The Contracting Education Academy

Contracting Academy Logo
You are here: Home / Archives for industry feedback

By

CMMC: The dramatic year of the Pentagon’s contractor cybersecurity program

In 2020, an ambitious Defense Department effort to account for its suppliers’ cybersecurity had many in the community kicking and screaming in tow, but represents a new collective policy thrust that won’t be dismissed.  

The program, led by Katie Arrington, the chief information security officer for Defense acquisitions, is based on the idea that the government should incorporate security standards into its contract administration.

Arrington’s presentations on the program often include an estimate of how much is lost each year through cyber disruptions — $600 billion, according to research cited in the DOD’s answers to frequently asked questions about the program — and highlight intellectual property theft by China.

Before the idea of CMMC, companies within the defense industrial base simply pledged their adherence to cybersecurity practices outlined by the National Institute of Standards and Technology. A 2015 rule required Defense contractors to report cyber incidents and to provide “adequate security” using NIST Special Publication 800-171 to protect covered information. But it wasn’t until summer 2019 that the Defense Department started checking whether companies were implementing the standard.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2021/01/cmmc-dramatic-year-pentagons-contractor-cybersecurity-program/171084/

By

CMMC model tweaks coming after industry feedback

The foundation of the Cybersecurity Maturity Model Certification (CMMC) — the Department of Defense’s new cyber requirements for contractors — will see some coming changes, its leaders recently said.

The DOD will make alterations to the highest level of the five-tier security model after receiving public comments on the recently issued CMMC Defense Federal Acquisition Regulation System rule.

The department issued an “interim final” rule in September instead of first issuing a proposed rule, which meant the rule took effect upon publication. But there was still a 60-day comment period for industry to weigh in. The Office of Management and Budget, which hosts the council overseeing acquisition rules, allowed for this because of “the threat to national security” embedded in supply chain vulnerabilities, Jessica Maxwell, a DoD spokeswoman said in a statement.

Keep reading this article at: https://www.fedscoop.com/cmmc-model-assessment-guide-to-get-tweaks-after-feedback-from-industry/

 

By

Industry persuades DISA to change market research approach for cloud acquisition

The IT Industry Council, the Alliance for Digital Innovation and the Internet Association wrote to DISA questioning its decision to limit RFI responses to its cloud computing program support office acquisition.

Once again the federal technology community was left flabbergasted and wondering “why?” from a decision by the Defense Department around cloud computing.

This time it’s the Defense Information Systems Agency, which — until it suddenly changed its mind late on Friday — had made a decision that left us all questioning the initial rationale behind yet another cloud acquisition program.

DISA, which receives mostly high marks from industry for its inclusiveness and openness to innovation, decided to do the exact opposite. It initially wanted to limit responses to a request for information for a cloud program office only to 14 large and 23 small vendors on its Systems Engineering, Technology, and Innovation (SETI) vehicle.

But pressure by three industry associations and other experts convinced DISA to change its mind and let other companies beyond those 37 submit RFI responses.

“We appreciate DISA’s swift response and resolution,” said Megan Petersen, ITI’s senior director of policy, public sector and counsel, in a statement to Federal News Network. “We look forward to submitting comments to this important effort on behalf of ITI’s members. We encourage DISA to provide additional opportunities for ITI and the broader tech industry to share perspectives on buying cloud and other innovative technologies.”

Keep reading this article at: https://federalnewsnetwork.com/reporters-notebook-jason-miller/2021/02/industry-persuades-disa-to-change-market-research-approach-for-cloud-acquisition/

By

Comments on government supply chain rule push for better definitions and more time

Industry groups and other comments highlight the difficulty of complying with a provision of last year’s defense authorization act that requires the removal of products from companies including Huawei and ZTE. 

The broad, ambiguous language of Congressionally-mandated rule for government contractors to remove products and services from companies that pose threats to national security is complicating implementation, according to public comments.

The comment period for the interim Federal Acquisition Rule implementing Part B of Section 889 — a provision of the 2019 National Defense Authorization Act — closed last week, and the more than 30 comments submitted raise questions related to fundamental compliance issues.

While in general, commenters agree with the rule’s intent, groups representing industry, including the National Defense Industrial Association, BSA | The Software Alliance, the Coalition for Government Procurement and the Internet Association submitted detailed letters to Regulations.gov outlining compliance challenges.  Nearly all asked for extended timelines for implementation and better definitions for key terms and phrases used in the regulation.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2020/09/comments-government-supply-chain-rule-push-better-definitions-and-more-time/168460/

By

Are meetings with industry actually accelerating military acquisitions?

Military leaders say they are determined to find faster ways to buy cutting-edge technologies.

“We can’t afford to spend seven years thinking about a requirement,” Army Undersecretary Ryan D. McCarthy said during a 2018 visit to Fort Belvoir, Virginia.

“If it is going to take that long, you are probably not going to get it. So, we need to get these capabilities sooner.”

To that end, the Department of Defense has increased the number of engagements with industry, launched alternative contracting vehicles, and taken other steps to streamline innovation more effectively. Industry officials are often clamoring for that interaction, but some say the Pentagon’s efforts are beginning to bear fruit.

One area where those changes are most visible has been in the Army’s modernization of its battlefield network. David Huisenga, president and chief executive at Klas Telecom Government, said he has noticed a marked difference in the quality and quantity of engagements between industry and the Department of Defense.

Keep reading this article at: https://www.c4isrnet.com/industry/2019/09/19/are-meetings-with-industry-actually-accelerating-military-acquisitions/

Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter