The Contracting Education Academy

Contracting Academy Logo
You are here: Home / Archives for industry feedback

By

CMMC model tweaks coming after industry feedback

The foundation of the Cybersecurity Maturity Model Certification (CMMC) — the Department of Defense’s new cyber requirements for contractors — will see some coming changes, its leaders recently said.

The DOD will make alterations to the highest level of the five-tier security model after receiving public comments on the recently issued CMMC Defense Federal Acquisition Regulation System rule.

The department issued an “interim final” rule in September instead of first issuing a proposed rule, which meant the rule took effect upon publication. But there was still a 60-day comment period for industry to weigh in. The Office of Management and Budget, which hosts the council overseeing acquisition rules, allowed for this because of “the threat to national security” embedded in supply chain vulnerabilities, Jessica Maxwell, a DoD spokeswoman said in a statement.

Keep reading this article at: https://www.fedscoop.com/cmmc-model-assessment-guide-to-get-tweaks-after-feedback-from-industry/

 

By

Industry persuades DISA to change market research approach for cloud acquisition

The IT Industry Council, the Alliance for Digital Innovation and the Internet Association wrote to DISA questioning its decision to limit RFI responses to its cloud computing program support office acquisition.

Once again the federal technology community was left flabbergasted and wondering “why?” from a decision by the Defense Department around cloud computing.

This time it’s the Defense Information Systems Agency, which — until it suddenly changed its mind late on Friday — had made a decision that left us all questioning the initial rationale behind yet another cloud acquisition program.

DISA, which receives mostly high marks from industry for its inclusiveness and openness to innovation, decided to do the exact opposite. It initially wanted to limit responses to a request for information for a cloud program office only to 14 large and 23 small vendors on its Systems Engineering, Technology, and Innovation (SETI) vehicle.

But pressure by three industry associations and other experts convinced DISA to change its mind and let other companies beyond those 37 submit RFI responses.

“We appreciate DISA’s swift response and resolution,” said Megan Petersen, ITI’s senior director of policy, public sector and counsel, in a statement to Federal News Network. “We look forward to submitting comments to this important effort on behalf of ITI’s members. We encourage DISA to provide additional opportunities for ITI and the broader tech industry to share perspectives on buying cloud and other innovative technologies.”

Keep reading this article at: https://federalnewsnetwork.com/reporters-notebook-jason-miller/2021/02/industry-persuades-disa-to-change-market-research-approach-for-cloud-acquisition/

By

Comments on government supply chain rule push for better definitions and more time

Industry groups and other comments highlight the difficulty of complying with a provision of last year’s defense authorization act that requires the removal of products from companies including Huawei and ZTE. 

The broad, ambiguous language of Congressionally-mandated rule for government contractors to remove products and services from companies that pose threats to national security is complicating implementation, according to public comments.

The comment period for the interim Federal Acquisition Rule implementing Part B of Section 889 — a provision of the 2019 National Defense Authorization Act — closed last week, and the more than 30 comments submitted raise questions related to fundamental compliance issues.

While in general, commenters agree with the rule’s intent, groups representing industry, including the National Defense Industrial Association, BSA | The Software Alliance, the Coalition for Government Procurement and the Internet Association submitted detailed letters to Regulations.gov outlining compliance challenges.  Nearly all asked for extended timelines for implementation and better definitions for key terms and phrases used in the regulation.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2020/09/comments-government-supply-chain-rule-push-better-definitions-and-more-time/168460/

By

Are meetings with industry actually accelerating military acquisitions?

Military leaders say they are determined to find faster ways to buy cutting-edge technologies.

“We can’t afford to spend seven years thinking about a requirement,” Army Undersecretary Ryan D. McCarthy said during a 2018 visit to Fort Belvoir, Virginia.

“If it is going to take that long, you are probably not going to get it. So, we need to get these capabilities sooner.”

To that end, the Department of Defense has increased the number of engagements with industry, launched alternative contracting vehicles, and taken other steps to streamline innovation more effectively. Industry officials are often clamoring for that interaction, but some say the Pentagon’s efforts are beginning to bear fruit.

One area where those changes are most visible has been in the Army’s modernization of its battlefield network. David Huisenga, president and chief executive at Klas Telecom Government, said he has noticed a marked difference in the quality and quantity of engagements between industry and the Department of Defense.

Keep reading this article at: https://www.c4isrnet.com/industry/2019/09/19/are-meetings-with-industry-actually-accelerating-military-acquisitions/

By

DoD will require vendor cybersecurity certifications by this time next year

The department released a draft maturity model and timeline for new certification requirements for all of the defense industrial base.

The government has stringent processes for verifying the IT products and services it uses comply with relevant cybersecurity standards, such as authorities to operate for cloud services and supply chain regulations for hardware products. But those standards and processes don’t cover the vendors.

For the Defense Department, this is a critical issue, as doing business with industry requires the department to share sensitive information, even at the earliest steps of the process.

The department has been kicking around the idea of creating a certification standard for defense industrial base companies to ensure vendors’ cybersecurity posture was adequate to handle controlled and classified information. That became an official effort in March, and on Sept. 4th the department released the first draft Cybersecurity Maturity Model Certification, or CMMC, outline for public comment.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2019/09/dod-will-require-vendor-cybersecurity-certifications-time-next-year/159702/

 

 

Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter