5 Years Later and FITARA Remains Relevant

By Tara Franzonello, Contracts Manager

FITARA, also known as the Federal IT Acquisition Reform Act, was enacted by Congress in December 2014 with an aim to reform government’s management and acquisition of IT. Although agencies have made progress over the last 5 years, there remain significant challenges in working toward FITARA compliance.

What does this mean for technology providers? Opportunity! Read more of this post

Arkansas CIO All In on Shared Services

By Rachel Eckert, SLED Manager

Arkansas has begun its digital transformation and is moving ever closer to a shared services model. Last month, Arkansas CIO Yessica Jones briefed the NASCIO Corporate Member Exchange on some of the recent changes in her state.

Probably the most impactful change was the re-organization following the passing of the Transformation and General Efficiencies Act during the past general legislative session. The act consolidated 42 departments into 15. Previously the Department of Information Systems, Arkansas’ central IT department reported directly to the governor, along with 41 other departments. Under the new structure, the Department of Information Systems has become a division under the Secretary for Transformation & Shared Services.

Jones believes that new department structure will improve IT project delivery, especially since all new secretaries have been tasked with identifying potential shared services opportunities. Several projects are already underway to deliver additional shared services to executive-branch agencies, including deploying enterprise-wide Microsoft Office 365, optimizing their data center, implementing mainframe as a service and several enterprise-wide agreements. Read more of this post

Agile Ops as a Path to Modernization

By Jessica Parks, Analyst

The word “agile” is everywhere now, describing everything from cloud technology to team dynamics. Beginning as an innovative method of software development, agile has expanded to describe projects, solutions, teams and workflows.

As government agencies look to update legacy systems, there is an increasing recognition that modernization encompasses not only updates in technology, but also improvements in how projects are developed and delivered. Here are examples of how federal agencies are applying the agile concept and how technology vendors can insert themselves in upcoming opportunities.

In the world of government IT, agile refers to a software development or project management method which aims to be faster, more customer-centric and more responsive to sudden changes than traditional methods. (If you want to further explore the basic premise of “agile,” GSA has published a comprehensive set of FAQs.) What is most noteworthy about the presence of agile development in government IT is that it represents a significant change in mindset. The government is realizing that efficiency, responsiveness and scalability are often the best ways to stay on top of rapid technological changes. Read more of this post

New Security Requirements Coming to DOD Acquisition in 2020

Lloyd McCoy Jr.Cyber security network concept. Master key connect virtual networking graphic and blur laptop with flare light effectBy Lloyd McCoy, Market Intelligence Manager

Starting next summer, anyone selling IT to the Department of Defense will need to be certified by the Cybersecurity Maturity Model Certification (CMMC) in order to compete for contracts.

The CMMC is a set of security standards that will start appearing in RFIs in June 2020 and will apply to all defense acquisitions by September. The CMMCs will represent security maturity levels and will have five levels, each with their associated security controls and processes. Level 1 will likely be like what we consider basic hygiene, with Level 5 describing the very best in security practices. The level needed will depend on the contract and will be used to determine whether a vendor makes the cut. Details on what each of the levels contain are scant right now but expect more information in the coming months as the Department collects public feedback. Read more of this post

2019 Federal Data Strategy: Prioritizing Data as a Strategic Asset

By Toné Mason, Senior Analyst

In June of 2019, an update to the Federal Data Strategy was released including the final Principles and Practices and draft Year-1 Action Plan. The final Year-1 Action Plan is anticipated to be released in September.

Vendors should understand what’s in the plan and make sure they adapt their sales strategies and messaging to address the new plan goals:

  1. Enterprise Data Governance – The federal government needs to have a plan for how to best protect their data. This includes the formation of data policies, data protection strategies and a way to monitor for compliance. Quality and integrity of data will need to be protected and monitored as best as possible.
  2. Access, Use and Augmentation – Ensuring continuous and reliable access to data will be vital. Additionally, it will be key to make the visualization of data as user-friendly as possible and ensure that proper information silos are in place, whether for an application for the public or for soldiers on the ground.
  3. Decision Making & Accountability – There are vast amounts of diverse types of data currently not being utilized. Preparing this data to be consumed can be extremely challenging. Transforming this data into actionable, real-time intelligence to inform decision making is the end goal and is even more challenging.
  4. Commercialization, Innovation and Public Use – Making federal data assets available to external stakeholders in an easy-to-use format is a key priority. This will facilitate the creation of new applications where advanced technologies and visualization techniques can be applied to transform the data into useful, consumable information for a wide range of use cases.

Read more of this post

CBP Plans Its Move to the Cloud

Tom O'Keefe

By Tom O’Keefe, Consultant

Customs and Border Protection (CBP) recently released an RFI seeking industry input on a comprehensive cloud solution that may lead to an RFP later this year or in early 2020. Cloud is a big topic of conversation at federal agencies, but right now, its bark is much larger than its bite. We can expect that to change over the next few years. As this new RFI shows us, agencies are looking to transition significant portions of their environment to the cloud. While traditional IT delivery models may still hold their value, cloud is the future.

CBP is the largest component within the Department of Homeland Security, and how it manages cloud may be indicative of how some of the smaller DHS agencies may also do so. Kshemendra Paul, DHS’s cloud officer, has indicated that only 10% of DHS applications are currently in the cloud. Another 30% are in process or are slated to move to the cloud. Most of what has already been migrated are easy-to-migrate applications like email. Large, mission-critical applications are still being hosted on premise and are likely to be the last of the applications to migrate. CBP will likely use the contract that results from this RFI to accomplish this migration.

Read more of this post

States Improving Cybersecurity Posture Through NGA Partnership

By Rachel Eckert, SLED Manager

The National Governors Association (NGA) recently announced a partnership with states and territories that are looking to enhance their cybersecurity posture through the implementation of key controls to mitigate future attacks.

After a competitive application process, the six states and one territory chosen were Arkansas, Guam, Louisiana, Maryland, Massachusetts, Ohio and Washington. Through a series of workshops between now and the end of the year, NGA, along with their respective homeland security agencies and National Guard units, will coordinate with state agencies, local government and K-12 schools to develop methods of improving existing cybersecurity approaches.

During the workshops, participants will brainstorm new methods to protect critical infrastructure, and vendors may discover new business opportunities. In addition to developing more comprehensive strategies and collaborating with neighboring governments, the participants will be focusing on implementing six key controls outlined by the Center for Internet Security:

Read more of this post

%d bloggers like this: