Government contracts 2022 — Year in review

By Hollie Kapos, Legal Counsel Director, immixGroup

2022 was a busy year, and it was easy to miss some big changes in commercial item government contracting. Below are some key updates from 2022 and what immixGroup is keeping an eye on in 2023 and beyond.

GSA Ascend BPA for Cloud
Ascend is a multiple-award blanket purchase agreement (BPA) under the cloud and professional services Multiple Award Schedule SINs intended to simplify acquisition of secure cloud solutions. Task orders under the BPA will be placed under one or more of three pools: (1) infrastructure- and platform-as-a-service, (2) software-as-a-service, and (3) cloud IT professional services. The BPA will also establish minimum cybersecurity requirements, including cybersecurity supply chain risk management (C-SCRM) and zero trust architecture (ZTA). GSA released a draft performance work statement in May, followed by a market research request for information in July. Using feedback it obtained from industry, GSA plans to release a draft request for quotations in 2Q2023. Suppliers looking to add products to the Ascend BPA should start preparing now; products will need to be on SIN 518210C for eligibility. Read Tara Franzonello’s Washington Technology article for more information.

Read more of this post

Seven ways to improve your sales to state CIOs

By Ryan Nelson, Market Intelligence Manager

State and local legislatures are having a good year. Flush with cash from the federal funding, most states enacted budgets with an increase in spending and revenue for FY2022. According to a recent conference of market analysts and government leaders, states project general fund spending of $1.02 trillion, a 9.3% increase compared to 2021. The education outlook is a bit more cautious, showing a trend of delayed spending of federal funding in K-12 districts. Nonetheless, there is a projected additional $3.5 billion in e-rate funds for 2022 and 2023.

During the recent conference, Jim Weaver, Secretary for Information Technology/State CIO for North Carolina was interviewed about how vendors can better position themselves and present information to decision-makers. Here are some of his top tips:

Taking all of this into account, what do vendors planning to sell into the state and local market need to know? The sales approach to state and local decision-makers is different than the federal market, and vendors should be prepared to make adjustments to their approach, to ensure a better chance of success.

1. Understand the state’s strategic plan. Every state has a strategic plan. Before you engage, know how your products and services will help them achieve their particular goals. Do not ask what an agency’s “pain points” are, or “what keeps you up at night?” You’ll find yourself being redirected back to the strategic plan.

2. States are changing the way they consume info. A crisis is an opportunity to influence change, Weaver said, and that has been true with the pandemic. What’s important now are case studies and the applicability of the study to the particular agency being courted. Messaging has to be eye-catching and visionary, but still based on what’s being done at the strategic planning level. Also, Weaver emphasized being engaged in the procurement process; vendors who aren’t already engaged in the process will most likely not get a lot of traction.

Read more of this post

StateRAMP is here to stay. Are you ready?

By Ceren Öney, SLED Market Intelligence Manager

Formal adoption of StateRAMP into IT procurement policies is rapidly increasing. Last year, we encouraged vendors to put StateRAMP on their radar screens. Since then, nearly 200 government members representing 33 states have joined the membership.

For service providers selling into state, local, and education institutions, now is the time to ensure that your cloud security is compliant with StateRAMP requirements.

While StateRAMP itself may still be a few years from being a household word, that doesn’t mean that state and local governments have been sitting idly by. The move toward better monitoring and certification of state, local and education network security has been going on for years, with two states at the forefront.

Arizona and Texas introduce state-specific frameworks

In September 2021, Arizona CIO J.R. Sloan announced the state will “test-drive” StateRAMP over the next year. Sloan, StateRAMP President and founding board member, had previously introduced AZRamp, Arizona’s Risk and Authorization Management Program. Arizona’s move to test StateRAMP doesn’t come as a surprise and further solidifies Sloan’s confidence in the program.

Meanwhile, effective January 1, 2022, Texas mandates state agencies to only enter or renew contracts for cloud offerings compliant with the Texas Department of Information Resources’ (DIR) own security framework, TX-RAMP.

Rising ransomware attacks targeting state and local governments, schools and colleges increased the pressure to strengthen cybersecurity postures and protect against incursions by bad actors. Coupled with the shift to digital services due to COVID-19’s disruptions and federal funding available under the Infrastructure Investment and Jobs Act and the American Rescue Plan Act, considerable emphasis is being placed on cyber security now more than ever.

Other states adopt the StateRAMP framework

For most states, like North Carolina and Georgia, creating a state-specific framework is too laborious and inefficient. Adopting the established StateRAMP framework makes the initial risk assessment, continuous monitoring and management more seamless and easier.

Read more of this post

StateRAMP: An Outgrowth of FedRAMP for SLED

By Troy Fortune, VP & General Manager

Is StateRAMP on your radar screen? If you are a cloud software vendor and trying to sell into the state, local and education market, I encourage you to pay attention.

Modeled after FedRAMP, StateRAMP is gaining traction among many state CIOs. For the last seven years cybersecurity has topped the priority lists for CIOs at the state, local and education (SLED) levels, yet there are no established security standards they have all agreed to.

StateRAMP plans to leverage the existing FedRAMP assessment and approvals processes to help simplify the implementation for government and industry. Logistics for FedRAMP to StateRAMP transitions are still being finalized but vendors should look for the marketplace to launch in Q2 of 2021.

Cyberattacks on the Rise

Cyberattacks in SLED have amped up in recent years and become increasingly sophisticated, targeting sensitive citizen PII data. Many organizations have begun taking steps to protect their databases and systems, but those measures vary widely from state to state and even department to department. The expanded use of cloud-based systems to house and manage critical services like Medicaid and unemployment insurance only increases the risk. Unfortunately, few standards exist for cybersecurity or cloud security, which makes the protection of their sensitive data even more challenging.

Read more of this post
%d bloggers like this: