Many of us in the development community track GSA’s OASIS+ news very closely because it’s an important contracting vehicle, and GSA keeps it exciting. The latest twist, according to a Washington Technology article, is that contractors face a 90-day deadline to prove their cybersecurity compliance as awards for the OASIS+ vehicle are rolled out.
As pointed out in the article, the Cybersecurity Maturity Model Certification (CMMC) requirement under OASIS+ is a precursor to future requirements in other federal contracts in response to the government’s concern that cyber threats seek the weakest link in a supply chain.