GSA planning government-wide cloud BPA: What you need to know

By Adam Hyman, Director, Government Programs

Over the past couple years, immixGroup has tracked discussion about the General Services Administration putting together yet a new acquisition vehicle — this time around for cloud solutions. That initial chatter may now become reality.

In 2019, GSA released an RFI seeking industry input on providing cloud products and services in creative solution bundles, to better help customers with their business/technology needs and to save the government money.

This past October, GSA released another RFI related to cloud, making its intent clearer: GSA intends to establish a government-wide, Multiple Award Blanket Purchase Agreement using the following Special Item Numbers (SINs):

Read more of this post

NASCIO Survey shows three transformation areas: Digital services, cyber and people

By Chauncey Kehoe, SLED Contracts Manager

If 2020 was a roller coaster ride for state CIOs, the priority shaping their decisions now is to push forward with digital transformation.

The National Association of State Chief Information Officers publishes an annual survey of state CIOs and their perspectives. The 2021 State CIO Survey reveals insights from 49 state CIOs on the “short-term and long-term impact of the pandemic.”

The overwhelming consensus amongst state CIOs is that digital services, cyber security and people are going to continue to be top priority over the next year. This marks a shift from 2020, where, understandably, the emphasis was on initiating remote working and more online services for citizen programs.

I attended this year’s NASCIO conference, and what I heard from state CIOs was consistent with the survey findings. Let’s take a look at their current and planned focus areas.

Read more of this post

CMMC 2.0 streamlines requirements for contractors

By Hollie Kapos, Corporate Counsel

In September 2020, DoD published an interim rule to implement CMMC, which became effective November 30, 2020. The DoD received over 850 public comments in response, citing concerns with cost, trust in the assessment ecosystem, and alignment to other federal requirements.

Accordingly, it began an internal assessment of CMMC policy and implementation and, as a result, DoD has just announced CMMC 2.0, which makes several substantial changes from the original model.

Levels streamlined in CMMC 2.0

Levels 2 and 4 have been removed, so there are now only three instead of five levels of compliance as follows:

  • CMMC Level 1, Foundational – Requires implementation of the 17 controls from NIST SP 800-171 enumerated in FAR 52.204-21 and submission of an annual self-assessment to the DoD through the Supplier Performance Risk System (SPRS).  
  • CMMC Level 2, Advanced – Requires implementation of the 110 controls in NIST SP 800-171 and submission of an annual self-assessment or, if required to handle “critical national security information” (currently undefined), a triennial independent assessment performed by a CMMC Third Party Assessment Organization (C3PAO). 
  • CMMC Level 3, Expert – Requires implementation of the 110 controls in NIST SP 800-171 and a subset of controls from NIST SP 800-172 and a triennial government-led assessment. Requirements for level 3 are still being developed.
Read more of this post

Make it easier for your Army customers: How the ITES-SW2 helps you sell into this market

By Tara Franzonello, GSA Programs Consultant

Are you selling or planning to sell to the Army? Then you need to add your company and its products to the Information Technology Enterprise Solutions – Software 2 contract.

Nearly 3% of DoD IT contract spending in FY 2020 flowed through an ITES contract – that’s $1.64 billion. The Army believes that number will increase over the next couple of years.  

The ITES-SW2 contract is part of the Army’s Computer Hardware, Enterprise Software and Solutions (CHESS) program. It is a mandatory source for commercial IT hardware and software purchases. Here’s how the two connect:

The CHESS program’s mission is to be the primary source to “support the Warfighter’s Information Dominance Objectives” by developing, implementing and managing commercial IT contracts that provide “enterprise-wide net-centric hardware, software and supporting services to the Army.” 

CHESS contracts provide IT products and services that comply with U.S. Army Network Enterprise Technology Command, Army and DoD policy and standards. Army commercial hardware and software buyers must use CHESS contracts first, no matter the dollar value.

Read more of this post

The Future of the GSA CDM SIN: What it means to you

By Gina Brown, Federal Contracts Manager

In August 2018, the CDM program underwent a procurement transition that vendors should keep in mind. Combined with a proposed elimination of the GSA CDM special item number (SIN), the changes could streamline certain aspects of the way in which products are catalogued.

Initially, blanket purchase agreements (BPAs) were awarded to 17 primes. This then switched to a two-pronged acquisition strategy, in which four GSA Alliant prime contractors were awarded six Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) task orders.

These prime system integrators would purchase cybersecurity tools according to the DHS approved product list (APL), to strengthen the security posture of civilian agency customers.

Read more of this post

CDM: Cloud Hardening and Zero Trust Environments

By Amanda Mull, Contract Specialist

Critical cybersecurity goals for most federal agencies are focused on Zero Trust for a more mobile workforce, cloud-based products, and active threat detection plus dynamic response. Purchase of tools alone, however, cannot provide successful operational cybersecurity. Ongoing budgeting must address a holistic approach, including flexible policies and procedures, to adjust to new threats and changing work landscapes – along with a critical investment in cyber workforce training.

It is becoming more important for federal agencies to partner with companies that can help achieve their foundational cybersecurity goals. Partners and agencies alike must be committed to constant review and adjustment to systems and operations, to ensure that they maintain the highest levels of cybersecurity.

CDM program funds directly support agencies striving to harden their cloud cybersecurity against threats. The program becomes even more important as new threats emerge and agencies are forced to scramble to protect themselves and the public trust. 

Read more of this post

Building your state contracting toolbox through OMNIA Partners, Public Sector

By Chauncey Kehoe, SLED Contracts Manager

State, local and education agencies have many paths to procurement and numerous contract vehicles to choose from. Some contracts, however, do not allow for reseller participation or post award modifications to add new product lines; they leave the customer with no way to purchase the technology they need from the vendor they want.

The solution is for resellers and manufacturers to build out a contracts toolbox for when these situations arise. Your toolbox should include a variety of mandatory statewide and cooperative contracts for you to suggest to your customers. This multi-part series will introduce you to a few key statewide contracts and cooperatives for your toolbox.

To start, we will explore OMNIA Partners, Public Sector, who I featured in a recent webinar. OMNIA Partners, Public Sector is one of the largest and most experienced cooperative purchasing organizations dedicated to public sector procurement.

immixGroup is fortunate to have an award for Software Solutions and Services under the OMNIA Partners’ portfolio. Why should this cooperative be in your toolbox? Let’s dive into the benefits of the Software Solutions and Services contract:

Read more of this post

The Cybersecurity Executive Order: What’s coming and where are the opportunities?

By Davis Johnson, VP & General Manager

Private sector companies have a considerable amount of work to do to comply with the recent Presidential Executive Order on Improving the Nation’s Cybersecurity. Existing contracts must be scrutinized to reduce the trend of serious cyberattacks across government and industry alike.

It’s clear that the order puts the onus on the vendor community. It reads, in part, “The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace.”

The order further recommends standardizing common cybersecurity contractual requirements across agencies, to “streamline and improve compliance for vendors and the Federal Government.”

Beyond the effect on contract implications, vendors can expect more attention from the government in several key technology areas, which will spark greater demand and more funding. Here are just a few:

Cyber Vulnerability and Incident Detection

Agencies are required to establish a Memoranda of Agreement with CISA for Continuous Diagnostics and Mitigation. CISA is required to report quarterly to OMB and the National Security Advisor on implementation of threat-hunting practices. Vendors can expect more contact with agencies as these reports and documents are being prepared.

Read more of this post

CDM Updates to Product Listing Requirements

By Amanda Mull, Contract Specialist

The federal Continuous Diagnostics and Mitigation (CDM) program includes cybersecurity tools and sensors that are reviewed by the program for conformance with Section 508, federal license users and CDM technical requirements. Manufacturers are encouraged to update, refresh and add new and innovative tools to the CDM Approved Products List (APL).

To maintain currency with federal and requirement and the constant evolution of the cyber/IT landscape, the CDM APL product submission requirements have been revised several times in FY2021.

The most recent updates reflect heightened security policies and protocols required for a more mobile workforce. Others support the full realization of the federal CDM Dashboard expected by year-end. The CDM Dashboard is intended to gauge agency cybersecurity posture. It also monitors the achievement of directives meant to raise the overall level of security and privacy in cyber/IT tools and technology across the federal government.

There have been several recent updates to CDM Common Requirements for Approved Product Listings (APL):

Read more of this post

CDM IPv6 compliance plans due July 6: Why the technology matters

By Amanda Mull, contract specialist

As I mentioned in my previous blog, there have been some changes to CDM. The Cybersecurity and Infrastructure Security Administration (CISA) announced recently that the common requirements for the Continuous Diagnostics and Mitigation (CDM) Program had been updated to align with the extended compliance schedule published in the Office of Management and Budget (OMB) Memorandum 21-07 (M-21-07) – PDF.

By FY2023, all federal information systems must be Internet Protocol version 6 (IPv6) enabled. This is an important policy move for acquiring information technology (IT) products and services contained in Federal Acquisition Regulation (FAR) 11.002.

On June 4, CISA directed suppliers with CDM-approved products suspected of not being natively IPv6 compliant to provide proofs of capability or a plan for becoming compliant by July 6, 2021. CISA will conditionally approve products that are not fully IPv6 compliant, providing applicants submit an acceptable plan detailing how their products will become fully operational in an IPv6-only network by the end of FY2023. CISA intends to perform periodic progress checks on accepted plans.   

Read more of this post
%d bloggers like this: