Government Contracting Blog

Information Technology (IT) modernization in the federal government has been on the rise for several years, and there's no slowing down in sight. It's safe to say that IT modernization remains a top priority, even across presidential administrations.

While often thought of as out of date in terms of its technology, the federal government spends billions on new information technology (IT) solutions and services each year in support of various legacy system modernization efforts, cybersecurity initiatives, and other technology-focused programs. The GSA Multiple Award Schedule (MAS) Program allows contractors to sell various commercial IT products and services to the federal government through its Information Technology Category, or Category F. For the 2025 government fiscal year (FY), the IT Category experienced over $26 billion in sales, demonstrating a highly competitive marketplace for IT services and products under GSA MAS.

Cybersecurity is not a new term or concept in the federal government, but we are seeing changes in the way the government plans to address it. The White House recently released a new National Cyber Strategy (NCS), marking the first major cyber policy update of Trump’s second term. With an increase on cyberattacks in recent years and our supply chain remaining vulnerable, the 2026 strategy is set out to be assertive and proactive in nature. This will definitely bring shift priorities in the federal government, and subsequently the world of procurement.

The General Services Administration (GSA) is working on consolidating the certification framework for cloud service providers who are new to the FedRAMP Program. Right now, a full traditional security assessment and review is expensive and cumbersome for the government and creates barriers for cloud service providers looking to get FedRAMP certified. The goal is to reduce the initial review burden with consolidated rules that are anticipated to be published by the end of June 2026, and retire the FedRAMP Ready designation program. If you offer cloud services and are currently doing business with the federal government, or plan to in the future, read on to learn more about these changes.

Earlier this year, GSA released cybersecurity requirements that mimic the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC). The “IT Security Procedural Guide”, or more formally known as CIO-IT Security 21-112, establishes a new framework of security requirements and privacy controls for contractors who deal with Controlled Unclassified Information (CUI) in nonfederal systems. Since this requirement was rolled out quickly and quietly without a formal announcement, some contractors may not be aware of the change. You may be wondering if this applies to your company or affects your contract. We’ll cover everything you need to know below.

Government purchasers frequently utilize the GSA Multiple Award Schedule (MAS) Program to procure innovative Information Technology (IT) products and services that are available commercially from contractors. State and local governments, educational institutions, and other entities can also be eligible to purchase from GSA Schedule contractors’ IT offerings through the Cooperative Purchasing Program.