Keith Nakasone, deputy assistant commissioner for acquisition in the General Services Administration’s Office of IT Category, has clarified in a video interview that GSA will apply the Department of Defense’s Cybersecurity Maturity Model Certification requirements to governmentwide acquisition contract vehicles at the order level.
He told Government Matters host Francis Rose the agency’s master contracts will include CMMC language and civilian agencies will have the option to incorporate the program into their orders.
“It’s not a firm requirement within the governmentwide contracts, but it is available to be within scope,” Nakasone said.
Polaris is the GSA’s second procurement vehicle to employ CMMC requirements and will serve as a means for civilian and defense agencies to buy cloud computing and cybersecurity, software development, information technology operations and maintenance, data management and systems engineering services.
Nakasone noted in the interview that the agency is working with DoD and nonprofit organizations to facilitate program training and awareness.
GSA has only started to incorporate CMMC into its contracts and according to Nakasone, the agency will address concerns over the potential inclusion of the said security control in all GSA acquisition vehicles as the process moves along.
The Potomac Officers Club will host its Fall CMMC Forum on Nov. 17 to help organizations and companies prepare for CMMC by providing a platform where federal and industry leaders will talk about the requirements and priorities of implementing the certification.
Katie Arrington, chief information security officer in the Pentagon’s acquisition office and a 2020 Wash100 winner, will deliver a keynote speech at the virtual event and Alka Bhave, vice president of performance excellence at Perspecta (NYSE: PRSP), will moderate an expert panel.