February of 2020 seems like a long time ago, for many reasons. But that was when the official version of the Cybersecurity Maturity Model Certification (CMMC) standards were released. Recently, the DoD issued an interim rule that will update the DFARS to implement the assessment methodology and CMMC framework for DoD procurements as well as add a new requirement for cybersecurity assessment under the NIST SP 800-171 framework. Here are some of the key points.
Continue readingTag Archives: DoD
YouTube Tuesday: CMMC–Cybersecurity, Trust but Verify Edition
CMMC continues to be in the news as the government ramps up the process to start requiring contractors to be compliant with the Cybersecurity Maturity Model Certification. In this video, I remind contractors why CMMC is so important.
DoD Warns Contractors to be Wary of Adversarial Investments during Pandemic
DoD’s Acquisition and Sustainment Leaders recently updated the public on DoD’s COVID-19 acquisition policy at the Pentagon and announced a joint task force to handle the influx in medical and personal protective equipment needs.
One of DoD’s primary points of focus during this conference was a warning to contractors about adversarial capital during this crisis.
Continue readingDOD: Sole-Source Contracts up to $100 Million Don’t Need Justification
Effective March 17, DOD contracting officers won’t have to issue a justification or obtain approval for award of a sole-source contract under the Small Business Administration’s 8(a) program for awards up to $100 million, up from the prior $22 million limit. This Department of Defense class deviation implements the higher dollar amount that Congress set in the 2020 National Defense Authorization Act.
This change will likely matter most for 8(a) concerns owned by an Indian Tribe, Alaska Native Corporation (ANC) or Native Hawaiian Organization (NHO), as other 8(a) firms are limited to a smaller dollar amount for sole source awards unless only one 8(a) firm can perform the work.
Continue readingDoD SDVOSB Contracts: OIG Reports Major Problems
The Department of Defense Office of Inspector General (OIG) recently released an audit report about Service-Disabled Veteran-Owned Small Business Contract Awards at DoD . The report noted major concerns with how DoD is confirming eligibility for SDVOSB contract awards as well as monitoring subcontracting limitations.
These concerns could lead to increased monitoring and enforcement, so SDVOSB contractors should be keen to see what the report unearthed.
Continue readingDOD Cybersecurity Certification Standards Are Official
Well, if you’d been waiting for DOD’s Cybersecurity Maturity Model Certification (CMMC) standards to stop being “draft” before you took a look at them, the wait is over! Version 1.0 (no longer marked draft) was released last week. DoD has indicated it will begin using CMMC requirements in requests for information starting June 2020.
Let’s take a look at some of the highlights from the recent release.
Continue readingDOD will Require Cybersecurity Certification Starting Fall 2020
It’s not too soon to start thinking about those New Year’s resolutions. Along with other personal goals, federal contractors might want to add a cybersecurity resolution to their list. The Department of Defense has drafted a cybersecurity certification that will be finalized in January 2020. Starting next fall, contractors will have to be certified in order to submit proposals on defense solicitations.
Read on for some of the highlights.
Continue reading