Government Contracting Blog

Cybersecurity is not a new term or concept in the federal government, but we are seeing changes in the way the government plans to address it. The White House recently released a new National Cyber Strategy (NCS), marking the first major cyber policy update of Trump’s second term. With an increase on cyberattacks in recent years and our supply chain remaining vulnerable, the 2026 strategy is set out to be assertive and proactive in nature. This will definitely bring shift priorities in the federal government, and subsequently the world of procurement.

The General Services Administration (GSA) is working on consolidating the certification framework for cloud service providers who are new to the FedRAMP Program. Right now, a full traditional security assessment and review is expensive and cumbersome for the government and creates barriers for cloud service providers looking to get FedRAMP certified. The goal is to reduce the initial review burden with consolidated rules that are anticipated to be published by the end of June 2026, and retire the FedRAMP Ready designation program. If you offer cloud services and are currently doing business with the federal government, or plan to in the future, read on to learn more about these changes.

Earlier this year, GSA released cybersecurity requirements that mimic the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC). The “IT Security Procedural Guide”, or more formally known as CIO-IT Security 21-112, establishes a new framework of security requirements and privacy controls for contractors who deal with Controlled Unclassified Information (CUI) in nonfederal systems. Since this requirement was rolled out quickly and quietly without a formal announcement, some contractors may not be aware of the change. You may be wondering if this applies to your company or affects your contract. We’ll cover everything you need to know below.

Government purchasers frequently utilize the GSA Multiple Award Schedule (MAS) Program to procure innovative Information Technology (IT) products and services that are available commercially from contractors. State and local governments, educational institutions, and other entities can also be eligible to purchase from GSA Schedule contractors’ IT offerings through the Cooperative Purchasing Program.

The Department of Defense (DoD) is going to begin implementing Cybersecurity Maturity Model Certification (CMMC) into solicitations and contracts starting Monday, November 10, 2025. Almost a year after the CMMC Final Rule went into effect, the DoD published a Final Rule amending the Defense Federal Acquisition Regulation (DFARS) to allow CMMC to be added to contracts. If you’re not ready yet, don’t panic—just like the CMMC process has taught us so far, the implementation isn’t going to be speedy. On November 10, the DoD will begin Phase 1, which includes CMMC Level 1 and Level 2 self-assessments. Will this impact you? Read on to learn more.

Cybersecurity scams are on the rise, and they aren't as simple as the infamous gift cards for your boss gimmick. Bad actors have become more skilled in their phishing and hacking, making it more important than ever to have a strong cybersecurity posture. As a government contractor, you inevitably deal with sensitive government information, data, and software, so there are certain government regulations you have to follow to defend against compromising your network.