In order for a commercial cloud service offering (CSO) to be used by a federal agency, the CSO must demonstrate FedRAMP compliance which is the ability to substantiate adherence to government security requirements outlined in NIST 800-53 and supplemented by the FedRAMP Program Management Office (PMO).
Help businesses read the cyber-related clauses and other instruction included in the solicitations they will bid on so they know the particular contracting officer’s requirements.
Encourage all businesses to go through the cyber self-assessment and post their score in SPRS. It is good for their cyber hygiene to consider the 110 points included in the assessment and if/when they ever need to have a score in SPRS, they’ll be ready. The requirement to list a score in SPRS does not include a minimum score that must be obtained for award so even businesses with a score of zero can receive an award. The requirement is simply to post a score in SPRS.
I think it possible each agency will execute slightly differently at first so reviewing each solicitation for additional cyber-related guidance is a must.
NIST & CMMC Compliant