Government contracts 2022 — Year in review

January 5, 2023 by Leave a comment

By Hollie Kapos, Legal Counsel Director, immixGroup

2022 was a busy year, and it was easy to miss some big changes in commercial item government contracting. Below are some key updates from 2022 and what immixGroup is keeping an eye on in 2023 and beyond.

GSA Ascend BPA for Cloud
Ascend is a multiple-award blanket purchase agreement (BPA) under the cloud and professional services Multiple Award Schedule SINs intended to simplify acquisition of secure cloud solutions. Task orders under the BPA will be placed under one or more of three pools: (1) infrastructure- and platform-as-a-service, (2) software-as-a-service, and (3) cloud IT professional services. The BPA will also establish minimum cybersecurity requirements, including cybersecurity supply chain risk management (C-SCRM) and zero trust architecture (ZTA). GSA released a draft performance work statement in May, followed by a market research request for information in July. Using feedback it obtained from industry, GSA plans to release a draft request for quotations in 2Q2023. Suppliers looking to add products to the Ascend BPA should start preparing now; products will need to be on SIN 518210C for eligibility. Read Tara Franzonello’s Washington Technology article for more information.

Read more of this post

Filed under Contracting, Market Intelligence, Sales Tagged with , , , , , ,

StateRAMP is here to stay. Are you ready?

March 3, 2022 by Leave a comment

By Ceren Öney, SLED Market Intelligence Manager

Formal adoption of StateRAMP into IT procurement policies is rapidly increasing. Last year, we encouraged vendors to put StateRAMP on their radar screens. Since then, nearly 200 government members representing 33 states have joined the membership.

For service providers selling into state, local, and education institutions, now is the time to ensure that your cloud security is compliant with StateRAMP requirements.

While StateRAMP itself may still be a few years from being a household word, that doesn’t mean that state and local governments have been sitting idly by. The move toward better monitoring and certification of state, local and education network security has been going on for years, with two states at the forefront.

Arizona and Texas introduce state-specific frameworks

In September 2021, Arizona CIO J.R. Sloan announced the state will “test-drive” StateRAMP over the next year. Sloan, StateRAMP President and founding board member, had previously introduced AZRamp, Arizona’s Risk and Authorization Management Program. Arizona’s move to test StateRAMP doesn’t come as a surprise and further solidifies Sloan’s confidence in the program.

Meanwhile, effective January 1, 2022, Texas mandates state agencies to only enter or renew contracts for cloud offerings compliant with the Texas Department of Information Resources’ (DIR) own security framework, TX-RAMP.

Rising ransomware attacks targeting state and local governments, schools and colleges increased the pressure to strengthen cybersecurity postures and protect against incursions by bad actors. Coupled with the shift to digital services due to COVID-19’s disruptions and federal funding available under the Infrastructure Investment and Jobs Act and the American Rescue Plan Act, considerable emphasis is being placed on cyber security now more than ever.

Other states adopt the StateRAMP framework

For most states, like North Carolina and Georgia, creating a state-specific framework is too laborious and inefficient. Adopting the established StateRAMP framework makes the initial risk assessment, continuous monitoring and management more seamless and easier.

Read more of this post

Filed under Market Intelligence, Sales, SLED Tagged with , , , , , ,

StateRAMP: An Outgrowth of FedRAMP for SLED

March 18, 2021 by Leave a comment

By Troy Fortune, VP & General Manager

Is StateRAMP on your radar screen? If you are a cloud software vendor and trying to sell into the state, local and education market, I encourage you to pay attention.

Modeled after FedRAMP, StateRAMP is gaining traction among many state CIOs. For the last seven years cybersecurity has topped the priority lists for CIOs at the state, local and education (SLED) levels, yet there are no established security standards they have all agreed to.

StateRAMP plans to leverage the existing FedRAMP assessment and approvals processes to help simplify the implementation for government and industry. Logistics for FedRAMP to StateRAMP transitions are still being finalized but vendors should look for the marketplace to launch in Q2 of 2021.

Cyberattacks on the Rise

Cyberattacks in SLED have amped up in recent years and become increasingly sophisticated, targeting sensitive citizen PII data. Many organizations have begun taking steps to protect their databases and systems, but those measures vary widely from state to state and even department to department. The expanded use of cloud-based systems to house and manage critical services like Medicaid and unemployment insurance only increases the risk. Unfortunately, few standards exist for cybersecurity or cloud security, which makes the protection of their sensitive data even more challenging.

Read more of this post

Filed under Market Intelligence, Sales, SLED Tagged with , ,

Painless FedRAMP Authorization: Four Steps to Follow

March 4, 2020 by Leave a comment

By Ryan Gilhooley, Enterprise Cloud Solutions Manager

My last column compared the merits of outsourcing FedRAMP authorization with doing it on your own. Many companies have successfully navigated the process on their own. Small independent software vendors (ISVs), however, may find it more advantageous to outsource.

Here are four key areas you should consider when pursuing FedRAMP authorization:

  1. Sponsorship
  2. Leadership buy-in
  3. Knowing the process
  4. Communication

Read more of this post

Filed under Market Intelligence, Sales Tagged with ,

The Business Benefits of Outsourcing FedRAMP Compliance

October 10, 2019 by 1 Comment

By Ryan Gilhooley, Enterprise Cloud Solutions Manager

If you are new to the federal government market, you are no doubt wrestling with how to ensure your products and services are compliant with the Federal Risk and Authorization Management Program (FedRAMP). This government-wide program standardizes security assessment, authorization and continuous monitoring for cloud products and services.

If you’re making a decision to move forward with FedRAMP authorization, it’s important to understand your options from the beginning. It’s tempting to try to do it all yourself, but the complexities of compliance can quickly send the cost of doing it yourself sky high, while delaying your time to market by years.

Getting to authorization requires deep expertise in compliance, IT security, engineering and more, which means a heavy investment of expensive resources extended over a long period of time.

For example, many ISVs don’t understand that hosting their software applications in a FedRAMP-compliant cloud does not make the actual applications FedRAMP authorized. To earn FedRAMP authorization for software as a service, both the environment and the application must be authorized. Read more of this post

Filed under Market Intelligence, Sales Tagged with , ,

CBP Plans Its Move to the Cloud

July 24, 2019 by Leave a comment

Tom O'Keefe

By Tom O’Keefe, Consultant

Customs and Border Protection (CBP) recently released an RFI seeking industry input on a comprehensive cloud solution that may lead to an RFP later this year or in early 2020. Cloud is a big topic of conversation at federal agencies, but right now, its bark is much larger than its bite. We can expect that to change over the next few years. As this new RFI shows us, agencies are looking to transition significant portions of their environment to the cloud. While traditional IT delivery models may still hold their value, cloud is the future.

CBP is the largest component within the Department of Homeland Security, and how it manages cloud may be indicative of how some of the smaller DHS agencies may also do so. Kshemendra Paul, DHS’s cloud officer, has indicated that only 10% of DHS applications are currently in the cloud. Another 30% are in process or are slated to move to the cloud. Most of what has already been migrated are easy-to-migrate applications like email. Large, mission-critical applications are still being hosted on premise and are likely to be the last of the applications to migrate. CBP will likely use the contract that results from this RFI to accomplish this migration.

Read more of this post

Filed under Market Intelligence, Sales Tagged with , , , , , ,

Are You Ready for FedRAMP? It’s Time to Get Authorized

July 17, 2019 by Leave a comment

By Ryan Gilhooley, Enterprise Cloud Solutions Manager

Over the next five years, government cloud spending will continue to escalate dramatically. To operate as a successful government business, companies have always needed desirable products and strong sales teams. Now, FedRAMP authorization is also mandatory for companies looking to sell cloud solutions to government agencies. Companies without FedRAMP authorization for their software as a service (SaaS) offerings could quickly erode their competitive edge in the market and miss out on revenue opportunities.

Attaining FedRAMP authorization is not simple. The authorization process can realistically take two years or more and cost between $1 to $3 million, but it is imperative if you want to continue to succeed in the federal space.

Why Should You Care?
Becoming FedRAMP Authorized adds credibility to – and strengthens the reputation of – your company in the eyes of government customers. FedRAMP authorizations are now officially required for all federal agency cloud deployments at the Low, Moderate and High Impact levels. Only private cloud deployments intended for single agencies and implemented fully within federal facilities are currently exempt from this requirement.

What is FedRAMP Ready vs. FedRAMP Authorized?
The FedRAMP process benefits government agencies by verifying the security of cloud-hosted offerings through a rigorous authorization process. As they undertake this process, companies are granted a designation and subsequently listed on the FedRAMP Marketplace. Three designation levels – Ready, In Process, and Authorized – indicate organizations’ progress in getting their products and services fully authorized for government use. Achieving the “FedRAMP Authorized” classification is essential for selling to government agencies. Read more of this post

Filed under Sales Tagged with , ,

7 ways cybersecurity companies can help government right now

December 7, 2017 by Leave a comment

Lloyd McCoy Jr.By Lloyd McCoy, DOD manager

The public sector market for cybersecurity tools is only going to grow as federal agencies increasingly look to the commercial sector to help solve some of the most complex cybersecurity problems.

During immixGroup’s 4th annual Government IT Sales Summit, government and industry cyber leaders urged companies to help in a variety of ways, from having a better understanding of agency missions to obtaining FedRAMP authorization.

Read more of this post

Filed under Government IT Sales Summit, Market Intelligence Tagged with , , , , , ,

Want to sell cloud? Here’s what you need to think about

October 12, 2017 by 1 Comment

Tom O'KeefeBy Tom O’Keefe, consultant

Cloud has been a topic of conversation for years now in cloudfederal circles without a great deal of meaningful movement. Government is still heavily reliant on legacy infrastructure stacks and is making slow but steady progress to shuttering those systems and moving the applications that rested on them into different types of cloud environments.

But the cloud market is largely defined by a few major players – the behemoth that is AWS, Microsoft Azure and subscription models for popular pieces of software like Microsoft Office, Adobe and Salesforce.

This can leave a reseller or technology OEM at somewhat of a loss as to how to proceed, so here are a few tips and tricks when thinking about cloud:

Read more of this post

Filed under Government IT Sales Summit Tagged with , , , ,

What are FISMA and FedRAMP?

June 6, 2017 by Leave a comment

By Chris Wiedemann, consultant

Whether you’re a veteran of federal IT sales or a complete newcomer to the space, there’s one recurring theme you’ve probably noticed in the way our customers talk to industry: regardless of their mission or program, they all mention cybersecurity as a critical part of their job.

Given the sheer number of incidents and the size and scope of federal networks, not to mention the often sensitive information they contain, the focus on security makes business sense. However, as is often the case with government, there’s an extra factor to their behavior – they’re required by law to secure federal networks. One law in particular – the Federal Information Security Management Act (FISMA) – plays a critical role in determining how agencies need to secure their environments.

Read more of this post

Filed under What is...? Tagged with , , , ,

Older posts

%d bloggers like this: