The Cybersecurity Executive Order: What’s Coming and Where Are the Opportunities?

July 21, 2021 by Leave a comment

By Davis Johnson, VP & General Manager

Private sector companies have a considerable amount of work to do to comply with the recent Presidential Executive Order on Improving the Nation’s Cybersecurity. Existing contracts must be scrutinized to reduce the trend of serious cyberattacks across government and industry alike.

It’s clear that the order puts the onus on the vendor community. It reads, in part, “The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace.”

The order further recommends standardizing common cybersecurity contractual requirements across agencies, to “streamline and improve compliance for vendors and the Federal Government.”

Beyond the effect on contract implications, vendors can expect more attention from the government in several key technology areas, which will spark greater demand and more funding. Here are just a few:

Cyber Vulnerability and Incident Detection

Agencies are required to establish a Memoranda of Agreement with CISA for Continuous Diagnostics and Mitigation. CISA is required to report quarterly to OMB and the National Security Advisor on implementation of threat-hunting practices. Vendors can expect more contact with agencies as these reports and documents are being prepared.

Read more of this post

Filed under Market Intelligence, Sales Tagged with , , , ,

CDM Updates to Product Listing Requirements

July 14, 2021 by Leave a comment

By Amanda Mull, contract specialist

The federal Continuous Diagnostics and Mitigation (CDM) program includes cybersecurity tools and sensors that are reviewed by the program for conformance with Section 508, federal license users and CDM technical requirements. Manufacturers are encouraged to update, refresh and add new and innovative tools to the CDM Approved Products List (APL).

To maintain currency with federal and requirement and the constant evolution of the cyber/IT landscape, the CDM APL product submission requirements have been revised several times in FY2021.

The most recent updates reflect heightened security policies and protocols required for a more mobile workforce. Others support the full realization of the federal CDM Dashboard expected by year-end. The CDM Dashboard is intended to gauge agency cybersecurity posture. It also monitors the achievement of directives meant to raise the overall level of security and privacy in cyber/IT tools and technology across the federal government.

There have been several recent updates to CDM Common Requirements for Approved Product Listings (APL):

Read more of this post

Filed under Contracting, Market Intelligence, Sales Tagged with , , , , ,

CDM IPv6 compliance plans due July 6: Why the technology matters

June 29, 2021 by 1 Comment

By Amanda Mull, contract specialist

As I mentioned in my previous blog, there have been some changes to CDM. The Cybersecurity and Infrastructure Security Administration (CISA) announced recently that the common requirements for the Continuous Diagnostics and Mitigation (CDM) Program had been updated to align with the extended compliance schedule published in the Office of Management and Budget (OMB) Memorandum 21-07 (M-21-07) – PDF.

By FY2023, all federal information systems must be Internet Protocol version 6 (IPv6) enabled. This is an important policy move for acquiring information technology (IT) products and services contained in Federal Acquisition Regulation (FAR) 11.002.

On June 4, CISA directed suppliers with CDM-approved products suspected of not being natively IPv6 compliant to provide proofs of capability or a plan for becoming compliant by July 6, 2021. CISA will conditionally approve products that are not fully IPv6 compliant, providing applicants submit an acceptable plan detailing how their products will become fully operational in an IPv6-only network by the end of FY2023. CISA intends to perform periodic progress checks on accepted plans.   

Read more of this post

Filed under Contracting, Market Intelligence, Sales Tagged with , , ,

Top 3 HHS IT programs planning procurements in FY22

June 24, 2021 by Leave a comment

By Jessica Parks, market intelligence analyst

In a previous blog post, I went over the top three IT programs at the Department of Justice planning acquisitions. Now that the new administration has released the official FY22 budget, I would like to explore similar opportunities at another large agency, the Department of Health and Human Services. (As I’ve mentioned previously, this information is all publicly available in the Exhibit 53.)

Read on for a brief description of these programs and how you can position yourself accordingly.

1) CMS Federally Facilitated Exchange

Based within the Centers for Medicare and Medicaid Services, the FFE is the platform that supports the health insurance marketplace. This is the single largest IT investment at HHS and has been a crucial system for the agency for many years. Total IT funding for FY22 is expected to be more than $417M, with $176M being DME funding (i.e., new money to spend on program upgrades and additions).

The main objectives for this investment are to stay innovative and ensure minimal downtime. Automated customer service solutions as well as solutions that ensure secure information sharing could play a role here. Talk to the folks in the Center for Consumer Information and Insurance Oversight for more detail.

Read more of this post

Filed under Market Intelligence, Sales Tagged with , , , , ,

CDM: More relevant than ever

June 17, 2021 by Leave a comment

By Amanda Mull, contract specialist

With the recent incidents involving ransomware and other serious data breaches, security remains a top priority in federal IT.

It’s been some time since we published our last blog on CDM, so to keep our channel partners and suppliers up to date on recent changes, in the coming weeks we will be publishing a series of CDM-related blogs.

In this, our first blog, we provide some basic information and discuss a recent leadership change. Future blogs will cover the federal CDM Dashboard, IPv6 compliance, updates to common requirements and the future of the CDM SIN.

Here are some of the basics about the program:

Continuous Diagnostics and Mitigation Program 

The CDM Program was developed in 2012 to support government-wide and agency-specific efforts to provide risk-based, consistent, and cost-effective cybersecurity solutions to protect federal civilian networks across all organizational tiers.

