO is calling the replacement contract “Polaris.” A GSA spokesperson said, “Polaris will not only guide small businesses through the federal market, it will also help GSA customer agencies through the acquisition of IT service-based solutions, and give GSA a chance to improve our offerings and set the agency on a solid course for the future.” (GSAblogs.gsa.gov, October 1, 2020)

Administration sees the industrial base broadening by:

  • Pricing Strategy: GSA plans to increase its pool of qualified small businesses that serve federal agencies. GSA will employ Section 876 of the Fiscal Year 2019 National Defense Authorization Act, allowing contract awards to qualifying contractors without consideration of prices for hourly services. Focus on price competition ultimately takes place at the task order level.
  • On-ramps: Allows for an expanded industrial base as technology changes and for vendors to be considered on the GWAC following an initial award period.
  • Opportunity Expansion: An increased opportunity for HUBZone and woman-owned businesses.
  • Embracing Technology to Maximize Efficiency: Polaris will provide agencies with access to emerging technology providers, especially those offering artificial intelligence, automated technologies, blockchain, 5G implementation, cybersecurity, and cloud. (ibid)

The vendor evaluation strategy will be similar to that used in the Veterans Technology Services 2 and Alliant 2 contracts. Both were guided by industry comments. FAS may utilize an online proposal submission tool to speed up Polaris contract awards, as well as a modified evaluation strategy. (Federal Computer Week, October 5, 2020)

Questions about the Polaris evaluation strategy and how your company might do business on the platform? Give us a call.

Can Alliant 2 Be “Newer, Better” ?

GSA has finally put us all out of our Alliant 2 Small Business misery. Last week they canceled the acquisition contract. The original award was wrought with confusion, protests, and court disputes, so cancellation isn’t that surprising. (Nextgov, July 2, 2020)

However, GSA promises that the small business IT instrument will live on in a newer, better solicitation. Keep your eyes peeled for the larger and newly structured solicitation. No word yet on the release date of the new solicitation. (ibid)

Laura Stanton, acting GSA Assistant Commissioner for the Office of Information Technology when announcing the cancelation said, “The needs of our customer agencies, small business partners, and industry partners are rapidly evolving, GSA is committed to finding ways for our GWACs to reflect the current IT marketplace so that we can maximize the opportunities for small and women-owned, HUBzone, service-disables veteran-owned, and 8(a) small businesses to contract with the government for cybersecurity, emerging technology, and IT supply chain risk management needs.”

Stanton also said, “we are working to expand the number of master contract awards to highly qualified small businesses on our GWACs, while focusing on technology requirements that support our customer agencies for future mission success.” (ibid)

Questions about the cancellation and or the upcoming solicitation? Give us a call.