Information Technology (IT) modernization in the federal government has been on the rise for several years, and there's no slowing down in sight. It's safe to say that IT modernization has become a top priority in federal procurement, even with the change in administrations.

The GSA Multiple Award Schedule (MAS) allows contractors to sell their products or services to the federal government through specific Special Item Numbers (SINs) that align with their commercial business practices. If your business offers Information Technology (IT) software, products, or professional services, there are multiple SINs that could be applicable to your GSA MAS offer within the IT Category. However, most IT SINs require offerors to follow instructions, prepare supporting documents, and draft technical narratives beyond the standard requirements. For example, to have the Highly Adaptive Cybersecurity Services (HACS) SIN awarded, offerors must submit two supporting technical narratives demonstrating past performance, pass an oral technical evaluation, adhere to National Institute of Standards and Technology (NIST) standards, and more.

In order to safeguard national security, and protect sensitive information, the federal government has procurement restrictions regarding Information Technology (IT) services and products. Any company that sells IT goods or services to the federal government must abide by these requirements, including GSA Multiple Award Schedule (MAS) contract holders. These procurement regulations are fast-evolving compared to other facets of government acquisition because of the shifting nature of technology and cyber threats. There are some buzzwords floating around that you may have heard of, such as “covered telecommunications” and “C-SCRM.”

Contractors need to keep a lookout for new cybersecurity regulations or requirements when completing work for federally funded contracts. If you’ve heard of the newly proposed CUI rule submitted by the Federal Acquisition Regulation (FAR) Council earlier this year, it’s aimed at standardizing the handling of Controlled Unclassified Information (CUI). This proposed rule was created to enhance the integrity and security of federal contracting processes by establishing uniform requirements across agencies for safeguarding CUI.

Contractors in the IT space, especially those offering cloud services, may be familiar with the Federal Risk and Authorization Management program, also known as FedRAMP. FedRAMP underwent a major change recently as the Emerging Technology Prioritization Framework was eliminated as part of an executive action from the Trump Administration. In this blog, we’ll go over what the framework was, why it was eliminated, and what this means for contractors going forward.

The rapid evolution of information technology has shaped virtually everything in today’s world, including how the federal government functions. For years, the government has lagged behind industry advancements for various reasons. As the Office of Management and Budget (OMB) puts it: