We create and access a seemingly endless supply of data and information every day. In government contracting, opportunity capture management often includes sensitive or proprietary information such as rates structures, labor pools, teaming strategies, and current bids. But some information from government customers requires additional safeguarding procedures.
Since December 31, 2017, government contractors are required to be in compliance with NIST 800-171, a set of guidelines that outline the processes and procedures to safeguard Controlled Unclassified Information (CUI). As part of this compliance, government contractors perform a self-assessment; create and maintain a System Security Plan (SSP) and Plan of Action and Milestones (POAM) to document the plan to meet the 110 required controls; and self-attest to their compliance for CUI.
Cybersecurity Maturity Model Certification (CMMC) version 1.0 was released in January 2020, and DoD is gradually rolling it out to completely migrate from NIST 800-171 to the CMMC framework by 2026. CMMC is different from NIST compliance and requires companies to work with an accredited and independent third-party organization to perform a CMMC assessment for certification at one of 5 CMMC levels. Certification will be required at the time of contract award and must remain in effect for the duration of the contract. If a company's certification expires during the contract, the company will need to recertify to CMMC. There is no POAM or working toward compliance with CMMC and there is no self-attestation.
OneTeam Works Ensures the Security of your Capture and Pipeline Information
OneTeam understands the cybersecurity requirements of DoD, and we built our cloud-based platform specifically for Government contractors to ensure data confidentiality, integrity, and availability. OneTeam is a Software as a Service (SAAS) offering and is hosted in a US Federal Risk & Authorization Management Program (FedRAMP) High impact level environment. We are also working hard to make our platform CMMC Level 3 compliant by the end of 2021.
Data security was built into OneTeam from day one as our platform was born and built in the cloud. OneTeam is hosted in Microsoft Azure, which has been assessed and authorized at FedRAMP High impact level. Simply put, hosting OneTeam in Azure does not increase security risks – OneTeam INHERITS the stringent Security, Protections, and Compliance services of Microsoft Azure.
Every government contractor’s SSP documents their processes for access, storage, and archival of CUI data and addresses how to implement user IDs, passwords, and two-factor authentication (2FA). When your company implements OneTeam in your BD process, you should update your SSP to document your company’s processes concerning OneTeam. Documenting this as you go helps you prepare for your CMMC.
Some customers prefer to host documents in their own enclave, and not in OneTeam’s Azure environment. OneTeam can connect to a Microsoft 365 Commercial or GCC High tenant, and store your data in your tenant. OneTeam is currently developing a Microsoft 365 Teams integration, where clients can access their OneTeam documents inside their Teams interface. In Teams, users designate an opportunity-specific team, set up distinct user permissions, and access OneTeam documents in Microsoft Teams Files.
OneTeam leverages Microsoft 365 to ensure data integrity including file permissions, user access controls, and version control to prevent erroneous changes or accidental deletion by authorized users. This puts you in charge to manage data access for your team and subcontractors. We ensure data availability through Azure’s ability to maintain uptime and minimize downtime, provide geo-redundant backups, and documented disaster recovery. You can read more from Microsoft on Azure balancing high performance, high availability, and disaster recovery here.
Security compliance and your data security is of paramount importance to OneTeam. We will continue to be on the forefront of securing your data as cybersecurity regulations and compliance evolve. Your company and customer CUI is protected AND your company's sensitive Capture and competitive information is protected with the same stringent security and protection services.
Your data security plan is the foundation of how to bid on government contracts and respond to government RFPs. Download 5 Easy Ways to Increase Your Proposal Win Rate and see how data management leads to developing better proposals!
To learn more about CMMC check out the blog post - CMMC: Security Needed for DoD Awards