Read more of this post

Filed under Contracting, Market Intelligence, Sales Tagged with , , ,

A Data-Centric Approach to Zero Trust for Public Sector

March 31, 2021 by Leave a comment

By Derek Giarratana, Supplier Manager

An organization’s data is its most important and valuable asset. This is especially true as organizations continue to move towards data-driven approaches to deliver on their missions and are more actively putting that data to work — and in remote locations no less. This means the need to protect data and maintain its accuracy and integrity is paramount.

In this series, we will explore each of these facets of data security and how it applies to IT challenges currently faced in the public sector. This first installment examines Zero Trust and how a data-centric approach addresses some of the hurdles with which public sector IT leaders struggle.

What is Zero Trust?

Aptly named, a Zero Trust approach assumes nothing internal or external to an organization’s perimeters can be trusted and should, therefore, require additional verification for access. The level of sophistication needed to meet the expectations and requirements of public sector data security lends itself to a Zero Trust model, which prompts data security experts to assess and manage data at the most granular level. With this approach in mind, data security experts are taking a fine-tooth comb to their data and paying close attention to their data management environment.

Read more of this post

Filed under Market Intelligence, Sales Tagged with , , , , ,

What is CMMC?

March 24, 2021 by Leave a comment

By Jeff Ellinport, Division Counsel

Although CMMC has been around for more than a year, it never hurts to review what it is and why those who sell into DOD and the rest of the federal government should care.

CMMC stands for Cybersecurity Maturity Model Certification and is a new certification process to measure a company’s ability to protect sensitive government data. It is a unified standard for implementing cybersecurity across the defense industrial base. CMMC is a way for DOD — and soon after, probably civilian agencies as well — to address intellectual property theft, cybercrime and national security threats of the type evidenced by the recent SolarWinds attack.

Once fully implemented, CMMC will be an acquisition foundation, required for almost every contractor transacting business with the U.S. government.

CMMC Maturity Levels

CMMC has five maturity levels, with basic cybersecurity hygiene at a Level 1 to very robust requirements at a Level 5. These certification levels reflect the maturity and reliability of a company’s cybersecurity infrastructure to safeguard sensitive government information on contractors’ information systems. The five levels build upon each other’s technical requirements such that each level requires compliance with the lower-level requirements and then implementation and documentation of additional processes employing more rigorous cybersecurity practices.

Read more of this post

Filed under Contracting, Market Intelligence, Sales Tagged with ,

StateRAMP: An Outgrowth of FedRAMP for SLED

March 18, 2021 by Leave a comment

By Troy Fortune, VP & General Manager

Is StateRAMP on your radar screen? If you are a cloud software vendor and trying to sell into the state, local and education market, I encourage you to pay attention.

Modeled after FedRAMP, StateRAMP is gaining traction among many state CIOs. For the last seven years cybersecurity has topped the priority lists for CIOs at the state, local and education (SLED) levels, yet there are no established security standards they have all agreed to.

StateRAMP plans to leverage the existing FedRAMP assessment and approvals processes to help simplify the implementation for government and industry. Logistics for FedRAMP to StateRAMP transitions are still being finalized but vendors should look for the marketplace to launch in Q2 of 2021.

Cyberattacks on the Rise

Cyberattacks in SLED have amped up in recent years and become increasingly sophisticated, targeting sensitive citizen PII data. Many organizations have begun taking steps to protect their databases and systems, but those measures vary widely from state to state and even department to department. The expanded use of cloud-based systems to house and manage critical services like Medicaid and unemployment insurance only increases the risk. Unfortunately, few standards exist for cybersecurity or cloud security, which makes the protection of their sensitive data even more challenging.

Read more of this post

Filed under Market Intelligence, Sales, SLED Tagged with , ,

Changes in FITARA 11.0: How You Can Help Agencies Improve Their Scorecards

March 15, 2021 by Leave a comment

This past December, GAO made changes to the FITARA scorecard. By tracking these changes, you can help your agency customers improve their FITARA grades and meet mission goals. (Click here to review the latest scorecard.)

The next agency self-reporting period comes in April, with scorecards due in May. Agencies are being pushed to better use IT to meet FITARA objectives, such as cybersecurity and modernizing government technology.

So what does that mean for FITARA compliance? From a flyover perspective, first, the new administration is likely to look more closely at transformation in its policy priorities. Next, the FITARA scorecards will retire categories that have had across-the-board success, and shift focus to the next area that needs improvement.

Here are some of the expected shifts.

Read more of this post

Filed under Market Intelligence, Sales Tagged with , , ,

Top Federal Civilian Cybersecurity Trends in FY21

January 14, 2021 by Leave a comment

By Jessica Parks, Market Intelligence Analyst

With the recent Solarwinds breach, IT vendors who sell to the government may be wondering about its impact on their customers’ needs. Federal civilian agencies have already made cybersecurity a top priority for FY21, so while the breach by itself will not directly spur significant new initiatives or projects, it still emphasized the urgency of getting defenses up to speed.

With fresh awareness around cybersecurity gaps, there has never been a better time to check on your government customers and help them fulfill their security needs. Read on for a high-level overview of the top 3 trends in federal cybersecurity for FY21.

Read more of this post

Filed under Market Intelligence, Sales Tagged with , ,

Older posts

%d bloggers like this: