CMMC Interim Rule Includes New Compliance Requirements

By Hollie Kapos, Corporate Counsel

You never know what surprises will pop up in the last few days of the government’s fiscal year, and this year there was a big one with the Interim Rule implementing DOD’s Cybersecurity Maturity Model Certification (CMMC).

The Interim Rule (“IR”), published on September 29, 2020 and effective as of November 30, 2020, adds the widely anticipated new DFARS clause for inclusion in DOD contracts implementing CMMC: 252.204-7021 (Contractor Compliance with the Cybersecurity Maturity Model Certification Level Requirement). No surprise there.

But, the IR unexpectedly came with two additional clauses, DFARS 252.204-7019 (Notice of NIST SP 800-171 DOD Assessment Requirements) and DFARS 252.204-7020 (NIST SP 800-171 DOD Assessment Requirements), which require the immediate attention of federal contractors and their subs.  Read more of this post

DOD ESI BPAs: What CETA Is and Why It Is Important

By Derek Giarratana, Supplier Manager

Many of you are familiar with DOD ESI BPAs, but you’re probably not as familiar with the CETA designation and what it means.

Only one vendor has received the CETA designation thus far. Recently, the Navy PEO-EIS designated the Tanium DOD ESI BPA, held by immixGroup, as the first DOD Core Enterprise Technology Agreement (CETA). The CETA designation means that this purchasing vehicle is mandatory for all DOD customers who want to procure Tanium products and services.

DOD Enterprise Software Initiative

Before we dive into CETA and what it means for DOD procurement, let’s briefly talk about the DOD ESI program, managed by the PMW 290 Project Office. Read more of this post

Top Trending Technologies in DOD for 2020

By Toné Mason, DOD Senior Analyst

FY20 has truly been the year of technology acceleration within the Department of Defense. Our world has never been more capable technology-wise than it is today. The arrival of 5G and the new challenges brought on by a rapidly expanding remote workforce have catapulted the adoption of new and innovative technologies.

The DOD is at a point where they are looking to gain a better understanding of currently available technologies and applying them where it makes the most sense. Below are some of the key areas the DOD is focused on right now.

Data Integrity

Data integrity is one of the essential areas. As the need for transparency increases and desire to expand more into AI and machine learning, there has been more of a realization that DOD’s data is not consistent, not all data is being recorded and data is incomplete. Read more of this post

Winners in the FY21 Defense Budget Request

By Toné Mason, Senior DOD Analyst

The President is requesting $705.4B in DOD funding for FY21, which is a modest 0.1% increase from FY20. The biggest winner by far is U.S. Space Force, but there are still plenty of opportunities across DOD and the services for IT vendors.

Announced in FY20, funding for Space Force in FY21 is largely focused on providing funding for the establishment of the organization as a whole. More details regarding metrics and objectives are anticipated to be further developed over the next few years. From what we know at this time, automation, infrastructure, cyber and data analytics are anticipated to be key areas of interest for them.

Here’s a summary of DOD budget highlights for FY21. Read more of this post

If You Sell to DOD, Pay Attention to CMMC

By Troy Fortune, Vice President & General Manager

You’ve probably heard that the Department of Defense (DOD) recently released the official version 1.0 of its new Cybersecurity Maturity Model Certification (CMMC 1.0).

This is one of the hottest topics in government contracting right now and immixGroup is following developments very closely. And, it will affect everyone in our industry who sells to DOD – resellers, distributors and OEMs. 

As a quick refresher, this is a cybersecurity standard that all contractors must meet if they want to do business with DOD. As we’ve discussed before in a previous blog, the standards themselves are taken from existing ones. With CMMC 1.0, we now have more clarity on what the 5 levels of CMMC entail: Read more of this post

Space Force…Lasers, Satellites, Debt, Oh My!

By Toné Mason, DOD Senior Analyst

The Space Force has finally been established and its focus will be on national security and the preservation of satellites. But what exactly is it and where is it going? Will it include spaceships that shoot out laser beams?

Lots of people are asking lots of questions, but let’s get started with the biggest elephant in the room – armed combat. The Space Force will not include armed combat scenarios and the Air Force has no intentions to make it that way. Now that bubbles have been burst, what is the point of the Space Force if it won’t include armed combat? Why do we need a Space Force if there will be no armed combat? Read more of this post

Tips for Preparing for DOD’s New CMMC

By Hollie Kapos, Corporate Counsel

The Cybersecurity Maturity Model Certification (CMMC) has been one of the hottest topics in government contracting this year. In fact, one of my colleagues addressed the topic in a blog on DOD and CMMC just a few months ago.

And no wonder everyone’s talking about it – it applies to ALL companies doing business with DOD, including OEMs, distributors and resellers. Here’s some basic information to help you prepare no matter where you are in the supply chain.

What is CMMC?

Intellectual property theft and cybercrime cost the United States billions of dollars and threatens national security. In order to protect government information from theft and other malicious cyber activity, DOD is making cybersecurity an acquisition foundation. Accordingly, DOD is developing the Cybersecurity Maturity Model Certification – a certification process to measure a company’s ability to protect sensitive government data.

Read more of this post

Federal Modernization Challenges and Priorities for FY20

By Jessica Parks, Analyst

Data visibility, cloud and emerging technologies were important themes at a the recent IT Modernization summit hosted by FCW. The conference sessions brought together acquisition and IT officials from a variety of federal agencies, small and large, both civilian and DOD, who shared how their agencies are delivering on modernization goals.

Here are more details about these topics and advice on how you can position your company and solutions to stand out from the crowd.

Data Visibility

Agencies need improved visibility into their data. Data is the cornerstone of multiple technologies, powering AI and machine learning algorithms and bolstering cybersecurity efforts. It is, quite simply, crucial for government agencies to be able to gain as much insight into their data as possible in order to keep pace with rapid technological developments. Don Heckman, Principal Director in the Deputy Chief Information Office for Cybersecurity at DOD, noted that “visibility into assets is a huge challenge” for the agency. Read more of this post

What the Defense Innovation Unit Wants Industry to Know About CSOs – Part 2

Stephanie MeloniEarlier this week we published Part 1 of “What the DIU Wants Industry to Know About CSOs”. Here, in Part 2, DIU answers additional questions, which delve deeper into the use of CSOs and possible future expansion as the need for adopting advanced commercial technologies continues.

A special thank you to DIU for the outreach and answering my questions!

SM: Do you think the spread of the CSO process is indicative that the Department is embracing a shift toward executing more OT agreements?
DIU: The past few NDAAs encouraged OT and CSO utilization. As more DoD partners experienced or witnessed the successes of DIU prototype projects as well as the capabilities of the non-traditional ecosystem, we have seen a groundswell in interest to adapt CSO procedures for different mission set use-cases. Additionally, OSD leadership issued a highly regarded OT guide and OT policy in November 2018 to help acquisition professionals leverage and demystify authority.

SM: Why use CSOs as opposed to traditional acquisition methods?
DIU: The ultimate goal of a CSO is to enable project teams the flexibility and freedom to execute purpose-driven contracts with best-of-breed companies, including traditional (subject to cost-sharing requirements) and non-traditional vendors. CSOs provide an opportunity for acquisition professionals to develop a deliberate based process focused on project outcomes instead of a default-driven process focused on compliance. CSOs and OTs in general are great acquisition instruments for experimenting and prototyping new technology, methodologies, etc. whereas the traditional acquisition authorities are geared towards procuring supplies and services. Truly, the authorities are highly complementary and should be used in conjunction with one another. Moreover, the potential to scale successful prototypes into production contracts provides a clear value proposition that incentivizes companies to seek out opportunities to work with the Department. Read more of this post

What the Defense Innovation Unit Wants Industry to Know About CSOs – Part 1

Stephanie MeloniBy Stephanie Meloni, Market Intelligence Manager

We received a tremendous response to my blog posting on Commercial Solutions Openings (CSOs) as another innovative option the government is using to quickly acquire commercial solutions—in fact, it was my most viewed blog ever!

In that blog, I mentioned that CSOs, a type of OTA designation, were initially piloted by the Defense Innovation Unit beginning in 2016. Defense Innovation Unit read my blog and offered to answer more in-depth questions I had about CSOs and OTAs and how they can help solve military challenges. I share their answers with you here, in a two-part series.

A special thank you to DIU for the outreach and answering my questions!

SM: What is DIU’s mission?
DIU: The Defense Innovation Unit (DIU) delivers advanced commercial technology into the hands of men and women in uniform to enhance national security. DIU partners with the services, combatant commands, and component organizations to seek out and rapidly prototype commercial solutions to military challenges while lowering barriers to entry for non-traditional companies interested in working with the Department of Defense (DoD).  There has never been a more important time for the military to leverage commercial technology. Former Secretary of Defense Ash Carter established DIU in August 2015 to capitalize on U.S. businesses’ growing investment in research and development (R&D) and venture capital funding of high-tech startups. Rapid technology developments led by the private sector and the global diffusion of emerging dual-use capabilities are changing the character of warfare. It is DIU’s mission to ensure the Department has a pathway for integrating these commercial capabilities at the speed of relevance to maintain a decisive military advantage over our adversaries. Read more of this post

%d bloggers like this: