Reporter’s Notebook

jason-miller-original“Reporter’s Notebook” is a weekly dispatch of news tidbits, strongly-sourced buzz, and other items of interest happening in the federal IT and acquisition communities.

Submit ideas, suggestions and news tips  to Jason via email.

 Sign up for our Reporter’s Notebook email alert.

Excitement growing over GSA’s COMET II program

Listen carefully and you can hear the buzz in the federal market about a new contract from the General Services Administration.

It’s not another big governmentwide contract like Alliant 3 or the ASCEND cloud blanket purchase agreement.

This one is the second generation of the COMET blanket purchase agreement that is going to be used only by GSA.

“GSA saying this contract is a modernization effort and I think that is drawing a lot of interest from a lot of companies. I also think a lot of companies under COMET didn’t have capabilities to bid back in 2019,” said Gissa Sateri, the director of the civilian business unit at SAIC. “I think industry will go after COMET II wholeheartedly as a lot of companies who were subcontractors under COMET will now try to be a prime contractor. The pool of bidders is going to be huge.

SAIC, which won a spot on COMET and plans to bid on COMET II, was one of about 400 companies at the industry day for the BPA last December.

COMET blasted through expectations

GSA awarded COMET in October 2019 to 12 companies for a range of IT services focused only on the Federal Acquisition Service (FAS). COMET replaced the CIO Application Maintenance, Enhancements, and Operations (CAMEO) procurement that GSA awarded in 2014 to a host of large and small businesses with a total ceiling of $400 million.

COMET was so successful that GSA on-ramped several new small businesses after the initial awardees grew too big.

Industry sources say GSA has awarded almost $1 billion under COMET since 2019.

These same sources say they expect COMET II to be a $2 billion vehicle and open for use by anyone at GSA from the Public Building Service to FAS to the Office of Governmentwide Policy, which is a main reason why it’s attracting so much interest.

“GSA really liked the dynamic of COMET. After reading full draft RFP, I get the sense they want to have something similar because of its success and they are forward thinking and asking what the technology roadmap would look like in the next five years,” said Robin Gardner, the GSA account manager for CGI, which also is a COMET BPA holder and plans to bid on COMET II. “GSA has their whole IT playbook and it has been developing the document over last five years. When looking at that as a roadmap, it’s clear it has grown and improved with more definitions for vendors to figure out what technology can be brought into the fold. I think COMET II will be a more robust vehicle that addresses more opportunities they have over next five years with new technologies like artificial intelligence.”

GSA is expected to make 20 awards under COMET II, 10 in the small business pool and 10 in the unrestricted pool. Previously, GSA chose small businesses for about 25% of all awards.

More details out for bidders

GSA recently gave vendors more details about its plans for COMET II, releasing another draft of the performance work statement as well as the drafts of how they will evaluate bids.

Vendors say they had been waiting on GSA to provide this level of detail around the evaluation factors under COMET II, which may start to whittle down the number of perspective bidders.

Gardner said understanding Sections L and M of the draft solicitation will help industry better address the requirements and have a clearer picture of what GSA will be looking for in the bids.

One industry executive, who requested anonymity because their company plans on bidding on COMET II and is familiar with COMET, said there are several key differences between the BPAs.

For example, the new draft BPA has a bigger emphasis on building applications that are cloud native versus under COMET the focus was on building cloud ready applications.

Another area where GSA wants vendors to focus more on in COMET II is human centered design. The industry executive said GSA didn’t even mention HCD in the initial BPA, but now it’s a distinguished as a requirement for all task orders, and it’s included as one of nine technical objectives.

Two other key differences between COMET and COMET II is the focus on small business subcontracting and the requirement for vendors to have two special item numbers (SINs) instead of just one.

Can COMET II stay out of protest purgatory?

COMET II includes a 20% small business requirement at the task order level.

The industry source added companies also must have both the IT SIN and cloud SIN under COMET II. Under COMET, vendors just needed the IT SIN.

“One of reasons for bringing in the cloud SIN may be to open it up more and other contractors instead of just the usual system integrators,” the executive said. “All incumbents have both SINs and anyone looking at this should’ve had time to get both SINs.”

As part of the new documents GSA released last week, vendors received the draft task orders too. Three of them were for IAE projects, while another was for the recompete of the Hailey’s COMET program and the other was for e-commerce tools and capabilities.

CGI’s Gardner said this is another area where GSA altered its plans with COMET II. Vendors must bid on the BPA, but don’t have to necessarily bid on all five task orders. But, she said, GSA has left the option open to award all five task orders as part of making final awards under COMET II.

With the expansion of COMET II and the heavy interest in by contractors, several vendors said they are concerned the BPA could get caught in protest purgatory.

Another industry source said GSA’s communications have been a bit stilted under COMET II so far, especially compared to COMET.

“GSA asked for feedback and they said they would have one on ones. The last time the one on ones were meaningful. This time, they just read back to you what you submitted and whether they would take it under consideration. The community felt like it was a waste of time,” said the source. “We submitted a lot of feedback and it got to point of them saying they wouldn’t read the rest and just take them under advisement. Another mistake was they said they would publish feedback on ebuy and many of us were not happy about that because we submitted proprietary information. I think a lot of folks raised concerns and GSA decided not to do that after all.”


2026 pay raise and 5 other reasons to pay attention to A-11

If the update to Office of Management and Budget Circular A-11 was a box of sugar cereal, the details about the planned pay raise for fiscal 2026 is the toy at the bottom of the box.

The rest of A-11, then, is all the sugary goodness leading up to the prize.

OMB issued its annual Circular A-11 update in late July and the 1,079 page tome is filled with dates and instructions for how agencies should put the final touches on their 2026 budget requests.

Digging deeper into the primer, agencies will find an extensive treatise on everything from improving customer experience to managing federal real property to updated requirements for using evidence and evaluation in programs.

But since everyone just wants to get to the toy at the bottom of the box, let’s start with that.

OMB told agencies to prepare for a 3% civilian pay raise as part of their 2026 budget planning.

“Agencies should consult with their OMB representative on the provisional estimate for the military pay raise for January 2026,” OMB wrote in A-11. “In making their final estimates for the fiscal 2026 budget, agencies should anticipate revising pay raise amounts after the President makes a pay raise decision. Your OMB representative will provide additional guidance during budget season.”

Before you get too excited, or depressed, keep in mind this is just the first step in a long process. But it’s a signal for what the Biden administration is thinking about for 2026.

In fact, the White House just completed one of the final steps for the 2025 pay raise last Friday when President Joe Biden issued his alternative pay plan. He will make the 2% raise final in December when he issues an executive order, assuming Congress doesn’t make any changes to the appropriations bill.

Now that you’ve received the fun toy at the bottom of the box, let’s eat through all the Froot Loops or Honeycombs that is A-11.

Here are five changes or interesting parts of A-11 that agencies should know about:

Budget deadlines approaching

Before OMB started expanding A-11 in the 2000s, the circular has been mostly known as a budget planning document. So in keeping with its history, there are several dates agencies need to be aware of:

  • Initial budgets are due to omb by Sept. 9
  • Agency budget baselines are locked by Dec. 4
  • White House to send budget request to Congress by Feb. 3

All of these dates tend to slip based on a number of factors, including the expected continuing resolution to start 2025 from Congress, possible partial government shutdown should the White House and Congress not agree on a CR and, of course, this being an election year, the new president will want to put their own stamp on any budget request for 2025.

And speaking of CRs and a possible partial shutdown, OMB included in A-11 updated lapse in appropriations plans. Agencies had to submit those documents to OMB by Aug. 1.

“Plans should be updated in 2025. Agencies must also submit an updated lapse plan to OMB for review whenever there is a change in the source of funding for an agency program or any significant modification, expansion, or reduction in agency program activities,” A-11 states. “Additional guidance on lapse plan submission and review for each potential lapse will be communicated with agencies, as needed.”

Section 280 continues to grow

OMB added customer experience to A-11 back in 2018 under Section 280 and the requirements for agencies are ever expanding. With the Biden administration’s focus on customer experience, OMB added a few important updates starting with high impact service providers, which must, in collaboration with OMB, by May 31,  designate at least two priority services for focused assessment that could include post-transaction customer feedback survey(s).

“Feedback surveys may be deployed at key touchpoints between the customers and the service provider along the service journey, or at the end of the customer journey, for each current designated service,” A-11 states. “Submit the dataset(s) for the post-transaction customer feedback survey(s) of each current designated service on time for each quarter.”

Additionally, OMB says agencies should conduct an annual CX capacity assessment  and submit it to OMB by Feb. 21 for both HISPs and HISP-maintaining departments and discuss the resulting findings with OMB at an annual CX Deep Dive by April 23.

By May 30, agencies must develop a draft CX Action Plan and submit it to OMB. A final CX Action Plan will be part of annual budget for each designated HISP and HISP-maintaining department, with a focus on improvement actions for designated services.

Beyond high impact service providers, OMB also is telling agencies to include employee experience as an overarching component of CX.  Though there isn’t much other details about what this means and how agencies should go about doing this.

A third item of note in Section 280 is OMB is trying to reduce the burden of the now dreaded Paperwork Reduction Act (PRA).

To capture near real-time customer feedback, agencies have found the requirements under the PRA have gotten in the way because it requires agencies to have certain information collection activities approved by Office of Information and Regulatory Affairs (OIRA).

But in A-11, OMB specifically details how agencies can collect citizen feedback without initiating PRA requirements. One way is research with nine or fewer members of the public or by using open ended questions and conducting non-scripted conversations.

In fact, the US Digital Service just released new user research about some common user research approaches that do not require PRA clearance because they do not qualify as an information collection under PRA regulations.

Beyond the ones mentioned in A-11, USDS also highlighted efforts that fall outside of the PRA such as directly observing someone using a product like filling out a form or finding information on a website.

More data on real property

Another big focus by OMB in A-11 was on real property.

We know in OMB’s recent telework report to Congress, the administration said agencies plan to shed millions of square feet of office space in the coming years. For example, the Department of Housing and Urban Development is expected to get rid of about 60% of its office space by 2038.

In A-11, OMB says each agency will need to provide a real property budget exhibit for all 2027 funding. In order to help agencies collect and report this information in an automated fashion, the Federal Real Property Council developed a new method to track budget and expenditure items using budget sub-object class codes in agency financial management systems.

“Agencies are encouraged to adopt the sub-object class codes to better track real property spend categories. However, it should be noted that adoption of the sub-object class codes is not mandatory,” A-11 states. “ Agencies, in their 2027 budget submissions, will have the discretion to follow this method or determine other ways to populate the exhibit.”

Next steps for program inventories

Agencies set up their first program inventories in February after more than a decade of starts and stops. The initial database included spending and performance data on 2,388 programs.

In A-11, OMB told agencies to continue to update that effort. By Nov. 15, 2024, agencies must complete an initial assessment of their current assistance listings and a preliminary plan to work toward establishing a single assistance listing, where appropriate, for each program.

Broad, long-term aspirations

Over the next 10 months, agencies have to update their strategic plan for 2026-2030. Those initial ideas are due to OMB by June.

“Agencies should update as applicable their strategic plans by applying information learned from strategic reviews and other data-driven performance reviews as they are conducted, as well as reflect organizational plans and learning related to the agency’s evidence and evaluation building efforts,” A-11 states. “Additionally, the fiscal 2026-2030 strategic plans will also include a separate section on evidence-building and capacity, implementing requirements aimed at advancing agency evaluation and evidence-building activities identified in the Evidence Act.”

OMB offered some high-level guidance to create new strategic plans and goals, including using language that the public will understand and avoiding technical terms as well as the goals should express future direction or vision.

The final draft version of the new strategic plans are due by September as part of the 2027 budget submission and then after OMB review and agency updates, the expectation is for agencies to publish the new documents along with the 2027 budget request to Congress in February 2026.


AI effort to improve contractor performance ratings stalls

Contractor performance ratings remain stuck.

The General Services Administration made its first set of awards for the next great governmentwide contract.

And it’s the federal fourth quarter buying season.

These are some of the story lines in this latest edition of As the Procurement World Turns.

Agencies are expected to spend more than $200 billion on acquisition programs over the last quarter of fiscal 2024.

Bloomberg Government estimated that 40% to 60% of all federal procurement spending happens in the federal fourth quarter. At the same time, BGov also projected a drop in overall spending this year.

While the focus is on getting money out the door for many agencies, there are a host of policy and programmatic updates that will impact federal acquisition over the next several months.

First off, the initiative to revamp the process for contractor ratings is grounded at the worst and crawling forward at best.

There are two reasons why improvements to the contractor performance assessment ratings (CPARs) remain delayed.

First, the case before the Federal Acquisition Regulatory Council hasn’t moved since 2021. The idea, the change FAR Part 42, would make it easier for a third-party vendors to access these assessment records.

The delay in the FAR case led to the second reason for the delay in improvements to CPARs. The Homeland Security Department ended its pilot to use artificial intelligence for CPARs.

Polly Hall, the DHS senior advisor to the chief procurement officer and former executive director of the Procurement Innovation Lab, which ran the AI CPARs pilot, said the test proved out the capability of using this technology to identify relevant records and information. She said the challenge was how to access the CPARs system where the data lives.

The pilot only used “fake” or anonymized data because of security and privacy concerns.

Hall said the current CPARs system is far from being user friendly and right now there is no path to modernize it.

She said the technology and lessons learned from the pilot aren’t going to waste, however.

“We recognized another use case for front end market research. We are using open source information so contracting officers can shape engagements with industry,” Hall said. “Even if the FAR Case moves forward, we would have to relook at the technology and systems and make sure it’s still right and appropriate. AI has come a long way in four years.”

An Office of Management and Budget spokesperson said the FAR case is on pause to allow further analysis of security considerations, such as roles and responsibilities for the lifecycle management of the data.

“This pause of the regulatory case has not stopped other past performance improvement efforts, that do not involve third party access to the system,” the spokesperson said. “The results of the pilot will be helpful as we evaluate security considerations regarding access and as we consider ways to leverage AI with appropriate risk-management safeguards as envisioned by Executive Order 14110, OMB Memorandum M-24-10, the AI in Government Act and the Advancing American AI Act.”

Ken Susskind, the CEO of GovConRx, who has been a strong advocate over the last few years of reforming and improving CPARs, said the current approach has little to no value because agencies rate most vendors satisfactory. He said the way the government does CPARs hasn’t changed in 30 years.

“The bottom line is there is so much value in the CPARs system and capabilities that it’s sad it’s not available to government and industry,” Susskind said. “The data could help contracting officers make better buying decisions but also help companies improve their chances of winning. But if everyone is rated satisfactory, then CPARs has little to no real value.”

Mike Smith, a former director of strategic sourcing at DHS and now executive vice president at GovConRx, said with the successes of the DHS and other pilots, he hoped the FAR Council would take up this project and support CPARs reforms.

Without the FAR case moving forward, OMB says it still wants agencies to use past performance as an effective motivator of better contractor performance.

The spokesperson said OMB’s new Circular A-137 on strategic data management will provide an “important opportunity to evaluate CPARs data and consider better ways of aggregating, analyzing and presenting performance information.”

OMB says these actions should help contracting officers better understand current market factors and predict which vendor may offer the best value to the government.

OMB says it is working with agencies to prioritize their acquisition data management needs.

In the meantime, OMB also says it supports agencies who want to test and share better ways of conducting intake to, and output from, CPARs.

“With respect to improving intake, for example, several agencies have encouraged their workforce to seek contractor self-assessments that can result in increased communication between the parties during the contract and prior to the agency’s validation of past performance in CPARs,” the spokesperson said. “The General Services Administration has issued guidance to promote self-assessments and created a Notifications or Reminders Automation (NORA) bot based on robotics process automation (RPA) technology that reminds contractors to generate the performance self-assessments. OFPP recognized the acquisition professional behind the bot in 2022.”

Additionally, OMB pointed to other agencies who have used a quality assurance surveillance plan to evaluate performance on task orders and incorporated the information into CPARs, rather than inputting separate ratings that are conducted independent of the surveillance plan.

And at least one agency has piloted a “CPARS lite” process involving an evaluation for simpler commercial buys that helps to promote performance assessment feedback on smaller dollar buys.

GSA kicks off OASIS+ awards

GSA made the first set of awards under the OASIS+ professional services multiple award contract on Tuesday.

GSA picked 1,383 small businesses across seven domains, including management and advisory services, logistics services and technical and engineering services, for the tentative awards. GSA still must deal with possible size status protests and do final responsibility determinations.

GSA also will make awards under the OASIS+ unrestricted version and the socio-economic pools like 8(a) and women-owned small businesses over the next several months.

The 10-year OASIS+ contract replaces the popular OASIS multiple award contract that has seen more than $70 billion in obligations since 2015.

The first set of awards come about eight months since vendors submitted bids.

GSA has been working on the follow-on to the highly successful OASIS multiple award contract since March 2021. The effort included 23 program updates to draft requests for proposals (RFPs), three industry days with more than 3,000 participants and more than 1,900 questions between the draft and final solicitations.

New small business rules

Along with GSA’s OASIS+ awards, vendors are focused on two other large governmentwide acquisition contracts. Bids for NASA SEWP VI are coming due Aug. 28, though another extension is not out of the question.

Meanwhile, the National Institutes of Health IT Acquisition and Assessment Center (NITAAC) remains mired in protest purgatory over its CIO-SP4 program. It extended the current CIO-SP3 contract for at least a sixth time. Agencies now can place orders through April 2025.

Even if the FAR Council isn’t moving out on the CPARs rule, it has remained busy finalizing a rule on allowing protests of small business set-aside task orders under certain multiple award contracts. The rule, which takes effect Aug. 29, provides processes and procedures for filing size and socioeconomic status protests associated with multiple-award contracts that are partially set-aside for small businesses or that include reserves for small businesses and orders placed under multiple-award contracts, with the exception of orders and blanket purchase agreements placed under GSA’s schedule contracts.

Another proposed rule to watch, and the Small Business Administration will be holding several listening sessions around the country, is one that would amend the 8(a) Business Development program and size regulations. The proposed rule would consolidate and redesignate the separate recertification requirements for SBA’s size, 8(a) BD, HUBZone, woman-owned small business and service-disabled veteran-owned small business programs to a new section to reduce confusion and to ensure consistent application of the size and status recertification requirements.


Data Dive

Nearly half of all civilian feds are new hires since 2019

A recent thread on the FedNews Reddit page about what would you tell a new hire walking into the federal government sparked a question at Federal News Network.

Just how many people have been hired across the government over the past, say, five years?

Quick to FedScope we went.

If you’ve never used FedScope, it’s a treat. And I don’t mean that in a nice way. It takes a certain skillset, definite patience and some failures to get the hang of it. Luckily, Federal News Network’s Deputy Editor Jared Serbu has “mastered” that expertise.

The results of our search through FedScope were telling. Between October 2019 and September 2023, agencies hired more than 1 million new employees. There are more than 2 million in the federal civilian workforce in both the defense and non-defense agencies.

FedScope is limited in the data it provides, which is why we are only giving the numbers through September of last year.

We further broke down the data by other categories to give you a sense of how agencies are using the broad authorities to fill open positions.

Given the Department of Veterans Affairs’ push to address workforce challenges to improve its service to veterans, it’s no surprise the agency hired the most people over this five-year period. The biggest surprise may be the Interior Department making the top 10, but some of that may be for seasonal workers.

The Office of Personnel Management describes three types of hires in the federal government:
• Competitive
• Excepted
• Senior Executive Service

Let’s start with competitive service, which as the name suggests, is the way a majority of the new federal workers have been hired over the last five years. In all, OPM data shows 541,156 in total competitive hires.

Moving to Excepted hiring, OPM defines this approach where competitive status is not required. Agencies can hire an employee under excepted status through the Veterans Recruitment Appointment or being appointed to a position defined by OPM as excepted, such as attorneys. Since October 2019, OPM data shows agencies have hired 467,092 employees through this approach.

Finally, under SES hiring, agencies brought in 1,522 new leaders over the five-year period. There are only 8,222 members of the SES as of 2022, the most recent data available, which the Partnership for Public Service put together in June 2023. The Partnership found that on average about 200 new people come into the SES each year, but with the number of current senior executives eligible to retire — more than 62% through 2025 — there are more opportunities for agencies to bring new employees into leadership roles.

Obviously, there is a ton of more data to pull from FedScope. Tell me what you thought of this data dive and what other data would you like to see.


People on the move: RRB CIO retires, IRS gets new CRO

The federal fourth quarter kicked off less than a week ago and we are now just over halfway through the calendar year so it feels like a good time to catch up on some of the federal executives who have moved to new roles or retired recently.

There have been a lot of high profile cyber-related folks on the move recently with Chris DeRusha, the federal chief information security officer, leaving in May, and then Eric Goldstein, the executive assistant director for cybersecurity in the Cybersecurity and Infrastructure Security Agency in the Homeland Security Department, announcing his departure two days later.

While DeRusha landed at Google as its director of global public sector compliance, Goldstein waited until last week to announce his next job. He will be the managing vice president and head of cyber risk at Capital One.

“As with any role, transitions are essential. I’m thrilled that my dear friend Jeff Greene has stepped into the leadership seat for the Cybersecurity Division — there is no one better suited for the role,” Goldstein wrote on LinkedIn. “And I’m equally delighted to be starting the next phase in my journey at Capital One, where I’m joining an amazing team that is transforming the financial sector through innovation, scalable risk management, and a laser focus on customer experiences. I’m looking forward to new perspectives while continuing on our shared mission of keeping our country’s critical services safe and resilient against cyber risks.”

Greene came to CISA in May from the Aspen Institute where he was senior director for the cybersecurity program.  Prior to that, he was the chief, of cyber response and policy at the White House’s National Security Council from 2021 to 2022. He also worked at the National Institute of Standards and Technology for five years, for Symantec and was a senior counsel for the Senate Homeland Security and Governmental Affairs Committee for three years.

Along with the top level changes in federal cybersecurity, two more cybersecurity executives headed out the door.

Ross Foard, as senior engineer in CISA’s cybersecurity division, retired after eight years at the agency where he lead efforts on identity security and helping to shape the continuous diagnostics and mitigation program.

Ross Foard, as senior engineer in CISA’s cybersecurity division, retired at the end of June.

“It was a rewarding experience over the last eight years, on par with the eight years I spent as a U.S. Navy submariner at the beginning of my career,” Foard wrote on LinkedIN. “I have been honored to serve as a subject expert and elevate identity and access management (IdAM) and cryptographic capabilities across the federal civilian executive branch (FCEB) and beyond.”

Among the areas Foard helped lead included serving as CISA’s CDM program lead engineer and architect for IdAM capabilities.

He said this helped the CDM program provide identity management and privileged management capabilities to the largest federal agencies and establish the ability to understand who authorized users were by creating a master user record at each agency.

Additionally, Foard served on the Federal Mobility Group (FMG) Mobile Security Working Group, where he helped demonstrate how mobile devices can serve as important and secure sources of identity and enable phishing-resistant authentication.

Finally, Foard highlighted his time as the co-chairman on the Federal CISO council’s ICAM subcommittee.

White House leaders heading back to academia

Jake Braun is a fourth federal cyber leader to move on over the last two months. Braun, the acting principal deputy national cyber director in the White House’s Office of the National Cyber Director, is returning to the University of Chicago where he is a lecturer and on the faculty of the Harris School of Public Policy.

Braun was the executive director of the cyber policy initiative from March 2018 to February 2021 where he joined DHS as a senior advisor to the Management Directorate, which oversees all operations for the department.

He has been working at ONCD since June 2023 as what some would call the functional chief operating officer for the office where he oversaw the implementation of the national cybersecurity strategy.

“Helping run a startup in the White House has been one of the best experiences of my professional career. ONCD has accomplished so much in such a short period of time,” Braun said in an email statement. “I can’t thank the team at ONCD — especially Director [Harry] Coker and Kemba Walden — as well as President [Joe] Biden enough for giving me this opportunity.”

At the recent AFCEA TechNet Cyber conference, Braun spoke about the changes to ONCD over the last year, including growing to almost 100 people.

“One of the main things we are doing, and we haven’t had this before where there is one agency or White House office like ourselves whose sole job is driving federal cohesion on cybersecurity. We do that through implementation of the national cyber strategy. Nearly every agency in the federal government has some aspect of cybersecurity tied to their part of the Implementation of the national cyber strategy,” Braun said.

In a statement, Coker praised Braun’s dedication and efforts to improve the nation’s cybersecurity posture.

“From the beginning of the Biden-Harris administration, and even earlier, Jake Braun has been a fierce advocate for our Nation’s cybersecurity. At every opportunity, I’ve seen Jake be a champion for the implementation of the National Cybersecurity Strategy, rallying ONCD and our mission partners to collaboratively focus on achieving meaningful outcomes. I am especially grateful for Jake’s advocacy and action on behalf of our nation’s critical infrastructure owners and operators, helping them learn about and take advantage of the resources wisely allocated through the President’s investing in America agenda,” Coker said. “Along the way, Jake repeatedly heard organizations tell us they need two things: resources and trained workers. In every meeting, in every engagement, his focus on having an impact for those on the front lines of our nation’s cybersecurity has been unwavering — that’s leadership. I personally am grateful to Jake for not only his incredible leadership while he’s been here at ONCD, but also his guidance and friendship.”

Outside of the cybersecurity realm, one other federal technology leadership retirement that is worth mentioning. Terryne Murphy, who had been the chief information officer of the Railroad Retirement Board since August 2019, retired after more than 35 years of federal service.

Terryne Murphy retired after 35 years of federal service, including the last five as the Railroad Retirement Board’s CIO.

“To my leaders along the way, thank you — I learned so much from you. Thank you for every opportunity to stretch and to grow, for your counsel, your cover, and your patience while I learned to get better at leading/serving!” Murphy wrote on LinkedIN. “To my colleagues, teammates, and my classmates, thank you — I learned so much from you, too. Thank you for the challenges and the tough lessons to always strive to take the high road and to give back better than what we received! I did my best to serve you all well.”

Rich Kramer is the deputy CIO for the RRB, but it’s unclear if he stepped into the acting role with Murphy’s retirement.

Along with her time at RRB, Murphy also worked at the Commerce Department for 18 months serving as the acting CIO for seven of those months.

She began her career with the Army as a telecommunications officer and after nearly 12 years of service, Murphy joined the civilian sector working at the Justice Department, the Homeland Security Department and the Census Bureau.

Beyond these departures, there are several federal executives who have found new roles in government.

For starters, Mike Wetklow, the deputy CFO for the National Science Foundation for the last eight years, is taking a new job at the IRS as its chief risk officer.

“I am excited to join an organization dedicated to public service and to help drive innovation, leverage data, and improve compliance processes,” Wetklow wrote on LinkedIn. “Most importantly, I look forward to collaborating with the talented team at the IRS and contributing to an environment where we can all thrive.

Wetklow also worked at the Office of Management and Budget’s Office of Federal Financial Management for four years as a branch chief and previously worked at DHS and the Government Accountability Office.

He also was the co-chairman of the CFO Council’s working group on improving the federal financial management workforce.

New leaders at HHS, Air Force

A second federal executive heading into a new job is Melissa Bruce, who is taking over as the deputy assistant secretary for the Department of Health and Human Services Program Support Center (PSC).

She joins HHS PSC after spending the last four years working in the Treasury Department’s Special Inspector General for Troubled Asset Relief Program. (SIGTARP) office. Bruce has been acting IG for the last 2-plus years. Previously, she spent 10 years at DHS in the management directorate and worked in the private sector.

Bruce takes over PSC after several turbulent years, including the cut back of its assisted acquisition services and controversial treatment of its leadership.

Finally, Darek Kitlinski is the new chief technology officer for the Air Force’s Manpower, Personnel and Services (A1). He comes to the service after spending the last almost two years as the chief of the cloud services division for the Army’s Enterprise Cloud Management Agency.

In this new role, Kitlinski serves as the senior civilian advisor on cloud computing, computer systems and information technology.

Kitlinski also has been CTO for the Defense Technical Information Center (DTIC) and chief technology advisor for enterprise architecture, cloud, cyber and governance for the Coast Guard.


Political vs. career: Role of CIO remains unsettled

The Department of Housing and Urban Development is looking for a new chief information officer. HUD is now one of five major agencies looking for a new technology leader.

But unlike the departments of Defense and Health and Human Services, and the Small Business Administration and the Centers for Medicare and Medicaid Services, the HUD CIO didn’t actually leave the agency to create the job opening.

Beth Niblock, who has been CIO since July 2021, moved to a new position as senior advisor for disaster management. The reason for the opening is purely political. HUD decided to move the CIO’s position back to a career one from a political one.

“[O]ver the past few years, HUD leadership determined the department would be best served by having a career CIO to ensure steady and consistent leadership, and to better position the department to deliver high-quality, transformative solutions enabling HUD to deliver on its mission,” said a HUD spokesperson in an email to Federal News Network.

HUD posted the CIO job on USAJobs.gov in mid May and applications are due today. In the meantime, Sairah Ijaz will step in as the acting CIO until a permanent career leader is selected.

Political CIOs close to leadership?

The decision by HUD to transition the CIO position back to career from political isn’t that unusual.

Over the course of the last 28 years — January 2026 will be the 30th anniversary of the Clinger Cohen Act — several agencies ranging from the departments of Commerce, Energy, Treasury and Transportation as well as the Environmental Protection Agency and others have flipped the position back and forth between career and political to suit the needs of the leadership.

But HUD’s decision brought up a long-standing and healthily-debated question of whether CIOs, especially at this point in time of history where technology is at the center of every agency’s mission, are better off being political appointees?

To many, the answer continues to remain as it has for the last almost 30 years: It depends. But what has become clearer than ever is the role of managing, implementing and securing technology puts the CIO and deputy CIO on a higher plane across all agencies. Thus, requiring the federal community to continually re-ask the political appointee question.

“How the agency positions the CIO’s role in theory versus practice for the best possible function is really a question of how the head of the agency and the culture of that agency sets that role up for success,” said Dan Chenok, the former Office of Management and Budget official who helped with the Clinger-Cohen Act and now executive director of the IBM Center for the Business of Government. “Given the ubiquity of technology today, what is the right balance? My own personal view is a political CIO is more likely to be close to the head of the agency, and a career deputy CIO gives you continuity.”

Finding that seat at the table

But that closeness doesn’t always result in a CIO’s success.

If you look at the January 2024 Federal IT Acquisition Reform Act (FITARA) scorecard as one measure of CIO effectiveness, agencies with career CIOs versus those with politically appointed ones faired about the same. Agencies with political CIOs — the departments of Defense, Energy, Homeland Security, Veterans Affairs and HUD — received the same mix of “B” and “C” grades as those with career CIOs.

Simon Szykman, the president and founder of Cambio Digital Transformations and former Commerce Department CIO, said the role of the CIO is inherently not one that strongly aligns with any political ideology.

“Ideally it should not be necessary to make a CIO political appointment in order for that person to support the agency mission, or even the political leadership’s agenda,” he said. “However, the flip side to the argument for career CIOs is that no CIO will be successful if they don’t have that proverbial seat at the table. They need to be able to operate, influence and impact decisions at the senior-most levels. It can be a challenge for career senior executives to fully operate as peers to political leadership, and this challenge can be dependent on agency culture as well the leadership tone set higher up in the administration.”

Many times an agency hires a political CIO because the secretary wants a specific person in that role. That was the case, for example, with Steve Cooper, when he worked at Commerce from 2014 to 2017.

For other agencies like VA, Congress required the position be presidentially appointed and Senate confirmed — one of the few that requires Senate confirmation.

HUD’s great strides

But even then, there is no guarantee of success.

“Moving the CIO to political or a career position is situational and based on the candidates available and what’s going on at the agency at that moment,” said Margie Graves, a former deputy CIO at DHS and federal deputy CIO and now a senior fellow at IBM’s Center for the Business of Government. “A lot of times the decision to bring on a political CIO may be because the secretary wants a specific person on board to do something specific. I would advocate for choosing the best person for the moment. It’s really no different than what you’d do in private sector. And the times I’ve see the decision fail is when the person has no background in the technology management discipline and no expertise. I saw a couple of those at DHS.”

Graves added, at least for the CFO Act agencies, she would prefer to have someone in the C Suite who is “hearing” those political conversations as opposed to someone who is relegated as an “outsider.”

HUD’s reason for moving the CIO back to a career position is not entirely clear. The spokesperson said Niblock and her team have made “great strides over the past few years” to modernize the technology and improve the cyber posture of the agency’s infrastructure. But the spokesperson seems to insinuate there may be some bumpy roads ahead.

“However, HUD’s IT only received 0.5% of the department’s fiscal 2024 budget, which is one of the lowest percentages across cabinet level agencies. HUD is continuing to work with its federal and congressional partners to build on the progress of the past several years, while also continuing to pursue the ability to leverage various funding flexibilities that other agencies are able to leverage, including a working capital fund for its IT needs,” the spokesperson said.

HUD’s IT budget for 2024 is $641 million, of which it is spending only $94 million on development, modernization and enhancement projects. The agency requested $540 million for IT in 2025.

 


ITA CIO Caron moving on to industry

Gerry Caron, the chief information officer at the Commerce Department’s International Trade Administration, is leaving federal service after more than two decades.

Federal News Network has learned Caron is heading to a new job in industry. The specifics about where he is going is unknown. His last day at ITA will be May 31.

Gerry Caron is leaving after more than a year as the ITA CIO.

Caron, who is well-known on the federal speaking circuit, has been the ITA CIO since February 2023.

Before that, he was the CIO for the inspector general office at the Department of Health and Human Services and worked for the State Department for 18 years, including the last two years as director of enterprise network management.

Caron also has played a big role in helping drive the development of zero trust concepts through the CIO Council’s Innovation Counsel for Zero Trust.

During his time at ITA, Caron focused on moving ITA to a more modern network and security infrastructure. For example, he implemented phishing-resistant multifactor authentication, in part, by sending each of ITA’s employees a “YubiKey” authentication device to meet MFA requirements.

“So we’re taking a lot of steps, we’re looking at some identity management things in order to mature identity management and automate our processes around that as well,” Caron said during a January 2024 panel.

He also has focused on ensuring ITA is managing its data so it’s protecting its most important and valuable data as part of its zero trust implementation.

Additionally, Caron said because ITA has been 100% in the cloud for several years, he has focused on understanding the costs of using cloud services and how to manage those costs.

“In the wake of the pandemic and the subsequent move to work from home, Gerry Caron was the right kind of leader at a critical time. Gerry helped galvanize the entire federal government around actual use cases for zero trust,” said Tom Suder, president of ATARC. “The effort led directly to several Technology Modernization Fund awards to agencies, specifically for zero trust that have been the model for funding cybersecurity.”

DISA executives move into new roles

Over the last few weeks, there also has been a few other noteworthy changes in the federal technology community.

Let’s start with the Defense Information Systems Agency where Sharon Woods, who led the agency’s hosting and compute center for the last almost three years moved to new role at the agency. She is now leading DISA’s Endpoint Services and Global Service Center.

Sharon Woods moved to a new role at DISA to lead the Endpoint Services and Global Service Center.

“We deliver networking and endpoint solutions at all classification levels to the Department of Defense. This is a crucial mission, connecting the department’s globally dispersed workforce, from the Pentagon to the edge, with unified communications,” Woods wrote on a post on LinkedIn. “Incorporating my experience with cloud technology, I hope to drive modernization and propel J6 forward as the premier communications provider to the department.”

In her place, Jeff Marshall, who has been vice director of the hosting and compute center since February, is now acting director.

During her tenure as the head of the HACC, Woods helped usher the Joint Warfighting Cloud Capability (JWCC) through the implementation phase, launched DISA’s own hybrid cloud instance, called Stratus, and led the effort to provide a DevSecOps platform, called Vulcan, for DoD users.

Bill Dunlap, the acting deputy chief information officer for the information enterprise at the Defense Department, said on Tuesday at the AFCEA Enterprise IT Day that the defense agencies and military services have made 84 awards under JWCC worth more than $634 million.

Marshall joined DISA in February after spending the last 20-plus years in industry. He also served in the Army for 13 years before moving to industry.

New cyber execs at CTIIC, EX-IM Bank

Moving to the intelligence community, the Cyber Threat Intelligence Integration Center (CTIIC) hired Chris Zimmerman as its first director of the Office of Strategic Cyber Partnerships.

In that role, Zimmerman will “further the integration of commercial cyber threat intelligence in the IC and take an innovative approach to partnering with the public and private sector,” Laura Galante, the director of CTIIC and the IC Cyber Executive, said in a statement.

Zimmerman comes to CTIIC from industry where he held leadership positions with Symantec, FireEye, Palo Alto Networks, Cylance and, most recently, as President of FedStarts, LLC, where he led the deployment of software technology to enable stronger cyber defenses.

Finally, the Export-Import Bank has a new chief information security officer and new chief privacy officer. Darren Death joins the agency after spending the last nine years as the vice president of information security and CISO for ASRC Federal.

Death has worked in and out of government during his career, including stints at FEMA, the Library of Congress and the Air Force.

He also is active with cybersecurity education groups like InfraGard MD and is a fellow with the Institute for Critical Infrastructure Technology (ICIT).


Exclusive

Education, DHS among agencies seeking new IT leaders

The exodus of federal technology leaders seemed to have started a bit later in 2024 than usual. But March seems to be the “go” date for several officials.

From the Education Department to the Homeland Security Department to the Air Force to the Defense Information Systems Agency (DISA), federal leaders are retiring or heading to new opportunities in the private sector.

Starting with the Education Department, Luis Lopez, the chief information officer since December 2022, is leaving on March 22 for a job with INOVA Healthcare.

An Education Department spokesman confirmed Lopez is leaving for the private sector.

“We are preparing for a smooth transition by posting the position before he departs,” the spokesman said.

It’s unclear who will be acting CIO when Lopez leaves. Education already put out the job announcement to hire a new CIO. Applications are due by March 14 so only a two-week opening.

Federal News Network has learned Lopez will be vice president of IT operations for Inova Health Care Services.

Lopez has worked in federal service since 2008 and been with Education since 2017.

Luis Lopez is ending his tenure as the CIO at the Education Department.

In his short time as CIO, Lopez said in a recent interview that he set up a customer advisory council last summer to help explain to non-IT executives why the 2014 law matters to them and it’s more than just a technology priority. He also led the effort to consolidate and standardize the number of video teleconferencing and collaboration tools used by Education Department employees.

Along with his work at Education, Lopez also worked at the Defense Health Agency and the Walter Reed National Medical Center.

Joining Lopez in heading to the private sector are two other technology leaders.

Federal News Network has confirmed Drew Malloy, the technical director for DISA’s Cyber Development Directorate, and Robert Wood, the chief information security officer at the Centers for Medicare and Medicaid Services, also are leaving for new positions outside of government.

