GCA's commitment to regulatory and legal compliance.
Government Contracting Authority (GCA) is committed to maintaining the highest standards of cybersecurity and compliance, particularly for government contracting operations. Our comprehensive approach to information security ensures that all systems, processes, and personnel meet or exceed federal requirements for protecting classified, sensitive, and controlled information.
GCA is committed to achieving and maintaining CMMC v2.0 Level 2 (Advanced) certification. This certification demonstrates our dedication to implementing advanced cybersecurity practices equivalent to NIST SP 800-171 standards for protecting Controlled Unclassified Information (CUI) in nonfederal systems.
GCA has implemented all applicable controls from NIST SP 800-171 Revision 2. Our information systems have been assessed by an independent Third-Party Assessment Organization (3PAO) and found to be compliant with 100% of applicable controls. This comprehensive compliance demonstrates our commitment to protecting CUI throughout our operations.
GCA's information systems comply with the FedRAMP Moderate baseline, which incorporates NIST SP 800-53 security controls. Our cloud services have been verified by a certified FedRAMP Third-Party Assessment Organization and achieved 100% compliance with all applicable controls.
GCA strictly adheres to DFARS 252.204-7012 requirements for Safeguarding Covered Defense Information and Cyber Incident Reporting. Our cloud service providers meet the FedRAMP Moderate baseline equivalency, ensuring full compliance with Department of Defense security requirements for handling Controlled Technical Information (CTI).
GCA utilizes Microsoft Azure Government and Microsoft 365 GCC High for all cloud operations. These platforms provide enterprise-grade security with the following certifications and authorizations:
GCA implements comprehensive security measures to protect Controlled Unclassified Information (CUI), Federal Confidential Information (FCI), and Controlled Technical Information (CDI). Our systems and processes safeguard sensitive information throughout the entire business development and proposal lifecycle.
Sera-Brynn, a certified FedRAMP Third-Party Assessment Organization, conducted comprehensive compliance verification of GCA's security posture. The assessment included review and validation of:
GCA regularly reviews and updates all policies, procedures, and systems to maintain ongoing compliance with evolving regulatory requirements and industry best practices. Our continuous improvement program ensures that security controls remain effective and aligned with federal standards.
GCA maintains a comprehensive body of evidence (BOE) documenting our compliance with all applicable frameworks and standards. This evidence includes:
Clients and partners requiring access to relevant compliance documentation should contact: info@gcagov.com
Email: info@gcagov.com
Phone: 202-990-6030
Address: 1309 Coffeen Ave, Suite 11198, Sheridan, WY 82801, USA
This Compliance Statement is current as of March 9, 2026. GCA maintains and regularly updates compliance certifications. For the most current compliance status, visit gcagov.com or contact info@gcagov.com.