Georgia Tech Procurement Assistance Center

  • Home
  • About Us
  • Training
    • Class Registration
    • On-demand Training
    • GTPAC COVID-19 Resource Page
    • Cybersecurity
    • Veterans Verification Video
    • GTPAC Community
    • Other Training Audio & Video
  • Useful Links
  • Team Directory
    • Albany Counselor
    • Atlanta Counselors
    • Augusta Counselor
    • Carrollton Counselor
    • Columbus Counselor
    • Gainesville Counselor
    • Savannah Counselor
    • Warner Robins Counselor
  • Directions
    • Atlanta – Training Facility
    • Atlanta – Office
    • Albany
    • Augusta
    • Carrollton
    • Columbus
    • Gainesville
    • Savannah
    • Warner Robins
  • COVID-19
  • New Client Application
  • Contact Us

CMMC reciprocity in sight for 2021

March 1, 2021 By Andrew Smith

The Defense Department is still figuring out how to save contractors money with its unified cybersecurity standard by authorizing reciprocity for multiple government certification programs, but an answer could come by the end of the 2021 fiscal year.

One of the key pledges DOD needs to fulfill for its Cybersecurity Maturity Model Certification program is building on work contractors have already done to meet security requirements for programs like the Federal Risk and Authorization Management Program (FedRAMP).

Stacy Bostjanick, CMMC’s director at the Defense Department’s Office of the Undersecretary of Defense for Acquisition and Sustainment, said a team is working with the General Services Administration and DOD to align the requirements, methodologies, and levels of the two programs.

“FedRAMP allows for [plans of action and milestones] and CMMC does not,” Bostjanick said Feb. 10 during an AFCEA NOVA event on IT and the intelligence community.  “You’ve either got it or you don’t.”

Continue reading at:  FCW

Filed Under: Contracting News Tagged With: certification reciprocity, CMMC, FedRAMP

Small businesses struggle to climb the FedRAMP

July 17, 2019 By Andrew Smith

Small businesses need lawmakers to ease barriers to product authorization through the Federal Risk and Authorization Management Program, according to industry and federal CIOs speaking before Congress.

FedRAMP is the entity charged with evaluating security and authorizing cloud products.  During a House Subcommittee on Government Operations hearing on the program, CIOs noted challenges for small business in getting offerings approved, such as a lack of transparency with the length of the process and cost.

Or some don’t know it exists it all.

“A lot of small businesses are unaware of the process itself, the security requirements that we have,” said Anil Cheriyan, the director of technology transformation services at the General Services Administration.

It took 20 months for Virtru, a small data protection start-up, to get its product FedRAMP authorized for a federal agency to use, according to testimony from Virtru’s CTO Will Ackerly.  From the beginning, he said, “it was also unclear upon entering the process how long it would take.”  The process cost the company $1.6 million, he told lawmakers.

Entering the FedRAMP approval process can be a “high-risk decision for most small companies” because of the cost “when combined with unknown timelines,” he said.

Looking back, Ackerly said that if his company hadn’t received an agency sponsorship to go through the FedRAMP process, it may not have made it through.

Continue reading at:  Federal Times

Filed Under: Contracting Tips Tagged With: FedRAMP, GSA, small business

Impact of FedRAMP for Small Businesses

February 7, 2018 By Andrew Smith

Did you know that over 30% of FedRAMP Cloud Service Providers (CSPs) are small businesses?  When this statistic is shared across industry and the federal community, people are quite surprised — and pleased!  Since small businesses represent an essential component of FedRAMP, organizers of the program realized it was essential to engage directly with the small business community to gather feedback to improve the program.

The convenor of FedRAMP, the General Services Administration (GSA), recently reached out to more than 40 small businesses engaged with FedRAMP to hear their feedback, learn about their experience with FedRAMP, and gather best practices to share across the small business CSP community. These CSPs spanned all stages of the FedRAMP process: In-Process, Ready, and Authorized.

From these meetings, GSA learned that most of the best practices for achieving a FedRAMP ATO are the same for both large and small CSP. For example:

  • Be prepared and utilize the Readiness Assessment Report,
  • Engage early and often with the FedRAMP PMO, and
  • Know the ins and outs of your system.

However, there were three unique differences that small businesses who have made it through FedRAMP repeatedly told us during our interviews:

Bigger Impact to Resources – But More Agile Teams

Pursuing and maintaining a FedRAMP Authority to Operate (ATO) proportionally requires more resources for a small business, requiring a team with specialized skillsets and costs associated with hiring a Third Party Assessment Organization (3PAO). As a result, staff often wear multiple hats and blend several duties into their role. This requires monitoring resource allocation carefully. Yet, the organizational structure of small businesses may provide some advantages. For example, teams don’t operate in silos and CSPs don’t have to navigate bureaucracy. With more centralized decision making and fewer layers of management, the process can go faster.

Levels Playing Field During Acquisition

Additionally, having a FedRAMP Authorization levels the playing field for acquisitions, as some Federal Agencies choose to require a FedRAMP ATO in their competitive procurement process.

Increased Security

Finally, being FedRAMP-Authorized can enhance the company’s internal security processes and rigor across all their products — not just those that are authorized — creating higher and more rigorous security standards for all systems and increasing system maturity.

The governance of FedRAMP is comprised of different executive branch entities that work in a collaborative manner to develop, manage, and operate the program.

Source: https://www.fedramp.gov/impact-of-fedramp-for-small-businesses/

Filed Under: Contracting News Tagged With: cloud, FedRAMP, small business

GSA holding technology industry day Sept. 8th

August 31, 2016 By Andrew Smith

On September 8, the General Services Administration (GSA) is hosting its very first Technology Industry Day.  Participating vendors will get an opportunity to learn about how GSA is transforming technology in the federal government, see demos of products and solutions developed by technologists and, last but not least, provide feedback on how GSA can work better with industry.

The event will be held at GSA headquarters located at 1800 F St., NW, Washington, DC 20405, and the event also will be accessible remotely.

On-site registration will close on September 5, 2016, and remote registration will close on the day of the event.

Below are a few projects to be featured and registration details:

Agile BPA
  • The Agile Blanket Purchase Agreement allows innovation in procurement, lessens the burden on industry and solves problems in a user-centered approach. A great example is the work with the FedRAMP program management office at GSA, the first client to use the Agile BPA. We helped the FedRAMP office hire an agile vendor to implement human-centered design and build a public-facing dashboard about cloud authorizations.
Micropurchasing
  • Micropurchasing is a process is where the federal government makes small procurements to directly buy products and services, as long as the price does not exceed $3,500. Currently, we are using that process to buy small pieces of open source software and design through the Micro-purchase Marketplace. This process has allowed clients to add valuable features to their products through quick, inexpensive purchases.
Cloud.gov
  • Cloud.gov is a shared platform built for government that allows agencies to securely deploy systems to the cloud. It takes care of baseline security and scalability concerns and allows federal teams to focus on delivering quality products.
Agenda

GSA Tech Industry Day 09.08.2016

Registration

If you want to learn more, sign up to join GSA on September 8 for the first Technology Industry Day.

Filed Under: GTPAC News Tagged With: 18F, cloud, FedRAMP, GSA, industry day, micropurchase, technology

4 government contracting trends to watch in 2016

October 9, 2015 By Andrew Smith

Today’s times represent an ongoing shift in the federal services marketplace. The changes are broad and include shifts in technology; acquisition methods; and the economics of being a contractor with significant hurdles and barriers to success.  These market dynamics will play out over the coming months and years – here’s a rundown of the most significant of those changes now well underway.

1. Cloud Computing Continues to Absorb IT Services Opportunities
Federal agencies have moved beyond the 2010 Cloud-First mandate to adopt cloud computing, and have begun embracing the cloud to support their business and mission objectives.  Cloud computing represents a significant change to the way that the federal government had done business. Cloud computing permits the customer to spend less time managing complex IT resources and more time investing in core mission work.  Companies that have cloud-based offerings are winning significant business away from providers that have historically supported “in-house” solutions.

FedRamp opt outAn estimated $20 billion of the federal government’s $80 billion in IT spending is a potential target for migration to cloud computing solutions, according to the White House’s Federal Cloud Computing Strategy. The size and scope of cloud programs are becoming larger, driven in part by the success of smaller projects, and by the manifestation of supporting policies, including FedRAMP, a security “stamp of approval” that lets government agencies know a solution has an appropriate and detailed security plan in place. To date, 48 systems have been authorized FedRAMP compliant.  With the cost of a FedRAMP certification reaching as high as $300,000 and authorizations taking 9 to 15 months, gaining certification is a major commitment for any company.  As a result, many firms, especially small businesses, may be locked out of this segment of the market.

Read all 4 contracting trends to watch in 2016 at: http://www.washingtonexec.com/2015/10/guest-column-4-government-contracting-trends-to-watch-in-2016-by-mark-abel/

Filed Under: Contracting Tips Tagged With: cloud, contracting opportunities, FedRAMP, government trends, GSA Schedule, GWAC, IDIQ, IT, mentor-protege, multiple award contract, OASIS, service contracts, set-aside, small business, spending

Recent Posts

  • Podcast: Buy American executive order and recent changes
  • Podcast: Contractors say they’re seeing a resurgence of LPTA procurements
  • Reminder: If pricing is too high, VA “rule of two” might not apply
  • CPARS challenges: No appeals without contracting officer claim
  • GAO: In “best value” procurement agency has wide discretion to pay price premium

Popular Topics

8(a) abuse Army bid protest budget budget cuts certification construction contract awards contracting opportunities cybersecurity DoD DOJ False Claims Act FAR federal contracting federal contracts fraud GAO Georgia Tech government contracting government contract training government trends GSA GSA Schedule GTPAC HUBZone innovation IT Justice Dept. marketing NDAA OMB SBA SDVOSB set-aside small business small business goals spending subcontracting technology VA veteran owned business VOSB wosb

Contracting News

Podcast: Contractors say they’re seeing a resurgence of LPTA procurements

CPARS challenges: No appeals without contracting officer claim

GAO: In “best value” procurement agency has wide discretion to pay price premium

Contractor settles fraud claims related to 8(a) joint venture

Senator: Pandemic makes anti-fraud law more important than ever

Read More

Contracting Tips

Podcast: Buy American executive order and recent changes

Reminder: If pricing is too high, VA “rule of two” might not apply

Startups should try to win city and school district contracts. Here’s why.

Surviving proposal weaknesses after discussions: what not to do

E-Verify records purge scheduled for May 14, 2021

Read More

GTPAC News

DLA hosting event March 10th with special emphasis on Women-Owned Small Businesses

Navy Office of Small Business Programs holding three events in March

SBA hosting conversations with contracting officers forum Feb. 25th

USACE seeks vaccination center construction support

GTPAC updates cybersecurity resource page to include CMMC guidance

Read More

Georgia Tech News

Future of 5G is under the microscope at Georgia incubator

Collective worm and robot “blobs” protect individuals, swarm together

The Partnership for Inclusive Innovation is now accepting applications for pilot programs

Georgia Tech will help manage DOE’s Savannah River National Laboratory

Dr. Abdallah testifies on U.S. competitiveness, research, STEM pipeline at Congressional hearing

Read More

  • SAM.gov registration is free, and help with SAM is free, too
APTAC RSS Twitter GTPAC - 30th Year of Service

Copyright © 2021 · Georgia Tech - Enterprise Innovation Institute