Government Contracting Blog

The General Services Administration (GSA) is working on consolidating the certification framework for cloud service providers who are new to the FedRAMP Program. Right now, a full traditional security assessment and review is expensive and cumbersome for the government and creates barriers for cloud service providers looking to get FedRAMP certified. The goal is to reduce the initial review burden with consolidated rules that are anticipated to be published by the end of June 2026, and retire the FedRAMP Ready designation program. If you offer cloud services and are currently doing business with the federal government, or plan to in the future, read on to learn more about these changes.

Earlier this year, GSA released cybersecurity requirements that mimic the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC). The “IT Security Procedural Guide”, or more formally known as CIO-IT Security 21-112, establishes a new framework of security requirements and privacy controls for contractors who deal with Controlled Unclassified Information (CUI) in nonfederal systems. Since this requirement was rolled out quickly and quietly without a formal announcement, some contractors may not be aware of the change. You may be wondering if this applies to your company or affects your contract. We’ll cover everything you need to know below.

Government purchasers frequently utilize the GSA Multiple Award Schedule (MAS) Program to procure innovative Information Technology (IT) products and services that are available commercially from contractors. State and local governments, educational institutions, and other entities can also be eligible to purchase from GSA Schedule contractors’ IT offerings through the Cooperative Purchasing Program.

The Department of Defense (DoD) is going to begin implementing Cybersecurity Maturity Model Certification (CMMC) into solicitations and contracts starting Monday, November 10, 2025. Almost a year after the CMMC Final Rule went into effect, the DoD published a Final Rule amending the Defense Federal Acquisition Regulation (DFARS) to allow CMMC to be added to contracts. If you’re not ready yet, don’t panic—just like the CMMC process has taught us so far, the implementation isn’t going to be speedy. On November 10, the DoD will begin Phase 1, which includes CMMC Level 1 and Level 2 self-assessments. Will this impact you? Read on to learn more.

Cybersecurity scams are on the rise, and they aren't as simple as the infamous gift cards for your boss gimmick. Bad actors have become more skilled in their phishing and hacking, making it more important than ever to have a strong cybersecurity posture. As a government contractor, you inevitably deal with sensitive government information, data, and software, so there are certain government regulations you have to follow to defend against compromising your network.

Last week, the Trump administration rolled out its long-awaited AI Action Plan, titled “Winning the Race: America’s AI Strategy.” The plan was released alongside a set of Executive Orders (EOs) that aim to reshape how the federal government regulates, buys, and uses Artificial Intelligence (AI). The plan includes three core pillars focused on accelerating AI innovation, building AI infrastructure, and removing current AI guardrails. This plan inevitably impacts government contractors, including current GSA Schedule contractors or companies looking to break into the federal market. So, what’s in the plan, and more importantly, what aspects of the plan should contractors be paying attention to? Let’s review the plan below.