DoD Credentialing Process

Posted on by Pat Morgan

What is the purpose of the DoD Credentialing Process?

The DoD’s purpose is to direct and maintain life cycle oversight of products, applications, or services that have completed NIST standards for Interoperability (IO) and Cyber Security {formerly Information Assurance (IA)} certification. Ultimately products and services that fulfill the acquiring Department’s needs can be directed to be certified, rated, or approved for use within the DoD and supporting agencies. Whether your solution is offered directly or through a subcontractor to the DoD, having the proper credentials will have a direct impact on being awarded the contract. DoD components are required to fulfill their system needs in conformance with Defense Acquisition Board by only purchasing solutions with credentials or Past Performance records.

  • Federal agencies also recognize DoD’s credentialing – often giving listed solutions bid preference
  • More companies are getting credentials – leaving those not documented at a significant competitive disadvantage – complying with the federal Davis-Bacon Act is one example
  • Increased focus on cost overruns is reinforcing the need for compliance and performance-based companies’ applications
  • Solution heritage makes local Authority to Operate (ATO) processes easier for your mission-focused customers

For manufacturers and vendors new to the compliance environment it can be daunting. The credentialing process can take months of detailed effort. FSPS will help you navigate through the business case and process workflows with confidence. We offer comprehensive compliance solution services that support your company with unique in-the-industry Subject Matter Experts (SME). Our team has worked with the DoD acquisition community for decades. We know what is required, and we know where the pitfalls lie.

System or application “Credentialing” both in the federal and commercial sectors, is a critical risk mitigation from not only cyber attack, but also indications of ongoing defense mechanisms for the end-user communities by the OEM. As we are seeing today, the spate of acquisitions and mergers, especially in the I.T. systems and software markets, has moved the interested systems/applications to potentially bad actors or commercial exploitation.  Today’s credentials need to be a living baseline. Though the processes for any specific credential, i.e. NIST, DISA or U.L., etc, span a wide range of technologies and dated processes, the need for systems and professional services practitioners to be fully engaged and cognizant of the evolving cyber risk management topology and the actors involved is required.

 

DoD Credentialing Process – Audio Blog