EO 14028 uncertainty offers opportunities in event logging, zero trust, Part 2 of 2

By Ryan Nelson, Market Intelligence Manager

Uncertainty at the agency level about what constitutes compliance with EO 14028’s requirements regarding event logging (EL) and zero trust architecture (ZTA) offers vendors with those technological capabilities an opportunity to support agencies as they try to meet the demands of the order.

In the first part of this two-part series, we looked at event logging. This time we’ll turn our attention to ZTA.

As mentioned in our first installment, agencies have requested significant funding for the zero trust architecture and event logging requirements in the Executive Order, typically to the tune of $25 million per agency to achieve both goals.

Read more of this post

EO 14028 uncertainty offers opportunities in event logging, zero trust (Part 1 of 2)

By Ryan Nelson, Market Intelligence Manager

The Executive Order on Improving the Nation’s Cybersecurity, along with timelines and compliance guidance from the Office of Management and Budget (OMB), is causing some confusion among agencies as to what actually constitutes compliance. Agencies have requested significant funding for zero trust architecture (ZTA) and event logging (EL) requirements in the Executive Order, often around $25 million per agency to achieve both goals.

Vendors that can help agencies comply with the order and meet OMB’s timelines will be of extreme interest to these organizations.


Signed on May 12, 2021, EO 14028 contains specific directives to achieve improve agency visibility on network activity and cybersecurity. The Office of Management and Budget (OMB) then released clarifying guidance in memos to define what agencies must accomplish. These include:

  • OMB 21-31: Improving the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incidents
  • OMB 22-09: Moving the U.S. Government Toward Zero Trust Cybersecurity Principles

EO 14028 requires agencies to determine their strategy for achieving a zero trust architecture within 60 days of release, while OMB 22-09 requires specific security goals be achieved by the end of FY24.

Read more of this post

OMB: Agencies Need Help With Old Problems

Chris WiedemannBy Chris Wiedemann, consultant

The cybersecurity challenges facing the government are well understood. Combine a highly federated environment, huge volumes of sensitive, classified or legally-protected data, all running on outdated legacy technology, and you get the government’s current situation: struggling to stay ahead of the latest threats in an increasingly dangerous digital environment.

Federal networks are very popular targets. The government deals with thousands of attacks each year – 35,277 in FY17, according to the most recent FISMA report. Moreover, the consequences of a successful attack are significant. Perhaps no data breach better exemplifies the dangers of lax security than the OPM attack in 2015, which exposed the personally identifiable information of millions of individuals to malicious actors and prompted a round of reports, recommendations and recriminations on the security posture of agency networks – as well as a renewed sense of urgency around security at the agency leadership level.

Read more of this post

DATA Act: Open for Business?

Stephanie Headshot 65x85by Stephanie Meloni, Senior Analyst

On April 10, 2014, the Senate (unanimously!) passed the Digital Accountability and Transparency Act (DATA Act). The bill would require the government to standardize and publish financial management, procurement, and related data in electronic formats that can be easily accessed by the public. Open data will give our industry new insights into federal spending, and potentially new business opportunities. The House is expected to vote on the bill later this month, where it is expected to pass quickly.

The DATA Act will be the most powerful transparency mandate since the passage of the Freedom of Information Act in 1966. The goal of the bill is to publish the executive branch’s entire spending portfolio as standardized open data.  The DATA Act will be used to provide visibility into wasteful spending and duplicative programs.

Read more of this post

IT Dashboard Problems Surface

Tomas OKeefe_65x85by Tomas O’Keefe, Senior Analyst

One of the great tools we in the vendor community have is the Office of Management and Budget’s (OMB) IT Dashboard, which is a fantastic resource that provides us an additional layer of detail regarding agency’s IT budgets. The Dashboard was created as a way to display the Exhibit 300s that make up some of the key IT investments in the federal space, as well as providing us additional visibility on progress toward meeting OMB initiatives like the 2012 Digital Government Strategy. OMB has also used it to highlight at-risk government IT investments, of which there are quite a few.

Unfortunately, however, the IT Dashboard seems to go for months without being updated, and the lack of updates has now caught the eye of the Government Accountability Office (GAO). GAO found that over the last few years the IT Dashboard has been updated only 33% of the time instead of every month, which seems to be somewhat in opposition to the mission of transparency that was championed by the Obama Administration when the President first came in to office. As a result, vendors are on the outside looking in and aren’t able to quickly respond to these troubled programs, as they could do if the government was more transparent.

Read more of this post

OMB Clarifies Travel and Conference Attendance Policies

Photo of Allan Rubinby Allan Rubin, Vice President, Marketing

The GSA conference scandal has crept back into the news as the IRS has encountered its own high-profile spending scrutiny. So I found it noteworthy when this item crossed my desk today.

The Office of Management and Budget just issued a “Controller Alert” to all Federal agencies, acknowledging the need for Federal employees to attend mission-related conferences and outlining recommendations, including best practices for approving travel and conference expenses. The document adopts many of the measures suggested in a meetings protocol provided by ASAE: The Center for Association Leadership, which met with OMB in March. You can find the entire document on the ASAE Web site.

To be clear, the Alert states it does NOT “constitute official guidance or include specific tasks for agencies beyond consideration of appropriate steps to address the issue” of travel and conference spending. It certainly reinforces many of the restrictions we’ve seen over the past 18 months, but it also provides what may be some wiggle room for the post-Sequestration world. That’s how I read statements like this:

“As each agency reviews its travel and conference-related activities, it is critical for each agency to continue to recognize the important role that mission-related travel and conferences can often play in Government operations. Given the unique travel and conference needs of each agency, there are circumstances in which physical collocation is necessary to complete the mission.”

And this:

“…bringing together Federal employees at a single location—such as for program reviews or technical evaluations, presentation of scientific findings, oversight boards or advisory group meetings, …may be the most efficient and cost-effective means for reviewing Government-sponsored efforts, issues, or challenges. Several agencies rely on meetings with industry and academic colleagues to drive innovation and ensure continued advancement in related fields.”

There is, of course this reality: while an agency should not interpret the recent guidance “as a moratorium on all conference events, agencies and related stakeholders should anticipate a continued reduction in conference and travel activity for the duration of the sequestration order.” And to make sure nobody’s having any fun at taxpayer expense, the Alert reminds readers that “events should not include excessive or lavish social components.”

The Alert makes clear that each agency is responsible for implementing its own internal travel and conference policies, and each agency needs to achieve the right balance between reducing spending and meeting mission-critical needs. It encourages agencies to start conference planning by examining whether “physical collocation of Federal employees in a conference setting is a necessary and cost-effective means to carry out the agency’s mission (and that other, lower-cost options, such as videoconferencing, have been explored).” To me, this points to a likely boost in future attendance at, and acceptance of, virtual engagements both within and outside of the agency environment.

Similarly, it makes a distinction between conferences and training events, stating that conferences “should not be considered training events absent a written justification by an appropriate official that specifies the learning objectives and mission or job performance outcomes.”  It further clarifies that “professional training may include Continuing Education Units (CEUs) or Professional Development Units (PDUs) for areas that are relevant and valuable to the job function of the individual employee and that contribute to maintaining professional accreditation or certification.” Takeaway: don’t expect to slap the word “training” on your marketing event and think you’ve covered your bases.

A lot of this is old news, and it remains to be seen whether the IRS spending scandal (as opposed to the IRS political scandal) will result in even tighter restrictions or if there’s not much left to tighten. I’m already hearing that government employees are starving for information and interactions that will help them do their jobs. So what should you do next?

  1. Consider whether virtual events have a place in your marketing arsenal. Try something new.
  2. Align your marketing activities with events that offer real training for government attendees.
  3. Keep an eye on what happens next based on the IRS fallout.

Maybe I’m optimistic, but we may be seeing some cracks in the armor. As always, I welcome your comments.

Federal Opportunity Alert: BI & Reporting Needs at OMB & GSA

photo_Chris Wiedemann_65X85- one postby Chris Wiedemann, Senior Analyst

If you’ve been following the progress of the Federal Data Center Consolidation Initiative (FDCCI), you might have seen a recent GAO report that contained some mixed messages about the program’s progress.

First, the good news: according to the report, agencies have already closed around 420 data centers, with another 968 planned for closure by December 2015. This will put the government 285 closures short of the original target for consolidation set by OMB – still, when compared to other large initiatives in federal IT, FDCCI looks more or less on schedule.

However, significant obstacles to tracking FDCCI progress still remain. Most notably, OMB and the GSA Program Management Office have not been tracking actual cost savings caused by data center closures, which calls into question their ability to demonstrate $3 billion in savings by 2015 – another key milestone of the original data center consolidation mandate. In fact, the latest memo on the topic did not mention a cost savings goal, which further reflects the difficulty of quantifying FDCCI savings. This could open the door for business intelligence vendors, particularly those with tools that can analyze and report on large amounts of data. If you have the tools to help GSA and OMB demonstrate cost savings through FDCCI, you’re likely to find a receptive audience right now.

Conference Spending Cuts Continue: Six Tips for Marketers

by Allan Rubin, Vice President, Marketing

I predicted in a previous post that recent concerns with government conferences and travel would spill outside the responsible agencies and impact spending overall, making it more difficult for federal marketers to leverage events in their marketing programs. Those who thought the restrictions would be limited to events hosted by the government itself, or to specific recent offenders like GSA, should follow this topic closely and consider the potential impact on their marketing plans.

On Friday, the Acting Director of the Office of Management and Budget, Jeffrey Zients, released a memo to the heads of executive departments and agencies (not just GSA) regarding the efficient use of taxpayer dollars. Highlights include:

  • In FY 2013, each agency must spend at least 30 percent less on travel than in FY 2010 and maintain this level through FY 2016; savings will be used to increase transparency and investigate abuses, a detail that will likely make federal employees less eager to leave the office. Agencies have 90 days to report on proposed travel reductions and also must specify how they will make these reductions sustainable in their FY 2014 budget submissions.
  • Agencies are being directed to focus on expenses related to attendance of Federal employees at conferences sponsored or hosted by non-federal entities. Many of the new rules require approval for high-dollar spending and increased transparency of expenses.

This comes on top of the House’s approval of the DATA Act in late April, which includes a provision that would cap spending on nonmilitary travel to attend a conference at 80 percent of fiscal 2010 levels. And let’s not forget about proposed changes to ethics rules that could force contractors to face many of the same limitations previously intended for lobbyists.

If lead generation events are important to your marketing mix, here are six recommendations to consider based on our reading of these evolving situations:

  1. Stay Local – Federal employees are going to be less inclined to hop on a plane in this highly charged environment.
  2. Go On-Site – Give agency tabletop events another look. They’re cost-effective for everyone, and there’s no risk for an employee to attend an event held in his/her own building. immixGroup’s Agency Expo program can help you here.
  3. Keep it Simple – If you host your own events, avoid flashy venues or anything that looks or sounds over-the-top. Be conservative and stay on the right side of the lines or you can expect low registration and attendance numbers.
  4. Stick Together – Your prospects will be more comfortable attending events sponsored by multiple vendors to avoid the appearance of impropriety. Find one or more complementary vendors with whom you can co-brand your events and share costs. immixGroup frequently creates multi-vendor events and trade show kiosks to make this easier for our clients.
  5. Go Virtual – Targeted Webinars should play a larger role in your programs as agencies are explicitly instructing employees to turn to the Web to reduce travel costs. immixGroup offers several flavors of turn-key webinar programs for clients. The key is to make them relevant to your intended audience.
  6. Go with a Chaperone – Ethics rules favor events hosted by third-parties such as media companies and non-profits. We have seen tremendous success with these and can find or create events that fit your marketing plans and objectives.

To learn about any of these programs, contact your immixGroup account team or email me at allan_rubin@immixgroup.com.

%d bloggers like this: