GSA Stars III Contractors Face New Rules: CMMC DoD

Critical Update for GSA Stars III Contractors; New IT Compliance Requirement Mandates

Organizations that are listed under the GSA are companies that work with the government, outside of the DoD. It was recently announced (GSA STARS III CMMC Release) that- effectively immediately- GSA companies may have to begin adhering to the CMMC if required within their contracts. Although the majority of them falling under the CMMC 1 requirements, the CMMC level they may need to address could vary based upon the requirements of the prime contractors, and may be more stringent and extensive than just the CMMC 1 requirements; ‘the trickle-down effect’. The one thing to really keep in mind,  is that although only a few dozen DoD related contracts are mandating the CMMC, we’re seeing that the recipients of these contracts are also requiring their subcontractors to adhere to the same CMMC requirements which will impact hundreds- if not thousands- of SMBs within the DoD supply chain.  If this is of any indication as to what will happen with the DoD, then it’s likely this will occur with GSA companies which will require them to focus on CMMC compliance to maintain their standing as an approved GSA contractor.

As always, TSI is here as a resource to help navigate through this somewhat daunting undertaking and is always happy to learn where we can help address the gaps within your compliance and cybersecurity strategies. These requirements are constantly evolving and we look forward to staying ahead of the curve so you can focus on the success of your business.

For an overview of the CMMC requirement, please keep an eye out for our new CMMC page that will be dedicated to outlining all the technical and program elements to achieve your respective CMMC level requirements.