GSA preps guidance for using CMMC in civilian contracts
The General Services Administration wants to get ahead with the training and education materials that contracting officers will need as Cybersecurity Maturity Model Certification requirements become standard.
NOTE: This article first appeared on FCW.com.
The General Services Administration wants to get ahead on training and education materials contracting officers will need as Cybersecurity Maturity Model Certification requirements become standard in government contracts.
Keith Nakasone, the GSA's deputy assistant commissioner for IT acquisition, said the agency is developing ordering guides for contracting officers who use government-wide acquisition contracts (GWACs).
"We know that training is going to be required as we go through this process with our Department of Defense partners," Nakasone said during an AFFIRM event on CMMC on Feb. 17. "So as we move forward, we want to present an ordering guide where we have created templates, some guidance in our ordering process [on] how to use the GSA contract."
Nakasone said that would raise awareness, starting with training GSA's own workforce and extending to DOD partners, to create a synchronized effort when using the GWAC.
GSA has already begun incorporating CMMC language, starting with the request for proposals in the Streamlined Technology Application Resource for Services (STARS) III. It's also drafting contract language, with CMMC requirements, for the Polaris small business government-wide contract vehicle, currently in the draft solicitation phase, that will replace the Alliant 2 Small Business contract.
Nakasone emphasized that CMMC requirements would be incorporated at the GWAC's order level to better address each system's needs. "Not every single system is equal, so we have to have the flexibility in the contracts to deliver the acquisition solutions," he said.
"If we can deliver government-wide acquisition contracts with order-specific requirements, we will be able to do a better job in not only managing the acquisitions but what we would also be able to manage is that framework; that ecosystem that's being built over time," Nakasone said, adding that GSA wants to show how the standards, regulations, and framework are being mapped together so they are malleable over time.
There's also a focus on synchronizing efforts with the Defense Department. GSA is "in very early discussions" with civilian agencies that have expressed interest in using CMMC in their contracts, Nakasone said, and "possibly pursue efforts alongside the Department of Defense."