“Reporter’s Notebook” is a weekly dispatch of news tidbits, strongly-sourced buzz, and other items of interest happening in the federal IT and acquisition communities.
Submit ideas, suggestions and news tips to Jason via email.
The surprising announcement on June 25 that Federal Chief Information Officer Suzette Kent is leaving after two-plus years on the job reverberated across the federal community.
Agency and contractor executives expressed gratitude for her service and impact on the community, and sadness because her departure is at least six months sooner than many expected.
Kent, who joined the Trump administration in January 2018, didn’t bring the usual credentials of previous federal CIOs. She hadn’t worked for government before—like a Karen Evans or a Mark Forman—and her background didn’t expressly show any expertise in the technology sector—like a Tony Scott. She came from a career in the private sector, working at Ernst & Young where she had been a principal in the financial services office and at JP Morgan Chase and Accenture in the financial services sector.
In her short time at the Office of Management and Budget, experts from across the community say Kent’s impact is significant, long-lasting and notable.
“Suzette has been an amazing partner on the sharing quality services cross-agency priority goal, the Technology Modernization fund, IT modernization, the centers of excellence, the Enterprise Infrastructure Solutions (EIS) adoption, and a myriad of other programs and initiatives,” said Emily Murphy, the administrator and close partner on all of these initiatives at the General Services Administration, in a statement to Federal News Network. “On behalf of all of us at GSA, we will miss her technical expertise and her passion for progress.”
Federal News Network asked 10 people who worked closely with Kent over the last two years for their opinion on her impact on the federal IT community.
John Zangardi, former Homeland Security Department CIO and current president of Redhorse Corp.: Suzette has an uncanny ability to think strategically and sensibly deliver executable plans that better position the federal government to modernize and digitally transform. She showed that a federal CIO can make a positive difference. She is a huge loss to the federal government and set the bar high for future federal CIOs.
Renee Wynn, recently retired NASA CIO: Suzette brought vision, energy and an amazing ability to build diverse teams to achieve results for the benefit of federal services. She will be remembered for the way she worked with people to advance the Federal IT Acquisition Reform Act (FITARA), how she solidified the importance of IT modernization through the TMF and corresponding act, sowed the roots of digital transformation and helped women “see” that it was possible for women to hold top executive level positions in IT.
Matt Cornelius, Alliance for Digital Innovation and former OMB senior technology and cybersecurity advisor: Well, the community is so much bigger than it was when she started. We have a White House that is all in on IT modernization, a Congress that’s incredibly interested in improving federal IT and cybersecurity. Folks outside of just CIO offices and vendors care about, and are personally invested in, accelerating digital transformation. The “federal IT community” is now all members of the government, the vendor community and, importantly, the non-traditional and emerging technology companies that are eager to do business with agencies. That’s largely due to Suzette’s compelling vision and energetic advocacy ensuring federal technology transforms the lives of citizens.
Dave Wennergren, executive director ACT-IAC and a former deputy CIO at the Defense Department and vice chairman of the CIO Council: Suzette has done an outstanding job leading the federal IT community. Her energy and vision have been contagious. Her work to advance the President’s Management Agenda has helped government agencies focus on the most pressing technology issues and make real progress.
She also was extremely generous with her time; always willing to go “above and beyond” to engage with industry in a very meaningful way, supporting the work of good government organizations and other non-profits and always being willing to talk a little longer with an interested government or industry employee on how they could make a difference. She focused on mission and outcomes; shaping the technology conversation to be less about IT for IT’s sake and more about results.
John Weiler, executive director and co-founder of the IT Acquisition Advisory Council (IT-AAC): Suzette spent much of her time messaging and speaking about ways forward, trying to get the dug-in culture to change. Her shortcomings were related to failing to correct flawed approaches to Technology Business Management and agile, allowing the old guard rice bowls to prevent the change that was directed in Congressional directives.
Bill Zielinski, the city of Dallas CIO and former GSA assistant commissioner of the Information Technology Category: Certainly among her notable contributions over the last several years, Suzette has championed the role of chief data officers, been a tireless advocate for developing and reskilling the federal IT workforce and helped to push through several large federal IT policy updates (think here of the Identity, Credential and Access Management memo, or the Trusted Internet Connections (TIC) update, or the Cloud Smart policy, etc.). The work that she has led in these initiatives are foundational and will set the tone for years to come.
A little less publicly visible, she has done so much to organize and mobilize the Federal CIO Council as a cohesive, forward-leaning and action-oriented group. She has expanded the scope of activity of the council and enabled members to lead important initiatives.
Trey Hodgkins, president of Hodgkins Consulting and former senior vice president for policy at the IT Alliance for Public Sector: I think that last effort, focusing on updating government instruction and guidance related to IT is a really meaningful legacy that will guide the use of information technology long past her departure. The information that has been either updated or created for agencies sets the tone and direction of most of the efforts to digitize the federal government and modernize the use of IT and, if history is any indication, it will serve to direct agencies and departments well into the future.
Bill Marion, former Air Force deputy CIO and now managing director of growth and strategy in its defense and intelligence practice at Accenture: In the position, collaboration and communication of a vision is the most important aspect to accelerate cross-agency and department strategies. Suzette was the consummate example of this, as one trade rag said, ‘the CIO of CIOs’. Two key accomplishments were:
Cyber Reskilling Academy. While some may question the success, I believe it’s a foundational element of our most critical shortfall: equipping a digitally-minded workforce. I think this program has opened the eyes and hearts of many and I’m confident it will span follow-on activities.
Federal Data Strategy. I’m not sure many are aware but such a strategy is exquisitely hard to develop and coordinate. Moreover, it’s a core to the “data is a strategic federal asset” that we haven’t leveraged sufficiently. So again, this strategy will live beyond her tenure and empower future generations.
Mike Hettinger, principal at the Hettinger Strategy Group and former House committee staff member: When I think about her most notable accomplishments, I think about the update of the federal government’s cloud policy, moving from Cloud First to Cloud Smart, bringing forward a recognition that one size doesn’t necessarily fit all and that agencies should have the flexibility to choose the right cloud solution — public, private, hybrid or multi-cloud — to meet their individual needs. I also think about the federal data strategy and the recognition of the criticality of data in the decision-making process. It was her efforts that really drove the Federal Data Strategy forward. I’ll also think about her impact on customer experience, and the push that OMB made during her time to get agencies to better utilize digital tools to serve citizens. And lastly, her work on cybersecurity matters, including the update to the Trusted Internet Connections policy are to be commended.
Gordon Bitko, senior vice president of policy for Public Sector at IT Industry Council and former FBI CIO: One of the best examples of Suzette’s many notable accomplishments is the delivery of the Federal Data Strategy, and associated action plans, which highlights the strategic importance of data not just within but across agencies.
Zangardi: What is important is knowing that your CIO boss has your back and supports you. When I asked her for help with a tough problem, I knew I could count on her. She engaged and made a major contribution that reduced DHS data center cost and expedited our move to the cloud. I know that her support here isn’t widely known. But it left a lasting impression with me and the DHS management leadership at the time.
Cornelius: Having IT modernization as the number one priority in the President’s Management Agenda. If you view the PMA as the principle treatise on how the government operates and for whom it operates — the American people — this was a recognition by the administration that technology was the key connective thread between federal agencies and citizens. Modernizing and adopting commercial technology moved from a focus on improving operational efficiency and cost savings to creating and delivering a complete citizen digital experience. Now that this foundation and understanding has been built, it will continue on for decades to come.
Another great accomplishment, which is harder to describe because it is so sprawling, is that there wasn’t a priority Office of the Federal CIO took on during her tenure that didn’t show tremendous improvement. Whether it was the TMF, government adoption of cloud and commercial capabilities, federal cybersecurity, the Federal Data Strategy, shared services or enhancing the skills of the federal workforce — each and every critical program or project she oversaw moved in a dramatically positive direction during her time at OMB.
Weiler: Her successes include an update to cloud policy, with Cloud Smart, and drafting of several President Management Agenda focused policies and orders around cybersecurity. Unfortunately, her office spent more time talking than doing.
Wennergren: She refocused cloud efforts through her “moving from cloud first to cloud smart,” recognizing that cloud priorities must encompass so much more than just moving IT infrastructure to the cloud, and highlighting the importance of new security strategies to include zero trust and data-level security and focusing on the thousands of legacy systems still operating at agencies. Her engagement on emerging technology issues has resulted in a surge in robotic process automation (RPA) and interest in intelligent automation. Similarly she promoted the imperatives for data and digital (coincident with the passage of the two statutes) and worked hard to leverage the requirements of MGT and the TMF.
Hodgkins: I think the most surprising thing about her tenure was that when she started, she was a relative unknown in the IT space, but she established herself quickly as a strong leader on IT policy and made substantial inroads and advancements across the technology spectrum. She became a visible and vocal proponent for government IT causes and efforts and has helped advance the use of IT in the federal government far beyond where things were when she began. Most recently, she guided the issuance of OMB Memorandum M-20-19 that spelled out for agencies what things they can do, what steps they should consider and what authorities they possessed to position the government as a resource for both agency employees and citizens. I’ve enjoyed working with her and her office and I think we will advance IT in the public sector in the context of her legacy for several years to come.
Marion: Her constant smile and energy, and I’m not surprised, but it’s great to see such a woman-in-tech role model shaping the many federal civilian careers to come.
Hettinger: Having worked with nearly all of the federal CIOs during my time in Washington, I found Suzette to be among the most approachable and transparent of all those CIOs. Her leadership and style will be missed.
Wynn: I am surprised at how much I miss seeing her and working with her! I believe others will feel the same because she made solving problems look easy and a lot of fun. She made each person feel special. Suzette Kent’s leadership is born from her true belief that each person has something great to give. Suzette has an inspiring presence and can distill complex problems into comprehensive solution plans — from individual efforts to legislative needs. She makes each person feel like they are the most important and this removes “no” and “can’t be done” from responses.
Cornelius: Her humility. Regardless of all the accolades and awards, she knew that the real successes in the broader federal IT and cybersecurity landscape came from the diligence, creativity and drive of the broader federal IT community. She knew there were so many wonderful people doing such important, transformational work, and she always wanted to identify and elevate those “success stories” (her favorite phrase). I can’t recall a speech she gave, or a team meeting we had when I was at OMB, when she wasn’t celebrating the hard work and accomplishments of others.
It was delayed by the coronavirus pandemic. It was protested at least twice after the solicitation came out in November. The White House contradicted it with a January executive order, and it remains controversial among contractors.
But the General Services Administration’s e-marketplace platform initiative finally reached the end of the beginning.
GSA awarded proof-of-concepts to Amazon Business, Overstock.com and Fischer Scientific on Friday to provide agencies access to their commercial e-commerce platforms for purchases below the micro-purchase threshold of $10,000. Two of the three winners — Amazon and Overstock — submitted agency level protests about the solicitation over the last six months forcing GSA to amend it at least twice.
The goal for these pilots, which could last up to three years, is to test out the use of commerce platforms that hopefully will give agencies more granular data into what GSA estimates is a $6 billion annual market through the government purchase cards.
GSA Federal Acquisition Service Commissioner Julie Dunne said in a statement that the proof-of-concepts will start small and within the next 30 days. She said GSA will refine the pilots through repeated testing and by soliciting stakeholder feedback.
“The feedback GSA has already received from a wide variety of stakeholders has been critical to achieving this important milestone in the Section 846 implementation,” said Dunne. “I’m excited for the path ahead — especially the spend data. Such data will help with compliance in areas like AbilityOne, small business and supply chain risk management.”
In an email from the GSA Ombudsman, which Federal News Network obtained, five agencies will participate in the proof of concept: The departments of Veterans Affairs, Justice and Labor as well as the Environmental Protection Agency and GSA.
“Each agency is structuring their participation differently with some agencies identifying select card holders, while others are identifying a specific office and/or bureau to participate,” the ombudsman email stated. “At this time, the commercial platforms team is focused on those agencies that have committed to participating, as this is a small-scale proof of concept. The commercial platforms team will continue to partner closely with the national account managers on agency engagement and will address interest from additional agencies in the months ahead.”
It’s been a long and winding road full of bumps and potholes to get to these awards. Congress called for GSA to test out these commercial online marketplaces in the 2018 National Defense Authorization Act. GSA spent most of the next year gathering industry and other expert feedback before releasing the solicitation for the proof-of-concepts.
During that time, the leading proponent on Capitol Hill, Rep. Mac Thornberry (R-Texas) announced he was retiring and would not seek reelection in 2020. One of the biggest supporters in the Defense Department, Bob Daigle, a former lead staff member on the House Armed Services Committee who many believe wrote the Section 846 provision, left after spending almost two years as the director of the Cost Assessment and Program Evaluation (CAPE) office. So the two biggest supporters of the e-marketplace initiative no longer have any reason to push for, or authority over, the program.
Additionally, industry has been wary of the program since its inception and the concern only grew when President Donald Trump signed an executive order in January with a goal of cracking down on counterfeit products coming from these e-commerce providers. At the same time, the Department of Homeland Security issued a report to the White House on some of the best practices for using commercial e-commerce platforms and avoiding counterfeit products.
Roger Waldron, the president of the Coalition of Government Procurement and who hosts Off the Shelf on Federal News Network, has been one of the most outspoken industry representatives. Waldron has blogged about his concerns and written letters to GSA and the White House about the seemingly contradictory requirements coming about e-commerce platforms and about the creation of two different rules for micro-purchases — those under the e-commerce platforms and those bought directly or through other platforms like GSA Advantage.
“As GSA stated, moving forward, transparency is vital. Stakeholders will need to understand the operational and policy parameters of the pilot and whether they align with the critical supply chain concerns of government,” Waldron said in an email to Federal News Network. “With that in mind, industry looks forward to seeing how GSA addressed the e-marketplace best practices identified by DHS and promoted by the White House, including best practices around country of origin listings. We also hope to see how GSA addressed the e-marketplace organizational conflict of interest issues and the restriction on platform provider use of 3rd party transactional data, which goes to the heart of a fair and open market. Finally, we look forward how the pilot assesses performance around country of origin and counterfeit products.”
Waldron added that like some in Congress and within the administration, CGP wants to better understand “what appears to be the creation of an open, virtual expressway for the purchase of off-shore goods, including those from China.”
GSA, in its press release, tries to address some of these outstanding concerns about counterfeit and new or additional risk brought on by the commercial e-commerce platforms.
GSA Administrator Emily Murphy said in a statement that the pilots are an important step to protecting the federal supply chain against malicious or counterfeit goods.
“Our approach continues to be shaped by DHS’ Best Practices for E-Commerce Platforms and Third-Party Marketplaces, combining better security practices, better data, and better pricing,” she said in a statement. “I’m pleased that GSA is at the forefront of leading such dynamic and innovative change.”
Sources also say GSA sent a copy of the DHS report to each of the awardees, who are expected to adhere to the recommendations.
Despite all of these challenges, GSA said agencies are excited about the initiative. During a March hearing before the House Oversight and Reform Subcommittee on Government Operations, GSA said it met with more than a dozen agencies, and received commitment from several to work with them to help drive requirements and to participate in the program.
Larry Allen, the founder of Allen Federal Business Partners and a long-time GSA expert, said there is great potential with the pilot to give agencies the type of spending data they never had before.
“GSA made a great decision in making multiple awards. This ensures that there will be competition among the contractors, an approach that helps ensure good prices and service levels,” he said. “It will now be up to each awardee to promote their solutions to current and new customers.”
The question now that the awards are made, and there are no further protests by unsuccessful bidders, is how quickly agencies adopt these new e-commerce platforms. GSA has a heavy lift to change contracting officers’ habits of using purchase cards directly with the provider or with another platform like Walmart.com. Additionally, Amazon, Overstock and Fisher Scientific must demonstrate their value, especially if there is any sort of fee involved in using the platforms.
Now that the end of the beginning is here, the real test begins for the e-commerce platform initiative.
Just last December, the Department of Veterans Affairs gave its chief information officer oversight and authority over all technology spending.
December also happened to be the five-year anniversary of the Federal IT Acquisition Reform Act (FITARA).
It’s highly doubtful that VA issued the memo giving the CIO full power under the 2015 law as a way to celebrate FITARA’s birthday. But it did signal a major step toward the agencies living up to the spirit and intent of the IT management law.
At the same time, what’s disconcerting about the memo is it took five years to happen for the largest civilian agency with an IT budget of more than $6.1 billion in fiscal 2020.
“[Office of Management and Budget] memos are like strategy documents in the corporate world. Somebody once said culture eats strategy for breakfast so if you have a lot of culture in these agencies that no matter what OMB says, they will do what they will do,” said Tony Scott, the former federal CIO, who led the development of the June 2015 implementation guidance, and now is CEO of the Tony Scott Group. “Change doesn’t happen without constant, consistent pressure, and that constant, consistent, firm pressure hasn’t always been there.”
And it’s clear from a recent inspector general report that VA’s senior management fell short in giving the CIO a big enough seat at the table.
The IG found the VA CIO had limited oversight over IT spending and didn’t review and approval 70% of all acquisitions worth approximately $1 billion during the first three quarters of fiscal 2018.
“VA’s policies and processes did not require CIO review and approval for all IT acquisitions. The review and approval process was not approved by OMB because it was not submitted for approval by VA OIT,” the report states. “The audit team found several issues that contributed to VA’s failure to meet FITARA requirements for CIO review and approval of IT acquisitions. Specifically, VA policy and processes limit the CIO’s review of certain IT investments. [T]he OIT’s process for CIO review and approval of IT acquisitions excludes procurements acquisitions below $100,000 and medical devices funded outside the IT appropriations. Furthermore, an overall lack of awareness of FITARA requirements by VA personnel resulted in ineffective identification of IT acquisitions for CIO review and approval. Finally, conflicting VA policy and guidance created confusion in meeting FITARA requirements.”
The two-page memo, which Federal News Network obtained through a Freedom of Information Act request — it should be noted that VA’s turnaround time on the FOIA request was among the quickest in recent memory — began to fix the shortcomings the IG highlighted by giving the CIO oversight over all IT acquisitions funded with Congressional appropriations and those funded outside the appropriations process, including interagency acquisitions.
“The VA’s mission is too important to be hindered by IT missteps stemming from inadequate policies and a failure to implement FITARA,” said Rep. Gerry Connolly (D-Va.), chairman of the Oversight and Reform Subcommittee on Government Operations and co-author of the FITARA. “Secretary [Robert] Wilkie must immediately take steps to ensure that the VA CIO has a seat at the table for all of the VA’s IT acquisition. As GAO and others have pointed out, empowering the CIO results in IT projects that are well planned out and protect taxpayer dollars.”
In the most recent FITARA scorecard, from December, VA received a “B+” overall, and an “A” on the CIO authorities subcategory of the scorecard given it finalized the memo Dec. 2, 17 days before the hearing.
The House Oversight and Reform Committee expects to release the 10th FITARA scorecard in late July. It will be one of two IT focused hearings from the Government Operations subcommittee.
Even after five years, VA is not the only agency to struggle with FITARA implementation.
NASA, for instance, only gave its CIO full authorities last October. Three departments — Energy, Transportation and Homeland Security — received “Fs” and the Environmental Protection Agency received a “D” on CIO authority enhancements, meaning one of the key tenets of the 2015 law remains unaddressed.
“The fact agencies are still addressing CIO authorities is befuddling. The law couldn’t be more clear,” said Rich Beutel, founder Cyrrus Analytics and a former House Oversight and Reform Committee lead staff member and principal behind FITARA. “Do CIOs at headquarters have budget to provide meaningful oversight over these large budgets or not? Why are CIOs’ hands still tied? It’s a matter of resourcing, focus and staffing to do the kind of job we envisioned to elevate CIOs to be full members of the c-suite and true partners with the business and mission side.”
Jonathan Alboum, the former CIO at the Agriculture Department and now a principal digital strategist for federal government at ServiceNow, said CIOs face a host of challenges to get a hold of their agency’s IT budget, including the overall IT spend is generally made up of many sources of funds from across all of the agency’s programs.
“As government programs grow in size and scope, like many have as a result of COVID-19, it’s not unusual for program managers to spend more funds on digital transformation activities to improve citizen and employee services and experiences,” Alboum said. “However, these spending increases do not generally include a corresponding increase in the department CIO’s IT oversight budget. So, while FITARA grants the CIO authorities to strengthen oversight, it does not come with funds for increased staff to conduct oversight activities, especially as programs spend more on IT.”
This oversight challenge Alboum highlighted is why CIOs are constantly trying to get their arms around shadow IT.
Scott said having the right CIO with the right support from a secretary or deputy secretary is one of the few ways to address this long-standing challenge.
“I’ve seen this in [the] corporate world too. If you don’t have the right combination, it will not work even with the right policy or mandate,” Scott said. “In the corporate world, I’ve seen situations where a weak CIO who had all authority still struggled, and the opposite where a strong CIO had not authority on paper, but came in and assumed control, and managed to work the politics in such a way it didn’t matter what was on paper.”
Alboum said one way to overcome resources and support challenges is for CIOs to have automated tools that will provide better and more insights into agency investments.
“This includes the ability to track progress in real time to see exactly how funds are spent and the value of the work that’s being delivered. This is very much in line with the incremental funding and quarterly review approach taken by the Technology Modernization Board,” he said. “Department CIOs must proactively connect acquisitions and investments to project outcomes and be empowered to quickly make adjustments on an ongoing basis. This is the promise of FITARA. Ideally, FITARA helps CIOs increase agility by giving them the power to optimize and reallocate resources as priorities shift. However, this only works if they have the proper tools, teams and support.”
Beutel said it’s clear that the agencies who benefitted the most from FITARA are those with “forward leaning and visionary CIOs.”
“We wanted FITARA to drive institutional change and not be dependent upon individual personalities. It sought to do this by creating institutional incentives based upon situating the CIO community squarely in the C suite,” he said.
Beutel may have been hoping FITARA would usher in a utopia of sorts, but the fact is the combination of people, process and leadership still is too strong for any law to overcome. VA is the perfect example demonstrating just how hard it is to move toward what on paper is a simple change.
The alarm over Treasury Secretary Steve Mnuchin’s comments two weeks ago that the administration’s initial decision not to make public those companies receiving money under the Paycheck Protection Program is just the tip of the iceberg when it comes to recipient reporting under the $2 trillion stimulus bill.
The entire set of reporting requirements laid out by Congress in the Coronavirus Aid, Relief, and Economic Security (CARES) Act are at risk because the Pandemic Response Accountability Committee (PRAC) has not yet decided whether it will require any more detailed information from states and businesses beyond what is already reported in the USASpending.gov database.
Multiple sources confirmed the Office of Management and Budget has made it clear in its CARES Act implementation memo and during meetings with state and local government officials and federal oversight officials that the administration will only require the current reporting requirements under the Federal Funding Accountability and Transparency Act (FFATA) that feeds data to USASpending.gov.
Industry sources say OMB stated and interpreted rationale is FFATA is sufficient to provide oversight over more than $2 trillion in emergency spending.
But one source, who requested anonymity in order to talk about this politically sensitive topic, said FFATA falls short, leaving agencies and the PRAC caught between OMB’s memo and Congress’ specific requirements.
Sources say FFATA doesn’t meet CARES Act requirements for two main reasons:
One federal oversight source, who also requested anonymity because they didn’t get permission to talk to the press, said OMB made it clear very quickly that they didn’t want to burden state and local governments with more reporting requirements.
“The OMB memo specifies all award data should be uploaded within two weeks of an award, but there is no data element for each award that indicates whether it’s COVID-19 or CARES Act related spending,” the source said. “The memo talks about the utilization of disaster emergency fund code (DEFC), which is on the financial side so they are dealing with the actual financial reporting, while on the award side they only will total obligations instead of actual expenditures against those obligations. There will be a need for some analytics from that live data to get what Congress is asking us to report on.”
The source said they were “surprised” by OMB’s memo and how it addressed recipient reporting because many in the oversight community thought the administration would build upon Recovery.gov lessons and take advantage of a centralized portal.
A request to OMB seeking clarification of the reporting requirements for recipients or future reporting requirements came back with only a brief statement.
An OMB spokesman told Federal News Network, “OMB is working with the PRAC and agency IGs to ensure proper reporting and transparency of CARES Act relief legislation.”
Sean Moulton, a senior policy analyst at the Project on Government Oversight (POGO) and a former analyst at OMBWatch where he developed the first transparency website for the Recovery Act called fedspending.org, said while it’s a good sign to see how fast the PRAC has moved to name an executive director and a deputy, the oversight board is struggling to get to where Congress told them they needed to be around recipient reporting.
“The biggest impediment is fact that OMB has come out and unexpectedly said we don’t think we need to collect any new information here. OMB said to make a few changes to existing spending tracking and that will be fine,” he said. “That goes directly against what Congress said it wanted. Congress wanted recipient reporting over $150,000. I don’t think a little reporting was too much to ask.”
Moulton said what Congress outlined in the CARES Act is anything but burdensome. He said it’s five or six data elements that can be done through a series of paragraphs and only for recipients receiving more than $150,000, meaning there would be no burden on most small firms.
“The two main excuses we keep hearing don’t makes sense. This level of data collection is not just useful for [an] organization like us or for Congress, but this is useful for agencies who will be overseeing these programs for years,” Moulton said. “They need to figure out how best to adjust their programs, how to improve loans, which ones were more effective to create jobs. You may wind up spending years throwing money at a problem and not getting the results you would if you had data to course correct.”
The agency oversight source said while there are ways to drill down into USASpending.gov to achieve some level of transparency, it will not compare to the recipient reporting during the Recovery Act.
“My wish is for the data to be centrally collected and we could use an API to pull the data we want,” the source said. “Instead, what we are being left with is trying to figure out individual funding streams, how to account for money and spending internally, and whether or not they are using a new catalog for domestic federal assistance number. All of us are having to do internal work, which is fine and it’s something we are used to doing, but it’s not helping with the overall transparency of the spending.”
POGO, which hasn’t talked to OMB about the reporting requirements, wants to create a CARES Act website of its own with data visualization and graphics.
Moulton said POGO received a couple of hundred thousands of dollars from the Arnold Foundation and is looking for additional funding to hire a contractor to help create the portal.
Mnuchin’s comments to Congress at a hearing earlier in June that the names of loan recipients and the amounts are “proprietary information,” may be the spark to move the administration off its current stance.
While he claimed the information is confidential, ethics advocates and some lawmakers see the move as an attempt to dodge accountability for how the money is spent.
Treasury and the Small Business Administration has since walked back that viewpoint, announcing late last week that it would make recipient reporting for any businesses receiving more than $150,000 in PPP more transparent.
Before Mnuchin’s comments, lawmakers already were worried about the administration’s requirements for recipient reporting.
Rep. Virginia Foxx (R-N.C.), and four other lawmakers sent a letter to Michael Horowitz, the chairman of the Council of the Inspectors General on Integrity and Efficiency on May 29 supporting the use of existing standards and data resources.
In the letter the lawmakers asked CIGIE to make sure the PRAC considers using existing data standards and platforms as well as develop a “robust recipient reporting framework that incorporates all award types and enables easy utilization by large and small businesses without creating undue burden.”
Other sources in the federal oversight community said there is a lot of concern and anxiety about OMB’s stance since they say it undermines Congress’ intent and flies in the face of all the lessons learned by the Recovery Accountability and Transparency (RAT) Board to oversee the Recovery Act spending.
Those concerns came to light during a PRAC town hall and listening session on June 3.
Kinney Poynter, the executive director of the National Association of State Auditors, Comptrollers and Treasurers (NASACT), said there are two major concerns that the PRAC should address immediately.
“A comprehensive listing of all federal funds provided to the states should be prepared and distributed. This listing should be detailed to show the total dollars received by each state and further broken down by the amount received from each federal program by Catalog of Federal Domestic Assistance number,” she said. “Several key decisions need to be reached regarding the $150 billion of Coronavirus Relief Fund (CRF), including: Will these funds be subject to the single audit? If no, how will compliance requirements be independently tested? What are states’ responsibilities over the funds that are passed to local governments or other subrecipients? Are states responsible for repayment of these funds in cases where a subrecipient did not spend the funds appropriately? How will CRF funds be reported to the public facing website and to the PRAC?”
Poynter said the Recovery Act provided a good roadmap for the CARES Act.
“One of the key lessons learned from [Recovery Act] implementation was the need for the federal government to ‘speak with one voice.’ Different guidance from different federal agencies is not efficient and will decrease overall accountability over the funds,” Poynter said.
During the town hall, Horowitz said the PRAC fully understands its role in promoting oversight and transparency.
“Through the PRAC as well as through the audits, reviews and investigations conducted by individual IGs, we are working tirelessly to meet that effort,” he said. “In order for us to be successful, obviously, we need to hear from stakeholders. They can provide important insight into the areas we will be overseeing, and to get your expertise, your views and your thoughts about how the pandemic response is being undertaken and how the federal government is meeting the challenges that it has been called upon to meet in these challenging times.”
Then on June 17, CIGIE released a new report that includes input from 37 agency IGs about the top management challenges agencies face in overseeing the CARES Act spending. At a high level, the challenges included financial and grants management as well as IT and security concerns.
And recipient reporting came up several times during the individual responses from large and small agency IGs.
“Several OIGs identified concerns about receiving timely and accurate data. For example, the Department of Education OIG stated that the agency should look for ways to improve data quality and ensure that CARES Act grant recipients and subrecipients report data that is accurate and complete,” the report states.
POGO’s Moulton added what seems to be getting lost in this discussion is Congress expected some level of unprecedented transparency of spending and so far it’s unclear if that will happen at the federal level.
He said he’s been in touch with some of the congressional staff members who drafted the CARES Act oversight requirements and they mirrored them off the Recovery Act.
“I think there is a sense on both sides of the aisle that while the Recovery Act had its challenges, it was pretty good with transparency and accountability and they wanted to use that as starting point,” Moulton said. “They made some improvements in the language and felt they didn’t have to spell out everything they needed to get because it was modeled after the Recovery Act. They used the same structure and made changes based on better technology to get to a similar result. Unfortunately it looks like that’s not what’s playing out.”
Sources say at a recent National Governor’s Association call, at least one state is planning to meet the reporting requirements to the letter of the CARES Act law and two others are creating a data dictionary.
But one of the biggest challenges for all states, according to people who were on the call, was the lack of consistency in initial reporting guidance from agencies. Sources say recipients are forced to constantly review websites to find information across programs, agencies and sub-agencies.
“While we appreciate OMB’s continued support in reducing administrative burden, award recipients are ultimately accountable to the statutory requirements and memoranda do not take precedence over statute,” one attendee said. “The lack of clear guidance on reporting makes advance preparation for the reporting process difficult at the state level. States strive to comply with the requirements of the CARES Act and avoid any audit findings. We view ourselves as a partner with the federal government. Our success is their success.”
As for the PRAC, Robert Westbrooks, the executive director, acknowledged they are at the beginning stages of the data collecting and reporting effort.
“There are gaps today, but what the reporting structure is today is not the end of the story. That’s important to recognize. We are working on an ongoing basis to close these gaps, and what that looks like is yet to be seen,” he said. “In July, the PRAC will receive the first set of COVID-19 spending data, and at that point we will be able to see full extent of statutory reporting responsibilities not being met. We are working ongoing basis with National Association of State Auditors, Comptrollers, and Treasurers and its COVID-19 Accountability Working Group, and many others.”
The PRAC also plans upgrade its current website and its current set of analytical tools. The committee currently is reimbursing the Postal Service inspector general for technology services and support. Westbrooks said the PRAC plans take over the management of its technology and hire an executive to lead the IT effort.
On May 29, the PRAC released a solicitation under the Alliant 2 governmentwide acquisition contract for website, data and analytics management services. Westbrooks said the PRAC hopes to have the contract in place by mid-July to begin to manage and populate the current website with more and better data and tools.
Congress allocated $80 million for the PRAC for people, technology and other needs.
Kathy Tighe, a retired Education Department IG and who is a senior advisor to the PRAC, said the committee is working with the Treasury IG to set up a separate recipient reporting portal for the Coronavirus Relief Fund, similar to what the Recovery Act used. She said new guidance will be going to state, local and tribal governments and the Treasury IG is in direct conversations with the National Association of State Auditors, Comptrollers and Treasurers about what the portal would look like.
Westbrooks said he wants to make sure oversight groups, the public and others understand that the PRAC is just getting started and recipient reporting will evolve over time as the data comes in.
“One of purposes of the OMB PRAC coordination process is so we have a whole of government consistency. There has to be consistency,” he said. “We are working with Treasury too, but it’s that weekly OMB coordination process that is the vehicle to ensure consistency. We also work closely with IG members and with HHS, GSA and other agencies. We are early in the process. We don’t have it all figured out now. We are working through it to ensure consistency.”
Well, the Department of Housing and Urban Development finally took the plunge. More than a year after it began to think about phase 2 of the Centers of Excellence IT Modernization initiative, HUD made two awards—one to improve customer experience services and one to accelerate cloud adoption.
“[T]he customer experience CoE will result in improved service delivery for our public housing agencies, grantees and other stakeholders,” said HUD CFO Irv Dennis in a statement.
David Chow, the HUD chief information officer, said in a statement that the cloud adoption CoE will help the agency continue to transform its business processes.
“We are looking to deploy a number of proofs of concept leveraging artificial intelligence, forms-as-a-service and records management,” he said.
The agency becomes the second CoE partner with the General Services Administration to enter phase 2 of this two-and-a-half year old initiative.
The Agriculture Department was the first agency to test out the CoE concept, which brings in technology and business process reengineering experts from GSA’s Technology Transformation Service to guide and train agency executives through the processes.
Under phase 2, HUD and GSA awarded contracts to Booz Allen Hamilton for customer experience and Systems Engineering Solutions Corp. for cloud adoption.
Four more awards for contact center help and three for data analytics support services could be on the horizon as HUD and GSA issued three requests for quotes in September and a total of six RFQs by October.
Through the customer service contract, Booz Allen will build a centralized customer experience capability under a new Office of Customer Experience.
The RFQ stated the contractor will “provide HUD with the ability to have a clear shared vision of how to serve its customers, coordinate and streamline operations, develop comprehensive standards for measuring CX, reduce cost through centralized planning, identify customer issues early and before they become widespread, improve employee retention and recruitment, implement changes in how services are delivered to measurably improve customer and citizen experiences and satisfaction and foster a customer-focused culture at HUD via CX activities and training.”
Under the cloud adoption CoE, Systems Engineering Solutions Corp. will focus on modernizing HUD’s electronic records management processes so it can stop accepting millions of paper forms, which require manual data entry and makes data gathering much more difficult.
“The contractor must implement an ERM capability and develop an open application programming interface (API) that allows for modularized integrations with existing and custom-based services,” HUD and GSA state in the RFQ. “Rollout of the ERM capability will target individual program areas, leading up to enterprisewide adoption.”
GSA didn’t say how much each of these contracts are worth.
While it’s good news for HUD to finally move to phase 2, it took way too long given the agency recognized the need for IT modernization nearly two years ago. The CoE process must move faster to truly have its intended effect.
While the coronavirus pandemic brought a short term focus on IT modernization, many agencies still must take the long view.
This is obvious in Sen. Maggie Hassan’s (D-N.H.) letters to 10 agencies asking for their IT modernization strategies and priorities.
That long-term vision also is part of a network and telecommunications modernization effort under the Enterprise Infrastructure Solutions (EIS) program run by the General Services Administration.
A new white paper from ACT-IAC, which partnered with GSA, the Office of Management and Budget and other federal executives, highlights success factors and lessons learned from several first-mover agencies.
“Certain agencies are ahead of others and are more mature with some of their processes so if you can look at what those leaders are doing, there is a lot we all can learn from those leading organizations,” said Dave Powner, the director of strategic engagement partnerships at MITRE, the former director of IT management issues at the Government Accountability Office and who led the working group developing case studies on several topics including IT modernization and EIS for the ACT-IAC Institute for Innovation. “One of the things that surprised me was despite a lot of negative tone with EIS deadlines having slipped their dates, there are some good news stories buried within the EIS contract vehicle, especially with how large the awards have been.”
The case study detailed four common themes among the agencies who already made awards under EIS, including the departments of Interior, Justice and Veterans Affairs as well as NASA and the Social Security Administration.
While nothing surprising emerged from the case study—things like partnering with industry, planning for IT modernization and taking advantage of EIS’s emerging technologies are typical lessons learned for any project—the one area that did jump out was around modernization.
GSA told the working group that of the 109 solicitations that have completed the scope review, 79 included the move or expansion of Ethernet or voice over IP (VOIP) and 27 included software-defined wide area network (SD-WAN) capabilities.
“Key modernization trends agencies are employing include data center consolidation, managed network services, managed unified communications, Ethernet services, network consolidation and SD-WAN,” the case study stated. “Although SD-WAN is not a defined service offering on EIS at this point, agencies are taking advantage of existing flexible service offerings to include SD-WAN in their solicitations. Agencies are exploring the zero trust security and micro-segmentation models made possible through TIC 3.0 and under EIS.”
The one thing the case study doesn’t address is how to get agencies moving faster with releasing and awarding fair opportunity solicitations.
Powner said one approach would be to add EIS progress to the Federal IT Acquisition Reform Act (FITARA) scorecard.
“Congress and GAO could give grades as a way to move it along more quickly,” he said. “While some folks focus on who got the ‘Ds’ and ‘Fs,’ but I like to focus on the ‘As’ and ‘Bs’ and asking why are those agencies successful? We could view EIS in that light also.”
Powner said several other case studies are in the works and could be completed by the end of the calendar year. He said white papers around Technology Business Management standards and agencies’ use of working capital funds already started, while others such as one on the acquisition periodic table, acquisition innovation, the Centers of Excellence initiatives and the Labor Department’s use of IT metrics are among the others in the planning stages.
The door to solve some of the systemic issues plaguing federal IT modernization efforts opened slightly more over the last few months.
Many would agree that one of the few silver linings in the coronavirus pandemic has been the ability of agencies to upgrade network and security services in record time to accommodate the surge in remote working.
The second item to pry the door just a little bit wider came from Sen. Maggie Hassan (D-N.H.). The ranking member of the Homeland Security and Governmental Affairs Subcommittee on Federal Spending Oversight and Emergency Management wrote to 10 agencies on June 3 asking specific questions about each of their IT modernization strategies, systems in most need of modernization and, maybe the best signal of all, what Congress can do to help.
