One of the challenges for business development and proposal teams is making sure they are aware of the technical, schedule, and cost implications of complying with all regulatory requirements when they submit a response to a government request for proposal. This now includes the Cybersecurity Maturity Model Certification (CMMC) framework of processes and best practices the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) has recently developed.
The goal of the CMMC is to establish a standard foundation of information security the industrial base practices to stem the loss of intellectual property and other unclassified information. The DoD needs assurance that a contractor can adequately protect their intellectual property, proprietary information, technical information, and information systems from unauthorized disclosure or malicious attackers before they do business with that contractor.
Similar to other maturity models, the CMMC framework provides the DoD with the means to verify and certify a contractor has implemented the necessary processes and practices to achieve a defined level of cybersecurity capability. This has become critical for all of the unclassified data and systems in the defense industrial base (DIB) as a matter of economic and national security.
CMMC merges several cybersecurity control standards that have been in place for a number of years into a single standard that is more comprehensive and can be objectively verified. This includes the NIST Special Publication (SP) 800-171 , Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations referenced in the DFARS Clause 252.204-7012 , Safeguarding Covered Defense Information and Cyber Incident Reporting.
CMMC has broad implications for all contractors directly or indirectly doing business with the DoD or that want to do business with the DoD. It encompasses the entire multi-tiered supply chain including companies that provide commercial off the shelf (COTS) products and services. CMMC requires the defense industrial base to become certified once the CMMC is fully integrated into the DoD acquisition process.
The CMMC levels, descriptions, and 17 capability domains are illustrated below. This image is from the CMMC public briefing available on the OSD CMMC web site .
Proposal teams should be prepared to start seeing CMMC language in requests for proposals and requests for information. DoD’s intent is that by 2026, all new contracts will specify the level of CMMC certification that applies. Compliance will be enforced and mandatory for all contract awards.
That means contractors must be prepared to achieve a specific CMMC level that is commensurate with the level of information to be protected. Contractors must be certified by a CMMC Third Party Assessment Organization (C3PAO). As of September, 2020, the requirements for becoming an assessment organization haven’t been established. These requirements should begin to roll out in the coming months. For the latest information on approved CMMC Third Party Assessment Organizations, visit the CMMC Accreditation Body (AB) web site .
We are all learning the lexicon of information security and why it is critical to protect the industrial base against cyber-attacks. We also need to be aware of the potential for Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) “leakage” and how to mitigate it starting with the proposal phase of a contract.
The cost estimating and pricing data as well as the basis of estimate narrative information is proprietary or competition sensitive information. Since the RFP statement of work also includes technical requirements, the proposal response is likely to include other proprietary technical specifications, drawings, or other sensitive data.
As they develop their cost estimates, proposal teams need to be aware of:
This is where ProjStream’s BOEMax basis of estimate software can support access control cybersecurity initiatives and prevent information “leakage.” BOEMax is designed for proposal teams to organize their cost estimating, pricing, and basis of estimate narratives in a single, central database so they have better control of the proposal cost estimate data and who can access the data.
With BOEMax, proposal teams can:
Interested in seeing how BOEMax can simplify life for your proposal teams? Call us today to schedule a demo .
Updated September 25, 2020
友情链： im体育app下载安装|IM电竞体育赛事赛程在线|IM电竞体育推荐下注网址 | IM·体育直播官网_下载v0.6版_IM·体育数据最新赛事 | IM体育v7.2 安卓版-软件推荐-IM体育高清免费在线 | IM体育线上最新版观看-im体育赛事比分-IM体育app入口 | 2022im体育回放免费今晚_新版v7.9_2022im体育下注赛事 | im体育盘口软件-im体育app平台下载-im体育排榜结果最新 | IM体育开户注册_IM体育官网入口_im体育彩票app |