Government Compliance
Main Resources
Next Lesson
→
Government Compliance
This guide will explain how you can register your business for PIEE & CMMC Level 1. Follow the instructions laid out below to ensure compliance.
What is PIEE?
The Procurement Integrated Enterprise Environment (PIEE) is the main source of spending for the Department of Defense (DoD) and their associated agencies. The goal of PIEE is to host and streamline federal contracts and opportunities for the DoD. Making it easier for the military, and other agencies, to quickly and efficiently purchase goods and services.
PIEE’s Full Training Guide
→
Why is PIEE Important?
PIEE is one of the fastest growing websites for federal contracts with over $800,000 worth of invoices being processed every minute. They routinely post contracts for small and large businesses alike guaranteeing that there is work for contractors of all sizes and scopes. Without a PIEE Registration your business will be locked out of the majority of military and DoD contracts.
Finding and Bidding on Solicitations in PIEE
→
How Do You Register in PIEE?
- Register with System for Award Management (SAM).
- Ensure your CAGE Code is added to the Procurement Integrated Enterprise Environment Vendor Group Structure. (This is a one time required step.)
- Call the DISA Service Desk (1-866-618-5988)
- Provide DISA with your CAGE code
- Ask that the Cage Code be added to a vendor group.
- Designate a Contractor Administrator (CAM).
- This is generally assigned to whoever has been designated as the electronic business point of contact (EB POC) in SAM
- If you would like someone else to be the CAM then the EB POC will need to assign the role to them with an Appointment Letter
- Download the CAM Appointment letter (if applicable)
- CAM needs to Self-Register in PIEE.
- Follow this link to get started then click Register
- Make sure to select PIEE and SPRS when select a role
- Assign yourself the Contract Administrator role
- Add additional roles and users (if applicable)
How to Register your Business in PIEE
→
Creating a New User in PIEE
→
What Will Select GCR Complete for You?
Our team of advisors will guide you through the PIEE registration process, so you can be confident your business has the proper roles and profiles set up to work with the DoD. In addition, we will complete several of the pre-registration requirements, like registering in SAM.gov.
What is CMMC?
The Cybersecurity Maturity Model Certification (CMMC) is a program designed to strengthen and assess companies’ ability to defend against cyberattacks and protect sensitive information when working with the federal government. It was developed by the Department of Defense (DoD) using the rules and regulations set in place by FAR 52.204-21. CMMC operates on a tiered model that allows the DoD to quickly determine if a company can be trusted with sensitive or critical information.
We will be focusing on the first tier, CMMC Level 1, which can be acquired through an annual self-assessment.
Learn More About CMMC
→
Why is CMMC Important?
If your business intends to work with the DoD having your CMMC is often a requirement before you are allowed to bid on any projects that handle sensitive government intelligence. This even includes non-classified information. Meaning that without, at the minimum, CMMC Level 1 your business will have severely limited access to any contracts with the military.
CMMC FAQs
→
How Do You Register for CMMC Level 1?
There are four main steps to complete the self-assessment for CMMC Level 1.
- Complete a basic NIST 800-171 self-assessment
- The self-assessment can be completed with Project Spectrum’s Cyber-Readiness Tool
- Score yourself (everything implemented = score of 110)
- Post the score in SPRS
- You will need to have a login to PIEE as well as the Cyber Vendor Role before you can input your score
- Update yearly or when major changes occur
Learn More:
Entering a CMMC Self-Assessment in SPRS
→
Video Tutorial:
Entering a CMMC Self-Assessment in SPRS
→
What Will Select GCR Complete for You?
Our team of advisors will guide you through the self-assessment and provide you with all the training, templates, and information needed for CMMC Level 1.
CMMC Level 1 Fillable Compliance Checklist
This checklist covers the 6 primary domains for CMMC Level 1 and serves as an introductory assessment. We recommend using this to understand your company’s readiness level before submitting anything to SPRS.
Access Control (AC)
Key Question: Do only authorized users and devices have access?
- Do you limit system access to only authorized users/devices?
- Do users only have access to what they need?
- Do you control external system connections (e.g., USBs)?
- Do you prevent public sharing of sensitive info?
Identification & Authentication (IA)
Key Question: Unique IDs and verified access required?
-
Are all users/devices uniquely identified?
-
Is user identity verified before access (e.g., MFA)?
Media Protection (MP)
Key Question: Is sensitive media wiped or destroyed?
- Do you sanitize or destroy media before reuse/disposal?
Physical Protection (PE)
Key Question: Is physical access restricted and monitored?
- Is physical access restricted to authorized personnel?
- Are visitors monitored/logged near sensitive areas?
System & Communications Protection (SC)
Key Question: Are firewalls and traffic controls in place?
- Do you control network traffic with firewalls or similar?
- Are public systems isolated from internal systems (DMZ)?
System & Information Integrity (SI)
Key Question: Are systems patched and protected from malware?
- Are vulnerabilities regularly scanned and patched?
- Is malware protection in place and up to date?
- Do you scan systems regularly and in real time?
If you DO NOT have an SOP in place for any of these Domains.
Click here to view:
Sample SOPs and Policy Templates
→
If you said NO to any of these items.
Click here to view: