Contractors need to keep a lookout for new cybersecurity regulations or requirements when completing work for federally funded contracts. If you’ve heard of the newly proposed CUI rule submitted by the Federal Acquisition Regulation (FAR) Council earlier this year, it’s aimed at standardizing the handling of Controlled Unclassified Information (CUI). This proposed rule was created to enhance the integrity and security of federal contracting processes by establishing uniform requirements across agencies for safeguarding CUI.

Contractors in the IT space, especially those offering cloud services, may be familiar with the Federal Risk and Authorization Management program, also known as FedRAMP. FedRAMP underwent a major change recently as the Emerging Technology Prioritization Framework was eliminated as part of an executive action from the Trump Administration. In this blog, we’ll go over what the framework was, why it was eliminated, and what this means for contractors going forward.

The rapid evolution of information technology has shaped virtually everything in today’s world, including how the federal government functions. For years, the government has lagged behind industry advancements for various reasons. As the Office of Management and Budget (OMB) puts it:

The government contracting landscape is full of acronyms. As a GSA Multiple Award Schedule (MAS) contractor ourselves, we know this new terminology can be a lot to make sense of, especially if you are going through the MAS acquisition process at the same time. However, with some time and dedication, you can start unravel the meaning behind these acronyms.

The day has arrived—after over 5 years of development and delays, the Department of Defense (DoD) has released the final rule for Cybersecurity Maturity Model Certification (CMMC). It was released for public comment in October, and went into effect on December 16, 2024, establishing the CMMC program and process into law. No updates were made during the public comment period. Let’s dive into what this rule entails and the timeline for implementation so you can be prepared for this new requirement.

You may have been looking up at the sky recently to catch a glimpse of the rare "comet of the century", but this won't be the only comet returning this year—GSA has plans in Fiscal Year (FY) 2025 for COMET II, a multiple award Blanket Purchase Agreement (BPA) for IT modernization, transformation, and operations/maintenance. The current COMET vehicle, which stands for CIO Modernization and Enterprise Transformation, has awarded task orders totaling almost $1 billion, making it a great success for GSA and all contractors involved, especially when it comes to updating GSA’s legacy systems.