Cyber

GSA's next-gen IT contract will have CMMC requirements

Another of the General Services Administration's emerging next-generation IT acquisition contracts will contain the Defense Department's Cybersecurity Maturity Model Certification requirements, according to agency officials.

GSA's developing Polaris small business governmentwide contracting vehicle, that will eventually replace the canceled Alliant 2 Small Business contract, will include CMMC requirements, said Carlton Shufflebarger, acting director of GSA's Office of Information Technology Category in remarks during an Oct. 28 AFCEA Northern Virginia chapter webcast.

The agency has already folded CMMC language into its 8(a) Streamlined Technology Application Resource for Services (STARS) III request for proposals. The clause could require small business contractors chosen for the new vehicle to adhere to CMMC.

"With technologies like 5G being rapidly implemented over the next few years, there will be many more internet-connected devices which will make our security posture even more important. Cybersecurity is at the forefront of federal IT implementations, it's becoming everyone's responsibility," Shufflebarger said.

"We see CMMC as another tool in the toolkit and worked it into the STARS III solicitation. DOD is one of our most valued customers. We place great importance and priority on meeting their needs. So we wanted to insure that our contracts meet DOD's needs today and in the future, as well as other agencies," he added.

Incorporating new cybersecurity and supply chain risk management requirements is also a priority for GSA's Polaris, said Lee Tittle, program lead in the GSA's Office of IT Category's Small Business Acquisition Division during the event.

Supply chain risk management and CMMC being "baked into" Polaris "is definitely a given," said Tittle.

Tittle listed some other priorities for the emerging Polaris small business IT contract.

"First and foremost, we want to expand the industry partner base," he said. Although the agency has emphasized the contract would include woman-owned and HUBZone small businesses, Tittle said it would not be limited to those specific set of firms.

"We want to increase IT modernization opportunities" for agencies with the contract's scope. Tittle pointed to a request for information posted on the agency's Polaris Interact page for more information on how it might expand technologies offered on the vehicle.

The RFI responses close on Fri, Oct. 30.

GSA posted the RFI, which is in questionnaire form, in mid-October asking for industry feedback. The questions ask vendors about their experience with a host of new and emerging technologies including blockchain, AI, 5G implementation, augmented reality and more.

The draft RFP for Polaris will most likely come out in December, said Tittle. The draft will define the contract's scope even further and dictate the schedule when the final RFP will be issued, he said.

This article first appeared on FCW, a Defense Systems partner site. 

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


Defense Systems Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.