The Defense Logistics Agency is including NIST 800-171 compliance, a precursor to CMMC requirements, to its automated contracting cybersecurity verifications.
Defense contractors aren’t the only ones preparing for the launch of the Cybersecurity Maturity Model Certification 2.0. The Defense Logistics Agency is in the process of automating some of its contracting systems, including verifying a contractor’s compliance with the National Institutes of Standards and Technology’s Special Publication 800-171. This is a step in the direction of implementing the new CMMC proposed rule, released last month, which would incorporate CMMC requirements into contracts and solicitations once finalized.
“We’re gearing up as we speak to implement that into our processes as well as our automated program to assess the cybersecurity processes or practices, I would say, of our vendors,” said Jajuan Evans, systems procurement analyst for DLA, on Federal Monthly Insights — Contract Management Modernization. “NIST is the precursor. So we are in a position now where we validate that a vendor is covered by a NIST assessment if they’re going to have access to unclassified data or covered defense information. And then it’s going to be an overlap where we start to update our systems to implement CMMC.”
Evans said DLA analyzes risk in relation to vendors and the item being purchased, in relation to the price quoted for that item. That’s part of the supplier performance risk system, DLA’s authoritative source for vendor performance. As the supplier performance risk system lead for the DLA enterprise, Evans said he’s been involved specifically in tying certain cybersecurity assessments into that system, allowing DoD to access the system security plans of vendors who use controlled unclassified information or covered Defense information. DLA’s efforts to increase the use of automation in their contracting system include using that information to asses a supplier’s risk and quality score as a necessary validation before making an award.
DLA already uses an extensive amount of automation in its contracting system, Evans said, as part of a recent push to improve contracting efficiency.
“Over the last few years, we really made a push to automate processes where we can. We already have a really robust automated solicitation program that, without any manual intervention, publicizes solicitations, requests for quotes, as well as an automated award program that will award procurements that meet certain criteria automatically,” Evans told the Federal Drive with Tom Temin. “So really reducing that need for manual intervention or for a contracting officer to make that award decision. We’re also leveraging new technology to improve contracting efficiency.”
That includes the use of robotic process automation, he said, to free up contracting professionals from repetitive tasks. For example, DLA created a “master solicitation” — a 12-to-15 page master list of clauses and provisions that apply to solicitations. Automated solicitations then refer back to the latest revision of that document, so that vendors can refer to that document, determine what applies to them and their particular proposal, and ensure they’re in compliance.
Evans said there’s a bit of a learning curve for new contractors working with the federal government, but with a little time and investment, they’re able to learn it and use it effectively.
That’s not to say every contract goes through this automated process; Evans said some more critical solicitations still require manual assembly by a contracting officer. In those cases, it’s incumbent upon the contracting officer to manually include the required provisions.
“So the goal is to leverage that capability as much as possible where it makes sense,” Evans said. “And then for more complex contract actions, we’ll lean on the acquisition specialist or the contracting officer to create those.”
Similarly, DLA is using an automated system to make awards in certain cases, where it determines the product is an correct fit and within pricing parameters. In other instances, however, it will flag an award for manual review. For example, it would do so if a contractor objected to a specific term.
DLA has implemented all of this automation as part of a larger effort to reduce procurement acquisition lead time. DLA tracks time-to-award in on-time deliveries. Acquisition specialists and contracting officers have certain metrics they’re required to meet, like specific solicitation or award times. This helps DLA identify and address bottlenecks in the acquisition process.
“At the end of the day, our goal is to provide that item or that service to our customers, to the warfighter, where it needs to be, when it needs to be there,” Evans said.
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Daisy Thornton is Federal News Network’s digital managing editor. In addition to her editing responsibilities, she covers federal management, workforce and technology issues. She is also the commentary editor; email her your letters to the editor and pitches for contributed bylines.
Follow @dthorntonWFED