The article discusses the various technology standards and policy directives that technology vendors must adhere to when selling to the government. It covers topics such as cybersecurity, FISMA, FIPS 140-2, Common Criteria, FedRAMP, the Approved Products List (APL), Section 508, SmartBuy, and special considerations for selling open-source software to the government.

In terms of cybersecurity, the article explains that the government’s cybersecurity framework is based on the Federal Information Security Management Act of 2002 (FISMA), which requires federal agencies to classify systems into risk categories and assess appropriate controls. The government also uses the Federal Information Processing Standards (FIPS), particularly FIPS 140-2 for cryptographic modules. NIST provides an overview of FISMA in Special Publication (SP) 800-39.

The article also discusses the Common Criteria for Information Technology Security Evaluation, an international standard overseen by the National Security Agency. It explains that Common Criteria certification is expensive but necessary for companies selling to the government, as any commercial item procured for a national security system must be Common Criteria certified.

FedRAMP is another important standard for cloud computing services. Sellers of cloud services must undergo a security baseline certification through the Federal Risk and Authorization Management Program (FedRAMP) in order to gain a provisional authorization for their offerings.

The article also mentions the Approved Products List (APL), managed by the Defense Information Systems Agency (DISA), which is a list of network infrastructure and voice, video, and data services that have undergone testing for interoperability and security.

Section 508 is a set of rules surrounding the accessibility of information and communication technology for people with disabilities. The article explains that companies can demonstrate the applicability of Section 508 to their products through the Voluntary Product Accessibility Template (VPAT) and that compliance with accessibility standards can be a competitive advantage in government contracts.

SmartBuy is a government mechanism for negotiating software licenses on a governmentwide scale. The article explains that while initially promising, the program has lost momentum and many software companies are hesitant to participate due to low margins and high hurdles.

Lastly, the article discusses the special considerations for selling open-source software to the government. It explains that open-source software is considered a commercial item and addresses common objections and misconceptions about open-source licenses.

In conclusion, the article provides a comprehensive overview of the technology standards and policy directives that technology vendors must navigate when selling to the government. It covers topics such as cybersecurity, accessibility, and procurement mechanisms, providing valuable insights for vendors looking to do business with the government.

Words: 419