Changes to DHA Will Impact Cybersecurity Needs

Lloyd McCoy Jr.By Lloyd McCoy, Market Intelligence Manager

The mandates in the National Defense Authorization Acts of 2017 and 2019 called for greater centralization of the military health system. We are now seeing these initiatives being set in motion. One prime example is the migration of the Army, Navy and Air Force’s more than 400 military hospitals and clinics under the umbrella of the Defense Health Agency. I recently attended an AFCEA luncheon where Dr. Barclay Butler, the Component Acquisition Executive for DHA, and Pat Flanders, DHA CIO, spoke extensively on the ongoing consolidation, as well as other initiatives which promise to impact how those selling IT should approach defense health IT leaders.

Measurability and efficiency are driving the trend toward centralization and standardization across the Defense Health establishment. This is particularly applicable for security vendors since DHA wants to instill commonality in cybersecurity services and tools — from the largest military hospitals to the widely dispersed clinics. The two leaders urged industry that when engaging with Army, Navy and Air Force hospitals and clinics, think of the big picture. How can your solution work and be applicable across the entire military health enterprise?

Measurability

Butler and Flanders spoke at length about the need to measure outcomes. For security solutions, that means being able to better monitor threats and speed of remediation. Nothing new on the surface, but this requirement becomes more complicated as more and more military facilities get subsumed under DHA, with all the network architecture and migration challenges that come with the transition. Having a steady dialogue with DHA or one of the service medical commands is critical to ensure that safety and security aren’t negatively impacted by these changes – while ensuring that the hospitals and clinics have robust capabilities for measuring and auditing their security posture.

Read more of this post

6 Ways FITARA Could Make a Dramatic Impact on COTS Sales

Christopher Wiedemann_headshot-65 x 85by Chris Wiedemann, Senior Analyst

On FridayUS Capital Building of last week, among all the furor around the FY15 “cromnibus” passing, another long-awaited bill passed; the Federal Information Technology Acquisition Reform Act (FITARA) made it through both the House and Senate as part of the FY15 National Defense Authorization Act (NDAA). All indications point to FITARA becoming law shortly.

Here are 6 ways FITARA could dramatically impact sales in the COTS community:

Read more of this post

2015 NDAA could transition JIE from Concept to Concrete Reality

Lloyd McCoy_65x85by Lloyd McCoy Jr., Consultant

lloyd - may 9 6If you’ve sat through our briefings or articles, you’ve no doubt heard us emphasize that the JIE is not a program of record.  It doesn’t have a budget or a program manager and remains a concept focused on interoperability and a shared security architecture.  Sure, recent funded activities like Joint Regional Security Stack (JRSS) and Multi Protocol Label Switching (MPLS) which are aimed at increasing bandwidth and consolidating security architecture are being publicly framed by those involved as being in the spirit of the JIE.  However, there remains no authoritative framework defining whether this or that program is part of the JIE.

Read more of this post

DOD Rules on “Blacklist” Option – Supply Chain Risk Evaluation Added to IT Procurement Process

Steve Charles_headshot _7-23-2013_65x85by Steve Charles, Co-founder and Executive Vice President

The Department of Defense is exerting more control over its IT supply chain with a new rule effective November 18 requiring additional contract clauses when purchasing Information Technology.

DFARS Case 2012-D050 implements §806 of the FY11 National Defense Authorization Act as amended in the FY13 NDAA. Section 806 defines supply chain risk as ‘‘the risk that an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of a covered system so as to surveil, deny, disrupt, or otherwise  degrade the function, use, or operation of such system.’’

The Defense Federal Acquisition Regulation Supplement (DFARS) is now updated in several places requiring that supply chain risk considerations for IT purchases be considered before buying via any government contracting method or contract vehicle including GSA Schedule contracts. The processes, procedures and clauses are described and prescribed at DFARS 239.73 Requirements of Information Relating to Supply Chain Risk. The two new contract clauses required in all DOD IT contract actions are 252.239-7017 and 252.239-7018.

The burden now falls on contractors to maintain supply chain integrity by demonstrating how they are excluding questionable and potentially risky sources. Further, it exempts the government from bid protest review should it use Section 806 authority to sideline a contractor, subcontractor or supplier perceived as a supply chain risk. Critics of the law contend that it gives the government unilateral “blacklist” authority with no opportunity for due process, however, such authority only exists relative to National Security Systems and even then, requires quite a bit of justification and Secretary-level sign-off.

Industry has responded with various types of programs to assure that items delivered are genuine and have only been handled by trusted parties. For example, the immixGroup Trusted Supplier Program guarantees and warrants the authenticity of any product delivered at no additional cost to government customers, systems integrators, or immixGroup channel partners.

Comments to the interim rule submitted prior to January 17, 2014 will be considered in the formulation of the final rule. Statutory authority for this rule will expire September 30, 2018 unless Congress amends the current law.

2014 House NDAA Continues Procurement Tinkering

photo_Steve-Charles_65x85by Steve Charles, Co-founder and Executive Vice President

As it does every year, Congress passes procurement law changes in the National Defense Authorization Act (NDAA). This year is no different.

So what’s in store for 2014? It’s too early to say with certainty, because while the House has passed its version, the Senate is still cogitating. One thing we do know: The Senate, House, and White House all agree, within a billion dollars or so, on the level of Defense spending next year. Strangely, none of them take into account sequestration, which is still the law of the land under the Budget Control Act. It’s likely your customers are scratching their heads too, and that means extra sales resistance in store for 2014 until buyers know exactly what their spending authority will be. In the meantime, provide your customers with the information they need to complete perfect purchase requests so when the money drops, orders flow.

When it comes to procurement, we don’t see the sweeping changes of the last couple of NDAAs, but the 2014 bill is not absent of them, either.

Here are key highlights from the House Armed Service Committee’s bill, H.R. 1960, that would affect proposals and dealings with DOD customers:

  • The bill would exclude the salaries of some contractors’ top five earners as allowable expenses on DOD cost-reimbursement contracts, but not lower the rest of them nor cap them at $400 thousand, as the White House would like to do. The bill leaves the current cap of $763,029 (inflation adjusted) in place and changes the list of possible exceptions just from scientists and engineers to “narrowly targeted” ones “in the science, technology, engineering, mathematics, medical and manufacturing fields.” Significantly, the provision now covers contractors who received more than $500 million during the previous fiscal year. (Imagine the cost accounting challenges for contractors at the edges of this proposed threshold!)
  • Section 816 revamps bid evaluation by requiring that prices receive importance at least equal to technical (or other) criteria when evaluating proposals. This is a subtle but important change deep in the language of the U.S. Code Title 10 ((a)(3)(A)(ii) to be precise). The bill would require the head of the buying agency to sign off on any deviation from the increased emphasis on price, and issue a report on the allowed exceptions every year.
  • Sections 811 and 812 amends Section 818 of the 2012 NDAA written to prevent counterfeit electronic parts from entering the DoD supply chain. The proposed Section 811 emphasizes “electronics” seemingly broadening the scope of counterfeit concerns beyond “electronic parts” while Section 812 would limit contractor liability when government requirements include obsolete parts no longer available from the Original Equipment Manufacturer (OEM) or its authorized       distributors.

Detection and Avoidance of counterfeit electronic parts, while the law since 2012, has yet to be implemented in regulation. What would a DoD-approved system for this purpose look like? Proposed DFARS Case 2012-D055 attempts to tackle this and comments are due July 15. One of the key elements requires that DoD and its contractors purchase from an OEM or an OEM authorized distributor/reseller. Check out our new Trusted Supplier program to help minimize the risks from potentially counterfeit or tainted commercial products.

There’s a long way to go before the proposed NDAA provisions become law, and then even more time until they get implemented in regulation. We encourage you to be aware of and track procurement-related statutes and implementing regulations as even small changes can warrant significant changes in go-to-market tactics.

%d bloggers like this: