Navigating Government Contracting Compliance with Costpoint Cloud

By Tony D'Ambrisi, Senior Director of Product Management, Deltek.

Thousands of government contractors along with many other project-based businesses use Deltek’s solutions to improve their operational efficiency, increase profitability and adhere to strict government compliance regulations and audit requirements.

In support of #CybersecurityAwarenessMonth, an effort intended to increase cybersecurity awareness, we are sharing our future plans for how Deltek’s Costpoint Cloud is designed with security and compliance in mind, and will help government contractors prepare for 2020 and beyond.  

How Costpoint Cloud Can Help

Security and compliance requirements for government contractors have been advancing at a rapid pace ever since the Federal Information Security Management Act of 2002 (FISMA) was made into law as part of the E-Government Act of 2002. Through the FISMA Act of 2002, the U.S. Government recognized the importance of protecting our nation’s information security. The FISMA Act of 2002 provided a compliance framework and directed federal agencies to develop programs to protect our nation’s information and the systems used to process this information. FISMA also extended the agency obligations to government contractors that managed information or information systems for a federal agency.

The FISMA Act of 2002 assigned specific responsibilities to the National Institute of Standards and Technology (NIST) to develop a set of standards and processes that, when followed, would support the FISMA compliance framework and ultimately protect our nation’s information security.  This led to NIST delivering the SP 800 series of publications. The series includes close to 200 special publications outlining the standards and processes that government contractors must follow to protect our nation’s information security.

Deltek has long understood the requirements of designing and building an ERP solution that supports government contractors with their financial compliance needs. The Deltek Costpoint Cloud, with its relentless focus on security and compliance, enables Deltek to support government contractors with their growing list of cybersecurity needs, and has become an easy choice for government contractors.

Navigating the Compliance Requirements

Since its inception in 2013, the Costpoint Cloud has supported Deltek customers with their compliance requirements. This includes the processing of Controlled Unclassified Information (CUI), which is information that requires safeguarding pursuant to applicable law, regulations and government-wide policies. Deltek has recently shared its plans to support the processing of Covered Defense Information (CDI) and Controlled Technical Information (CTI) in the Costpoint Cloud. Deltek’s plans include the design and buildout of a new cloud environment leveraging AWS’ GovCloud. This new Deltek cloud offering will allow our customers subject to the International Traffic in Arms Regulations (ITAR) or customers required to meet FedRAMP Moderate equivalent compliance to operate in the Costpoint Cloud. Deltek has received positive feedback from customers with ITAR requirements who are excited to now have the opportunity to migrate to the Costpoint Cloud in the near term.

Cybersecurity Maturity Model Certification 

Looking ahead one thing is certain, the compliance landscape for government contractors will continue to change and one can only expect it to become more encompassing. Certification program plans affecting all Department of Defense (DoD) government contractors, including subcontractors, were recently released by the Office of the Under Secretary of Defense for Acquisition & Sustainment. This proposed program, called the Cybersecurity Maturity Model Certification (CMMC), would combine cybersecurity standards, including but not limited to NIST SP 800-171 and NIST SP 800-53, into one, unified cybersecurity standard and would measure the maturity levels of a contractors cybersecurity practices and processes in levels that will range from “basic cyber hygiene” to “advanced.” DoD contractors would be required to be assessed by, independent, accredited third-party organizations to determine the contractor’s maturity (certification) level.  Contractors not meeting specified certification levels could be disqualified from participating in certain contracts. The good news is that it is expected that the costs of certification under the CMMC would be considered an allowable cost.

While the CMMC has not been finalized, it is expected that final details will be released in early 2020, and DoD contractors should be prepared to see certification level requirements in RFI’s starting in Summer 2020 and in RFP’s starting in Fall 2020. Just like our DoD contractor customers, Deltek will be watching for new CMMC developments and will prepare to work with our customers to support their CMMC certification efforts.

As with the CMMC Deltek is also watching closely the developments of Draft NIST SP 800-171 Rev 2, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, and Draft NIST SP 800-171B, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations: Enhanced Security Requirements for Critical Programs and High Value Assets. This is another example where Deltek will be prepared to work with our customers to support their NIST requirements.

The Future of Deltek Compliance

Want to learn more about Deltek’s security and compliance plans? Join us at Deltek Insight 2019 in Orlando to hear from our Costpoint subject matter experts in the following sessions:

• CP-60: The Future of Costpoint Cloud Solutions
• CP-71: Why Customers Move to Cloud?
• CP-67: How Costpoint Cloud Solutions Help Address Emerging Compliance Topics
• CP-72: How Costpoint Cloud Solutions Help Protect Your Data 

Registration for #DeltekInsight is still open, come join us in Orlando! To find out more about this incredible four-day learning and networking experience visit deltekinsight.com.