Government contracts 2022 — Year in review

January 5, 2023 Leave a comment

By Hollie Kapos, Legal Counsel Director, immixGroup

2022 was a busy year, and it was easy to miss some big changes in commercial item government contracting. Below are some key updates from 2022 and what immixGroup is keeping an eye on in 2023 and beyond.

GSA Ascend BPA for Cloud
Ascend is a multiple-award blanket purchase agreement (BPA) under the cloud and professional services Multiple Award Schedule SINs intended to simplify acquisition of secure cloud solutions. Task orders under the BPA will be placed under one or more of three pools: (1) infrastructure- and platform-as-a-service, (2) software-as-a-service, and (3) cloud IT professional services. The BPA will also establish minimum cybersecurity requirements, including cybersecurity supply chain risk management (C-SCRM) and zero trust architecture (ZTA). GSA released a draft performance work statement in May, followed by a market research request for information in July. Using feedback it obtained from industry, GSA plans to release a draft request for quotations in 2Q2023. Suppliers looking to add products to the Ascend BPA should start preparing now; products will need to be on SIN 518210C for eligibility. Read Tara Franzonello’s Washington Technology article for more information.

Read more of this post

Filed under Contracting, Market Intelligence, Sales Tagged with , , , , , ,

CMMC 2.0 streamlines requirements for contractors

November 9, 2021 Leave a comment

By Hollie Kapos, Corporate Counsel

In September 2020, DoD published an interim rule to implement CMMC, which became effective November 30, 2020. The DoD received over 850 public comments in response, citing concerns with cost, trust in the assessment ecosystem, and alignment to other federal requirements.

Accordingly, it began an internal assessment of CMMC policy and implementation and, as a result, DoD has just announced CMMC 2.0, which makes several substantial changes from the original model.

Levels streamlined in CMMC 2.0

Levels 2 and 4 have been removed, so there are now only three instead of five levels of compliance as follows:

  • CMMC Level 1, Foundational – Requires implementation of the 17 controls from NIST SP 800-171 enumerated in FAR 52.204-21 and submission of an annual self-assessment to the DoD through the Supplier Performance Risk System (SPRS).  
  • CMMC Level 2, Advanced – Requires implementation of the 110 controls in NIST SP 800-171 and submission of an annual self-assessment or, if required to handle “critical national security information” (currently undefined), a triennial independent assessment performed by a CMMC Third Party Assessment Organization (C3PAO). 
  • CMMC Level 3, Expert – Requires implementation of the 110 controls in NIST SP 800-171 and a subset of controls from NIST SP 800-172 and a triennial government-led assessment. Requirements for level 3 are still being developed.
Read more of this post

Filed under CMMC, Contracting, Market Intelligence, Sales Tagged with , ,

2020 Federal Contracts: A Busy Year for New Regulations and Initiatives

December 3, 2020 Leave a comment

By Hollie Kapos, Corporate Counsel

With all that happened in 2020, it was easy to miss some of the new regulations and initiatives impacting government contractors. This blog summarizes the key updates immixGroup has been tracking that are particularly relevant to commercial item contracting.

January-Current

GSA MAS Consolidation. Twenty-four former GSA Schedules, each for different supplies and services, were consolidated into a single schedule. We started the year in Phase II of the GSA MAS Consolidation, which was the process of updating terms and conditions to reflect the new solicitation. Phase II was completed in July, with 99% of contractors signing the mass modification. Under Phase III, which began in August, multiple vendor contracts will be consolidated into single contracts. Read more of this post

Filed under CMMC, Contracting, Market Intelligence, Sales Tagged with , , , ,

CMMC Interim Rule Includes New Compliance Requirements

October 7, 2020 Leave a comment

By Hollie Kapos, Corporate Counsel

You never know what surprises will pop up in the last few days of the government’s fiscal year, and this year there was a big one with the Interim Rule implementing DOD’s Cybersecurity Maturity Model Certification (CMMC).

The Interim Rule (“IR”), published on September 29, 2020 and effective as of November 30, 2020, adds the widely anticipated new DFARS clause for inclusion in DOD contracts implementing CMMC: 252.204-7021 (Contractor Compliance with the Cybersecurity Maturity Model Certification Level Requirement). No surprise there.

But, the IR unexpectedly came with two additional clauses, DFARS 252.204-7019 (Notice of NIST SP 800-171 DOD Assessment Requirements) and DFARS 252.204-7020 (NIST SP 800-171 DOD Assessment Requirements), which require the immediate attention of federal contractors and their subs.  Read more of this post

Filed under CMMC, Contracting, Market Intelligence, Sales Tagged with , ,

Tips for Preparing for DOD’s New CMMC

December 18, 2019 3 Comments

By Hollie Kapos, Corporate Counsel

The Cybersecurity Maturity Model Certification (CMMC) has been one of the hottest topics in government contracting this year. In fact, one of my colleagues addressed the topic in a blog on DOD and CMMC just a few months ago.

And no wonder everyone’s talking about it – it applies to ALL companies doing business with DOD, including OEMs, distributors and resellers. Here’s some basic information to help you prepare no matter where you are in the supply chain.

What is CMMC?

Intellectual property theft and cybercrime cost the United States billions of dollars and threatens national security. In order to protect government information from theft and other malicious cyber activity, DOD is making cybersecurity an acquisition foundation. Accordingly, DOD is developing the Cybersecurity Maturity Model Certification – a certification process to measure a company’s ability to protect sensitive government data.

Read more of this post

Filed under CMMC, Market Intelligence, Sales Tagged with ,

%d bloggers like this: