Staying current with requirements and changes for government contractors is a full-time job, in some cases, for several people within an organization or an entire department.
Looking ahead, it doesn’t appear as though things will get any easier. In fact, the road ahead for contractors serving the Department of Defense with cyber personnel resources is going to become even more demanding.
As the creators of CyberSTAR™, the underlying engine that powers the Army’s ACTCS and other cyber workforce platforms, we have a unique view into the challenges ahead for contractors supplying human (cyber) resources.
What’s Changing?
We’re seeing a few things happening right now within the cyber contracting space, some more general and some more specific.
Generally speaking, we know that DoD 8140 will replace DoD 8570 as the standard across the DoD. If you’re unsure about the differences between them, check out the deep dive article we wrote discussing them.
More specifically, we’re seeing through the contract bid process how the eventual migration to DoD 8140 is shifting today.
Proposals and bids are being scored utilizing workforce expertise frameworks like 8140, which is based on the National Initiative for Cybersecurity Education (NICE) standard, published by NIST.
New cyber security contracts want to see in advance how the human resources being provided match up to these standards. Percentage points are being directly attributed to compliance.
The DoD is, in effect, saying, “You need to show us how you’re compliant, how your qualifications and past performance match up to our defined standards,” mapping training requirements directly to the bid requirement.
This is a practice implemented specifically to ensure cyber personnel are skilled in the roles for which they’re deployed.
This shift in the bidding process now has more and more contractors across the DIB adopting the NICE framework as a standard within their organizations. More contractors see firsthand how cyber expertise management is a direct driver of revenue.
Opportunity for Streamlining
In the current ACTCS environment, the Army is processing and managing compliance against the current standards (8570 with the capability to move to 8140) and moving thousands of users per month through the system.
It’s not uncommon for program managers or training managers in the DIB to discover that their cyber resources are often out of compliance.
On day one of the contract, the contractor receives an enrollment link.
On day two of the contract, the contractor loses people (cyber resources) to training or other contracts because of compliance issues and is underperforming immediately. Or worst, the prime contractor discovers resources in the team, or their subs, that have passed along invalid credentials - risking the entire contract.
Why? Because many contractors don’t know in advance what resources they have that will match up to DoD cyber workforce systems.
As contractors to the DoD ourselves, we know and feel the pains accompanying bidding and successfully capturing a contract. We know how much time, money, and resources are utilized to win a contract. Maintaining a skilled and credentialed workforce is costly, and every bit of that investment must be deployable for bids and contract performance.
In that spirit, we’re now offering a commercial version of ACTCS to cyber contractors supplying the Army, or performing on any defense contract. It makes sense for the bidding process. It also streamlines the compliance management and readiness within the contractor’s organization and their subcontractors.
Contractors using CyberSTAR will ensure they are:
● Capable of maximizing their workforce documentation for bids
● Matching certification requirements to correct roles
● Tracking certifications and training for current resources
● Receiving at-a-glance reporting as to which credentials are active/up to date
● Receive automated data management and notifications to stay in compliance
The cyber landscape is evolving more rapidly today than ever before, as has been evidenced by the attacks on critical infrastructure companies like Colonial Pipeline and Solar Winds. Ensuring the cyber resources you’re providing to the Army and throughout the DoD are compliant will offer more significant benefits and higher percentage points during the bid process. Additionally, once the contract is won, you’ll know in advance that your roles will accurately map to the same exact standards within ACTCS and other DoD systems) and you’ll reduce the worry and stress of losing the contract due to compliance issues.
Why CyberSTAR?
CyberSTAR is the trusted source for ongoing cyber training. Used by the DoD and other government agencies and corporate customers, it is the most effective automated credentials management and cyber workforce compliance system available, with over two million registered users.
CyberSTAR helps streamline processes and maintain current credentials for your cyber workforce by:
- Ensuring proper training and certification (including DoDD 8570, DoDD 8140, NIST NICE, and other commercial standards)
- Matching personnel and roles to contractual or regulatory requirements
- Forecasting, planning, and recruiting workforce
- Continuous compliance and on-demand reporting
- Reducing the cost and complexity of identifying skill gaps
CyberSTAR is the one source of truth for all your cyber training and certification—evaluating, expanding, and enhancing your organization’s cyber readiness.