“Sen. Hassan sent the letters because of the particular impact legacy IT systems have had on COVID-19 relief efforts. Sen. Hassan looks forward to hearing back from agencies about their plans to modernize their technology,” said a subcommittee staff member. “Next steps — including potential additional funding from Congress to address legacy IT systems — will depend on what the senator hears back from agencies. Following up on Sen. Hassan’s questions to [Russ] Vought [the nominee to be OMB director], Sen. Hassan and her office will continue to be in touch with the Office of Management and Budget about the role it can play in modernizing federal IT.”
The fact that another lawmaker besides a few of the usual suspects — Reps. Gerry Connolly (D-Va.), Will Hurd, (R-Texas) and maybe a few others — gives the Trump administration an opportunity it has rarely had in the Senate over the last four years. The likelihood of getting bicameral support for funding that lasts longer than one year and addresses many of the shortcomings of the IT modernization efforts over the last 15 years is at least a little stronger.
“This is exactly what Congress should be doing to encourage agencies to bring government services into the 21st Century. Congressional oversight will be a critical driver in agency modernization plans and execution,” said Matt Cornelius, the executive director of the Alliance for Digital Innovation, an industry association, and a former OMB senior technology and cybersecurity advisor, in an email to Federal News Network. “We need more of this. Congress should be asking every agency probing questions, every year and in every appropriations hearing, about their plan to retire their most cumbersome and insecure legacy systems and what concrete steps they will take to ensure their agency is leveraging commercial capabilities to deliver an enhanced customer experience to citizens.”
The value of Hassan’s letters are not lost on the administration
Federal Chief Information Officer Suzette Kent said her office plans to work with agencies on their responses as well as with Hassan and others on Capitol Hill to address many of the long-standing IT modernization challenges.
“We’ve asked for application rationalization plans from agencies and many agencies have very good ones and other agencies still are developing pieces, and this will give some visibility to those,” Kent said in an interview. “In some cases, there were some things about modernization very generically and others had components that reflected on what happened in response to the crisis. Having to move quickly and do things differently has heightened the attention but also the importance to having modern technology that lets us be able to make those pivots, to move quickly and continue citizen services and mission continuity inside agencies.”
Kent said the application rationalization plans vary among agencies with some focused more broadly and others looking at particular high value systems or those with gaps or specific challenges.
“What the letters and the budget discussions will help us do is draw a more direct parallel between the business objective of the agency and how we fund those, and what the right vehicles are,” she said. “Particularly, the things that require multi-year commitment because some of the questions to the agencies focus on systems that were older or more comprehensive and those things don’t happen in a single year. That will let us have some healthy dialogue there as well as let agencies share their perspective around how they have prioritized what their modernization looks like, and that’s a dialogue that is very important agency by agency.”
Dave Powner, the former director of IT issues at the Government Accountability Office and now director of strategic engagement and partnerships for MITRE Corporation, said Hassan’s letters seem to focus on the 10 agencies that GAO highlighted its 2019 report on some of the oldest systems in government. This third report looked at 10 systems that were between 8 and 51 years old and critical to the respective agency’s mission.
“I think clearly when you look at what needs to be done, there needs to be more transparency on what needs to be done to replace these legacy systems. I think Sen. Hassan’s questions are on the spot,” Powner said. “These priority legacy initiatives need long term plans with clear accountability. I know it sounds like basic stuff but if you look at plans that need to be in place and why it’s so difficult to modernize these systems, that’s what’s missing many times.”
Powner said the GAO report also highlighted five legacy success stories and the reasons why those agencies were successful.
“They all took between 3 and 5 years, and when you look at the complexity with some of these mission modernization, there is tension between interrupting operations and modernization so there needs to be a plan that spans that timeframe,” he said. “You need to look at this not as something that will happen in six months, but something that will be a long-term effort with transparency and accountability.”
Powner said the combination of OMB and Congress performing the oversight is what makes modernization work best.
“If we brought back the watch or high risk list, which was something from the Bush administration that listed the top 30 or 50 mission modernization initiatives, that would be a good way to focus both Congress and the administration,” he said. “The question remains who is responsible — both the CIO and the mission or strategic business partners? Why are these things so difficult? It takes a long term focus from the business and the IT organization. So if Congress could help keep the eye on the ball for a longer period of time, along with OMB, that may be the right type of formula for success.”
Hassan recognizes that challenge as she asked for details about each agency’s implementation of the Federal IT Acquisition Reform Act (FITARA) and the role of the CFO when it comes to IT acquisitions.
Dan Chenok, a former OMB official and now executive director of the IBM Center for the Business of Government, said, Hassan’s interest is a positive development because whether it’s hearings or legislation or letters, it tends to lead to major changes in how the government manages technology.
“Most likely what she is trying to tease out are the systemic issues that agencies face with IT modernization. She probably will do some sort of crosscut view of key elements of modernization, where agencies are, how are they doing with cloud or with the adoption of open technologies, open standards and open source, and how are they doing introducing emerging technologies like artificial intelligence or blockchain or robotics process automation relative to the system’s important drivers of performance,” Chenok said. “I would think the end goal is to drive agencies toward better analytics where some of the modernization best practices can emerge.”
Chenok said every five to 10 years lawmakers come up with new legislation to help drive federal IT modernization and this may be the beginning of that next cycle.
OMB’s Kent said Hassan’s letter gives OMB another reason, another opening if you will, to discuss how to sustain agency transformation.
“There are things that we continue the dialogue around, like supporting agency requests for working capital funds, or when the budgets come in with specific modernization goals around projects or shared services, and understanding that these are not one and done projects. There needs to be an ongoing commitment to make real change,” she said. “We want to make sure that we continue the dialogue with improving the consistency and the clarity of results delivered. Whether that’s a dashboards, scorecards, project transparency, the way we tell mission stories, Congress asks for numbers and demonstrations of how value is being delivered, and agencies want to share that in a meaningful way that not only shows progress, but means something to taxpayers and the constituents being served.”
Here’s a new term for you to learn: Agilefall.
It’s the place where many agencies live as they take on digital transformation. You see, Agilefall is that station between agile software development and waterfall development.
“We see far more examples of agencies where they are trying to straddle both worlds and haven’t made the leap to full on agile,” said Chris Cairns, a partner at Skylight Digital, former Presidential Innovation Fellow and co-founder of the 18F digital services group at the General Services Administration. “When you see solicitations are still very schedule- and cost-driven with 5% or 10% variance requirements, configuration management plans and all those things that scream of IT development lifecycles, then you know the agency hasn’t made the move to agile.”
Agilefall is probably a more exact term than what gets thrown around across the government where programs and projects say they are deep into the agile methodology or using dev/sec/ops, but are really stuck in some ways in the old methodology that has shown time and again it doesn’t work for IT projects.
“When you talk about digital transformation, you have to change the way you think and work. You need to work with people and companies that represent those ideas. I think industry is adjusting too,” Cairns said. “I’ve become a big believer that metrics are more important than ever. Companies who are high performing deploy frequently, ship code all the time and have a low change error rate. They have good automated testing, and their user satisfaction is really high because they are developing capabilities that users want and need.”
It’s difficult to get a real sense of just how much agilefall is happening across government. The only recent data comes from the December 2019 Federal IT Acquisition Reform Act (FITARA), which grades agencies on their use of agile or dev/sec/ops or incremental development. The Federal IT Dashboard used to provide this information, but it’s been a year or more since the Office of Management and Budget took it down.
The FITARA 9.0 scorecard gave 10 agencies an “A” grade, while three received “F” grades in what it calls incremental development.
But Cairns said even the FITARA grades don’t necessarily show agencies have fully moved to agile development because to earn a high grade agencies just have to show they planned to deliver functionality every six months and use an iterative development methodology.
“Doing agile is different than being agile and embodying the principles of agile development,” he said. “That’s why it’s hard to say what is the adoption rate across government. We see a lot of usage of agile in the language in solicitations, but if you read them closely, you can pick up whether they truly get it or not. They may say we do agile, but you have to maintain a year-long Microsoft project schedule. That is agilefall.”
Cairns and other experts are quick to point out that even agilefall or delivering capabilities every six months is better than the waterfall method that proved broken time and again over the last two decades.
And agencies are spending money to continue to transform their development approaches. Bloomberg Government reported in December that agencies spent $4.4 billion to develop new or to customize software applications in fiscal 2018, which was a 7% increase over 2017.
The good news is the pandemic emergency is providing agencies the ability to demonstrate that agile isn’t just a new coat of paint on top of their waterfall processes.
Take the Education Department’s Impact Aid Grant System (IAGS), which provides grants to school systems if they can’t raise funds another way such as through property taxes.
Jason Taliaferro, the project manager, said over the last three years the project has moved toward modernization by putting applications in the cloud and implementing agile development.
“Our sprints are typically two-week cycles, which is how long it takes for us to take new development from creating a ticket to production. Sometimes it’s quicker if it’s just a bug fix or something similar,” Taliaferro said during a recent AFCEA Bethesda webinar. “Using agile has allowed us to respond quicker to needs. It’s been huge for us. It used to take months to make changes.”
Taliaferro added IAGS is using a low-code platform to expedite the changes and address customer needs in near real-time.
The General Services Administration and the Small Business Administration also are experiencing similar success with the move to agile
Judith Zawatsky, the assistant commissioner of the Office of Systems Management in GSA’s Federal Acquisition Service, said they have 12 agile teams developing new and upgrading acquisition systems.
“We have been able to move from 10-week cycles to 2-week cycles,” she said. “Those deployments are not necessarily what the user sees. A lot of them are on the back end. We are trying to build a viable user experience that can put in alpha testing before roll out to large group.”
For SBA, the pandemic emergency and the hundreds of billions of dollars it received under the stimulus bills showed how it’s benefiting from agile.
Guy Cavallo, the deputy chief information officer at SBA, said the agency created a new loan processing application in the cloud for the Paycheck Protection Program and the Economic Injury Disaster Loan (EIDL) programs in five days.
“Normally we have a two-week sprint, but we didn’t have that luxury this time,” he said. “We built the application in the cloud and that also allowed our security team to work with our development team. We want to make sure security is always involved from day one. Because we are in the cloud and are able to leverage cyber tools, we are able to shorten that development cycle. Instead of humans looking at monitors, we have cloud artificial intelligence and machine learning tools looking at how the code is being used and developed.”
Like the Education Department, SBA also has been on a three-year modernization journey that set the stage for developing a new application in five days.
Cavallo said the pandemic emergency also helped SBA accelerate the wider implementation of a new customer service data hub.
“The agency had been very siloed so two years ago we laid out a roadmap to break apart those siloes. We saw a lot of commonality across programs so we started to move smaller offices into this central data program,” he said. “When the pandemic hit, we accelerated that effort. The office of disaster assistance was getting a lot of emails, over 1 million and there was no way to manage it. In about a week, we moved them into our customer service case management system that uses automatic routing. So now managers can see the backlog and reassign staff. We hoped we’d be here in two years, but we are here now. We had laid the groundwork that allowed us to move quickly and the disaster situation forced us to come up with solution. We now can have smaller offices jump on more easily because we have the bigger offices on the platform.”
Skylight’s Cairns said the examples from the SBA, GSA and the Education Department as well as many others show how it’s as much about the process as it’s about the leadership and mindset.
“With the COVID-19 emergency, I think the government has seen the benefit of working in an agile way. Now it’s about how to make it the standard and not the exception,” he said.
That seems to be a common refrain across the federal market, see the change, be the change and live the change that rose from the tragedy of the pandemic.
Over the last decade, no federal technology program has been more maligned than the Federal Risk Authorization Management Program (FedRAMP). It embodies the old adage of being the program industry, Congress and agencies alike “love to hate.”
Maybe this is why FedRAMP also embodies the characteristics that many other federal programs should emulate? It’s not afraid of change and enthusiastically looks to improve.
The latest example is the new Agency Liaison Program, which FedRAMP’s program management office launched in late May.
“The Agency Liaison Program is designed to transform the way FedRAMP informs and collaborates with federal agencies. Agencies play an important role in the success of FedRAMP and through this Agency Liaison Program, the PMO will provide support through a ‘train-the-trainer’ model for liaisons to share knowledge and resources about the authorization process to others in their agency,” said Ryan Hoesing, FedRAMP customer success manager, in an email to Federal News Network. “Through this program we are building a community to enhance collaboration and knowledge sharing across the government, with more than 30 agencies participating at this time. Agency security practitioners were selected by their leadership to serve as the FedRAMP Liaison.”
The idea of the liaison program came from the ideation challenge FedRAMP held last summer. It was one of several the program management office is implementing from that crowdsource effort. And the use of the challenge and other actions are part of why FedRAMP, while frustrating to some, retains the respect and admiration from many in the federal community.
“This initiative has garnered support from agency chief information security officer who helped identify personnel and ensures agencies have a FedRAMP expert on staff,” Hoesing said. “One of FedRAMP’s guiding principles is ‘do once, use many,’ and the program is designed to help agencies and industry be more efficient in their cloud adoption efforts. Agencies were looking for more support and resources as they modernized — and the PMO answered the call by establishing this governmentwide community with our agency partners. The Agency Liaison Program also establishes a formal feedback mechanism to enable continuous process improvement as the program rolls out new initiatives.”
Continuous process improvement has been a hallmark of the FedRAMP program. While far from perfect, the cloud security program has evolved over the last decade, adding initiatives such as the FedRAMP Tailored and Accelerated processes.
“FedRAMP is already seeing an impact of implementing ideas and working towards these objectives,” said Ashley Mahan, FedRAMP director, in an email to Federal News Network. “In fiscal 2019, the program authorized 45 new products, and as of June 2020, FedRAMP has already authorized 47 new products. With over a quarter left in the fiscal year, a large cloud product pipeline, increased agency participation and collaboration, the program expects to finish the year strong.”
Mahan said the PMO continues to focus across four strategic areas:
She said FedRAMP decided on these four areas, in part, because of “the ideation challenge and participating in working groups with agencies and industry, in an effort to increase authorization speed and implement process efficiencies to boost agency acceptance and reciprocity of FedRAMP authorizations.”
The Ideation Challenge focused on improving the FedRAMP process and its customer experience.
Zachary Baldwin, the FedRAMP program manager for strategy, innovation, and technology, said the submissions identified a need for a consistent approach to FedRAMP authorizations across agencies, improved communication through a centralized point of contact for the PMO and cloud service providers and a simplified training mechanisms for agency stakeholders through a “train the trainer” model. This last one led to the Agency Liaison program.
“The PMO also identified other program goals, faster authorization timelines through training and more streamlined communication, increased authorizations within agencies and more efficient deployment of resources through a centralized point of contact and opportunities for agencies and bureaus to collaborate and share best practices,” he said.
Since the Ideation Challenge, Mahan said FedRAMP has developed initiatives to add automation to reviewing security documentation. This included a new effort with the National Institute of Standards and Technology and industry on a standardized machine-readable language, called Open Security Control Assessment Language (OSCAL).
She said the goal is to facilitate and incorporate automation into the authorization process.
“FedRAMP templates and security baselines are being developed in OSCAL and draft versions have been released on GitHub for public comment,” Mahan said. “OSCAL will allow cloud service providers (CSPs) to automate security package creation and the streamline package reviews by leveraging automated validation and checks.”
Additionally, the PMO also is redesigning its digital presence to help agencies and industry through the FedRAMP process and create a simplified virtual view into the program.
Mahan said her office created new avenues for stakeholders to interact with the program.
“We held our first-ever Joint Authorization Board (JAB) Interact event, an annual meeting focused on fostering an atmosphere of collaboration between FedRAMP technical representatives (TRs) and CSPs that are in process with or authorized by the JAB,” she said. “We also held our first technical exchange meeting where we convened a small set of interested technical experts to discuss draft guidance surrounding container security. We have more initiatives planned for this year as we seek to enhance our virtual footprint.”
And finally, Mahan said FedRAMP recently released a quick guide for agencies that outlines how to reuse a security package, provided further clarity and updated the JAB prioritization process guide, and released seven lessons learned for small businesses and start-ups that were provided by small businesses and startups.
Agencies spent more on procurement in fiscal 2019 than in any of the previous 10 years.
And no surprise, agency pending on multiple award contracts for IT and services spiked last year.
Now that all of the 2019 numbers are final, the predictions of a banner year for contractors and agencies when it came to buying products and services came true.
The Government Accountability Office found agencies spent $584 billion on procurement last year, up $20 billion over 2018 and more than $120 billion since 2015.
Bloomberg Government reported that agencies spent $448 billion on procurement in 2014 and a six-year low of $442 billion in 2015.
The Defense Department accounted for $381 billion while civilian agencies spent $205 billion.
Of that, GAO said agencies procured 83.5% of all contracts competitively, up from 64.4% in 2015. DoD continues to struggle with competition as GAO found the Pentagon’s rate dropped to 53.8% in 2019 from 55.4% in 2015.
The majority of contracts continue to be fixed price, while cost reimbursement type contracts make up just under 32% of all deals.
Agencies continue to spend more on services than products across the government with the civilian side seeing almost an $8 billion year-over-year increase and DoD realizing an $11 billion year-over-year increase.
Given the increase in overall spending, it’s no surprise multiple award contracts saw their best years ever.
BGov reported about one of every $4 went through a multiple award contract. The research firm found agencies spent $140 billion in 2019 up from $134 billion in 2018.
Here are some other interesting data points from BGov’s research:
Reminds me of why we need to reform multiple award contracting across the government. Let competition happen at the task order level since agencies are spending more and more money there anyways.
Four months later and the lack of clarity about how President Donald Trump’s executive order, that attempts to crack down on counterfeit products on e-commerce platforms and the General Services Administration’s e-commerce platform effort fit together, remains disconcerting.
There has been no guidance, no details and no public discussions since January when the White House and the Department of Homeland Security outlined the actions agencies should take to protect intellectual property and the supply chain. At the same time, GSA continues to move forward with its proof-of-concept with a goal of making it easier for federal contracting officers to buy commercial products from what some estimate is a $6 billion market.
After a short pause when the coronavirus pandemic emergency started, GSA expects to make an award later this summer to launch the three-year pilot.
This is why the Coalition for Government Procurement is raising these concerns for a second time. After an initial letter to Peter Navarro, the assistant to the president for trade and manufacturing policy, in February, CGP is writing to GSA asking for more clarity.
Read more: Contracting News
“Coalition member concerns included the inappropriate access to, and use of, platform supplier transactional and other proprietary data and the risk giving inordinate market power of platform providers by placing them in the position of gate keepers to the federal marketplace,” wrote Tom Sisti, executive vice president and general counsel at CGP, in the May 22 letter to Laura Stanton, GSA’s acting assistant commissioner for category management. “Further, the Coalition expressed concerns that the absence of a requirement for platform providers to identify accurately the country of origin of products offered for sale on their platforms, coupled with the failure to hold platform providers accountable for compliance with the Trade Agreements Act (TAA), risked subjecting the government market and government systems to products of unknown integrity.”
Sisti said it is clear that there are several contradictions between the e-marketplace acquisition and DHS recommendations, which the agency released shortly before the president signed the executive order in January. In the letter, CGP outlines at least nine of these contradictions, including:
“[W]e ask whether and how the e-marketplace solicitation will be amended to include specific requirements that address each of the best practices identified in the report,” Sisti wrote. “While the latest version of the solicitation asks that e-marketplace platform providers describe their commercial practices in many of these areas, we do not find that this approach is sufficient to protect federal buyers from purchasing counterfeit and gray market products. [T]hese best practices have not been addressed in the current solicitation, and thus, in the interest of maintaining the integrity of the contracting process, the Coalition believes that the changes should be released for public comment, and the solicitation timeframe amended accordingly.”
GSA already amended the solicitation at least once. The question is whether it’s too late in the process as it gets closer to award to amend it again.
Either way, CGP’s concerns about the differing paths of the White House and GSA must be addressed if the e-marketplace initiative is to have any impact to solve the problems lawmakers believe existed.
Diana Gowen, the long-time federal telecommunications expert, passed away on Thursday after a long battle with cancer.
Gowen was the senior vice president and general manager of MetTel’s federal practice for the past four-and-a-half years and held leadership positions with major telecommunications companies including CenturyLink Federal, Qwest Government Services, MCI Government Services and AT&T Commercial Markets.
“It is with great sadness that we say farewell to our friend and colleague, Diana Gowen, a remarkably strong and revered veteran of government telecommunications,” said Marshall Aronow, the MetTel CEO, in a statement. “Since joining our team in 2015, Diana began building MetTel’s federal practice – bringing with her a reputation for only ‘making promises you can keep’ and a leadership style that brought out the best in those around her. We are honored that Diana chose to be a part of MetTel and we extend our deepest sympathies to her family.”
Gowen played a role in every major federal telecommunications effort over the last 30 years from FTS to Networx to the current Enterprise Infrastructure Solutions program.
She was known for her candidness and honest assessments of federal efforts. She was always accessible to the press, spoke often in the federal community and brought a level of realism to the public telecommunications discussion that was rarely seen among vendors.
Gowen earned her Bachelor of Science degree in business and math, and later a Master of Business Administration degree from the University of Maryland.
She received the lifetime achievement award in 2018 from the American Business Awards.
“Surrounding yourself with good people is half the battle, because it takes a village to be successful in this marketplace,” said Gowen when she received the Lifetime Achievement Award in 2018.
Thank you Diana for your service to the community, the nation and we wish her family peace and hope they can take solace in her tremendous impact on all of us.
Timothy Shaughnessy, a senior program analyst for procurement at the IRS, retired on May 29 after 33 years of federal service.
Shaughnessy has been with the IRS since November 2017 and before that he worked at the Department of Homeland Security’s procurement office for almost seven years.
“He is a driven and passionate professional, with a staggeringly quick intellect and insatiable desire to complete whatever task he sets himself to,” said Harrison Smith, the IRS’s deputy chief procurement officer, in a post on LinkedIn. “For those of you who know Tim, this is a day of mixed emotion — we are certainly sad to see him go, but his family is such a constant source of joy for him, and we are so thankful to them for sharing Tim with us over the years.”
Shaughnessy helped lead several key initiatives at the IRS including most recently the Pilot IRS program, which aims to develop emerging technology projects through incremental funding, and the Treasurywide Data Governance and Analytics (DGA) Initiative.
Additionally, he helped promote the testing of robotics process automation (RPA) at the IRS to do contractor responsibility determinations.
“Timothy Shaughnessy is one of the most passionate, gifted and dependable colleagues I’ve ever known. Over the past six years at IRS and DHS, I can’t count how many times Tim launched a key initiative, tackled a challenge or resolved a crisis when we were in need,” said Mitchell Winans, a special assistant in the IRS’s Office of the Chief Procurement Officer, in a LinkedIn post. “He is an incredible workhorse and team player that never lost sight of his priorities, and always reminded us of the importance of family and friends.”
Shaughnessy retired from the Air Force, rising to the rank of lieutenant colonel, before joining the IRS the first time in 2010.
|Jul 02, 2020||Close||Change||YTD*|
Closing price updated at approx 6pm ET each business day. More at tsp.gov
* YTD data is updated on the last day of the month.