The Federal Acquisition Security Council is developing a scorecard to help assess governmentwide supply chain security readiness. The council was created four years ago to coordinate IT supply chain policies, like the ban on Huawei. In 2020, the Government Accountability Office found most agencies hadn’t implemented supply chain risk management programs. In addition to developing the new scorecard, the council is also pointing agencies to revised National Institute of Standards and Technology guidance on...
- The Federal Acquisition Security Council is developing a scorecard to help assess governmentwide supply chain security readiness. The council was created four years ago to coordinate IT supply chain policies, like the ban on Huawei. In 2020, the Government Accountability Office found most agencies hadn’t implemented supply chain risk management programs. In addition to developing the new scorecard, the council is also pointing agencies to revised National Institute of Standards and Technology guidance on supply chain security.
- The latest draft of the yellow book is out. These are the government’s auditing standards developed by the Government Accountability Office. It’s the first update reflecting major developments in the auditing and accountability professions and emphasizing specific considerations applicable to the government environment since 2018. The draft yellow book includes seven major revisions including new standards for financial audits and adding a risk assessment process for quality management reviews. GAO outlined seven questions for federal, state and local government as well as other experts to offer feedback on and is accepting comments through April 23.
- House Republicans chart paths to reform – or end – VA’s troubled EHR rolloutHouse Republicans chart a path to reform — or end — the Department of Veterans Affairs’ rollout of a new Electronic Health Record system. The VA Electronic Health Record Modernization Improvement Act would require VA along with vendor Cerner and its parent company, Oracle, to demonstrate “significant improvements” in the EHR system before installing it at additional VA medical centers. House VA Committee Chairman Mike Bost (R-Ill.) and Technology Modernization Subcommittee Chairman Matt Rosendale (R-Mont.) are leading the bill. They’ve also introduced another bill that would completely pull the plug on the VA EHR program. A committee spokeswoman says lawmakers are currently focused on the EHR improvement bill. (House Republicans chart paths to reform – or end – VA’s troubled EHR rollout – Federal News Network)
- The Pentagon will conduct its every four year review of how the military is compensated. The White House directed the Defense Secretary to complete the review in two years. It usually takes four or five years to complete. The Quadrennial Review of Military Compensation will look at living costs for military families including childcare, housing costs, and the costs associated with moving and geographic separation of families. The review will also study food insecurity and the need for added assistance for service members whose incomes fall below 130% of national poverty guidelines.
- Stung by repeated Russian cyber attacks, a crucial U.S. Defense Department agency launches a countermeasure. The Defense Threat Reduction Agency will establish an office of information resiliency. Director Rebecca Hersman said she signed the order last week, but it will take the course of the year to get it up and running. Its main goal is to “retain the kind of knowledge and information advantage that we need, that cognitive advantage, to prevail in this kind of highly competitive environment.” Hersman said the agency will provide technical training and support to military and civilian partners around the globe.
- More feedback comes in on an important aspect of the Pentagon’s Cybersecurity Maturity Model Certification program. The Cyber Accreditation Body received over 540 comments on the draft CMMC Assessment Process, known as the CAP. The document is intended to ensure there’s consistency in how third-party assessment organizations evaluate the cybersecurity of defense contractors. The first draft came out last summer. The Cyber AB will now adjudicate the comments, but the CAP won’t be finalized until the Pentagon finishes the CMMC rulemaking process.
- The Pentagon launched its new Defense Management Institute, a new organization dedicated to management research. At an opening ceremony Tuesday, Deputy Defense Secretary Kathleen Hicks said the institute would help the department with defense reform. The organization will be tasked with conducting research that improves management performance across the department and helps it do a better job with acquisition. It will build a library of past management studies and bring together defense officials and outside experts. The institute is a collaboration between DoD and the federally-funded Institute for Defense Analyses.
- The Navy’s chief data officer is moving to a new role with the Army. Tom Sasala, who spent the last three years running the Department of Navy’s data efforts, is moving to a new role with the Army. He started yesterday as the deputy director of the Office of Business Transformation. In that new role, Sasala will help drive process optimizations, reform business practices and help ensure the Army business community is connected to the mission. Sasala had been the Navy’s CDO since 2019 where he established a comprehensive data management program, created an enterprise data management and analytics platform and standardized data management roles and responsibilities across the department. It’s unclear who will be the new Navy CDO, even on an acting basis.
- The Postal Service awards a contract worth up to $70 million to get a better handle on its data. USPS selected multi-cloud vendor Veritas Technologies to help modernize its data compliance and e-Discovery tools. The vendor will provide USPS with automated data archiving and retention across all its on-premises and cloud-based data sources. The contract award is for three years, but can be extended up to seven years.
- The Commerce Department takes a step toward advancing its strategic plan to improve diversity, equity, inclusion and accessibility. Leaders at Commerce laid out goals to broaden job applicant pools, as well as raise officials’ awareness of barriers to equity, during the agency’s first-ever DEIA meeting. Agency leadership plans to meet semi-regularly to share progress on pilot projects, and then share updates with staff. The department is also making plans to soon host a DEIA employee resource group summit.
- The National Science Foundation plans to limit pay raises for hundreds of its employees. It’s facing pushback from its main labor union. The American Federation of Government Employees raises concerns about NSF plans to cap the pay raise for some excepted service employees to 1%. An email from agency officials to staff announced the initial plans, in an effort ensure pay doesn’t surpass career feds on the GS scale. But an NSF spokesperson said the announcement was sent prematurely, and nothing is set in stone. All NSF employees on the General Schedule will receive the 4.6% enacted pay raise, regardless of the final decision. (Initial plans to cap pay raise for hundreds of NSF employees gain major union pushback – Federal News Network)