The forthcoming Polaris contract is the second major vehicle to include the Defense Department’s Cybersecurity Maturity Model Certification requirements. The General Services Administration says it is because the Pentagon is one of its biggest customers.
Jim Williams, former Acting Administrator of GSA, believes these inclusions of the CMMC standards are indicative of their propagation across the government, even to the civilian side. “I think [GSA leaders] see this train as … going to apply to all civilian agencies, and I think this is a train that everybody better get on board, because it’s not going to be stopped,” he said on “Government Matters.”
The reason for this trend, according to Williams, is that data is becoming more and more a part of everything we do. All companies – large and small – should start paying attention to CMMC now, he advised.
Some vendors that only sell to civilian agencies and not the Defense Department may consider CMMC to be insignificant for them, but Williams said that’s not the case. Although there will be some contracts the requirements will not apply to, civilian agencies will look at CMMC as another tool to provide risk assurance that their data is protected.
Another change happening at GSA is the use of Section 876 authority to push pricing down at the task order level. Williams said he will be watching ASTRO and Polaris as well as the Schedules program, which is “a much bigger bottle of wax to attack.”
Williams also commented on the presidential election process, explaining that under the Presidential Transition Act of 1963, GSA has a leading role in the transition. The GSA administrator chooses and designates an “apparent successful winner” of the election in order to maximize the time before inauguration. Williams said that as acting administrator during the 2008 election, he had this responsibility and designated President Obama as the apparent successful winner.