The General Services Administration (“GSA”) is including language regarding cybersecurity requirements in requests for proposals relating to certain IT governmentwide acquisition contracts (“GWACs”). Certain requirements will be modeled on those the Department of Defense (“DoD”) is including in its contracts as part of the Cybersecurity Maturity Model Certification (“CMMC”) program.
The GSA confirmed recently that businesses preparing to submit proposals in response to two proposed GWACs (Polaris/Stars III) should expect to see Cybersecurity Maturity Model Certification (“CMMC”) level-specific requirements in certain subsequent orders issued against those contracts. Speaking at a recent event, Keith Nakasone, deputy assistant commissioner for IT acquisition at the GSA, explained that these new CMMC requirements will be incorporated at the order level rather than the contract level, in order to introduce flexibility in addressing unique needs and bolster an agile framework.
Continue reading at: JD Supra
A related article can be found at FCW: https://fcw.com/articles/2021/02/17/cmmc-gsa-gwacs-get-ready.aspx