Top 3 Cloud Security Priorities in the Federal Government

By Jessica Parks, Market Intelligence Analyst

The last year of teleworking has caused an uptick in hybrid and multi-cloud environments, due to the flexibility, scalability and cost efficiencies that these environments offer dispersed teams. As federal agencies look to their futures within these increasingly complex environments, you can bet security is top of mind. When talking with your customers about how you can help provide peace of mind, keep in mind they are likely prioritizing one (or all!) of the following:

1) Baking security into products during the development process

As more federal software development teams embrace DevOps and DevSecOps, they recognize that developing applications on cloud platforms can further shorten timelines for spinning up new solutions. With this recognition comes an increased focus on baking security into these solutions during the development process.

Read more of this post

A Data-Centric Approach to Zero Trust for Public Sector

By Derek Giarratana, Supplier Manager

An organization’s data is its most important and valuable asset. This is especially true as organizations continue to move towards data-driven approaches to deliver on their missions and are more actively putting that data to work — and in remote locations no less. This means the need to protect data and maintain its accuracy and integrity is paramount.

In this series, we will explore each of these facets of data security and how it applies to IT challenges currently faced in the public sector. This first installment examines Zero Trust and how a data-centric approach addresses some of the hurdles with which public sector IT leaders struggle.

What is Zero Trust?

Aptly named, a Zero Trust approach assumes nothing internal or external to an organization’s perimeters can be trusted and should, therefore, require additional verification for access. The level of sophistication needed to meet the expectations and requirements of public sector data security lends itself to a Zero Trust model, which prompts data security experts to assess and manage data at the most granular level. With this approach in mind, data security experts are taking a fine-tooth comb to their data and paying close attention to their data management environment.

Read more of this post

What is CMMC?

By Jeff Ellinport, Division Counsel

Although CMMC has been around for more than a year, it never hurts to review what it is and why those who sell into DOD and the rest of the federal government should care.

CMMC stands for Cybersecurity Maturity Model Certification and is a new certification process to measure a company’s ability to protect sensitive government data. It is a unified standard for implementing cybersecurity across the defense industrial base. CMMC is a way for DOD — and soon after, probably civilian agencies as well — to address intellectual property theft, cybercrime and national security threats of the type evidenced by the recent SolarWinds attack.

Once fully implemented, CMMC will be an acquisition foundation, required for almost every contractor transacting business with the U.S. government.

CMMC Maturity Levels

CMMC has five maturity levels, with basic cybersecurity hygiene at a Level 1 to very robust requirements at a Level 5. These certification levels reflect the maturity and reliability of a company’s cybersecurity infrastructure to safeguard sensitive government information on contractors’ information systems. The five levels build upon each other’s technical requirements such that each level requires compliance with the lower-level requirements and then implementation and documentation of additional processes employing more rigorous cybersecurity practices.

Read more of this post

StateRAMP: An Outgrowth of FedRAMP for SLED

By Troy Fortune, VP & General Manager

Is StateRAMP on your radar screen? If you are a cloud software vendor and trying to sell into the state, local and education market, I encourage you to pay attention.

Modeled after FedRAMP, StateRAMP is gaining traction among many state CIOs. For the last seven years cybersecurity has topped the priority lists for CIOs at the state, local and education (SLED) levels, yet there are no established security standards they have all agreed to.

StateRAMP plans to leverage the existing FedRAMP assessment and approvals processes to help simplify the implementation for government and industry. Logistics for FedRAMP to StateRAMP transitions are still being finalized but vendors should look for the marketplace to launch in Q2 of 2021.

Cyberattacks on the Rise

Cyberattacks in SLED have amped up in recent years and become increasingly sophisticated, targeting sensitive citizen PII data. Many organizations have begun taking steps to protect their databases and systems, but those measures vary widely from state to state and even department to department. The expanded use of cloud-based systems to house and manage critical services like Medicaid and unemployment insurance only increases the risk. Unfortunately, few standards exist for cybersecurity or cloud security, which makes the protection of their sensitive data even more challenging.

Read more of this post

Changes in FITARA 11.0: How You Can Help Agencies Improve Their Scorecards

This past December, GAO made changes to the FITARA scorecard. By tracking these changes, you can help your agency customers improve their FITARA grades and meet mission goals. (Click here to review the latest scorecard.)

The next agency self-reporting period comes in April, with scorecards due in May. Agencies are being pushed to better use IT to meet FITARA objectives, such as cybersecurity and modernizing government technology.

So what does that mean for FITARA compliance? From a flyover perspective, first, the new administration is likely to look more closely at transformation in its policy priorities. Next, the FITARA scorecards will retire categories that have had across-the-board success, and shift focus to the next area that needs improvement.

Here are some of the expected shifts.

Read more of this post

SLED 101 Series – Follow the Funding

By Rachel Eckert, SLED Market Intelligence Manager

This second installment of our SLED 101 series focuses on funding and budget cycles.

Not all money is created equal when it comes to state, local and education (SLED) funding. Understanding where money comes from and how budgets are built will help you better time and align your sales efforts to when your customers will be most receptive to new IT project ideas.

Funding sources dictate spending flexibility.

Let’s start by understanding the different sources of spending. The largest chunk of spending in most states comes out of what is typically referred to as the General funds budget. This budget represents the largest share of revenue collected by states and significantly impacts a state’s overall ability to spend. General funds have the most flexibility and are recurring funds received yearly. They can be used for a variety of products and services, including include IT. Most of your sales will come from this budget.

The other pieces of the pie, like Federal or Other state fees, have stipulations and limitations on their use, making them a bit more challenging to leverage. This isn’t to say that there aren’t IT opportunities related to Federal funds or Other state fees, just that those funds are less flexible in their use and allocation.

Read more of this post

Top 3 DOJ IT Programs Planning Procurements in FY21

By Jessica Parks, Market Intelligence Analyst

When following the money within the federal government, it’s important to familiarize yourself with the specific programs attracting that money. (For more detail on what a “program” is, check out my colleague Lloyd McCoy’s recent blog post. ) Identifying particular programs that may have a need you can meet will help narrow down your target field to the specific offices and folks who will most want to hear about your solution.

In this blog, I focus on the Department of Justice and the top 3 programs by funding that are planning acquisitions in FY21, per the Exhibit 53. If you’d like to know more what’s in this document, read our blog, What is Exhibit 53?

(1) FBI Network Services

This is the FBI’s standard network infrastructure investment, with total FY21 funding around $103M ($9.3M in DME funding). One significant focus here will likely be on cybersecurity tools, as improving information security has long been a priority for the bureau. The IT Infrastructure Division under the Information and Technology Branch handles the bureau’s network, and they will be the group to speak with about any tools you may have that will support secure networking.

Read more of this post

What Is a Program?

By Lloyd McCoy, Senior Market Intelligence Manager

If you’ve attended any of immixGroup’s briefings or webinars, you’ve probably heard us say that programs are the most important insertion points for most technology purchases within the federal government, especially for COTS products. In this blog we’ll walk through why they are important and what you should know before engaging with program offices.

But first, what is a program?

Programs, or more formally Programs of Record, are budget line items that exist to fulfill an agency’s mission. The Department of Defense’s definition is a good one and applies governmentwide: a funded effort that provides a new, improved, or continuing materiel, weapon or information system or service capability in response to an approved need. That pretty much sums up a program’s purpose, whether it’s DHS, USDA or DOD. Program managers run the program and most programs include some IT. Some programs are only IT focused.

Program Offices, Program Managers

Programs are so important because they are at the sweet spot of a department’s technology acquisition hierarchy with the program manager being senior enough to have a role in shaping the strategy and policy discussions surrounding the program’s mission. In addition, his or her office also represents the end user who will be using your product or service in the course of doing their job. Consequently, the program office has a central role in influencing the specifications and choices around the product or service.

Read more of this post

Top Four 2021 State CIO Priorities

By Charles Castelly, SLED Analyst

The release of the Top Ten Priorities for State CIOs in 2021 in December by the National Association of State Chief Information Officers (NASCIO), places digital government at the top of the list for the second year in a row. The pandemic has accelerated the adoption of certain technologies by government as they look to provide quicker and more efficient services to citizens and employees.

Looking at the year ahead, state governments recognize that they will continue to need technology solutions that support digital modernization for applications that enable remote workforce accessibility and online interactions with citizens. Here are the top four technology priorities that CIOs are looking for:

(1) Cloud Solutions

With the migration of traditional in-person services online, cloud technologies are crucial to deliver services en masse. Cloud solutions allow agencies to operate more efficiently, delivering services to a larger number of citizens. However, agencies will need vendor assistance to help them through the migration process so that services are migrated seamlessly, with no loss in uptime.

Read more of this post

SLED 101 Series – What is the SLED market?

By Rachel Eckert, SLED Market Intelligence Manager

Welcome to the first blog of our SLED 101 series. Over the next few months, you’ll see a series of blogs that walk through the basics of the state, local and education markets. Topics will include understanding the budget cycles, identifying the IT budget, navigating CIO priorities, understanding procurement, differentiating master contracts and cooperative contracts, and finally, comparing the SLED market to the federal market.

To kick things off, I wanted to start by defining what the SLED market entails and why understanding their independence is crucial to success. When we talk about SLED, we are talking about more than 90,000 different government organizations.

  • 50 States
  • 3,000+ Counties / Boroughs / Parishes
  • 36,000+ Cities / Towns / Municipalities
  • 12,000+ Public School Systems
  • 2,000+ Higher Education Institutions
  • 38,000+ Special Districts
Read more of this post
%d bloggers like this: