Taking the first steps toward CMMC compliance

CohnReznick has published a very comprehensive article on the CMMC  and the impact to government contractors.

By: Bhavesh Vadhani, Kristen Soles, Ali Khraibani

If you’re a Defense Industrial Base (DIB) contractor, also known as a Department of Defense (DOD) contractor, you may need to address as many as 171 security practices to qualify for future government contracts, based on a new cybersecurity standard and maturity assessment established by the DOD. The Cybersecurity Maturity Model Certification (CMMC) will begin appearing in a limited set of Requests for Information (RFIs) and Requests for Proposals (RFPs) in late 2020. The time to ensure you have implemented all security practices will be here before you know it. You should take this time to get an understanding of the requirements needed for the type of contract your organization will pursue with the DOD.

Taking the first steps toward CMMC compliance


Written By: The Pulse of GovCon

In December, The Pulse put out our first FY18 Watch List (aka the BD Professional’s Cheat Sheet). Three months into the year, we thought your GovCon little black book (or pipeline, for you “professionals”) could use some updating!

As we all know, entering into a contract with the Government is just like dating. By that we mean you’re spending time and money on something you don’t totally understand. To help you meet your match, The Pulse has scoured the data and provided a summation of our analysis of those agencies that are worth “swiping right” for.

In the second take of our FY18 Watch List, The Pulse decided to focus on Federal agencies that could be viewed as the underdogs of the GovCon universe. Just because some aren’t on the top of the Appropriators “to-do list” doesn’t mean they aren’t important. These highlighted GovCon underdogs might come with some challenges, but if you put the work in you could find proportionate beneficial results from the following:

  • Department of Justice
  • Office of Secretary of Defense
  • Department of Transportation
  • Department of Treasury
  • Department of Education
  • Department of Interior
  • Department of Housing and Urban Development
  • Department of State

After you’re done scoping the field, make sure to collect your copy of The Pulse’s FY18 [Underdog] BD Watch List!


It’s been less than three months since our first FY18 SITREP, and the more things change the more they stay the same. The industry has been projecting a significant infusion of funding to result in a Government spending sprint once the FY18 Omnibus Appropriations Act is passed on or before March 23.  At this point in time, we do not anticipate the doom and gloom of a Government shutdown. Instead, we remain optimistic the Omnibus will pass. With all the angst associated with a possible shutdown, the industry had understandably gotten distracted from asking the right questions. Well, folks, it’s time to start asking again.

The real question is – will Congressional Appropriations go the way of the Administration’s FY18 and FY19 “cut-everything-non-defense-theme” proposed budgets, or will they choose their own path like they did in FY17? Your guess is as good as ours.

Either way, Federal appropriation experts project that major acquisition programs will likely see their programs funded within weeks. However, due to a bunch of red tape, decrease in federal workforce, and just a lack of direction in general, the majority of other programs and new initiatives will not see funding until the end of May at best. The result? The Government has four months to obligate FY18 funds. In all reality, this is no different than what we are all used to with end of the FY spending as we march towards October 1st.

As a rule of thumb, experts anticipate that ~45% of the FY18 Omnibus Appropriations (which is discretionary funding) will go to procurement/acquisition accounts (thanks for the math, NACA!).


We added a few more to our original FY18 contracting trends:

  • Other Transaction Authority (OTAs): It’s all about the OTAs, baby. Defense has been using them judiciously in order to ignore the imposition of a lot of FAR clauses.
  • Sole Source: J&As above the $22M threshold may be easier to justify as “in the best interests of the agency” because the agency must use all tools available to obligate their funding. They will have direct awards with values greater than those authorized for individually owned enterprises.
  • SB Goal Reaching: Socio-economic GovCons stand to gain traction in this environment as Federal agencies will still try to meet their SB goaling requirements.


Below is a breakdown of additions to the FY18 Watch List we compiled at the end of last year. As we all know, entering into a contract with the Government is just like dating. By that we mean you’re spending time and money on something you don’t totally understand. To help you meet your match, The Pulse has scoured the data and provided a summation of our analysis of those agencies that are worth “swiping right” for.


Deltek GovWinIQ projects that between FY17 – FY19 DOJ’s discretionary budget authority will decrease by almost 50%. But it’s not all bad news. DOJ’s contract spending has actually gone up 3.8% since FY16. President Trump’s FY19 proposed budget calls for discretionary savings to the tune of $12.5B removed from DOJ’s requested budget action, but that doesn’t mean that Appropriations is going to listen.

DOJ is undoubtedly going through some turbulent times, and their workforce remains thin, so we recommend to GovCon that when you approach, do so with care. Offer up your help, guidance, and an efficient way to solve their problems areas — they’ve been hurt before.


As we stated above in our SITREP, Defense in general will have to spend around $25 -$40B in the last four months of this FY.  However, the law mandates that the Pentagon cannot spend more than 20% of its money in the last two months of the FY. That means Congress, with the FY18 Omnibus Appropriations Act, must include language lifting these restrictions and granting flexibility to the Pentagon. Last week, top House defense appropriator’s outlined their options to extend Defense funding such as including language in the FY18 Omnibus, which would allow the Pentagon to fix its growing readiness crisis.

This “influx of money” problem will be interesting as SecDef is juggling a lot of change right now, and this could complicate the decision-making process for dollar allocation.

SecDef might just go through a bit of a mid-life crisis, so don’t be surprised if they up and buy that new Porsche just because they can.


How many infrastructure weeks have we had so far in this Administration? It’s no secret that the word “infrastructure” is on this Administration’s top 10 favorite word list, carrying big revenue implications for Federal, State, and local GovCons. In February, the Administration released the details of their Infrastructure Initiative, which proposes to reallocate $200B in federal funds over a decade to generate a $1.5T total infrastructure investment.

BGOV’s OnPoint presentation provides a great summary of this Initiative and how GovCon can benefit. Sounds like a solid foundation to build a new relationship.


The Administration’s FY19 budget proposes to re-allocate funding from “non-mission critical areas” to invest in the financial enforcement tools that would safeguard the financial system and bring maximum economic pressure against North Korea. USDT has been working within budgetary pressures for a few years now, but this Administration aims to further cut discretionary spending by 3%. Yet at the same time, they are tasking USDT to begin a “program integrity initiative” to narrow the gap between taxes owed and taxes paid in order to reduce the deficit by “$29B over the next 10 years.”

It is clear that this Administration and Congress expect USDT to continue to do more with less, but that doesn’t mean they don’t have a lot to give to a partner. Targeting persons who facilitate North Korea’s illicit shipping practices is going to take solutions and resources, so this is the relationship for you if you like a project.


ED has identified 21 different initiatives it has for its Agency. Some that should be of interest to GovCon includes: Digital Government Strategy, ED Data Express (link was broken…awkward), Education Dashboard, Military Families and Veterans, and Open Government. However, it seems like ED is all dressed up with nowhere to go, considering the Administration is pushing to cut $7.1B (10%) from their FY17 enacted level.

Similar to DOJ, it is not all bad news — according to Deltek GovWin IQ, ED’s contract spending seems to be up 3.3%. ED might come with a lot of baggage, but we all know the children are our future.


Information technology, energy development, drilling funds, and national parks (kinda) seem to be the focus of DOI for this FY. Believe it or not, DOI proper actually requests a $1.6B decrease from their already anemic budget in their FY19 budget request, which could cause appropriators to slash even more for FY18.

The initiatives are vague, but at least DOI knows how to choose a solid profile picture to distract you… especially if you like the outdoorsy type.


HUD seems to be busy doing weird, non-Government things… between the Secretary constantly stating that running HUD is “more complex” than brain surgery and simplifying their mission statement to be “more inclusive”. But no fear, they apparently have a ton of money ready to spend since the Secretary canceled his order for a $31,561 executive dining room set. Lucky for GovCons, it’s not all HomeGoods and brain surgery around the hallways of HUD.

We assume the “complexities” the Secretary was *complaining* about has to do with the mega-disasters which have devastated America in 2017 causing at least $306B in destruction and leaving hundreds of thousands without housing. Sounds pretty complex to us since HUD is one of the three Federal agencies that primarily oversees and distributes housing recovery money when a natural disaster strikes.

HUD oversees long-term recovery efforts that include replacing destroyed homes and rebuilding damaged roads and Government buildings. So far, Texas is set to receive $5B in HUD disaster relief aid. For those GovCons in the A/E and Construction business, we recommend looking into HUD’s Rental Assistance Demonstration (RAD) Program, which allows housing authorities to partner with private investors. This program will be in high demand over the next few years and with an under-resourced HUD – GovCons can come and offer more than just a helping hand.



We wish we knew what was going on with DOS. Not only have they been on a hiring freeze since the Administration took office last January, but the agency lost 12% of its foreign-affairs specialists in the first eight months of the Administration shrinking their civilian workforce by more than 6%.

We fear that DOS will meet significant proposed budget cuts with continued dramatic personnel reductions. However, DOS insiders state that rhetoric around reorganization has shifted from sweeping personnel cuts to upgraded technology and improved training. So maybe there is hope for this wildcard after all?


Money is about to start moving folks, and you need to have your pipeline dressed and ready to impress. Feel like you might need a quick makeover before the date? Use this analysis as proof points for pipeline building and to impress your boss at your FY18 pipeline meeting. Good luck!

Shutdown Screws Small GovCons

I normally never write about politics, recognizing that half of my network leans one way, while the other half leans the other.  I tend to live by the “no politics or religion” in public domain, school of thought.  But this latest shutdown has me completely livid over its stupidity and its potential impact on the small GovCon world.

While government employees will enjoy a day or two at home and will eventually receive their backpay for doing absolutely nothing (to be fair, through no fault of their own), small govt contractors will not fare as well.  Those deemed non-essential will generally be forced to use their PTO to stay at home while the work piles up.  Given the last-minute call, few companies have their act together enough to deliver all day training sessions for their employees today to use their overhead dollars wisely.  Outside of PTO, it’s leave without pay (LWOP) as generally, we can’t put your expense on overhead, driving our multiplier up and our competitiveness down.

While a day or two (which hopefully all this is) won’t kill any company, the more it lingers, and the more uncertainty, the less willing smaller companies will invest, hire employees or make decisions.  The indecision of the government funding grinds most smaller companies to a halt.  Small business does not have the cash reserves that the billion-dollar club has.  They are subjected to pay-when-paid terms as subs, and there’s no one in the government paying contractors, so cash dries up.  Back in 2013, the impact of 16 days of shutdown wiped out net income for the year.  If you were living month to month on 4% profits, just one pay period worth of not billing was devastating.

Enter January, when PTO balances are reset, and lower due to the holidays.  Credit card bills from the holidays are due this month.  New hires have just started with the new year with zero PTO built up.

The talking heads blame each other and throw out the military and payment but to be honest, they will be fine.  They will receive their paychecks.  As will the hundreds of thousands of government officials who stayed home today.  They will come back to more backlog (thank you for all the hiring freezes).  RFP releases, contract awards, and payments will all be postponed, directly impacting contractors.

Large GovCons will weather the storm, utilizing their cash reserves, blaming the shutdown for poor earnings reports and postponed contract execution.
Small GovCon, you will be screwed should this last any length of time.

And don’t even get me started on passing another CR.