OneTeam Government Contracts Blog

Here, our team shares strategies and expertise around the government RFP process and how to use the OneTeam pipeline and proposal management software to win more government bids. This information can guide your RFP responses so you can capture more information, track more federal bid opportunities, and create proposals faster. Ready to give OneTeam a try? Request a demo today.

How Secure is Your Capture Information?

Mar 16, 2021 12:46:00 PM / by OneTeam

globe with IT words 2

We create and access a seemingly endless supply of data and information every day. In government contracting, opportunity capture management often includes sensitive or proprietary information such as rates structures, labor pools, teaming strategies, and current bids. But some information from government customers requires additional safeguarding procedures.

Since December 31, 2017, government contractors are required to be in compliance with NIST 800-171, a set of guidelines that outline the processes and procedures to safeguard Controlled Unclassified Information (CUI). As part of this compliance, government contractors perform a self-assessment; create and maintain a System Security Plan (SSP) and Plan of Action and Milestones (POAM) to document the plan to meet the 110 required controls; and self-attest to their compliance for CUI.

Cybersecurity Maturity Model Certification (CMMC) version 1.0 was released in January 2020, and DoD is gradually rolling it out to completely migrate from NIST 800-171 to the CMMC framework by 2026. CMMC is different from NIST compliance and requires companies to work with an accredited and independent third-party organization to perform a CMMC assessment for certification at one of 5 CMMC levels. Certification will be required at the time of contract award and must remain in effect for the duration of the contract. If a company's certification expires during the contract, the company will need to recertify to CMMC. There is no POAM or working toward compliance with CMMC and there is no self-attestation.

OneTeam Works Ensures the Security of your Capture and Pipeline Information 

OneTeam understands the cybersecurity requirements of DoD, and we built our cloud-based platform specifically for Government contractors to ensure data confidentiality, integrity, and availability. OneTeam is a Software as a Service (SAAS) offering and is hosted in a US Federal Risk & Authorization Management Program (FedRAMP) High impact level environment. We are also working hard to make our platform CMMC Level 3 compliant by the end of 2021.

Data security was built into OneTeam from day one as our platform was born and built in the cloud. OneTeam is hosted in Microsoft Azure, which has been assessed and authorized at FedRAMP High impact level. Simply put, hosting OneTeam in Azure does not increase security risks – OneTeam INHERITS the stringent Security, Protections, and Compliance services of Microsoft Azure.

Every government contractor’s SSP documents their processes for access, storage, and archival of CUI data and addresses how to implement user IDs, passwords, and two-factor authentication (2FA). When your company implements OneTeam in your BD process, you should update your SSP to document your company’s processes concerning OneTeam. Documenting this as you go helps you prepare for your CMMC.

Some customers prefer to host documents in their own enclave, and not in OneTeam’s Azure environment. OneTeam can connect to a Microsoft 365 Commercial or GCC High tenant, and store your data in your tenant. OneTeam is currently developing a Microsoft 365 Teams integration, where clients can access their OneTeam documents inside their Teams interface. In Teams, users designate an opportunity-specific team, set up distinct user permissions, and access OneTeam documents in Microsoft Teams Files.

OneTeam leverages Microsoft 365 to ensure data integrity including file permissions, user access controls, and version control to prevent erroneous changes or accidental deletion by authorized users. This puts you in charge to manage data access for your team and subcontractors. We ensure data availability through Azure’s ability to maintain uptime and minimize downtime, provide geo-redundant backups, and documented disaster recovery. You can read more from Microsoft on Azure balancing high performance, high availability, and disaster recovery here.

Security compliance and your data security is of paramount importance to OneTeam. We will continue to be on the forefront of securing your data as cybersecurity regulations and compliance evolve. Your company and customer CUI is protected AND your company's sensitive Capture and competitive information is protected with the same stringent security and protection services.

Your data security plan is the foundation of how to bid on government contracts and respond to government RFPs.  Download 5 Easy Ways to Increase Your Proposal Win Rate and see how data management leads to developing better proposals!

 

 New call-to-action

 

RELATED LINK

To learn more about CMMC check out the blog post - CMMC: Security Needed for DoD Awards

 

Tags: Capture, Government Contract Lifecycle Management

OneTeam

Written by OneTeam

The founders of OneTeam realized the world of government contracting could be exponentially improved by leveraging the benefits of cloud computing. OneTeam's vision is to improve, by an order of magnitude, the way federal government contractors win and execute government contracts by providing one integrated, affordable, cloud-based solution. By offering a complete system that supports the entire contract lifecycle – from capture to closeout – OneTeam is taking the pain out of winning and executing Federal Government business.