As you may be aware, government agencies cannot make decisions on a whim. There are several rules, regulations, precedents, and processes that are put in place, so each decision is made carefully and methodically. This is especially true for federal procurement. Whenever a government agency has the need for a particular product or service, they often conduct market research to make sure they are surveying all the possibilities and finding the one that works the best for them. This doesn’t always mean the cheapest or the fastest, but these can be factors in determining what the best value is.

Since the Cybersecurity Maturity Model Certification (CMMC) was first announced in 2020, it has undergone several changes. As the Department of Defense (DoD) and other government agencies look to deploy CMMC within government contracting, they will continue to adapt the verification method so it’s more effective.

You might have heard the term “DFARS” come up a lot recently, especially with the federal government's initiatives to heighten cybersecurity and defense measures. But what is DFARS and how does it relate to GSA contractors? You’ll find it’s a very important set of regulations for you to follow and understand. DFARS stands for Defense Federal Acquisition Regulation Supplement. It’s managed by the Department of Defense (DoD) to supplement the Federal Acquisition Regulation (FAR). The defense supplement was launched to as a government effort to guard national security concerns from cybersecurity attacks.

Cybersecurity concerns can reach high levels of national security especially if they pertain to the federal government. Past data breaches like the recent SolarWinds hack have proven it’s important for the federal government to set cybersecurity standards for government contractors. One critical aspect of government networks is cloud services. In Fiscal Year 2020, federal agencies spent over $6 billion on cloud computing, making it an important part of federal procurement. All Cloud Service Providers selling to the federal government must meet proven security standards established through FedRAMP.

With over 11 million commercial products and services sold to government buyers, it’s clear the GSA Multiple Award Schedule (MAS) program is a great business opportunity for companies. What’s not so obvious though, is the other ways to sell through a GSA Schedule without acquiring your own contract. One of the ways to do this is partnering with an authorized GSA reseller.

The Cybersecurity Maturity Model Certification (CMMC), a new set of cybersecurity standards the Department of Defense (DoD) will be implementing on all their contracts, is included in the General Service Administration’s (GSA) $50 billion 8(a) STARS III Request for Proposal (RFP). 8(a) STARS III (Streamlined Technology Acquisition Resource for Services) is a multiple-award IDIQ contract set aside for small businesses that will give the federal government access to a wide range of information technology (IT) services-based solutions. Although STARS III isn’t a contract vehicle specific to the DoD, the DoD was one of the biggest buyers of STARS II, the predecessor to STARS III.