The Contracting Education Academy

Contracting Academy Logo
You are here: Home / Archives for DoD

By

The White House is rewriting contracting language to clarify security liability

The Office of Management and Budget (OMB) plans to standardize language in all government contracts with cloud vendors that would update liability terms regarding security, according to the official in charge of leading federal agencies’ move to the shared-responsibility ecosystems.
Technology vendors precluding liability in government contracts has long been an issue, and now COVID-19 has sped up some agencies’ cloud migration and amplified calls for cybersecurity assurances.  

“I think there is a need to update our [service level agreements] with the cloud providers and we’re actively working on that within [the General Services Administration],” Thomas Santucci, the director of the Data Center and Cloud Optimization Infrastructure Program Management Office at GSA, said.

Santucci provided a status report on the government’s efforts to improve efficiency and lower costs by moving to the cloud during a virtual conference the Digital Government Institute hosted today.

“OMB has just stood up a [program management office] to work on a cloud SLA template for the federal government to be attached to every contract,” Santucci said when asked about the liability issue and whether cloud service providers or government customers should be held responsible for security.

Security was one of the topics mentioned in establishing the new contract templates, he said.

Keep reading thi9s article at: https://www.nextgov.com/it-modernization/2020/05/white-house-rewriting-contracting-language-clarify-security-liability/165549/

The Contracting Education Academy at Georgia Tech has established a webpage where all contract-related developments related to the coronavirus (COVID-19) are summarized.  Find the page at: https://contractingacademy.gatech.edu/coronavirus-information-for-contracting-officers-and-contractors/

By

What Google’s new contract reveals about the Pentagon’s evolving clouds

For one thing, it disproves fears that the massive JEDI contract meant one company would get all the work.
Tools and a console built with Google’s Anthos application management platform will allow the Defense Innovation Unit to manage apps on either of the cloud services heavily used by the Pentagon.

Google will build security-and app-management tools for the Pentagon’s Defense Innovation Unit (DIU), deepening the Silicon Valley giant’s military ties and illuminating the challenges facing the Defense Department’s drive to a multi-cloud environment.

Tools and a console built with the company’s Anthos application management platform will allow DIU to manage apps on either of the cloud services heavily used by the Pentagon: Microsoft Azure, which won the hotly contested JEDI cloud contract, and Amazon Web Services, or AWS, heavily used by DoD researchers, from a Google Cloud console.

Mike Daniels, vice president of government sales for Google Cloud services, said the company’s approach to security both complements and differs from those of Microsoft and AWS. Traditional “castle-and-moat” network security uses firewalls and virtual private networks to keep attackers on the other side of some sort of digital barrier. The higher security certification, the deeper and wider that moat. It works well enough in a single-cloud environment but less well in one with applications running in multiple clouds. It can also present problems when you’re dealing with an “extended workforce”: a bunch of people working from home or different locations.

Keep reading this article at: https://www.defenseone.com/technology/2020/05/what-googles-new-contract-reveals-about-pentagons-evolving-clouds/165524/

By

Coronavirus constraints pose CMMC rule change delays

Social distancing requirements are complicating the Defense Department’s implementation of its unified cybersecurity standard.

Katie Arrington, DoD’s chief information security officer for acquisition, said that while the coronavirus pandemic hasn’t affected training preparations, social distancing efforts have delayed the public hearing needed for the Defense Federal Acquisition Regulation Supplement (DFARS) rule change needed to enforce new cybersecurity standards for contractors.

“The premise of doing all of this is that we’re going through a DFARS rule change,” which requires a public hearing, Arrington said May 8 during a Billington Cybersecurity event on the Cybersecurity Maturity Model Certification (CMMC) program.

Keep reading this article at: https://defensesystems.com/articles/2020/05/13/cmmc-covid-dfar-rule-change-delay.aspx

By

DoD to include cybersecurity requirements in RFPs starting in November

Defense contractors should expect to see new Cybersecurity Maturity Model Certification (CMMC) version 1.0 requirements in requests for proposals released in November, according to Katie Arrington, chief information security officer in the office of the undersecretary of defense for acquisition and sustainment.

The requirements are a reflection of the Pentagon’s push to protect defense industrial base networks and controlled unclassified information from cyber attacks. The CMMC rules will require contractors to be certified by third-party auditors, which will ensure that companies are adhering to certain standards. Organizations will be required to meet different levels of security, with level one being the lowest and level five the most stringent.

“We understand this is a big cultural shift and we want to ensure that we’re doing everything we can to bring our small business partners right along with us,” she said at the annual Special Operations Forces Industry Conference, which is being held virtually this year due to COVID-19 safety concerns. “We are working on different plans and strategies to help.”

For instance, contractors bidding on a program may not need to have their CMMC certifications until the time of contract award, she noted at the vSOFIC event, which is hosted by the National Defense Industrial Association on behalf of U.S. Special Operations Command.

Keep reading this article at: https://www.nationaldefensemagazine.org/articles/2020/5/11/new-cmmc-rules-for-defense-contractors-to-come-in-november

By

OTAs: Best practices to enable success

Imagine this. The Defense Department had an urgent need for armored vehicles to protect warfighters from new threats during a time of war.
The Mine Resistant Ambush Protected (MRAP) family of vehicles — procured through “other transaction authority” — provides protection from improvised explosive devices, rocket-propelled grenades, explosively formed penetrators, underbody mines and small arms fire threats.  Photo credit: U.S. Army

By applying a unique and tailored acquisition approach with specific attention to time and similar solutions already available in the commercial marketplace, it successfully started fielding new vehicles only 18 months after identifying the warfighter need.

The program referenced here was the mine-resistant ambush protected vehicle program, which began in 2006.  Was the program a success?  Absolutely.  Was it a risk-free or perfect solution?  No.  Although the MRAP program was timely in helping mitigate the threat and associated warfighter casualties, there were challenges related to operating field conditions, training, sustainment, transportation and costs.  The program, however, ultimately enabled the creation of other military vehicles that are still widely used today and supports how tailored acquisition approaches can produce successful outcomes.

A popular and continuously growing phenomenon within the department is the other transaction authority, or OTA.  It permits Defense Department entities to award OTA agreements for research, prototyping and production efforts critical to national security.  They are not an acquisition approach or strategy; however, they are flexible options that can support an acquisition approach or strategy.

Given leadership’s priorities for the increased application of adaptive acquisition methods, it is highly likely OTAs will be a key ingredient for success.

Keep reading this article at: https://www.nationaldefensemagazine.org/articles/2020/4/15/other-transactions-best-practices-to-enable-success

Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter