Contractors had their doubts when the General Services Administration sun-setted FedBizOpps, the dated web site where agencies listed federal opportunities. The General Services Administration replaced it with a system called Beta.Sam.gov. According to Alan Chvotkin, executive vice president and counsel at the Professional Services Council, contractors are finding the new system isn’t much better than the old, and in some ways worse. He explained on Federal Drive with Tom Temin.
Insight by Carahsoft: This exclusive e-book demonstrates just how far agencies have come and where they still need to go to take fully advantage of DevSecOps to drive modern capabilities to their customers.
Tom Temin: Alan, you have really let the GSA know on behalf your members, big problems with, I guess maybe the word Beta is what it’s all about. Tell us what you found.
Alan Chvotkin: This has been an ongoing issue. Beta.sam.gov is a broader initiative that the General Service Administration has to move from nine separate databases and log in sessions to single Consolidated federal government website. And several systems have already transitioned over to this new site. It’s a beta site because they haven’t gone live with all of them, so it’s still in test. But the most recent one was the transition, the Federal Business Opportunities website, a standalone where all federal agencies were required to post their notices of upcoming procurements to that site. And vendors rely on it heavily for that. This morning we’ll be releasing our letter that I sent two GSA commissioner Dunn on the challenges to date with the multiple portals transitioning over to Beta.sam.gov, most notably focusing as you said on the dissolution of this fed biz ops portal. What we found is some of the functionality, was not carried over. We knew that GSA was very public about what they were and were not transitioning, but even still some of the early bumps in the road and still existed several months now, two months now into that transition. So we thought it important on behalf of our members to share that information with GSA. We’ll release that letter today, and I hope that it will highlight the need for some significant changes to the platform to make it both valuable to the agencies and critical for the user community.
Tom Temin: Many of the complaints that your small business users have, if anyone knows anything about this, they sound like, in a practical sense, real barriers to business. For example, pages timeout, and when you go back a page or something, you have to reset all of your credentials. No place of performance awards. Searches in place of performance is really important for a small business. Also, you can’t search by NIAC s codes. And so on a lot of really practical issues here.
Alan Chvotkin: That’s exactly what we’ve raised, really the practical issues around this transition and the importance of establishing a robust platform. The existing Fedbizopps wasn’t perfect. But it had been in place for a long time, and companies became very comfortable with that. Maybe the the most significant of changes is the difficulty in maintaining searches. Many companies put in search criteria. They want to look for business opportunities from a particular agency, a particular type of work that they’re engaged in. Ah, and let the machines do the work. This one is a little less valuable. You can’t save prior searches that prior to the transition from Fedbizopps, so any number of issues. Lord knows I’m not a website developer, and I can imagine the degree of difficulty in making this work. But these are critical user friendly issues. We’ve already seen one or two agencies like the Federal Aviation Administration, which has said that it is not going to use Fedbizopps. It’s not going to use the new log in at Beta.sam.gov. until some of these functionalities could be fixed. It’s just not suitable for that agency. And so if agencies aren’t playing, if companies can’t play, it really makes that difficult in the situation for everybody in the procurement process.
Tom Temin: Yeah, if each agency that is unsatisfied with the Sam system than goes to its own way of listing opportunities, we’re back to the ancient days of searching agency by agency, by agency.
Alan Chvotkin: It is indeed, and again GSA knows about these, there’s no surprises. I don’t think anything that we’ve raised in our letter should come as a surprise. But nevertheless, I thought it important to raise it specifically so that they had the specific information that our member companies provided and the analysis that we provided to help them improve the site. I’m confident they will.
Tom Temin: I love the comment one of your members sent in that says if this had the same notoriety as healthcare.gov. People would have been fired. That really stings.
Alan Chvotkin: It does. I debated whether to leave that comment in, but that’s how our member felt. Some said, just go back and undo this. So again it was trying to convey the frustration that a member company has had and the importance of an early and timely fix to the site.
Tom Temin: also the CMMC version 1.0 came out the standard for contractors to have in cybersecurity to be able to keep doing business with DoD. Just a few weeks ago they were 0.7, 0.8, now version 1.0 live is out. It’s been out for about a week. What’s the assessment so far?
Alan Chvotkin: Well, first of all, the compliments to DoD. They promised to have something out by the end of January, and they did. This is the first final version of this cyber security standard that they’ve issued. It’ll be a work in process, no doubt. But the early results are that they’ve made continuous improvements in each of the iterations. But there are still many questions that are gonna come. Even with the achievement of this milestone, there are other key dates ahead, most significantly, the entering into a memorandum of understanding with the accreditation body of private sector organization that’s being stood up to implement the standard and conduct the certifications that are required. So there’s the Government Accountability Office would frequently say, great progress made, but more work to be done.
Tom Temin: That set of creditors, that’s really key, because you could have a situation like Fed Ramp where there’s also an accreditation system. And if the demand goes up highly on the part of contractors to get certified, then you really have to have that apparatus in place to fulfill the demand, or else you’ve got backlogs.
Alan Chvotkin: Absolutely right. And in fact, DoD has said that they expect every company to have certification under the CMMC program, even if it’s only to level one. There were five levels under the CMMC standard. One being basic, five being the most sophisticated. So even though there’s no data to be protected specifically, the department is expecting all 300 plus companies that work in the defense industrial base to have a certification. So the capacity, the capability for assessing companies and issue certifications, what training is needed for the DoD program, for its own contracting officers and for the industry. All of those are incredible requirements and key next steps to be watching over the next couple of weeks as the CMMC process moves on.
Tom Temin: Do you possibly anticipate, say, some sort of a mentor program on the part of large contractors to help their subs along?
Alan Chvotkin: I would expect so. There’s times you’re gonna have interest in making sure that their subcontractors have the appropriate levels of certification. While there’s not a lot of additional information out there, I’m confident I know that some companies have already done so. This is while the CMMC standard itself is new, requirement that companies have a robust cybersecurity program is not. There’s been a DoD regulation in place for several years that has required companies to comply with the National Institutes of Standards. It’s been voluntary and under the CMMC program, now it moves from a self certification to a third party validation. So the requirement for cyber is not new. I hope companies aren’t starting at ground zero. But what will be new is the certification element.
Tom Temin: The budget 2021 proposal has been out for about a day now. I’m at page 676. Where are you so far?
Alan Chvotkin: Well, you’re ahead of me. I’ve gotten through the summary and have continued to work through it. For a trillion dollar budget, it’s got a lot of critical information. The good news it came out on time. Every budget, every administration budget reflects the president’s priorities. So this one does as well. We have in place a budget cap for the coming federal fiscal year that starts October 1st. And now it’s just reconciling those budget cap numbers. With the president’s budget and the key priorities that he’s laid out in that budget. There’ll be lots of attention and I look forward to an opportunity to talk about it in the future.
Tom Temin: Alan Chvotkin is executive vice president and counsel at the Professional Services Council. As always, thanks so much.
Alan Chvotkin: My pleasure