Original broadcast 8/19/25
Presented by Carahsoft
Federal agencies face a growing challenge: how to purchase technology quickly while ensuring it meets an expanding list of cybersecurity and supply chain requirements. Theresa Kinney, Senior Deputy Program Director for NASA SEWP, says her team has developed a model that simplifies the process for agencies while increasing confidence in the products they buy.
At the heart of this model is what SEWP calls a “storefront.” Agencies can create a storefront populated with the products they want to purchase, then rely on SEWP to verify that each one meets key compliance requirements. These include standards such as the Cybersecurity Maturity Model Certification (CMMC), FedRAMP, Section 889 supply chain rules, and ISO 20243 — an international standard for detecting and avoiding maliciously tainted products.
The storefronts can also incorporate agency-specific clauses, making the process even more tailored. The result is a faster, frictionless acquisition experience that delivers compliant products more quickly.
Kinney stresses that open communication between government and industry is vital to making this work. Agencies often face software contracts that contain clauses they cannot legally agree to, and some vendors are unwilling to change them. In those cases, SEWP brings both sides together to find a solution. “We need to start talking to each other like we’re on the same team,” she says.
Onboarding new industry participants is another focus area. Kinney notes that it can take up to two years for new vendors to fully understand how to work with the government and use SEWP effectively. Her team provides extensive guidance and support during this period, helping vendors navigate federal regulations and procurement rules.
SEWP also works closely with other agencies that monitor international supply chain risks. These partnerships allow SEWP to share insights without revealing sensitive decision-making information, further strengthening the acquisition process.
Kinney acknowledges that some initiatives, like the software attestation letter concept, have faced challenges in execution. But she believes the willingness to explore new ideas is important, as is the flexibility to adjust when a solution isn’t working as intended.
For Kinney, the mission is clear: streamline acquisition while maintaining — and even enhancing — security. By combining compliance verification, tailored storefronts, and strong government-industry collaboration, she believes agencies can get the tools they need faster, safer, and with fewer obstacles.
Key Takeaways:
NASA SEWP’s “storefront” approach speeds acquisition while ensuring compliance with cybersecurity and supply chain standards.
Open communication between agencies and vendors helps resolve contractual and compliance challenges.
Education and onboarding are essential for new industry participants to succeed in the federal market.
Watch the full episode at InnovationInGov.com