Premier Consulting & Integration, LLC

Your Partner In Success

Deltek Costpoint

The Basics of CMMC

The content in this blog has been repurposed from our partner, Deltek.

Cybersecurity Maturity Model Certification (CMMC) compliance is a combination of various cybersecurity standards and best practices. The model’s creation was supported by the Department of Defense (DoD) and built upon existing regulations where compliance is based on trust and a verification component. The primary objective of CMMC is the protection of sensitive information. The origins of the compliance framework can be found in special publications from the National Institute of Standards and Technology (NIST) – NIST SP 800-171 and NIST SP 800-53 – and constructed with existing regulations, such as Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012.

CMMC addresses the protection of FCI and CUI data:

  • Federal Contract Information (FCI) – Information not intended for public release. It is provided by or generated for the government under a contract to develop or deliver a product or service to the government. FCI does not include information provided by the government to the public.
  • Controlled Unclassified Information (CUI) – Information the government creates or possesses, or that an entity creates or possesses for or on behalf of the government, that a law, regulation, or government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls.

HOW WILL CMMC IMPACT GOVERNMENT CONTRACTORS?

Most organizations receiving funding from the DoD will need to be certified to qualify for future Department acquisitions, with the potential exception for commercial items. Prior to defining CMMC, the federal agencies and systems integrators required cloud service providers to meet Federal Information Security Management Act (FISMA) or Department of Defense (DoD) Information Assurance Certification and Accreditation Process (DIACAP) requirements, including auditing of performance.

Achieving Federal Risk and Authorization Management Program (FedRAMP) authorization was the first major shift where the government began to mandate its contractors use cloud technologies for efficiency and cost savings. In addition, it became a requirement to select a cloud provider that is trusted and has been vetted by the government to help keep data secure. Not only was this mandate a major change, but for the first time government contractors now had to prove they were meeting these controls and requirements on a regular basis.

The pairing of the Cloud First Mandate and FedRAMP controls as the building blocks for CMMC compliance provided a real opportunity for government agencies to trust commercial entities to host civilian and even DoD workloads. Government contractors committed to designing, operating and reporting their results on a monthly basis will have the opportunity to achieve authorization. Those who fail to maintain their security and compliance posture could have their authorizations suspended.

UNDERSTANDING CMMC REQUIREMENTS

The CMMC includes 17 capability domains, 43 capabilities, 5 processes across five levels to measure process maturity and 171 practices across five levels to measure technical capability.

  • Level 1 – Basic cyber hygiene, includes 17 practices, no processes.
  • Level 2 – Intermediate cyber hygiene, includes an additional 55 practices and introduces two processes.
  • Level 3 – Good cyber hygiene, includes an additional 58 practices and additional process.
  • Level 4 – Proactive, includes an additional 26 practices and additional process.
  • Level 5 – Advanced/Progressive, includes an additional 15 practices and additional process.

In 2020, the DoD began implementing requirements for CMMC. All Companies that do business with the DoD will have to fully certify their CMMC compliance by October 1, 2025, passing an audit performed by a DoD accredited auditor.

  • Level 1 is where the DoD expects most firms to be currently, with select practices being documented where required.
  • Level 2 is meant to be a stepping stone to Level 3, where firms get into the practice of documenting each practice involving CUI.
  • Level 3 is a managed state where a policy has been put into place and maintained to cover all activities, with all CUI practices documented.
  • Level 4 is a higher level of cybersecurity for limited incidences of highly sensitive information, where activities are reviewed and measured for effectiveness.
  • Level 5 is the optimized zone, with a tested and standardized, documented approach seen across all applicable organizational units.

IMPORTANT CMMC TERMS YOU NEED TO KNOW

Assessors: Individuals who have successfully completed the background, training and examination requirements as outlined by the CMMC Accreditation Body (AB), and to whom a license has been issued. Assessors are not employed by the CMMC AB and may or may not be employed by the Certified Third Party Assessment Organization (C3PAO).

Certified Third Party Assessment Organization (C3PAO): An entity with which at least two assessors are associated and to which a license has been issued to engage with organizations seeking certification (OSC) to complete their associated CMMC assessment.

CMMC Accreditation Body (AB): The accreditation body that establishes and oversees a qualified, trained and high-fidelity community of assessors that can deliver consistent and informative assessments to participating organizations against a defined set of controls/best practices within the CMMC program.

Organizations Seeking Certification (OSC): The organization that is going through the CMMC assessment process to receive a level of certification for a given environment.

HOW TO GET CMMC CERTIFICATION

Government contractors should take into account the following steps for CMMC compliance readiness.

  • Step 1 – Understand the maturity level your firm needs and identify the gaps that could prevent achieving certification
  • Step 2 – Build internal support and buy-in while building a plan to close the certification gaps
  • Step 3 – Formalize processes and controls for documenting compliance
  • Step 4 – Confirm compliance through certification then maintain and monitor compliance and lend audit support

Leveraging cloud service providers can be a solid strategy for addressing many aspects of CMMC; for instance, the controls implemented in the Deltek Cloud support DFARS 252.204-7012 and NIST SP 800-171 controls which were adapted to form the basis of the CMMC framework. However, simply moving into the cloud does not automatically make a firm compliant. But it does reduce the compliance lift and can assist with getting to certification quicker and with less cost.

SELECTING A CLOUD SOLUTION FOR CMMC

Here are 4 key considerations for government contractors when looking at a vendor for a cloud solution:

  1. Does the cloud vendor have a strong government contractor client base?
  2. Can the cloud vendor demonstrate that those practices that they will perform on your behalf meet the requirements of National Institute of Standards and Technology (NIST) 800-171?
  3. What are the vendor plans are for CMMC, and what level do they strive to be? It’s important to remember that Level 3 is required to store CUI with that vendor’s solution.
  4. Does your vendor have plans to achieve Federal Risk and Authorization Management Program (FedRAMP) certification or have they already secured it?

HOW DELTEK SUPPORTS GOVERNMENT CONTRACTORS WITH CMMC

The Department of Defense (DoD) has mandated that all government contractors who complete contracts for DoD must be CMMC certified by October 1, 2025. That said, many government contractors are planning ahead, making it a top priority to find a cloud service provider (CSP) that offers a solution that can support their CMMC compliance requirements, as well as NIST mandates, FedRAMP Moderate requirements and ITAR controls.

Deltek is dedicated to protecting user data by ensuring our capabilities meet the constantly changing security landscape. We are continuously making improvements to our suite of products to better support your cyber posture by increasing investments in security, compliance and supporting technologies.

Deltek’s cloud solutions provide benefits beyond what a traditional on premise or hosting solution can provide. Businesses of all sizes can easily prepare for the ever-changing regulations of CMMC, while confidently and securely accessing data within a secure cloud environment that is continuously adjusted to meet the most up-to-date governmental and agency standards.

For more information and support around CMMC, contact us today.

PCI Launches Astrata Platform for Deltek Costpoint Integrations

PCI is proud to launch Astrata, a solution to enhance our customers software integration capabilities and user interface.

Astrata is a new solution providing simple integrations with banks, credit card providers, travel management systems and payroll providers; allowing all data to be stored in Deltek Costpoint.

PCI’s Astrata platform takes third party software integrations with Costpoint to a whole new level. Astrata excels where most middleware falls short, providing an interactive, customized integration for every customer.

With partnerships across many industries, the Astrata platform provides repeatable and reliable integrations for Costpoint users. Far too many companies in the Government Contracting space claim integrations to different platforms, but in reality, they have never connected the platforms to an ERP. With Astrata, every integration is established and simply applied to your system with the customization you need to meet your business requirements. With unique capabilities like Costpoint payroll tax services, credit card reconciliations and payroll reconciliations, Astrata offers integrations that will have a positive impact to your organization’s productivity.

“I could not be prouder of the effort put forth by the team at PCI to develop a tool that will change how people work!” said Martin McGann, Founder and Owner at PCI.

Learn more on PCI’s Astrata solution here.

How to Win Business as a Small to Mid-Sized Government Contractor

WHAT’S THE BEST WAY TO GET STARTED IN GOVERNMENT CONTRACTING?

Getting started in government contracting can be complex, from finding a good-fit contracting opportunity for your business and submitting a winning bid or proposal, to staying in compliance throughout the length of the contract and getting paid for your efforts. One way to get ahead is to arm yourself with information and analysis related to the government contracting lifecycle as you begin exploring new opportunities to do business with the government.

HOW WOULD YOU EXPLAIN THE GOVERNMENT CONTRACTING LIFECYCLE?

To succeed in government contracting you need to understand the stages of a government opportunity, from start to finish, and what your business needs to do at each stage. Below are the stages a typical contract goes through.

Pre-RFP: Government plans to spend on a project

Solicitation: Opportunity goes out to bid or RFP

Proposal Preparation: Contractors create a proposal to win the business

Contract Award: Government awards the winning vendor(s)

Contract Fulfillment: Business begins to provide products or services

Performance Monitoring: Business manages and monitors the delivery of the product or service

Audits/Compliance: Business passes audits by remaining compliant

Contract Completion: Contract period ends and cycle begins again

WHAT IS THE BEST WAY TO FIND GOVERNMENT CONTRACTS?

Federal Government Contracts:

Federal government agencies use several methods of advertising their intent to spend money, including socioeconomic set-aside programs and government websites such as SAM.gov. Sometimes agencies also offer a preview of coming solicitations by hosting industry days. In order to find federal government contracts that best match your company’s core competencies, you’ll want to determine which agencies have the most best-fit opportunities.

However, relying exclusively on government websites to find federal government contracts can be a time-consuming and lengthy process. Though most federal contracting opportunities appear on SAM.gov or other government websites, private companies like Deltek have tools such as GovWin IQ that track likely opportunities up to five years before a bid or a request for proposal (RFP) is actually issued. The best way to find federal government contracts is to leverage these tools to identify federal spending areas well in advance, then prepare your company’s go-to-market strategy for when those opportunities are released.

State & Local Government Contracts:

State and local (SLED) government agencies spend more than a trillion dollars every year, so devoting time and energy to building a SLED market business plan is well worth the effort. If you are wondering how to find state and local government contracts that align to your business, your first step should be to determine which levels of government you want to sell to, and which regions are best fits. Then find those agencies and register to business with them by signing up for their procurement portals, which differ by state. You can save time by signing up for a government business development tool like GovWin IQ that can track opportunities from each of those agencies you are targeting.

Once you have defined your target governments, you need to understand how and when they spend. Unlike the federal government, SLED agencies set their own fiscal year schedules and their spending patterns often align with their state’s fiscal year start and end dates. It’s important to understand your target agencies’ fiscal year and spending patterns to pinpoint when you will find the most best-fit government contracts from those agencies.

WHATS THE BEST WAY TO FIND SMALL BUSINESS GOVERNMENT CONTRACTS

If you meet the definition of a small business you may have access to a wealth of small business government contracts. Governments offer a number of small business set-aside contracts through a variety of programs:

  • 8(a) Business Development
  • Women-Owned Small Business (WOSB) Programs
  • Minority-Owned Small Business (MOSB) Programs
  • Service-Disabled Veteran-Owned Business (SDVOSB) Programs
  • All Small Mentor-Protégé Program

Small businesses often break into new fields or gain contracting experience through subcontracting, and serving on a prime contractor’s team (teaming). It is a way of getting experience that often allows you to avoid some of the complicated compliance requirements and challenges competing against more established vendors, yet gaining some experience and past performance. Searching for opportunities from one of the above programs, or seeking out teaming and subcontracting opportunities, can help you find small business government contracts that best match up with your company’s strengths.

HOW DO YOU BID ON GOVERNMENT CONTRACTS?

Once you have identified the types of government contracting methods and vehicles that exist in the market, you should follow these steps and take action.

  1. Select the methods and bid opportunities that best suit your business. Determine whether you are best suited to pursue a large contract, an opportunity as part of a bigger vehicle or subcontracting or teaming opportunity, and develop a list of target agencies.
  2. Determine which socioeconomic categories, if any, fit your business. These might include designations like women-owned (WOSB), service-disabled veteran-owned (SDVOSB) or minority-owned (MOSB). These categories can give you a big advantage.
  3. Identify your target opportunities – and pursue them. You can often find those opportunities through tools like GovWin IQ, the industry’s leading platform to help you find government contract bids and gain awareness of upcoming opportunities up to five years before the solicitation is even released.
  4. Submit a strong proposal. Make sure to highlight your company’s core competencies and outline why your business stands out. You can also leverage market intelligence to differentiate your offering from those of the competition.

WHAT’S THE BEST WAY TO SEARCH FOR GOVERNMENT CONTRACTS?

While government websites can be sources to search information on the basic elements of government contracting, like bids and RFPs, companies succeeding at selling to the government are taking proactive steps to go beyond the basics to find all of the information they need.

The best way to search for government contracts is to identify keywords and phrases that align to your business. Leveraging a market intelligence platform like GovWin IQ can help you quickly identify upcoming opportunities that truly match your team’s capabilities, so that you’re not wasting your time scouring hundreds of opportunities to find the ones that are perfect for your team.


HOW DO YOU WIN GOVERNMENT CONTRACTS?

After identifying and pursuing opportunities that fit your business, there are specific tactics you can take to connect with the right decision makers and put your best foot forward in order to beat out the competition and win a government contract. By being proactive, getting ahead of the bid or RFP, and putting your business in a position to win, you can ensure a steady stream of revenue from your government business.

For more information, contact us today.

The Risks of using QuickBooks as a Government Contractor

If you’re using QuickBooks or other generic accounting software, your business is at significant risk. There’s a reason why those products are shrink-wrapped. It’s the only thing that’s holding them together.

A few questions to ask yourself:

  • How long could your business operate without receiving contract payments?
  • What if you couldn’t generate an invoice because your timekeeping solution is noncompliant?
  • Could you make payroll if a payment suspension froze your line of credit?

When you’re using QuickBooks, these are more than hypothetical questions—they are real risks that government contractors face today.

The Challenges of Accounting in Government Contracting

The federal government has unique requirements for compliance, as well as accounting for project

costs. Most generic systems, like QuickBooks, can’t meet those federal regulations. QuickBooks

doesn’t provide the level of control required or the level of reporting needed to adequately document and cost your projects.

A project-based system is absolutely essential for any sort of project- or service-based business.

If the project itself is the core of your business, you need a system that is built just for projects.

But a generic system, even one that’s project based, isn’t enough in a federal contracting environment. You need a system that’s purpose built for the government contracting environment. Accounting in government contracting is unique and frequently difficult. Unlike commercial firms, cost is your primary accounting concern. It’s essential to manage how costs are classified, segregated and reported.

Other critical elements of contractor accounting include:

  • Classifying costs as either direct or indirect
  • Classifying costs as allowable or unallowable
  • Accounting for costs by project AND at the
  • lowest work breakdown structure (WBS) level
  • Managing and pooling indirect costs
  • Supporting government-mandated billing
  • formats (e.g., DD250, 1034, 1035)

Learn more about why you should consider switching to Deltek Costpoint for your project based ERP solution, contact us today.

Click here for more information on Deltek Costpoint.

Why you Should Lean on PCI for Staffing Support

The answer is easy – using a third party for staffing support saves you time, money & resources.

PCI utilizes our reputable network of industry resources to provide clients with the best finance and accounting solution for your projects. PCI Staffing Solutions can connect you to direct hire and contract staff to manage your back-office support. Our placement success spans all levels, from c-suite to entry level.

Our recruiting team has over thirteen years of recruiting experience for positions relating to finance and accounting, information technology, marketing, human resources – as well as various other roles across many industries. At PCI, we focus on helping our clients build successful teams with professionals who have a strong background in Government Contracting & Marketing Agency accounting.

Our recruiting process is comprehensive and detail oriented. We will save you time and money in the process of finding the perfect professional for your firm. We begin our staffing process with an informative introduction call to PCI Staffing Solutions with your designated PCI recruiter. In this call, we will gather information around the role to be filled, the skills that are needed for that role, and details on company culture. From there, our team is able to pick up on your needs for this position and begin the recruiting process.

PCI uses industry leading search tools to find and speak to qualified candidates. Not only will our team review all candidate’s professional background they will also screen for interpersonal and communication skills. Once qualified candidates are identified, we will then assist in coordinating interviews. If a PCI candidate is selected for the opportunity, we will help both the candidate and the client in the onboarding process to ensure a smooth start.

PCI Staffing Solutions looks forward to partnering with you to build a successful team now and in the future.

Learn more about PCI’s staffing solutions here.

4 Advantages of Outsourcing Accounting for your Small Business

Are you a small business owner overwhelmed with your accounting tasks? Well, you are not alone! Accounting tasks can be time consuming, but it is a key part of business. Accounting is the backbone of a successful organization; it allows operations to run smoothly and provides long-term growth. If accounting is not run properly is can be detrimental to a company.

We have listed 4 reasons to consider outsourced accounting for your organization:

  1. Saves Time & Money – Our staff is well versed in your accounting software as well as government contracting. Requirements will be met in far less time and cost than a full-time employee.
  2. Provides industry specific expertise – The team at PCI, boasting a combined 35+ years of relevant experience, is composed of former CFO’s, Controllers and Assistant Controllers that have worked their way up through organizations. Majority of our staff had used Costpoint in their previous industry roles.
  3. Customized Accounting Support – Chose between CFO level support, bookkeeping and operations or a combination! We can mix and match your accounting support needs!
  4. Provides third party perspective of processes and financial records – With the help of third party accounting, our industry experts are able to not just assist in your daily accounting needs but with having access to your books we can help streamline operations and identify gaps in process to help your business become as efficient as possible.
New call-to-action

For more information on PCI’s managed accounting services, contact us today!

The Most Important Reason to Automate Payments Now

Written by Derek Halpern, Nvoicepay

 

A funny thing happened while I was writing this article. While I conversed with our editorial consultant on how to approach the struggles companies are facing in the current global climate, she received this email:

The names are changed for privacy purposes.

 

The email’s writer, “John,” is not the only accounts payable (AP) professional sending out emails like this. We’re in uncharted territory, and the rules are changing every day. But one thing we know for sure is that payments will always have to go out and that with workers ordered to stay home, it’s very difficult to cut live checks, as John and countless other accounts payable professionals are finding. Priorities have shifted, and remote supplier payments have jumped to the top of the list.

No doubt, AP departments will find a way to get it done. Paying invoices is a core function of every company, and people are working overtime to reach out to suppliers and get them paid electronically. Maybe there is some delay, but these companies will make it through the crisis.

But I think there’s more to learn from this whole experience than just solving a short-term problem. When we go back to “normal,” do we want our old payment processes to do the same, or is this our opportunity to start making long-overdue infrastructure upgrades?

Magnifying the challenges

AP is one of the last bastions of paper processing in the enterprise, and it comes with challenges. According to the latest research from AFP, companies still make 42 percent of their payments by paper check. All those processes that are involved with paying by check—printing them, hunting for approval and signatures, and stuffing envelopes—are culprits of inefficiency.

Back-end support adds another wrench into the process. Delays and errors are inevitable, so who do suppliers call when they’re missing a payment, or they’ve found an error? Processes for resolving these supplier issues in-house are maddeningly reactive.

Now these challenges are magnified, forcing us to think differently about how we run our businesses. A surprising number of people still think that making payments by check works, and up until recently, it’s been hard to argue with that. It’s not as efficient as it could be, but people have their check processing routines down. As more employees work from home, processes that required in-office attendance are no longer feasible. Just like John, many companies are reaching out to their suppliers, asking for different ways to make their payments. The new challenge: finding a way to securely store the data their suppliers provide them. Financial technology (fintech) companies have solved for this exact problem, and are ready to add value to AP workdays.

When most people think of adding technology to their business payments process, they usually imagine outsourcing the check writing process, doing ACH payments through their bank, and maybe having some kind of virtual card program.

Most fintechs have moved beyond that kind of disjointed offering. They look at the whole end-to-end process and implemented a process that streamlines payments and mitigates the risk of maintaining extensive supplier data by offering supplier services.

Beyond operational efficiency

Until now, the drive for supplier payment automation focused primarily on improving operational efficiency. As payment fraud rises, buyers have turned their attention to reducing the associated risk. Business continuity has not really been part of the conversation; if it came up, concerns got pushed aside as unlikely worst-case scenarios. Now is the time to address the elephant in the room, and push through the uncertainty to strengthen our AP teams.

We don’t know what the new norm is yet, but it seems clear that we’ll see a rise in remote work. The ability to quickly move so many operations online has been one source of resiliency during this time. Companies are learning more about roles previously considered to require a presence at headquarters. They’re finding that many HQ functions can be accomplished remotely by taking advantage of automation and cloud technology.

At a minimum, remote capabilities cater to the business continuity strategy that meets today’s needs. But in many cases, the other benefits like added security and supplier support make automation adoption a no-brainer. By removing the stress of getting manual check payments out the door, AP teams are freed up to apply their time to more beneficial and critical tasks.

Learn more

Join PCI and Nvoicepay on 10/14 for an overview of Nvoicepay and Costpoints API integration.

New call-to-action

This article originally appeared on Nvoicepay’s blog https://www.nvoicepay.com/resources/blog/the-most-important-reason-to-automate-payments-now/”

Transitioning to Costpoint

Transitioning to Costpoint

 

Are you on a legacy accounting system like QuickBooks and looking to make the move to Costpoint?

Here are key indicators you are ready for the transition:

  • Guidelines / Compliance
  • Multiple Government Contracts
  • Audit / SF1408 / Proposal Requirements
  • Approved by SBA for 8(a), WOSB, HUBZone etc.
  • Incurred Cost Submission requirements
  • Multiple software needs
  • Internal financial / reporting deficiencies

 

Access our on-demand webinar to learn why switching to Costpoint is critical for your small business, an overview of what implementation looks like and what to expect with your transition.

New call-to-action