Are You Ready for FedRAMP? It’s Time to Get Authorized

By Ryan Gilhooley, Enterprise Cloud Solutions Manager

Over the next five years, government cloud spending will continue to escalate dramatically. To operate as a successful government business, companies have always needed desirable products and strong sales teams. Now, FedRAMP authorization is also mandatory for companies looking to sell cloud solutions to government agencies. Companies without FedRAMP authorization for their software as a service (SaaS) offerings could quickly erode their competitive edge in the market and miss out on revenue opportunities.

Attaining FedRAMP authorization is not simple. The authorization process can realistically take two years or more and cost between $1 to $3 million, but it is imperative if you want to continue to succeed in the federal space.

Why Should You Care?
Becoming FedRAMP Authorized adds credibility to – and strengthens the reputation of – your company in the eyes of government customers. FedRAMP authorizations are now officially required for all federal agency cloud deployments at the Low, Moderate and High Impact levels. Only private cloud deployments intended for single agencies and implemented fully within federal facilities are currently exempt from this requirement.

What is FedRAMP Ready vs. FedRAMP Authorized?
The FedRAMP process benefits government agencies by verifying the security of cloud-hosted offerings through a rigorous authorization process. As they undertake this process, companies are granted a designation and subsequently listed on the FedRAMP Marketplace. Three designation levels – Ready, In Process, and Authorized – indicate organizations’ progress in getting their products and services fully authorized for government use. Achieving the “FedRAMP Authorized” classification is essential for selling to government agencies. Read more of this post

States Improving Cybersecurity Posture Through NGA Partnership

By Rachel Eckert, SLED Manager

The National Governors Association (NGA) recently announced a partnership with states and territories that are looking to enhance their cybersecurity posture through the implementation of key controls to mitigate future attacks.

After a competitive application process, the six states and one territory chosen were Arkansas, Guam, Louisiana, Maryland, Massachusetts, Ohio and Washington. Through a series of workshops between now and the end of the year, NGA, along with their respective homeland security agencies and National Guard units, will coordinate with state agencies, local government and K-12 schools to develop methods of improving existing cybersecurity approaches.

During the workshops, participants will brainstorm new methods to protect critical infrastructure, and vendors may discover new business opportunities. In addition to developing more comprehensive strategies and collaborating with neighboring governments, the participants will be focusing on implementing six key controls outlined by the Center for Internet Security:

Read more of this post

Spending Bills Provide Clues to NEW Federal Money

Tom O'Keefe

By Tom O’Keefe, Consultant

While there’s been political grandstanding around agency funding in the last few years, the current Democratic-led House committee is steadily advancing spending bills so that the full House can vote on them. Hopefully they’ll be sent to the Senate with plenty of time for negotiations, so they are on the President’s desk no later than October 1, 2019 (the start of FY20).

It looks like the House will be pushing several minibuses, or packages of spending bills, to the full floor over the next few weeks. In most cases these bills are significantly higher than the administration’s request, so agencies won’t be as cash strapped as they have the last few years.

While appropriations bills aren’t the best places to go hunting for opportunities, they do sometimes provide us some clues to new programs and initiatives starting up at agencies. Technology vendors might want to keep on top of these:
Read more of this post

DHS CISO Talks About Authentication, Supply Chain and Internet Regulation

By Lloyd McCoy, Market Intelligence ManagerLloyd McCoy Jr.

At a recent immixGroup vendor demo day, Paul Beckman, CISO at the Department of Homeland Security, touched on several technological challenges and frustrations that concern him – topics ranging from patching to supply chain risk to the inevitability of security regulations surrounding the internet.

“I want to get out of the patching business,” Beckman noted, asking, “why can’t I go to automatic updates?” “I don’t understand why we’re still relying on the selected pushing of patches,” he continued. A decade ago a service patch might have created the “blue screen of death” on machines, Beckman said, so that even today, “the ops side of the house is telling me, ‘what are we going to do if we get a bad patch?’”

“My response to them is that restore capability has matured greatly in the last decade. Something goes bad in the machine, push a button, you’re back to where you were at midnight last night.” Beckman added that technology has advanced to the point where the bad patch argument can be discounted and end points can go to automatic patching.
Read more of this post

Mayors Reveal Visions and Goals for New Fiscal Year

By Rachel Eckert, SLED Manager

As we approach the start of a new fiscal year for many local governments, we’ve been able to catch a glimpse of the visions and goals for the upcoming year through State of the City addresses that highlight a city’s budget, goals and key issues. The importance of understanding these issues is the first step towards creating lasting relationships with local municipalities.

The National League of Cities has just released their 2019 State of the Cities Report  which analyzes the content of 153 of those State of the City speeches from around the country from cities of all sizes. Here are the top ten issues:

  1. Economic Development
  2. Infrastructure
  3. Health & Human Services
  4. Budgets & Management
  5. Energy & Environment
  6. Housing
  7. Public Safety
  8. Demographics
  9. Education
  10. Government Data & Technology

Most of the issues are not specifically technology related, however, that doesn’t mean that technology isn’t a vital component. Understanding the issues and what activities a city is planning to undertake to address them can give you insight into areas of opportunity. Read more of this post

GSA Making Headlines: Why You Need to Pay Attention

Adam Hyman, Director, Government Programs

If you haven’t noticed by now, you may have been too focused on the final season of Game of Thrones. However, it’s definitely time to turn your attention to what’s going on at the General Services Administration (GSA).

Over the course of the last year, GSA has been making headlines across the federal procurement marketspace by reaching agreement with various agencies to pull into the Schedule 70 program (via BPAs), former agency-specific requirements and IDIQs. While some may argue this is simply a grab for additional contract fees, it makes holding a schedule contract a critical prerequisite for even more federal opportunities. Recent and major opportunities have included:

  • 2nd Generation Information Technology (2GIT) BPA, formerly NETCENTS (valued at $5.5B)
  • Defense Enterprise Office Solutions (DEOS) BPA (valued at $8.2B)
  • Information Technology Supplies and Support Services (ITSSS) BPA (valued at $5B)
  • NOAA Mission Information Technology Services (NMITS) BPA (valued at $2.1B)

Approximately $20 billion in estimated business is expected to funnel through the Schedule 70 program. This doesn’t even include GSA’s plans for a DEOS sister BPA or the Civilian Enterprise Office Solutions (CEOS) BPA! Read more of this post

What the Defense Innovation Unit Wants Industry to Know About CSOs – Part 2

Stephanie MeloniEarlier this week we published Part 1 of “What the DIU Wants Industry to Know About CSOs”. Here, in Part 2, DIU answers additional questions, which delve deeper into the use of CSOs and possible future expansion as the need for adopting advanced commercial technologies continues.

A special thank you to DIU for the outreach and answering my questions!

SM: Do you think the spread of the CSO process is indicative that the Department is embracing a shift toward executing more OT agreements?
DIU: The past few NDAAs encouraged OT and CSO utilization. As more DoD partners experienced or witnessed the successes of DIU prototype projects as well as the capabilities of the non-traditional ecosystem, we have seen a groundswell in interest to adapt CSO procedures for different mission set use-cases. Additionally, OSD leadership issued a highly regarded OT guide and OT policy in November 2018 to help acquisition professionals leverage and demystify authority.

SM: Why use CSOs as opposed to traditional acquisition methods?
DIU: The ultimate goal of a CSO is to enable project teams the flexibility and freedom to execute purpose-driven contracts with best-of-breed companies, including traditional (subject to cost-sharing requirements) and non-traditional vendors. CSOs provide an opportunity for acquisition professionals to develop a deliberate based process focused on project outcomes instead of a default-driven process focused on compliance. CSOs and OTs in general are great acquisition instruments for experimenting and prototyping new technology, methodologies, etc. whereas the traditional acquisition authorities are geared towards procuring supplies and services. Truly, the authorities are highly complementary and should be used in conjunction with one another. Moreover, the potential to scale successful prototypes into production contracts provides a clear value proposition that incentivizes companies to seek out opportunities to work with the Department. Read more of this post

%d bloggers like this: