General Services
Administration
GSA to Include CMMC Requirements at Order Level
The General Services Administration will implement Cybersecurity Maturity Model Certification standards at the order level, a top acquisition official said.
Keith Nakasone, deputy assistant commissioner for acquisition in GSA’s Office of the Information Technology Category, said the specific language from the five CMMC levels will not be focused on at the contract level, FedScoop reported Wednesday.
“Not every single system is equal. So we have to have the flexibility in the contracts to deliver the acquisition solutions,” Nakasone said during an AFFIRM event.
In July 2020, GSA included CMMC cybersecurity standards in the $50 billion Streamlined Technology Application Resource for Services III government-wide acquisition contract. The move preceded DOD’s launch of the CMMC program itself.
He said GWACs with order-specific requirements will help the GSA manage both individual acquisitions and the wider acquisition framework.
Nakasone has since announced that the GSA will continue to implement CMMC-level cybersecurity and information control requirements in large acquisition vehicles.
GSA is currently working to include CMMC language in Polaris, a small business GWAC aimed at connecting customer agencies with IT service providers.
Nextgov reported that GSA continues to hold regular meetings to address how the contract can be used to support both contracting officers and DOD partners.
GSA said it is also accounting for the National Institute of Standards and Technology’s Special Publication 800-171, which requires federal agencies to enhance their protection for controlled unclassified information.
SP 800-172, which as published in light of the SolarWinds hack, offers security controls aimed at helping agencies make their systems more resistant to malicious actors, improving threat detection and damage mitigation capabilities and ensuring recovery from cyber attacks.
Category: Federal Civilian
Tags: CMMC Controlled Unclassified Information cybersecurity Cybersecurity Maturity Model Certification federal civilian FedScoop General Services Administration GSA GWAC information technology Keith Nakasone Nextgov Polaris SolarWinds SP 800-171 STARS II
