Take a moment to think about all the sensitive information the United States federal government has access to: tax returns, Social Security numbers, medical information. Handling this trove of data makes cybersecurity perhaps more important for the federal government than any other entity. Recognizing this, the federal government has created programs like CMMC and FedRAMP.

A lot of GSA Schedule contractors think they can only sell their products and services to the federal government, but did you know you can sell to state, local, educational, and tribal entities too? Under certain state and local programs, you can offer the same products and services you sell to these entities, greatly expanding the marketplace for your company. One of the most widely used programs is Cooperative Purchasing, which applies to IT and Security and Protections contractors.

Information Technology (IT) modernization in the federal government has been on the rise for several years, and there's no slowing down in sight. It's safe to say that IT modernization has become a top priority in federal procurement, even with the change in administrations.

The GSA Multiple Award Schedule (MAS) allows contractors to sell their products or services to the federal government through specific Special Item Numbers (SINs) that align with their commercial business practices. If your business offers Information Technology (IT) software, products, or professional services, there are multiple SINs that could be applicable to your GSA MAS offer within the IT Category. However, most IT SINs require offerors to follow instructions, prepare supporting documents, and draft technical narratives beyond the standard requirements. For example, to have the Highly Adaptive Cybersecurity Services (HACS) SIN awarded, offerors must submit two supporting technical narratives demonstrating past performance, pass an oral technical evaluation, adhere to National Institute of Standards and Technology (NIST) standards, and more.

In order to safeguard national security, and protect sensitive information, the federal government has procurement restrictions regarding Information Technology (IT) services and products. Any company that sells IT goods or services to the federal government must abide by these requirements, including GSA Multiple Award Schedule (MAS) contract holders. These procurement regulations are fast-evolving compared to other facets of government acquisition because of the shifting nature of technology and cyber threats. There are some buzzwords floating around that you may have heard of, such as “covered telecommunications” and “C-SCRM.”

Contractors need to keep a lookout for new cybersecurity regulations or requirements when completing work for federally funded contracts. If you’ve heard of the newly proposed CUI rule submitted by the Federal Acquisition Regulation (FAR) Council earlier this year, it’s aimed at standardizing the handling of Controlled Unclassified Information (CUI). This proposed rule was created to enhance the integrity and security of federal contracting processes by establishing uniform requirements across agencies for safeguarding CUI.