Jose Ramirez

Defense Information Systems Agency Deputy Director Chris Barnhurst recently spoke at the AFCEA TechNet Cyber 2025 conference and he highlighted the milestones the Thunderdome program has achieved, the agency's priorities, and the importance of partnership with industry. "At DISA, we are a team (...) if you contract with DISA, you're on the team," he stated. Thunderdome has been an example of what good collaboration can accomplish, and certainly industry is ready to tackle any other modernization goals. https://lnkd.in/dWimk9Xt #disa #govcon #industry #thunderdome #nationalsecurity #nationaldefense #cybersecurity #zerotrust

22

For Government Contractors working with the DoD 36% of folks surveyed said budget is the biggest issue with 31% saying the technical complexity around #cmmc Cost and technical complexity yet it’s required going forward to do business in the #DIB Another interesting stat, which I can validate in general with leases of businesses, is that while 56% of technical/compliance folks think they have their policies and controls in place it moves to 80% for CEO’s - there is a disparity between what leadership thinks and what the boots on the ground know.

10

3 Comments

🔐 Federal Contractor Insight: GSA CUI ≠ CMMC (see comparison below) Key Points: ⚖️ Dual Compliance: Civilian + DoD work may require meeting both Rev. 3 (GSA) and Rev. 2 (CMMC) standards. 🧩 Different Processes: Assessments, approvals, and reporting expectations vary between GSA and CMMC. 🚨 Faster Incident Reporting: GSA requires reporting within 1 hour vs 72 hours under DFARS/CMMC. Action: Review GSA solicitations for Guide inclusion and conduct a Rev. 3 vs Rev. 2 gap analysis. Stacy Bostjanick Regan Edens Stuart Itkin Fred Tschirgi Kevin Allison Ace Swerling Bill Wootton Megin Kennett CCP Matthew Titcombe Jeff Huckle David Carlino Koren Wise

58

9 Comments

🚨 DOD Workforce Reduction: New Contracting Opportunities on the Horizon 🚨 Executive Order 14210 has set the Department of Government Efficiency's workforce optimization in motion, significantly reducing the civilian workforce across the Department of Defense (DOD). Agencies are now permitted to hire only one new employee for every four that depart—a move reshaping the federal contracting landscape. What does this mean for contractors and industry partners? 🔹 Increased dependence on contractor services as agencies fill voids left by departing employees 🔹 Potential delays and bottlenecks in procurement actions, with fewer federal acquisition staff 🔹 Fresh opportunities for contractors tuned to administration priorities and cost-saving mandates 🔹 Greater focus on efficiency—contractors delivering operational value will stand out Business Insight: While this workforce shift may present short-term challenges, it is also creating unprecedented demand for agile, innovative, and efficiency-driven contracting solutions. Now is the time to align your service capabilities with DOD’s evolving needs. #governmentcontracting #federalcontracts #DOD #workforce #opportunity #leadership #efficiency

7

Defense contractors are facing new expectations under the “Prioritizing the Warfighter in Defense Contracting” Executive Order. In this blog, #TeamDeltek’s Alex R. outlines five steps government contractors can take to adapt to shifting priorities, meet federal requirements, and position their businesses for future growth. https://lnkd.in/e2rX5uMC

29

Ready or not, CMMC 2.0 Level 2 is here—and the numbers might surprise you. This new co-authored report from Kiteworks and Coalfire surveyed 209 organizations in the Defense Industrial Base (DIB) and uncovered some eye-opening stats: 1️⃣ 41% have completed a formal gap analysis—but those that do are far more likely to have fully documented cybersecurity policies (73% vs. 28% for those who haven’t started). 2️⃣ Organizations with robust documentation are 30 times less likely to report inconsistent encryption of controlled unclassified information (CUI). 3️⃣ A big disconnect? 54% of cybersecurity leaders say their documentation is fully in place, but 80% of CEOs believe everything is covered. 4️⃣ Medium-sized firms lead the way in hiring experienced partners (50%), underscoring the value of external expertise in achieving compliance. 5️⃣ Whether you’re a smaller shop grappling with technical complexity or a large enterprise ironing out scope definitions, these insights reveal best practices and common pitfalls on the path to CMMC success. 👉 Read the report: https://gag.gl/tTx2MP #CMMC #Cybersecurity

31

1 Comment

SECNAV issued a memo creating new Robotic & Autonomous Systems (RAS) Program Executive Office (PEO), Deputy Assistant Secretary of the Navy (DASN-RAS) and other leadership roles. To plan these changes, all Navy RAS-related acquisitions are paused for 30 days (unless waived), and “sprints” will consolidate programs, streamline acquisition, and craft a transition schedule. The new offices will be operational within 90 days. This reorganization aims to better align RAS efforts with strategic defense priorities—supporting a hybrid fleet of crewed and uncrewed systems, improving efficiency, and accelerating deployment of critical capabilities. This RAS shakeup is part of broader reforms including the Naval Rapid Capabilities Office (NRCO). In August 2025, Phelan established the NRCO, consolidating innovation-heavy entities such as NavalX, the Disruptive Capabilities Office, and the Replicator initiative. https://lnkd.in/gHACmKVp

31

1 Comment

A new survey from MITRE says that a majority of non-traditional defense contractors face barriers of inflexibility and complexity in the acquisition process. As DoD tries to bring more innovation and flexibility into its stable of contractors, what really needs to change to make this possible? Keoki Jackson of MITRE joined the Federal Drive with Terry Gerton to share more about the survey's results. https://lnkd.in/dFXpvB8G

41

1 Comment

On March 6, the Secretary signed our direction on the Software Acquisition Pathway. PTDO CIO Katie Arrington quickly kicked off a 90-day sprint to develop the Software Fast Track (#SWFT) program. As part of this program, Ms. Arrington recently signed a memo entitled "DoD Commercial-Off-the-Shelf (COTS) Information and Communications Technology Supply Chain Risk Management" which directs the team to update the "Requirements for the Acquisition of Digital Capabilities Guidebook." This update will build on the 12 risk categories developed by the Office of the Assistant Secretary of Defense for Sustainment (OASD(S)). These categories are outlined in the attachment to Ms. Arrington's memo. The memo can be found at https://lnkd.in/gWJJwupb The Information and Communications Technology (ICT) supply chain is critically important to the Secretary's ongoing transformation of the Department into the most lethal fighting force in the world. As we reform acquisition and authorization processes to bring innovative technologies to the Warfighter faster and more effectively we can't ignore security. This effort will enhance the comprehensive catalogue of ICT-SCRM guidance maintained by the #DoDCIO at https://cyber.mil/ict-scrm. #Cloud #Cybersecurity

158

9 Comments

#CMMC Tidbit for today. #MSSPs and #MSPs supporting Defense Industrial Base (DIB) companies are both in scope and required to participate in a #CMMC assessment. This is hard-coded into the CMMC Assessment Process (CAP) document. "1.6. If the OSC has identified an ESP as being within their CMMC Assessment Scope, the Assessment Team shall confirm that a Customer Responsibility Matrix (CRM) will be available and that ESP personnel will be present and actively participating in the assessment. " "Actively participating in the assessment." This can, and often is, a showstopper in getting a CMMC certification assessment. An ESP is an MSP or MSSP (simply put). This is NOT optional. Just having a Shared Responsibility Matrix (SRM)/Customer Responsibility Matrix (CRM) alone is not enough. That is required too, but not enough by itself. Many MSPs and MSSPs think they have no responsibilities for CMMC. This is incorrect and not how CMMC is constructed. If you are an MSP or MSSP and want to keep your DIB customers, then you must start to figure out how CMMC applies to you and your systems. It does. If you are in the DIB and have a MSP or MSSP then they are in scope and must **participate** in your CMMC assessment. If there are questions about their preparation, then that is something to start working on now. We anticipate that the CMMC contract clause will begin appearing in contracts late this year. When you are trying to schedule a CMMC assessment is not the time to be figuring this out. https://lnkd.in/gvZDMYR6 Jacob Horne, Bobby Guerra, Amira Armond, Glenda R. Snodgrass, Wayne Boline, Katie Arrington, Stacy Bostjanick (PS Katie and Stacy. Some strategic communication with the MSP world, perhaps speaking at an MSP conference rather than a DoD conference, would probably help close the gap in understanding)

89

36 Comments

🚨 Big changes are coming for DoD contractors 🫣—and it’s time to pay attention.🚨 On April 9, the President signed an Executive Order to modernize defense acquisitions—emphasizing speed, flexibility, and innovation across the entire industrial base. For those of us supporting the warfighter, this is a clear message: Faster contracting timelines, fewer layers of red tape, and a strong push toward commercial-first solutions. But here’s the kicker—none of this reduces cybersecurity expectations. If you want to compete in this new acquisition landscape, CMMC 2.0 compliance is still the bar. At inDirect IT, we’re already helping federal contractors accelerate their CMMC journey with modern, compliant tools like Google Workspace, Microsoft 365 GCC/ GCC High, Azure Governent, AWS Gov, GCP, and other FedRAMP SaaS solutions combine with zero trust architectures designed for agility and audit-readiness. This isn’t just about winning contracts. It’s about being ready to deliver when our nation needs us most. (Go look up the Davidson Window) If you’re in the defense space and need help navigating this shift, let’s connect. Link to the EO in the first comment. Carter Schoenberg Eric Levitas Ryan S. Kyle Lai Katie Arrington Megin Kennett CCP Kyle Kiider, CPA, CISA, CIA, MBA Derek White #CMMC #DoD #DefenseIndustrialBase #ExecutiveOrder #FederalContracting #inDirectIT #Cybersecurity #GCCHigh #GoogleWorkspace #RapidAcquisition #MSP #Compliance

33

6 Comments

AIR FORCE CONTRACT AUGMENTATION PROGRAM VI This IDIQ delivers rapid solutions in design/construction, service contracts, and logistics/commodities. 💡 RFI Posted 11/17 on SAM..gov 💡 Responses due 12/02 via an online form. AFCAP V ceiling was $6.4 billion AFCAP VI ceiling was raised to $15 billion for worldwide contingency and humanitarian support. https://lnkd.in/gajtYvEZ #dod #idiq #usaf #logistics #businessdevelopment #dow

19

1 Comment

The Defense Information Systems Agency is exploring new partnerships with small businesses that can supply “a wide range of information technology” services to support its Joint Warfighting Cloud Capability (JWCC) program office as it continues to mature, according to a federal contracting notice published Thursday. “JWCC requires highly skilled services to support office operations, and the delivery of modern enterprise cloud services and related technologies. These services must include technical expertise in cloud engineering, cybersecurity, financial management, program execution support, and technical writing through direct support of system owners and technical experts regarding various challenges with migration to the cloud and leveraging commercial cloud technologies,” officials wrote. https://hubs.li/Q03xZgzJ0

8