Malloy, who has been with DISA for 14 years and served in government since 2003, will join a small systems integrator.

Malloy has led DISA’s cyber directorate since 2020 where he oversaw the agency’s portfolio of cybersecurity capabilities, including identity and access management, the Joint Regional Security Stacks, cybersecurity situational awareness and zero trust.

He wrote on LinkedIn that he also “developed the modernization strategy for our network and security architecture in accordance with zero trust principles resulting in Project Thunderdome for the DoD enterprise.”

It’s unclear when Malloy’s last day will be or who will replace him even on an acting basis.

In addition to running the cyber directorate, Malloy ran DISA’s services development directorate and was the chief engineer for the Cyber Situational Awareness and Analytics Division.

He also worked at Naval Research Laboratory before coming to DISA.

CMS CISO Wood taking new role

As for Wood, who has been CMS CISO since November 2020, he will join a new venture with Sidekick Security, while also continuing to invest in and grow the non-profit Soft Side of Cyber.

Federal News Network has learned that CMS deputy CISO Keith Busby will be stepping up to lead the program until a permanent CISO is hired.

During his time at CMS, Wood focused on improving the culture at CMS around cybersecurity, building a security data lake to break down silos and advancing the technology strategy through cyber enablement.

Before joining CMS in 2020, Wood spent most of his career in the private sector working in cybersecurity positions with Cigital, Simon Data and N95.

Retirements at DHS, Air Force

Two other federal technology leaders decided it was time to call it a career.

Ken Bible, the Department of Homeland Security’s chief information security officer, and Eileen Vidrine, the Air Force’s chief data and artificial intelligence officer, have submitted their retirement papers.

Bible said his last day will be March 29 and has no firm plans for his post-federal life.

“I am looking forward to taking some time to enjoy my home in Charleston, S.C. and perhaps engage in helping in both the education arena as well as helping at the state and regional policy levels in the future,” Bible said in an email to Federal News Network.

He has been DHS CISO since January 2021 and worked in government for almost 39 years. Bible, who received a 2023 Presidential Rank Award,  started his career in 1985 at the former Charleston Naval Shipyard, where he rose to be a nuclear qualified engineering supervisor for three engineering branches.

During his time at DHS, Bible launched a pathfinder last summer to begin evaluating existing contractors with cyber hygiene clauses in their contracts and focused on addressing broader supply chain risks through a strategy.

Before coming to DHS, Bible served under the headquarters Marine Corps Deputy Commandant for Information as the assistant director for the information command, control, communications and computers division (IC4). He also served as the Marine Corps’ deputy CIO and CISO. Additionally, he worked at the Space and Naval Warfare Systems Command (SPAWAR) for almost two decades.

Vidrine is retiring on March 31 after 38 years of federal service.

Eileen Vidrine, the Air Force’s chief data and artificial intelligence officer, is retiring after 38 years of federal service.

She has been the Air Force chief data officer since 2018 and CDO/CAIO since January 2023 when she returned to the service after a one-year detail serving as the senior strategic advisor for data to the Federal Chief Information Officer in the Office of Management and Budget.

Last March, Vidrine told Federal News Network that her new title reflects the central role data has in getting AI projects off the ground.

Vidrine said AI readiness for the department comes down to establishing a baseline set of data and AI skills for airmen and guardians, as well as making sure they have access to the digital infrastructure and tools needed to advance breakthroughs in AI research.

Vidrine began her government career in 1986 as an enlisted member of the Army where she received her commission in 1987 through the U.S. Army Officer Candidate School Program as an Army transportation officer.

From 2006 to 2012, Vidrine served in various positions of leadership at the Office of the Director of National Intelligence culminating as the chief of staff for the Assistant Director of National Intelligence for Human Capital.

Army PEO-EIS leader moving to new agency

Finally, one federal executive who isn’t leaving federal service, but is on the move to a new role.

Rob Schadey, the acting deputy program executive officer for the Army’s PEO-Enterprise Information Systems (PEO-EIS), is joining the Defense Counterintelligence and Service Agency (DCSA) to be the program manager of the National Background Investigation Services.

Federal News Network has learned Schadey’s last day will be in March and it’s unclear who will take over for him even in an acting role.

Before stepping into the acting deputy PEO-EIS role in January, Schadey served as the assistant program executive officer and as the director of the business mission area, both at PEO-EIS.

As the program manager for NBIS, Schadey will have to continue to modernize the systems that help federal employees obtain security clearances.

OMB recently approved the Personnel Vetting Questionnaire (PVQ) in November, according to the third quarterly update on the “Trusted Workforce 2.0” initiative from the Performance Accountability Council. The questionnaire consolidates the SF-86, “Questionnaire for National Security,” along with several other vetting questionnaires used for federal jobs, including public trust and non-sensitive positions.

DCSA is now working on plans to integrate the PVQ into the new “eApp” web portal for background investigation applications as part of its NBIS.


Exclusive

Federal CIO Martorana’s top 3 priorities for 2024

Since September, the Office of Management and Budget has been working in policy overdrive. Six draft or final memos came from OMB’s Office of the Federal Chief Information Officer.

On Sept. 23, OMB issued the long-awaited digital services memo to implement the 21st Century IDEA Act.

About a month later, OMB offered draft updates to the cloud security initiative called Federal Risk Authorization and Management Program (FedRAMP) for the first time since 2011.

A week after that, the draft guidance for implementing the executive order on artificial intelligence detailed a host of new requirements for agencies.

Then there is the annual Federal Information Security Management Act (FISMA) guidance that dropped in early December with a specific focus on operational technology and internet of things devices.

And finally, OMB offered an early Christmas present in the form of the new requirements to ensure agencies are meeting the accessibility standards under Section 508.

Hopefully, the OMB staff took a breadth and some time off after that sprint.

Two months into calendar year 2024, OMB is revving back up to finalize many of these policies.

Federal News Network checked in with Federal CIO Clare Martorana to see what stood out to her in 2023 and what her priorities are for 2024. The following email conversation is edited only for style and clarity.

FNN: 2023 was a busy year for the Office of the Federal CIO. What are some of your office’s efforts that may not have received as much attention or notice, but will have a big impact on federal IT sector in the years to come?

 Martorana: Above all else, our north star is delivering for the American people. We need to ensure that Americans’ experience with government matches the quality and experience of the private sector — and I think we have made great progress on this.

Clare Martorana
Federal CIO Clare Martorana.

One of the things I’m most proud of is the work we’ve done in partnership with other federal offices — that’s how we can make a big lasting impact on federal IT, which benefits how Americans interact with government. For example, the Executive Order on Improving the Nation’s Cybersecurity was released early in the administration and it called for a transformation of federal cybersecurity, based on universal adoption of strong authentication, encryption and zero trust principles across the government. As a result of the efforts of my office, our partners at the Office of National Cyber Director and the Cybersecurity and Infrastructure Security Agency (CISA), we are seeing significant cultural and technological change across the federal enterprise to strengthen our cybersecurity posture.

We also partnered with CISA on CyberStat, a holistic program which strengthens agency defenses by addressing individual agency challenges, reducing the potential for successful attacks, and bringing risks to the attention of executive leadership when necessary, all while maximizing limited OMB and CISA resources. With over 6,000 attendees across 16 engagements in 2023, we provided agencies with the information and tools necessary to achieve specific security outcomes in a more consistent manner.

My office also works closely with the General Services Administration’s Technology Modernization Fund (TMF) Program Management Office (PMO). The TMF works in complement with the appropriations process, allowing agencies to quickly access capital to tackle the IT modernization needed to keep up with the fast pace of changing technology. In fiscal 2023, the TMF invested more than $177 million in 18 projects that improve how the federal government provides services to the American people, increasing public trust and making it easier to get the services they need.

Over the past year, we worked closely with GSA Technology Transformation Service (TTS) to ensure an integrated approach to tackling our biggest IT challenges. We continue to meet with GSA leadership on a weekly basis and our teams are engaging daily to support the implementation of our policies, such as helping develop and provide agencies access to tools that will help them deliver a digital-first experience to the public.

Lastly, I want to highlight the strong connection my staff has established with our budget colleagues to ensure funding and resources are aligned so that agencies can best secure their infrastructure and be on the road to digital transformation.

FNN: Of the policies/guidance your office did issue in 2023, which ones do you think will have the biggest impact in 2024 and why?

Martorana: Building off the customer experience executive order and the President’s Management Agenda Customer Experience Priority Area, in September, we released digital experience guidance to help agencies move faster to deliver the simple, seamless, and secure experience that the American people deserve. Some 430 federal agencies and sub-agencies provide information and services to more than 400 million individuals, families, businesses, organizations and local governments each year.

Digital is increasingly becoming the primary way that the public interacts with government and accesses the information and services they depend on. In order to provide the best possible customer experience — we must fix the digital experience.

Right now, everyone is talking about artificial intelligence and the power and potential that it yields. Our pending FedRAMP guidance will significantly scale the size and scope of the FedRAMP marketplace.

Another piece of guidance issued in 2023 that is having an immediate, positive impact in 2024 is our Digital Accessibility guidance, which is based on the idea that all Americans should have equal access to government. Sixty-one million adults in the United States have a disability, an estimated 15 million or more people have a temporary disability, and an estimated 40 million people are caregivers who provide support to a person with a disability. There is nothing more heartbreaking than someone being unable to use accessible technology to complete what should be a basic task. That’s why our Digital Accessibility guidance is so important; it helps build and sustain an accessible Federal technology environment that delivers for everyone.

FNN: What are your top 3 priorities for 2024 and why?

Martorana: Strengthening Office of the Federal CIO’s foundation to enable our staff to grow and thrive. They are working on the front lines across the Federal ecosystem to drive progress and positively impact the way services are delivered to the public each and every day. And while there is a lot of external attention on our policies, there is often little discussion on the people behind the policy. As I look at 2024, I’m so excited by our team and what we will be able to achieve together.

Supporting agencies in operationalizing the policies we issued over the past few years. Every agency is at a different place on their journey — our job is to ensure they have the executive support, shared services and tech talent needed to deliver results.

Ensuring continuity so agencies and tech teams across government can continue making progress in modernizing technology. We’ve delivered and we’ve built a strong foundation of tech policies that will span from year to year and across administrations. The American people deserve good government every day. Technology is critical to delivering a government that meets today’s expectations — and we must continue moving forward.

FNN: There is a lot of excitement around artificial intelligence in the public sector, how is your office trying to balance the excitement with all the challenges that come with AI?

Martorana: AI presents tremendous opportunities to improve public services, such as making it easier to access benefits, preventing drug shortages, or fighting wildfires. While we harness AI’s power for good, we also need to protect people from its potential risks. My goal as the Federal CIO is ensure the federal government is a leader in both using AI and managing its risks. That’s why we’re issuing extensive guidance to federal agencies on their use and governance of AI, which will be finalized this spring.

In the meantime, the AI EO directed agencies to name a chief AI official (CAIO), a senior agency representative responsible for driving consistent implementation of AI practices across their agency. I recently convened and [led] the first meeting of the CAIO Council, a new executive council that will coordinate the development and management of AI across agencies. We know that innovation relies on great minds coming together to rethink what is possible. Ensuring that the U.S. is a world leader in AI will require all of us — across government, academia, civil society, and industry — to be successful.

FNN: There is a lot of excitement over the special salary rate for IT/cyber workers, but agencies are struggling to implement and fund it. How is your office, with your partners in OMB, addressing this opportunity to use the SSR to help agencies recruit and retain the best talent?

Martorana: Now more than ever, we need technologists at the table to collaborate with our nation’s leaders and provide expertise on how best to launch products and services that are secure by design, digital by default, and accessible to people of all abilities. There are many entry points to federal government and we are continually trying to reduce barriers.

Late last year, we launched a new page on CIO.gov to serve as a “front door” into government for technologists at all levels. When you navigate to CIO.gov, you will see a banner with a call to action to join us.

If you are thinking about a career in civil service, I encourage you to check it out and consider putting your tech superpowers to work for your families, friends and neighbors.

FNN: What is your message to non-technology federal IT leaders, such as those in the finance or acquisition or mission areas?

 Martorana: Technology today is deeply integrated into nearly every facet of our federal operations and services. It presents both opportunities and threats that we cannot afford to overlook. All leaders — regardless of background — need to make technology a core priority. We can deliver a government that rivals our favorite consumer brands.

What it takes is a C-Suite — leaders beyond CIOs, CISOs, and chief data officers (CDOs) — it will take chief human capital officers (CHCOs), chief acquisition officers (CAOs), CFOs, general counsels and public affairs teams to align their efforts to support an agency’s technology journey map to modernize how they deliver products and services. They’ll reduce administrative burden for their workforce, improve employee engagement and inspire others to join us in the effort.

FNN: What is your message to federal IT vendors?

 Martorana: Read our final guidance to understand the federal government’s requirements and our draft guidance to understand where we are heading.

Know where agencies are on their IT modernization journeys and sell them the appropriate tools, technology and solutions — meet them where they are.

Let’s collaborate: we get the best ideas when we share lessons, challenges, and opportunities for delivering faster.


3 takeaways from the FITARA 17 scorecard roundtable

The 17th iteration of the Federal IT Acquisition Reform Act scorecard was, once again, a very one-sided affair.

It wasn’t that Rep. Gerry Connolly (D-Va.), co-author of the 2014 law and ranking member of the Oversight and Accountability Subcommittee on Cybersecurity, IT and Government Innovation, didn’t let others speak, though he is prone to enjoy the microphone like most lawmakers.

It was that he was the only legislator at the FITARA 17 roundtable last Thursday.

Subcommittee Chairwoman Nancy Mace (R-S.C.), for a second time since September, didn’t agree to hold a formal hearing so Connolly was left to host a roundtable that had no Republican participation.

Congressman Gerry Connolly (D-Va.) held a FITARA roundtable on Feb. 1. (Photo credit: Jason Miller/Federal News Network.)

“First, I want to mention how disappointed I am that our Republican majority has turned its back on the FITARA scorecard,” Connolly said in his opening statement. “The scorecard has been a bipartisan oversight project for more than eight years with Republican champions like [Reps.] Mark Meadows (R-N.C.), Will Hurd (R-Texas) and Darrell Issa (R-Calif.). It has helped save nearly $30 billion, closed 4,000 unnecessary data centers, expanded the use of working capital funds as flexible vehicles for IT modernization funding, almost doubled the percentage of federal IT projects using incremental development to deliver functionality and empowered agency Chief Information Officers (CIOs) with greater budget and procurement authority and a more direct reporting relationship to agency leadership. The scorecard sits at the heart of this subcommittee’s mandate to oversight federal IT.”

There now has been no formal FITARA hearing since December 2022, the 15th iteration of the scorecard.

A House Committee on Oversight and Accountability spokesperson pushed back on Connolly’s notion that the majority has “turned its back on FITARA.”

“FITARA is a law concerning federal IT management and acquisition. Ms. Mace’s subcommittee has held a dozen hearings in the past year concerning not only federal information technology management and acquisition, but also pressing issues surrounding artificial intelligence, and cybersecurity. These hearings have been a critical vehicle for substantive oversight and the development of significant legislation,” the spokesperson said in an email to Federal News Network.

Mace held 12 hearings in 2023 looking at federal technology and cyber issues, with artificial intelligence receiving the most attention. She did hold hearing on legacy federal IT, the problems with Login.Gov and the continued struggles with the Defense Travel System program — all of which fall under the FITARA umbrella of oversight of federal IT projects.

Exactly why Mace will not hold a FITARA hearing is unclear. Maybe it’s not a “sexy” enough topic, like AI or ransomware, for her? Maybe it’s something different.

Either way, not holding a traditional hearing on FITARA is a missed opportunity for lawmakers, for agencies and for the overall goal of improving how agencies manage, spend and account for the nearly $100 billion spent on federal IT.

But getting away from the big “P” politics playing out between Mace and Connolly, the roundtable provided some important and new updates to federal IT oversight and progress.

Here are my three takeaways from FITARA 17:

EIS under review

The Government Accountability Office is dusting off the cobwebs from its “why did this transition take so long?” probing tool. GAO will begin looking this spring at the continued delays agencies are having in moving to General Services Administration’s Enterprise Infrastructure Solutions (EIS) contract.

Carol Harris, GAO’s director of cybersecurity and IT, provides an update at the Feb. 1 FITARA 17 roundtable. (Photo credit: Jason Miller/Federal News Network.)

“We’ll be able to really dig in deep and ascertain progress and the reasons why agencies are not able to make this transition on time,” said Carol Harris, GAO’s director of cybersecurity and IT, in an interview with Federal News Network after the Feb. 1 roundtable. “We’ll also dig into the missed cost savings as a result as well because that’s a huge component of this. But when you take a look at the progress that’s been made, certainly over the past two years, agencies have done their best and but still we still have, I believe, 14 agencies that did not meet the deadline.”

GSA gave the departments of Justice and Homeland Security until May 2026, while 80 other agencies have until May to complete their transitions.

Of the four agencies that participated in the roundtable, the Office of Personnel Management, the Nuclear Regulatory Commission and the U.S. Agency for International Development all completed transition. The Department of Housing and Urban Development reached the 80% mark as of December, according to GSA’s EIS transition progress dashboard.

As a reminder, the transition from FTS 2001 to Networx took 33 months longer than planned and cost the government an estimated $395 million, according to an analysis by GAO in 2014.

It’s clear this Networx to EIS transition may not meet the 33 month record, but the cost will exceed $395 million.

Cloud grades vs. cloud progress

The string of “Fs” filling the cloud computing category showing a lack of progress is striking when you first look at the FITARA scorecard. Of the 24 agencies, 16 received the lowest grades and six others received “Ds.”

As GAO’s Harris and Connolly said during the roundtable, the grades are supposed to be low given it’s a new category.

“[We are] introducing a new category and a new grade, therefore, we were expecting that we started at a lower base. The object here is to move up. So whatever we started with, we will be measuring it,” Connolly said. “We need to put that into perspective that it’s not like every federal agency just regressed in the last few months because they took large holiday breaks. It’s because we are introducing metrics that really matter. We’re starting at an uneven point with a lot of federal agencies.”

The cloud category is measuring agency progress against several of the areas the Office of Management and Budget outlined in its 2018 federal cloud computing strategy.

These include:

  • Whether agencies are ensuring that the CIOs are overseeing modernization, Agencies have cloud service level agreements (SLAs) attached to all of their cloud deployments,
  • Agencies have standardized SLAs

Harris said GAO is currently reviewing how agencies are meeting these requirements and used the results of that work to give agencies initial grades.

“What we’re seeing is uneven progress across the agencies. None of the agencies have fully implemented the five categories with the exception of the Defense Department,” she said. “That’s something that we need to see improved progress in. When I cited the 47% average [for SLA compliance]. That’s what we’re not seeing across the agencies in the implementation of this area.”

At the same time, what the FITARA scorecard isn’t measuring, which may be equally important, is the actual use of cloud services.

Take the Office of Personnel Management for example. Guy Cavallo, the agency’s CIO, said over the last two years, OPM has deployed over 35 new cloud-based applications that were previously on-premise. OPM also migrated over 100 business applications to the cloud that previously ran in data centers.

“Our goal is to have the majority of OPMs applications operating in the cloud by the end of this year,” Cavallo said.” Now, one of the benefits of utilizing cloud computing is the implementation of enhanced cybersecurity capabilities, such as data encryption, real-time security updates and patching, centralized monitoring and robust access controls. Today, all of those are improving the security of OPM’s applications, data and cybersecurity. We’ve had a number of successes there by leveraging machine learning and artificial intelligence to enhance our cybersecurity capabilities, allowing us to have real-time situational awareness, which allows us to quickly respond to and defend against threats. We also implemented data driven cloud-based dashboards to provide better visibility into our cyber status.”

OPM CIO Guy Cavallo (left) and NRC CISO Jonathan Feibus took part in the FITARA 17 roundtable on Feb. 1. (Photo credit: Jason Miller/Federal News Network.)

Cavallo said OPM is far from done in moving to the cloud. But it’s clear that OPM’s “F” grade doesn’t entire reflect the real goal of moving data and applications out of data centers.

The same can be said for USAID, which received a “D”, and the Department of Housing and Urban Development and NRC, both of which received “F” grades.

NRC’s Feibus said the agency is transitioning legacy technology to the cloud.

“We’re developing solutions that focus more on current and future technologies, including artificial intelligence, machine learning and process automation to keep the agency innovative,” he said. “The NRC has also worked with the General Services Administration on a financial operations pilot. It is implementing the recommendations and best practices we learned to further enhance management of our cloud services. We have been able to locate additional workflows to the cloud to provide an additional layer of resilience to our technology operations.”

USAID’s Gray said by moving to the cloud, the agency has reduced the number of data centers from 87 to 2.

“Even technology refresh is something that historically would take weeks or months to do major upgrades. In my prior agency [Education], we were able to upgrade an entire data center over a weekend, that would never happen. There would’ve be a disruption, but that did not happen because of the cloud,” Gray said.

It’s clear that agencies need to improve how they oversee and manage cloud services, but let’s not confuse that area with the real impact of cloud services on IT modernization efforts.

Working capital fund compromise

If the Technology Modernization Fund (TMF) was the icing on top of the Modernizing Government Technology (MGT) Act cake, then the IT working capital fund (IT-WCF) is the cake itself.

Everyone can “ooh and aahh” over the icing, but when you dig into the MGT Act, authorizing IT working capital funds is what holds the act together and gives agencies hope that IT modernization is an achievable goal.

For the previous 16 iterations of the scorecard, Connolly and GAO graded agencies on whether they were meeting the spirt and intent of the MGT Act by implementing a specific IT working capital fund. Agencies received some partial credit for already having another fund that provides money for technology modernization.

For the 17th iteration, one of the major changes is giving agencies credit for having any working capital fund that supports IT modernization.

After nearly a five years, Connolly realized that it’s not the agencies who didn’t want the IT working capital fund, it’s the appropriators who were less than excited to approve them. Sen. Maggie Hassan (D-N.H.) had planned to try to fix the MGT Act with a technical amendment in 2021, but that bill never moved.

Only a handful of agencies, including OPM and the Small Business Administration, have received approval from Congress to set these up. Others like the departments of Treasury, Labor and USAID have requested Congress give them the green light, but had no luck so far.

HUD is the latest agency to try to run the appropriator’s IT-WCF gauntlet.

Sairah Ijaz, HUD’s deputy CIO, said not having access to a working capital fund has impeded their ability to modernize technology as quickly as they would’ve liked.

“We do see some hope of that coming into the fiscal 2024. We’re hopeful that is something that we will be able to leverage in order to be able to quickly address some of the issues that are part of our long underlying strategies,” Ijaz said.

Like several other agencies, HUD does have a working capital fund out of its CFO office, but it doesn’t specifically support technology modernization.

“We are working to be able to begin the use of that working capital fund, and that’s part of the conversations we’ve been having with all of our counterparts about looking toward that in future appropriations. Currently, our appropriations do not allow for the use of a working capital fund,” Ijaz said. “It has hindered our ability to be able to be flexible, and be able to work toward modernizing our platforms. We’ve had to look towards other areas in order to be able to support our ability to fund some cyber needs. We’ve gone to the TMF and received some funding there to be able to manage that. Then we looked at reallocating some other costs in order to be able to support our cyber needs because that is most important at the moment.”


« Older Entries