Government Contracting Blog

You may have been looking up at the sky recently to catch a glimpse of the rare "comet of the century", but this won't be the only comet returning this year—GSA has plans in Fiscal Year (FY) 2025 for COMET II, a multiple award Blanket Purchase Agreement (BPA) for IT modernization, transformation, and operations/maintenance. The current COMET vehicle, which stands for CIO Modernization and Enterprise Transformation, has awarded task orders totaling almost $1 billion, making it a great success for GSA and all contractors involved, especially when it comes to updating GSA’s legacy systems.

Cybersecurity is a constant priority in the IT government contracting space, with the government continually working to enhance cybersecurity practices as technology evolves. IT government contractors should be aware of both current and future cybersecurity regulations, so they can stay compliant now and in the future.

We've learned in the past few years that cybersecurity scams are on the rise, and they aren't as simple as the infamous gift cards for your boss gimmick. Bad actors have become more skilled in their phishing and hacking, making it more important than ever to have a strong cybersecurity posture. As a government contractor, you inevitably deal with sensitive government information, data, and software, so there are certain government regulations you have to follow to defend against compromising your network.

The day has arrived—after over 5 years of development and delays, the Department of Defense (DoD) has released the final rule for Cybersecurity Maturity Model Certification (CMMC). It was released for public comment earlier this week and officially published in the Federal Register on October 15. The rule will take effect on December 16, 2024, and will establish the CMMC program and process into law. Let’s dive into what this rule entails and the timeline for implementation so you can be prepared for this new requirement.

Another opportunity is on the horizon for GSA IT contractors. GSA has released the final draft solicitation for Pool 1 of their new Blanket Purchase Agreement (BPA) called Ascend. This contract vehicle will serve as a one-stop-shop for government customers to acquire secure cloud service offerings from GSA contractors. The first pool focuses on Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (Paas), and will be followed by 2 other pools geared toward Software-as-a-Service (SaaS) and and cloud-IT related professional services. Let’s breakdown this upcoming BPA and what it could mean for you as a GSA IT contractor.

If you’ve been following the CMMC journey since 2019, you’ll see that we’re one inch closer to seeing Cybersecurity Maturity Model Certification (CMMC) 2.0 requirements in defense contracts. If you haven’t, no worries, we’ll fill you in on what you need to know. Recently, the Department of Defense (DoD) released a draft rule that would implement CMMC into the acquisition process for defense contracts. Let’s talk about what this means for the future of CMMC and what the next steps are.