“Another factor in Polaris is its call out of the Cybersecurity Maturity Model Certification (CMMC) standards. While the GWAC doesn’t require CMMC certification, GSA is asking vendors to become accredited.
Keith Nakasone, the deputy assistant commissioner for IT Acquisition in FAS’ ITC, said at the recent ACT-IAC event that vendors must move from self-attestation to a more rigorous review of components and parts.
“We are embedding the language in the GWAC. The level of certification will come in at the order level, meaning vendors don’t have to be certified at the master contract level. It’s going to be based on the orders that come through the GWAC,” he said. “We included the CMMC language within the master level so it’s within scope. At the order level, agencies can add additional requirements for levels 1-5 depending on their mission requirements. We want to leave that flexibility in the mission program and learn over time alongside with the Defense Department.” Read the full article here.
Source: GSA kicks starts 2021 with an acquisition potpourri – By Jason Miller, January 12, 2021. Federal News Network.