Government Contracting Blog

CMMC 2.0 is here—the Department of Defense (DoD) announced the revamped version of the Cybersecurity Maturity Model Certification (CMMC) on November 4, 2021. CMMC, a cybersecurity compliance program for defense contractors, is intended to verify that contractors are taking the appropriate cybersecurity practices and measures. Contractors in the Defense Industrial Base (DIB) have been following CMMC closely as it’s slowly being phased into notices, requirements, and solicitations.

In modern society, information and processes have become faster and simpler. Now you can order online ahead of time, pay as you shop for groceries, the list goes on. Thanks to technological advances, delayed gratification of many processes has become a thing of the past. If you’re an IT start-up looking to get on a GSA Schedule, luckily you have one more way to simplify getting what you want. Through GSA’s Information Technology (IT) Category Startup Springboard, all government agencies can have more access to the most up-to-date technology, and most importantly for prospective GSA contractors, you can submit a GSA Schedule proposal with fewer than 2 years of being in business.

We live in the digital era and as we have seen with the pandemic, more and more aspects of life are becoming digitized. This does not exclude our federal entities, so it’s imperative that our federal government is protected from the threats that come with the digital age. As a result, GSA created a HACS (Highly Adaptive Cybersecurity Services) SIN which is dedicated to preventing leaks and cyberattacks. Before an entity can obtain a HACS SIN, they must show that they are qualified to provide thorough and extensive cybersecurity. A main part of the qualification for the HACS SIN is determined by an Assessment Evaluation and Standardization (AES) High Value Asset (HVA) assessment. Let’s dive into the HVA assessment and what it entails.

If you are a government contractor serving the Department of Defense (DoD), then you are part of an elite group of organizations that make up the Defense Industrial Base (DIB). The Cybersecurity and Infrastructure Security Agency (CISA) estimates the DIB to be made up of more than “100,000 companies and subcontractors working under contract for the Department of Defense at any given time.” As part of the DIB, you are subject to the Cybersecurity Maturity Model Certification, or better known as CMMC. CMMC is a set of cybersecurity standards created to ensure the DIB and other relevant government contractors are properly protecting sensitive unclassified information.

If you are an Information Technology (IT) firm entering into the federal government marketplace, you will be introduced to a whole new world of terms that you were previously unfamiliar with. After taking advantage of some open market contracting opportunities, you may be encouraged by one of your Contracting Officers to get on a GWAC.

Since the Cybersecurity Maturity Model Certification (CMMC) was first announced in 2020, it has undergone several changes. As the Department of Defense (DoD) and other government agencies look to deploy CMMC within government contracting, they will continue to adapt the verification method so it’s more effective.