EO 14028 uncertainty offers opportunities in event logging, zero trust, Part 2 of 2

July 6, 2022 by Leave a comment

By Ryan Nelson, Market Intelligence Manager

Uncertainty at the agency level about what constitutes compliance with EO 14028’s requirements regarding event logging (EL) and zero trust architecture (ZTA) offers vendors with those technological capabilities an opportunity to support agencies as they try to meet the demands of the order.

In the first part of this two-part series, we looked at event logging. This time we’ll turn our attention to ZTA.

As mentioned in our first installment, agencies have requested significant funding for the zero trust architecture and event logging requirements in the Executive Order, typically to the tune of $25 million per agency to achieve both goals.

Read more of this post

Filed under Market Intelligence, Public Policy, Sales Tagged with , , , , ,

EO 14028 uncertainty offers opportunities in event logging, zero trust (Part 1 of 2)

June 30, 2022 by Leave a comment

By Ryan Nelson, Market Intelligence Manager

The Executive Order on Improving the Nation’s Cybersecurity, along with timelines and compliance guidance from the Office of Management and Budget (OMB), is causing some confusion among agencies as to what actually constitutes compliance. Agencies have requested significant funding for zero trust architecture (ZTA) and event logging (EL) requirements in the Executive Order, often around $25 million per agency to achieve both goals.

Vendors that can help agencies comply with the order and meet OMB’s timelines will be of extreme interest to these organizations.

Background

Signed on May 12, 2021, EO 14028 contains specific directives to achieve improve agency visibility on network activity and cybersecurity. The Office of Management and Budget (OMB) then released clarifying guidance in memos to define what agencies must accomplish. These include:

  • OMB 21-31: Improving the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incidents
  • OMB 22-09: Moving the U.S. Government Toward Zero Trust Cybersecurity Principles

EO 14028 requires agencies to determine their strategy for achieving a zero trust architecture within 60 days of release, while OMB 22-09 requires specific security goals be achieved by the end of FY24.

Read more of this post

Filed under Market Intelligence, Public Policy, Sales Tagged with , , , , ,

ESG contract stipulations are becoming common. Are you prepared?

June 23, 2022 by Leave a comment

By Skyler Handl, Corporate Counsel, Public Sector

How familiar are you with new Environmental, Social, and Governance (ESG) policies in the U.S. and abroad? For public sector companies, staying current with these new requirements will be an important part of remaining competitive.

ESG has become popular recently in the commercial investor market, but it actually has been a long-time staple in government contracting. For decades the U.S. government promoted public policy aligned to ESG objectives through the inclusion of contract and subcontract requirements to combat human trafficking (FAR 52.222-50), promote small and diverse business (FAR 52.219-9) and to utilize energy efficient products (FAR 52.223-15). Social and Governance objectives have historically impacted contractor responsibility and qualification under FAR Part 9, and have been weighted factors in evaluation criteria during best value competitions with specific attention for exceptional small and diverse business plans.

Read more of this post

Filed under Market Intelligence, Public Policy, Sales Tagged with , , ,

FITARA Scorecard changes: What you need to know

June 1, 2022 by Leave a comment

By Tara Franzonello, Program Development Manager

How will changes to the Federal Information Technology Acquisition Reform Act affect government agencies and OEMs?

On Jan. 20, 2022, the Subcommittee on Government Operations discussed FITARA, the Modernizing Government Technology Act, and the Federal Information Security Modernization Act of 2014. The purpose was to consider how to modernize the FITARA Scorecard, since many agency grades have remained stagnant. 

Rep. Gerald E. Connolly, chairman of the Subcommittee, suggested that lack of progress was because of the methodology used to calculate metrics. Connolly believes there should be new ways to hold agencies accountable for IT modernization, including moving to the cloud.

Read more of this post

Filed under Market Intelligence, Sales Tagged with , ,

CMMC: Get ahead by doing the bare minimum

May 12, 2022 by Leave a comment

By Ryan Nelson, Market Intelligence Manager

If you’ve been involved in federal sales for any time at all, you know that government cybersecurity professionals have been asking – pleading, in some cases – for vendors to “bake-in” risk management into their proposal. And while the industry does seem to be inching in that direction, it’s still a topic of great concern among agency IT leaders.

That’s why, if you really want to set yourself apart in federal sales, you need to do the bare minimum, and build your proposals with an eye toward compliance with Cybersecurity Maturity Model Certification 2.0. By doing the bare minimum, you’ll actually stand out from your less motivated competition, and stand a better chance at having your proposal come out on top.

At a recent AFCEA TechNet Cyber show in Baltimore, a panel of cyber experts was once again bemoaning this seeming lack of cooperation with industry’s compliance with cybersecurity directives.
CMMC 2.0 is the latest iteration of the cybersecurity certification, which is aimed at protecting the federal infrastructure from complex cyberattacks. It’s intended to cut red tape for small- and medium-sized businesses and help DoD and industry work together to address evolving cyber threats.
TechNet panelists (everyone from the senior tech advisor for the Operations and Infrastructure Center at DISA to the Army CIO cybersecurity director) were adamant about one thing: CMMC risk mitigation needs to be written into every single proposal.

Read more of this post

Filed under CMMC, Market Intelligence, Sales Tagged with , ,

Big sales opportunities in lesser-known agencies: Decoding the Omnibus Bill

April 26, 2022 by Leave a comment

By Ryan Nelson, Market Intelligence Manager

The Omnibus Bill 2022 signed by the president about a month ago clocks in at nearly 2800 pages. It’s an annual free-for-all for vendors, with sales teams scouring the pages to compare appropriations to their product and service offerings.

While vendors’ typical targets are big-name agencies, there’s a strong argument to be made to dig a bit deeper below the surface, to the smaller sub-agencies. Big opportunities are often buried in small agency funding, and it’s worth having a closer read of the bill to find out just where those opportunities exist.

After all, you may be unlocking an opportunity that might not be obvious at first read, and therefore may not be as competitive as the larger agency requirements. Put enough of these smaller opportunities together, however, and suddenly you find yourself dealing with enough prospects to keep a team busy for some time.

That said, here are four interesting opportunities you might want to consider as you develop your prospect list from the newly signed budget bill:

1) Animal and Plant Health Inspection Service. Some $38,486,000 is to remain available until expended, for Animal Health Technical Services. Similarly, $4,251,000 is to remain available for information technology infrastructure. That means even agencies that are focused on the health of wildlife, domesticated animals and farmable plants are still a lucrative target for big data, data analytics and network infrastructure components.

2) Farm Service Agency. Necessary expenses for this comparatively low-profile agency actually top $1.1 billion. Information technology represents a significant part of this funding. With programs ranging from aerial photography to financial management information, there are quite a number of opportunities in this agency alone. Most notable is the Modernize and Innovate the Delivery of Agricultural Systems (MIDAS) program. MIDAS is a web-based modernization initiative to simplify, integrate, and automate the delivery of Farm Programs across the United States.

Read more of this post

Filed under Market Intelligence, Sales, SLED Tagged with , , ,

Seven ways to improve your sales to state CIOs

April 13, 2022 by Leave a comment

By Ryan Nelson, Market Intelligence Manager

State and local legislatures are having a good year. Flush with cash from the federal funding, most states enacted budgets with an increase in spending and revenue for FY2022. According to a recent conference of market analysts and government leaders, states project general fund spending of $1.02 trillion, a 9.3% increase compared to 2021. The education outlook is a bit more cautious, showing a trend of delayed spending of federal funding in K-12 districts. Nonetheless, there is a projected additional $3.5 billion in e-rate funds for 2022 and 2023.

During the recent conference, Jim Weaver, Secretary for Information Technology/State CIO for North Carolina was interviewed about how vendors can better position themselves and present information to decision-makers. Here are some of his top tips:

Taking all of this into account, what do vendors planning to sell into the state and local market need to know? The sales approach to state and local decision-makers is different than the federal market, and vendors should be prepared to make adjustments to their approach, to ensure a better chance of success.

1. Understand the state’s strategic plan. Every state has a strategic plan. Before you engage, know how your products and services will help them achieve their particular goals. Do not ask what an agency’s “pain points” are, or “what keeps you up at night?” You’ll find yourself being redirected back to the strategic plan.

2. States are changing the way they consume info. A crisis is an opportunity to influence change, Weaver said, and that has been true with the pandemic. What’s important now are case studies and the applicability of the study to the particular agency being courted. Messaging has to be eye-catching and visionary, but still based on what’s being done at the strategic planning level. Also, Weaver emphasized being engaged in the procurement process; vendors who aren’t already engaged in the process will most likely not get a lot of traction.

Read more of this post

Filed under Market Intelligence, Sales, SLED Tagged with , ,

How TMF helps agencies fund IT Modernization

March 10, 2022 by Leave a comment

By Tara Franzonello, Program Development Manager

Improved cyber security is a priority for government agencies, which is why IT Modernization products and services are becoming so important. Unfortunately, agencies may not have sufficient funds for mission-critical IT.

That’s where the Technology Modernization Fund (TMF) comes in.

TMF bridges the gap in IT Modernization between what agencies want and Congress expects. In the last several months alone, the TMF has approved seven new projects totaling over $300M in new funding.

To help address immediate security and capability gaps, suppliers must have a better understanding of the TMF. Agency customers will be better positioned for TMF money if you can explain how products and services map to TMF priorities, and how they provide solutions to pressing IT issues. 

Shaping the TMF proposal

TMF is an “innovative funding vehicle” authorized by the Modernizing Government Technology Act of 2017. It provides agencies with resources to secure systems and data, and to deliver services to citizens.

The Technology Modernization Board of TMF evaluates project proposals, provides funding recommendations, and monitors progress and performance of approved projects. Project proposals are submitted through a two-phased approval process – an Initial Project Proposal (IPP) and a Full Project Proposal (FPP). 

Read more of this post

Filed under Market Intelligence, Sales Tagged with , , ,

StateRAMP is here to stay. Are you ready?

March 3, 2022 by Leave a comment

By Ceren Öney, SLED Market Intelligence Manager

Formal adoption of StateRAMP into IT procurement policies is rapidly increasing. Last year, we encouraged vendors to put StateRAMP on their radar screens. Since then, nearly 200 government members representing 33 states have joined the membership.

For service providers selling into state, local, and education institutions, now is the time to ensure that your cloud security is compliant with StateRAMP requirements.

While StateRAMP itself may still be a few years from being a household word, that doesn’t mean that state and local governments have been sitting idly by. The move toward better monitoring and certification of state, local and education network security has been going on for years, with two states at the forefront.

Arizona and Texas introduce state-specific frameworks

In September 2021, Arizona CIO J.R. Sloan announced the state will “test-drive” StateRAMP over the next year. Sloan, StateRAMP President and founding board member, had previously introduced AZRamp, Arizona’s Risk and Authorization Management Program. Arizona’s move to test StateRAMP doesn’t come as a surprise and further solidifies Sloan’s confidence in the program.

Meanwhile, effective January 1, 2022, Texas mandates state agencies to only enter or renew contracts for cloud offerings compliant with the Texas Department of Information Resources’ (DIR) own security framework, TX-RAMP.

Rising ransomware attacks targeting state and local governments, schools and colleges increased the pressure to strengthen cybersecurity postures and protect against incursions by bad actors. Coupled with the shift to digital services due to COVID-19’s disruptions and federal funding available under the Infrastructure Investment and Jobs Act and the American Rescue Plan Act, considerable emphasis is being placed on cyber security now more than ever.

Other states adopt the StateRAMP framework

For most states, like North Carolina and Georgia, creating a state-specific framework is too laborious and inefficient. Adopting the established StateRAMP framework makes the initial risk assessment, continuous monitoring and management more seamless and easier.

Read more of this post

Filed under Market Intelligence, Sales, SLED Tagged with , , , , , ,

Cybersecurity Opportunities within the Infrastructure Investment and Jobs Act

January 17, 2022 by Leave a comment

By Gabrielle Perea, Senior Market Intelligence Analyst

With the signing into law of the Infrastructure Investment and Jobs Act, significant funding has been allocated in support of highways, highway safety, and transit programs, including cybersecurity provisions. Cybersecurity providers have a significant opportunity to position their offerings as tools to help with cybersecurity provisions and opportunities detailed in the IIJA.

The IIJA provides $1.9 billion for cybersecurity, with a $1 billion grant program to assist state, local, and tribal governments to guard against cyberthreats and modernize systems, especially critical infrastructure. These funds will be disbursed by the Federal Emergency Management Agency over the course of 4 years, beginning in 2022, with disbursement guided by the Cybersecurity and Infrastructure Security Agency.

Read more of this post

Filed under Market Intelligence, Sales Tagged with , , ,

Older posts

Newer posts

%d bloggers like this: