The Reporter’s Notebook turns 10 years old in January and I’ll admit, that caught me by surprise.

Back in 2013, I started with an idea of pulling tidbits and short items that were interesting or newsworthy, but there wasn’t quite enough there yet for a story. Like many things, it evolved into a long-form analysis driven, and sometimes investigative, feature.

The top Reporter’s Notebooks of 2023 continue to demonstrate the interest and desire for in-depth reporting, digging out more than the tidbits, but the stories behind the news.

Four of the top 10 stories focused on the Defense Department, while three followed the theme of people, jobs and agencies changing the role of agency technology leaders.

As always, I encourage you to submit ideas, suggestions, and, of course, news to me at jpmiller@federalnewsnetwork.com.

Here are the top 10 Reporter’s Notebooks of 2023:

Air Force’s corrective action fails to satisfy unsuccessful bidders for EITaaS contract

Synopsis: Bidders for the $5.7 billion enterprise-IT-as-a-service (EITaaS) wave 1 contract continued to press their case over the Air Force’s award decision to CACI the contract.

Key fact: Peraton and Accenture again have raised conflict of interest challenges stemming from CACI’s allegedly having hired former Air Force employees. The companies also allege that these individuals provided CACI with inside knowledge of, and access to, non-public competitively useful information. Through that information, Peraton and Accenture allege that CACI gained an unfair competitive advantage and therefore CACI should be excluded from the competition.

Current status: The Air Force awarded CACI the Wave 1 contract again in April and the unsuccessful bidders didn’t file new protests. Current Air Force CIO Venice Goodwine said in December EITaaS will roll out to 17 bases in fiscal 2024.

High per-license cost pushed many military services, Defense agencies away from DEOS

Synopsis: The Defense Enterprise Office Solutions (DEOS) is struggling to live up to expectations as many of the military services and defense agencies have found better and cheaper ways to accomplish the same goals.

Key fact: Multiple former government sources and industry experts say the price negotiated through the DEOS contract for O365 licenses is as much as 20% higher than what the services and Defense agencies could get through the Navy enterprise software initiative (ESI) contract.

Current status: The Defense Information Systems Agency, which runs DEOS, says it is working with the DoD chief information officer’s office and the acquisition and sustainment office to address enterprise software buying from a policy perspective. Chris Barnhurst, the deputy director of DISA, said in November that the goal is to “speak with one voice with vendors, especially for tools or software where we are using it as an enterprise. We want to buy as one and not subdividing to our own detriment.”

What to expect from the new IT/cyber/innovation House subcommittee

Synopsis: Throughout the federal technology community, there were tiny celebrations and the undercurrent of a sense of dread with the reconstitution of the House Oversight and Accountability Subcommittee on federal IT, cybersecurity and government innovation.

Key fact: Rep. Nancy Mace (R-S.C.), chairwoman of the subcommittee, offered a little insight in her press release announcing her new chairwomanship, “Securing our nation’s data, protecting our cyber infrastructure, and studying emerging technologies of the future like artificial intelligence, quantum computing, and blockchain integration is more important today than ever.”

Current status: Mace’s subcommittee held about 11 hearings, most of which focused on artificial intelligence and cybersecurity. She did not hold a Federal IT Acquisition Reform Act (FITARA) hearing at all in 2023, much to the dismay of Rep. Gerry Connolly (D-Va.), the ranking member of the subcommittee.

The reason why the Air Force pulled the plug on a huge cyber contract may surprise you

Synopsis: The Air Force took the unusual step of pulling the plug on the Enterprise Cyber Capabilities acquisition for reasons that may make sense on the surface, but was baffling to long-time acquisition experts and especially to the vendors, who spent more than a year and hundreds of thousands of dollars or more on proposals.

Key fact: Long-time acquisition experts say they can’t remember a time when an agency cancelled an acquisition because there was too much interest.

Current status: The Air Force hasn’t publicly discussed its next steps for an enterprisewide cyber capabilities contract. There are currently no open solicitations or even sources sought notices on SAM.gov that have the key words “cybersecurity services” or “cybersecurity capabilities.”

NIH breaks up its technology executive roles

Synopsis: NIH decided to separate its chief information officer role from the director of the Center for Information Technology and create two distinct positions after almost 25 years of combining the roles.

Key fact: NIH formally created the CIT in March 1998 bringing together functions and missions of its Division of Computer Research and Technology, Office of Information Resources Management, and the telecommunication branch. The position of CIT director and CIO has been one since 1998 with a handful of acting directors holding only one of the roles.

Current status: Nearly a year after splitting up the roles, NIH still doesn’t have a permanent CIO or permanent CIT director. Dennis Papula, who has been the acting CIO, and Ivor D’Souza, who has been the acting CIT director, both since January, remain their respective roles.

Login.gov’s problems further break down confidence in TTS, and now GSA

Synopsis: The third scathing inspector general report since 2016 once again reinforced how GSA headquarters can’t make the Technology Transformation Service play by the government’s rules, in turn leading agency chief information officers and other technology executives to question whether GSA, as a whole, can be trusted.

Key fact: While many technology executives said they weren’t surprised by the IG’s findings that TTS misled agencies for four years about how Login.gov met certain identity proofing requirements under the National Institute of Standards and Technology Special Publication 800-63-3, the IG report signals TTS remains a horse that cannot be broken, despite multiple attempts across multiple administrations.

Current status: GSA has detailed several changes to the management of Login.gov, including in October outlining several ways it will meet the National Institute of Standards and Technology’s 800-63-3 IAL2 guidelines. GSA says all cabinet agencies now using Login.gov for at least one program or application.

NSF joins a growing list of agencies reconfiguring its CIO’s office

Synopsis: The National Science Foundation is joining a small but growing number of agencies remaking their CIO’s office.

Key fact: Both the NSF and NIH decisions to reconfigure their CIO and technology oversight offices are the latest step in this 25-plus year evolution of the agency’s lead technology role.

Current status: Terry Carpenter became the CIO and chief technology officer at NSF in July. He came over to NSF from the Defense Counterintelligence and Security Agency where he was the CTO and program executive officer.

GSA joins EPA in putting the brakes on how employees use generative AI

Synopsis: The General Services Administration issued an instructional letter (IL) to provide an interim policy for controlled access to generative AI large language models (LLMs) from the GSA network and government furnished equipment (GFE).

Key fact: GSA’s instructional letter is one of several similar policy-like documents issued by agencies over the last few weeks. The Environmental Protection Agency in early May sent a note to staff saying it was blocking ChatGPT, OpenAI and similar sites.

Current status: President Joe Biden signed out an executive order in late October and the OMB issued a draft policy around AI on Nov. 1. Included in the proposed requirements is one that directs agencies to explore the use of generative AI tools, like ChatGPT, with “adequate safeguards and oversight mechanisms.”

Navy CDO Sasala jumps ship to the Army

Synopsis: The Navy is losing its chief data officer. Tom Sasala is joining the Army as the deputy director of the Office of Business Transformation.

Key fact: Sasala has been the Navy CDO since October 2019 after coming over to the service in April of that same year as the director of data strategy.

Current status: Duncan McCaskill remains the acting CDO nearly a year after Sasala left the position under unusual circumstances, to say the least.

GSA’s commercial platforms gaining steam, but data, other concerns persist

Synopsis: Three years into the Commercial Platforms Initiative, the vision Congress had for the initiative isn’t necessarily coming to fruition. But new data and analysis shows that doesn’t mean it’s a failure by any means. The number of agencies using the platform more than quadrupled between 2020 and 2022 to 27 and the spending, while far below initial estimates of $6 billion have increased to $40 million last fiscal year.

Key fact: The top agencies using the commercial platforms are the departments of Veterans Affairs and Agriculture.

Current status: GSA is facing a new protest over the CPI program, and had to extend the current contracts with Amazon, Fischer Scientific and Overstock an extra three months to March 2024.

There is little disagreement among agency and industry technology leaders that the overhaul of the cloud security program known as FedRAMP is necessary and appropriate.

For much of the last decade, experts have mostly agreed with the spirit and intent of the Federal Risk Authorization and Management Program — to standardize and make the use of secure cloud services easier.

At the same time, over the last decade since the Office of Management and Budget launched FedRAMP in 2011, challenges have emerged like barnacles attached to a boat.

In many ways, the new draft FedRAMP memo is symbolically scraping those crustaceans off the bottom of the program to increase speed and reduce the burden on agencies and industry alike.

“I think this will be a huge improvement to FedRAMP. The improvements I’m talking about are who is managing the cloud security approvals, the resources for [the General Services Administration] and the end results if it is done in standard way,” said one agency chief information officer, who requested anonymity because they didn’t get permission to talk about a draft memo. “FedRAMP is a good program. I love the idea of a standard, but over the years there are concerns about the risk appetite among agencies depending on their missions and data. There always are concerns about whether the sponsoring agency or the Joint Authorization Board (JAB) has provided right risk assessment or a decision over the amount of risk. There usually is a pretty good amount of risk assessment and identification, and what decision you make over that. The way the memo is written, there will be a group of subject matter experts working that to come up with a more consistent way to determine and assess risk. That will help agencies make their own assessments and determine whether additional controls are needed.”

The CIO was one of six federal and industry experts to weigh in on the draft memo about what parts hit the target and what parts may have fallen a bit short. OMB is accepting comment through Dec. 22.

FedRAMP draft more than a patch

By and large, the experts applauded the draft memo for taking on some of the systemic problems with FedRAMP. At the same time, however, all wanted to see more details about how GSA’s program management office will implement the new approaches outlined in the draft memo.

Willie Hicks, the public sector chief technologist for Dynatrace, summed up why many agency and industry experts are excited for the new approach to FedRAMP after years of smaller changes like FedRAMP Ready or Tailored.

“I think those were attempts to make the process easier, more attainable for more companies and software-as-a-service (SaaS) providers, but, for lack of a better term, they were almost like patches or Band-Aids. They really didn’t address the fundamental problems,” Hicks said in an interview. “When I say problems, I go back to originally what FedRAMP was being geared toward: the infrastructure- and platform-as-a-service type of offerings and not as much geared towards SaaS. I don’t think it accounted for a lot of the problems that we see today, especially when you look at the vast number of SaaS platforms out there.”

When OMB released the draft memo, Drew Myklegard, the deputy federal CIO, specifically called out SaaS as one of the driving factors for these changes. Out of the 321 current FedRAMP authorized cloud services, 286 are SaaS, and another 125 are in process or in the ready stage. This is out of a total of 453 cloud services in all three stages in all three service types.

But experts say to get many of the small or medium businesses into the program, FedRAMP must address the cost and time commitment. By some estimates, to get a moderate authorization, it can cost several hundreds of thousands of dollars and take 12-18 months — if you are lucky.

OMB, recognizing the increasing desire by agencies to use SaaS, is focused on using automation and continuous monitoring to reduce cost, and accelerate time to approval without losing any rigor.

John Harmon, who leads the Elastic U.S. public sector cyber solutions business, said automation should help drive down costs and should make things go faster to let more SaaS companies into the market.

“How do we get SaaS-based companies excited about getting FedRAMP? I hear more small companies who don’t want to do it because it’s just too much of a headache, too expensive for them to do. And for any kind of new innovation, it’s a lot to ask,” Harmon said. “How do we make sure your federal stack is like your commercial stack? I’m really curious as to how much that could be done and honestly that’s one of the biggest things in the memo. That, plus the automation piece, if those things are really figured out properly that could solve making sure everything goes a little bit faster because it really is the problem.”

Automation is more than technology

The automation of the assessments and of continuous monitoring consistently came out as part of the memo experts lauded.

Jason Weiss, the chief operations officer of TestifySec, a software startup focused on securing the software supply chain, and former Defense Department chief software officer, said automation of controls and continuous monitoring also must include the reeducating of chief information security officers, authorizing officials and others about how these processes work.

He said the use of Open Security Controls Assessment Language (OSCAL), which is something FedRAMP has piloted, could be a key piece to this automation effort.

“The devil is in the details and the number of tools that support OSCAL, and more importantly, the number of tools across the federal government that can actually integrate and share that information,” Weiss said. “I think the challenge with the automation is if somebody uploads a machine readable format like OSCAL to FedRAMP, where is that going to be stored in the FedRAMP environment? How does a member of [the departments of Defense, Veterans Affairs or Homeland Security] gain access to that so that they can ingest it into their internal systems, and actually make sense and make a risk informed decision?”

He added figuring out the transparency and visibility through OSCAL or other machine readable formats will really affect the change most people want.

The other hot topic during several conversations revolved around the moving to the FedRAMP board and way from the JAB. Similar to the Technology Modernization Fund (TMF) board, the FedRAMP board will include seven senior officials from across the government including OMB, GSA, DHS and DoD who will establish requirements and guidelines for security assessments of cloud services.

One agency CIO, who called themselves a reluctant user of FedRAMP, said the restructuring and augmenting of the governance process is one of the most important changes. The CIO said the JAB started out strong, but over the last few years, whether it was the pandemic or other reasons, it’s been a challenging organization that hasn’t been agile as it needs to be.

Future of JAB authorizations unclear

Stephen Kovac, chief compliance officer and head of global government affairs at Zscaler, added there are some concerns about losing the marquee of the JAB authorization and what that would mean to folks who have spent millions of dollars to earn that approval.

Underneath the new FedRAMP board will be the Technical Advisory Group (TAG). Six subject matter experts will lead the TAG to provide additional expertise to FedRAMP and advise on the technical, strategic and operational direction of the program

The first agency CIO said the TAG also will be an important change because, they hope, it will come up with a more consistent way to assess risk and one that agencies can easily understand and accept to relieve some of the burden that has built up over the years.

The second CIO added the TAG should help bring more consistency to third-party assessors by identifying areas to focus on.

“How much risk am I really accepting with the cloud security package? We’ve got to the point where  teams have to go through and evaluate how the third party assessor assessed things, and almost every time in the mapping of vulnerabilities to the security controls it was completely different,” the CIO said. “I want to know that if something has a FedRAMP authorization, I want to know I can trust it and don’t have to worry about it.”

Another common theme that emerged among experts is while the draft memo is a good start, they want to see more.

While it could be another 60-to-90 days until OMB finalizes the memo after the comment due date, government and industry experts say they are looking for some sort of strategy or implementation plan from the FedRAMP program management office.

Jim Rivas, the CEO of the Cloud Security Alliance, said a key metric he will be paying attention to over the next year or more is an increase in the number of cloud providers getting through the low and moderate accreditation process.

Zscaler’s Kovac added he’d like to see more details about where the Cybersecurity and Infrastructure Security Agency fits into this discussion. There is little to no mention of CISA specifically, and Kovac said as CISA’s role in cybersecurity management and oversight has increased significantly over the last five years, leaving them out would be a grand oversight.

Finally, the second agency CIO said they will be looking for better interoperability and collaboration among agencies and the FedRAMP program office, to further decrease burdens of time and increase reciprocity.

“One challenge I’ve seen is not all agencies approach things the same when it comes to cloud services. Some are more mature and if the service they wanted couldn’t go through the JAB, it could go through the agency authorization process. While other agencies are less mature and if a service is not FedRAMP authorized, forget it, they will not use it,” the CIO said. “I would like to see more education and shepherding of the process to ensure the approach is consistent whether the cloud services goes through the JAB or agency authorization process. I think the enhanced guidance makes it consistent for all vendors too; as some say, one agency is easier than another.”

Just over a month into fiscal 2024 and there is no shortage of excitement and intrigue across the federal acquisition community.

The General Services Administration’s Federal Acquisition Service, which reported a record 2023 with over $100 billion in sales, is once again, at the center of a lot of the activity.

Planning for version 2 of its COMET vehicle kicked off with an industry day in September, attracting 400 companies and more than 750 registrants. GSA already is expecting COMET to play a much larger role in providing the outlet to continue to modernize their systems with a ceiling over more than $1 billion.

A current COMET contractor, who requested anonymity to talk about an active procurement, said the move toward a product mindset is a good change to the vehicle.

“With the current modernization efforts, there are some good successes because of product lines like the GSA fleet contract. For fleet, as an example, GSA asked vendors to show how you would’ve developed the product and then center the presentation around that with a big emphasis on how your team works,” the industry executive said. “GSA gave you a problem set and said ‘go work it for week and present to us how you would do this. User experience plays very much into the product line effort and that is a key feature of COMET 2.”

Dave Shive, the GSA chief information officer, said at the industry day that the scope of the follow-on contract will be larger and will build on the lessons learned over the past few years.

“Please take a look at our requirements that we express out to you very carefully. You’ll see some themes in there that are very important to the government. An example of that is GSA is pretty far along with our zero trust implementation across the four main pillars. For users and devices, we’re 100% implemented here at GSA. Across data and applications, we have considerable maturity in those spaces. We’re looking for partners who understand the basic principles of zero trust, especially at the application layer, where a lot of this work in the next generation of COMET is going to be prevalent,” Shive said. “We’re looking for partners who are going to be able to understand the application level security. Zero trust principles injected at the application level are critically important. Same thing at the data layer, knowing that the applications we build are going to have to know everything and anything about data and who’s using it so that we can apply our zero trust principles to that is going to be critically important. Same thing for customer experience.”

GSA’s COMET almost $1 billion in awards

The current COMET has been a success, according to GSA and vendors involved. So far, the agency has awarded 21 task orders worth more than $950 million to 11 different companies. The largest task order went to Booz Allen Hamilton for $247 million to create the cloud infrastructure that a lot of applications now reside on. GSA awarded COMET in 2019 to 12 companies.

“We’ve been really thankful to work with many of you in the past to develop some skill in that space so that we’re not learning how to move things to the cloud, we’re not learning how to do DevSecOps and we’re not learning how to do agile. We’re actually practicing and refining that process. We learned how to do that very well under COMET, and then the next iteration, you’ll see some reflection in our requirements about that maturity, which I think is going to be great to continue that public, private partnership,” Shive said. “One of the primary goals of COMET was to focus on modernizing, using our cloud smart strategy. We moved things to the cloud as a matter of course, it’s become our de facto norm. But we also listened to our industry partners, when we co-developed solutions to say, ‘what is the right place to host something?’ Usually, the answer is the cloud, but not completely. We’ll be smart about how we move to the cloud. Do we consider a managed service, which is another offering thing we consider? We’re looking for partners who have that broad mindset, that cloud smart mindset, with helping us do our work.”

The current COMET contractor said one big question they will be paying attention to as the acquisition continues to develop is how GSA will evaluate small businesses. The executive said under the current COMET vehicle two of the four small business winners did so well they were sized out of the contract quickly.

At the same time, industry continues to closely watch GSA’s Polaris small business contract, the OASIS+ recompete and what will happen with the ASCEND cloud blanket purchase agreement, which has been in the discussion phase for more than 18 months.

Sonny Hashmi, the FAS commissioner, said in a September interview that ASCEND continues to evolve.

“There’s a lot more to be done that front and more to come on us. I know I’ve said this before about ASCEND, I will say one blanket statement, we want to do the right thing. Rather than the expedient thing on ASCEND. There is a business case to be made for us, and we want to do it in a way that actually adds value to agencies and for the industry, so that requires some thinking,” he said. “More to come on that. This will require more engagement with industry. We’re going to be coming out with more engagement opportunities for industry partners to tell us how we structure it so that it actually adds value.”

Polaris bogged down

So while industry waits for GSA to finalize its ASCEND acquisition strategy, its other big governmentwide acquisition contract, Polaris, is facing another protest.

At issue this time is GSA’s handling of mentor-protégé and joint ventures. Akima Data Management filed a complaint with the Government Accountability Office on Oct. 31.

Akima is challenging the latest amendment, the ninth, around letting mentor-protégé joint ventures submit revised experience examples as part of their self-scoring proposal. Akima claims that change is unfair and improper. GAO has until Feb, 8 to decide the protest.

Absolute Strategic Technologies filed a second protest around Polaris on Nov. 7. This one also is focused on amendment nine, but is around changes GSA made to the proposal for cost and price, changes to the evaluation methodology and the experience of the vendors.

Absolute’s protest alleges GSA unreasonably limited the scope of what offerors may revise in their proposals and that the agency will not allow companies to update their offers beyond what they submitted on Oct. 7 with current past performance and experience information. Finally, Absolute says amendment nine unreasonably limits revisions to specific parts of proposals ignoring other parts of offerors’ proposals they should be allowed to modify.

GAO has until Feb. 15 to decide the case.

This is the second around of protests against Polaris. The small business contract received a pre-award complaint in March, and GSA took corrective action around the mentor-protégé and joint venture requirements.

Veterans Affairs $60B contract awarded

While GSA tends to receive a lot of attention around acquisition — and rightfully so —  two recent awards from the Department of Veterans Affairs also deserve some notice.

The first from VA made 30 awards under the much-anticipated Transformation Twenty-One Total Technology Next Generation 2 (T4NG2) IT services contract vehicle.

And as of Nov. 13, GAO hasn’t received any bid protests over the award — which is good news so far, but that doesn’t mean VA is out of the woods yet.

Under T4NG2, which is a 10-year contract with a $61 billion ceiling, the mix of small and large contractors will provide a range of IT services including technical support, program management, strategy planning, systems/software engineering, enterprise network engineering, cybersecurity, operations and maintenance, and other services.

The current T4NG contract has been a popular vehicle across the agency. GAO reported last December that from 2017 to 2021, VA spent about $6.4 billion.

In addition to T4NG2, VA also made an interesting award to TransUnion to help fight fraudster targeting veterans and their families.

TransUnion and Four Points Technology will provide technology to improve VA’s ability to brand and verify its calls to veterans and their families from both landline and mobile phones.

Jeffrey Huth, senior vice president of TransUnion’s public sector business, said in an email to Federal News Network, said the contract addresses the VA’s Veterans Experience goals.

“The VA currently has a challenge with reaching out to veterans and their caregivers because of incorrect or missing caller ID across the enterprise. This challenge affects all facilities and contact centers who perform outbound calling on a consistent basis to engage veterans for the purpose of informing them of relevant information and available benefits,” VA stated in its solicitation. “Outbound calling could be more successful if veterans or their caregivers knew that the number calling was a trusted VA employee.”

VA says its annual outbound call volume is about 100 million a year, and wants the services to be able to handle as much as 310 million outbound calls a year.

Fraud against veterans growing

Huth said it’s difficult to know exactly how big a problem scams are for veterans, data collected fraud in the name of other agencies demonstrates the challenge VA and every agency faces.

He said a Government Accountability Office report in 2019 found the IRS reported that from October 2013 through March 2019, the agency was contacted more than 2.4 million times by taxpayers who reported calls from fraudsters posing as the IRS, and more than 15,453 taxpayers reported losing about $75.1 million in such scams.

Combating fraud continues to be a focus areas for the agencies. Just Saturday, the White House launched the Veteran Scam and Fraud Evasion (VSAFE) campaign and task force with the Federal Trade Commission (FTC) serving as a central hub for reports of scams targeting veterans and service members.

Huth said TransUnion and Four Points Technology piloted this technology for 10 weeks in the fall of 2022 with Veterans Affairs Solid Start Program and applied the technology to more than 82,000 calls.

“The VA experienced a 20% increase in weekly successful contacts. Average call attempts for a successful contact decreased from about 2.5 to 1.9,” Huth said about the pilot. “The VA is rolling the service out across the country over the next several months and to additional programs.”

The Air Force was 18 months into the Enterprise Cyber Capabilities acquisition and on the brink of making awards. The excitement over this potentially $5 billion multiple award indefinite delivery, indefinite quality contract among industry was a high as any opportunity on the street over the last few years.

With a few strokes on the keyboard on Sept. 19, the Air Combat Command terminated EC2.

The Air Force took the unusual step of pulling the plug on the entire acquisition for reasons that may make sense on the surface, but was baffling to long-time acquisition experts and especially to the vendors, who spent more than year and hundreds of thousands of dollars or more on proposals.

“While it is good that the requirement generated significant industry interest with over 250 proposals received, the established acquisition strategy and evaluation methodology were not suitable to result in a manageable number of prime contract awards. It is in neither the U.S. Air Force’s nor industry’s best interest to award far more prime contracts than the program and its supporting workforce can properly administer, and for which sufficient competitive opportunities are projected to provide fair opportunity to a significant number of prime contractors,” the Air Combat Command, which was running EC2, wrote in a notice on SAM.gov.

Agencies have cancelled procurements for a lack of competition. They have cancelled contracts because industry feedback made it clear the government wouldn’t be successful. And agencies have terminated acquisition efforts for an assortment of other reasons.

But long-time acquisition experts say they can’t remember a time when an agency cancelled an acquisition because there was too much interest.

“Clearly, there was insufficient market research conducted to understand how many contractors would propose, and how fully qualified they would be based on the selected source selection strategy,” said Mike Smith, former director of strategic sourcing at the Homeland Security Department and now executive vice president at GovConRx. “From my humble perspective, the Air Force should have foreseen a robust response to this requirement given the huge emphasis on cybersecurity across government and industry today. Additionally, true market research, and not just going through a process, would have told them to expect a large number of proposals, and as such a down-select process and more true discriminators would have been in order.”

A market research failure

Agencies are spending more time and resources on market research these days. The General Services Administration even offers a free tool, market research-as-a-service. Laura Stanton, GSA’s assistant commissioner for the Office of IT category in the Federal Acquisition Service, wrote in a July 31 blog post on MRAS that in three years, the service has conducted over 3,000 requests for information for customers, including more than 25% specifically for IT category special item numbers (SIN) on the GSA multiple award schedule. The top user of MRAS is the Air Force.

But this is more than a market research failure. While experts applauded the Air Force’s tough decision to pull the plug right before the award, the fact the ACC let EC2 go on through almost all the phases of an acquisition before realizing it wasn’t going to work is major breakdown.

A former Air Force official, who requested anonymity because they still do business with the Defense Department, said the entire acquisition strategy was problematic from the start.

ACC went with a self-scoring approach and let companies partner with each other multiple times so figuring out which team was better than another was too difficult.

“The big question is did they really red team how industry would respond to the solicitation?” the former official said. “If they had one-on-one meetings with some of the bidders or more directed discussions, they would’ve gotten feedback on their strategy. The acquisition offices that speak least with industry have the most challenges with procurements. They did hold an industry day, but those are one way discussions. If they did one-on-ones, they would’ve gotten better feedback about the solicitation and how industry would react.”

Greg Giddens, a former chief acquisition executive at the Department of Veterans Affairs and now a partner with Potomac Ridge Consulting, said cancelling a contract like this has negative impacts on both the agency and industry.

“It will make industry less inclined to invest in responding to future proposals and some in the government underestimate the expense that industry incurs to respond. For something like the acquisition, it could easily be in the millions for each company,” he said. “The biggest impact in cancelling an acquisition like this one where the requirements still exist is that the mission needs will not be met.”

Air Force had no other choice

Smith added it’s clear the Air Force will not reimburse industry for their costs and expenses.

“In cancelling this solicitation, the AF unilaterally decided to spread the B&P cost for this effort across all federal agencies,” he said.

The Air Combat Command spokesperson said the agency didn’t have a lot of options but to cancel the acquisition entirely once it realized the challenges ahead.

An ACC spokesperson said the evaluation and award methodology for the acquisition provided that an award would be made to each and all “qualifying offerors. The solicitation did not include a specific number of awards, and the source selection team did not have a set expectation.

“Alternative evaluation methodologies and the re-definition of ‘qualifying offerors’ were considered, and ACC Acquisition Management and Integration Center concluded that either would result in substantial changes to the EC2 solicitation.  In accordance with FAR 15.206(e), if an amendment is proposed for issuance after offers have been received and that amendment ‘is so substantial as to exceed what prospective offerors reasonably could have anticipated, so that additional sources likely would have submitted offers had the substance of the amendment been known to them, the contracting officer shall cancel the original solicitation and issue a new one, regardless of the stage of the acquisition,’” the spokesperson said as the reason for a cancellation instead of modification.

Now that the Air Force ended EC2 after more than 18 months of planning, the need for cyber services doesn’t go away. The spokesperson said ACC is analyzing its next steps to meet enterprise cybersecurity needs.

“In the meantime, ACC AMIC will continue to solicit and award those requirements on an individual basis, either by issuing separate solicitations that will be posted on SAM.gov or by competing and/or placing orders under existing GSA, Defense Department and/or Air Force IDIQ contract vehicles,” the spokesperson said.

And this brings us all the back to the age-old discussion about why agencies believe they need their own multiple award contracts still. The Air Force’s short plan on is really a long-term solution for every agency who believes they need to go down their own path.

And the governmentwide solution to limiting or stopping the proliferation of multiple award IDIQ type contracts for common IT or professional services hasn’t been found. And without political leadership from the Office of Federal Procurement Policy (OFPP) to require agencies to justify an acquisition like EC2, this is what happens — a colossal waste of time and money all around.

The summer isn’t officially over, and with a heat wave stretching from the Plains through the Midwest and into the East Coast this week, it may continue to feel like the dog days of summer for quite a while. But we can pretend fall is just around the corner what with the college football season kicking off last weekend, the NFL starting this week. And now that we are past Labor Day, it’s time to look back at some of the major people changes in the federal IT community over the summer.

One of the most surprising changes came not in the executive branch, but on Capitol Hill.

Multiple sources confirmed, and reacted with both surprise and bewilderment, the House of Representatives decided to part ways with both their chief information officer AND chief technology officer in late May or early June, depending on who you talk to.

Alan Thompson, the CIO, and Justin Black, the CTO, were relieved of their duties because the chief administrative officer, or maybe House leadership, “wanted to go in a new direction,” multiple sources say.

A spokeswoman for the House CAO declined comment on the personnel changes.

Attempts to reach Thompson and Black via LinkedIn were unsuccessful.

Sources also have confirmed that Jamie Crotts is the acting CIO of the House of Representatives. He previously served as the chief information security officer of the House for about eight months and has been director of cybersecurity awareness and policy for six years previously.

Crotts came to the House after spending about 13 years in the private sector with Booz Allen Hamilton and Deloitte.

It’s unclear if Thompson and Black were fired or just asked to leave or left on their own will. No matter the specific circumstances, sources said the decision is surprising nonetheless given both of their impacts on the House to bring the technology members use into the modern era.

Thompson came to the CAO’s office in May 2020 from the Carlyle Group, first as deputy CIO, and then rose to acting and finally permanent CIO a year later.

Black had been CTO since 2018, coming to the CAO after spending 10 years with the Department of Veterans Affairs inspector general’s office where he led the data analytics effort and was the CIO for eight years.

Thompson said back in June 2022 in an interview that one of his top priorities was to make it easier for lawmakers’ office to adopt digital services. He said by filling the gaps in knowledge and skillsets, the CAO’s new office of digital services could accelerate the modernization of Congress.

As part of this digital services effort, Thompson and Black worked on improving the technology infrastructure for the House over the last few years. This includes bringing better Wi-Fi access in the office buildings, a pilot in the district offices to improve their wireless connectivity with the goal of making it easier to connect offices and people.

In the CAO’s semiannual report to Congress released in June, the digital services team continued to make progress in launching new tools, including “the team’s very first home-grown product: Deconflict. Intended primarily for use in committee offices, this modern calendar interface provides staff visibility into each House committee’s upcoming hearings and markups before they are publicly noticed.”

Executives retire from GSA

Thompson and Black weren’t the only notable names leaving federal services over the last few months.

Carol Ochoa, the inspector general of the General Services Administration, retired after 37 years in government. She had been GSA’s IG since 2015 and joined the government in 1989 as an assistant U.S. attorney in Washington, D.C.

Robert Erickson is the current acting IG until President Joe Biden names a permanent one.

Ochoa’s tenure at GSA continued the tenuous relationship between the IG’s office and the administrator’s office.

Some said Ochoa and her staff were overly critical or aggressive around certain and specific areas, particularly during the Trump administration.

One ongoing area of disagreement that neither the IG’s office and the Federal Acquisition Service can find common ground on is the continued use of the Transactional Data Reporting (TDR) framework for tracking prices on the schedules program.

One of Ochoa’s final investigations showed major problems with the Login.gov program.

“During her roughly eight years of service as GSA IG, she led audit and inspection efforts which produced nearly 600 reports to GSA, and ultimately to Congress. The reports provided recommendations for corrective actions to address serious deficiencies found in GSA programs,” said Rep. Gerry Connolly (D-Va.), in a statement on the House floor recognizing Ochoa’s service. “These reports also included extremely valuable contract audits which, over her term, identified more than $4 billion in potential savings in the form of questioned costs or funds that could be put to better use.”

In addition to Ochoa, Larry Lee Gregg, the assistant IG at GSA, also retired after 50 years of federal service.

Also leaving GSA is Zach Baldwin, the automation lead for the Federal Risk Authorization Management Program (FedRAMP), after 20 years of federal service.

“It’s really hard to walk away after such a long time — the hardest thing is leaving projects I felt passionately about undone and walking away from some long term relationships I’ve developed,” Baldwin wrote on LinkedIn. “I am very proud of some of the projects that I have been involved in over the years. I was part of bringing cloud to the federal government by creating the first cloud blanket purchase agreement (BPA). I supported and helped lead the Federal Data Center Consolidation which helped the entire government migrate from legacy physical data centers to the cloud. I was there at the creation of FedRAMP, but only significantly contributed when I returned to the program and lead the automation initiatives. I’m excited to see the future of automation as the foundations I helped set are actualized into what I am sure is the future of FedRAMP and cybersecurity. It’s been a great career. I hope I served the taxpayers well.  The federal government is a big ship that doesn’t turn quickly. I hope that in my career I’ve done a significant amount of nudging in the right direction.”

Baldwin didn’t say what his plans are for the future.

Over at the Army, Hannah Hunt, the chief product and innovation officer at the Army Software Factory in the Army Futures Command, decided to move to industry after three years in the role.

She came to the Army Software Factory in October 2020 from the Air Force’s Kessel Run. Hunt started her federal career as a legislative affairs intern at the Treasury Department in 2015.

During her time at the Army Software Factory, among the areas Hunt focused on was the upskilling and training soldiers and civilians to expand the number of software developers. The six-month training program sends about 30 soldiers and civilians through the cohort.

“Years from now you will look back in awe at what you have done for the Army. Change takes time but the Army is well on its way to transform at a pace never before in history,” wrote Raj Iyer, the former Army CIO, who now is with ServiceNow, on LinkedIn.

Hunt said she would be joining MetroStar, a digital services and management consulting company specializing in emerging technologies within the public sector, as a distinguished technical fellow and senior director.

NASA, Interior, SBA add to staff

The news isn’t all about people leaving government service. There were several executives either coming back to government or finding new roles in agencies.

Krista Kinnard, the Labor Department’s director of innovation and engineering in the CIO’s office, is heading to NASA to be its digital transformation team as the change management and culture lead. She starts at the space agency this month.

Kinnard has been in that role since April 2021 and previously worked as the director of the AI Center of Excellence at GSA.

Kinnard, who was a winner of a Service to America Medal in 2022 in the emerging technology category, focused on automating repetitive and low-value processes through robotics process automation and other technologies. It helped Labor reduce errors, save time and money and improved services in the areas like human resources and acquisition.

“Through the use of acquisition-related bots, Kinnard transformed work that once took 40 hours to complete, requiring searches through multiple webpages and databases to populate reports, and reduced the time to less than three minutes,” the Partnership for Public Service wrote in its 2022 medals program.

Over at the Interior Department, Darren Ash, the CIO, continues to fill out his staff. He lured Stan Lowe, the former CIO at the Federal Trade Commission and chief information security officer at the Veterans Affairs Department, back to be Interior’s CISO.

Lowe, who left VA in 2015, comes back to government after eight years in the private sector. Among the companies he worked for were Booz Allen, Zscaler and most recently Synchronoss Technologies.

Lowe replaces Jack Donnelly, who left in June 2022 to be the CISO at the Office of the Comptroller of the Currency in the Treasury Department.

Finally, the Small Business Administration’s acting CIO Steve Kucharski named Doug Robertson as the agency’s new chief technology officer. Robertson has been with SBA since July 2020 joining as a product owner and IT specialist.

He previously worked in the private sector at an artificial intelligence company called Interactions and for Gleanspot.com as a product owner and scrum master.

SBA’s previous full-time CTO was Sanjay Gupta, who left in March 2022 to be the CIO of the Justice Department’s Executive Office of Immigration Review. Gupta recently joined the Illinois state government as the acting director of innovation and technology.

Time is a funny concept when it comes to federal technology initiatives.

There’s never enough time to fix everything. The initiative needs more time to bake. The law, policy or regulation will take time to implement and show results. When it comes to cybersecurity, time isn’t on our side.

I can only imagine that for every agency chief information officer, singer, songwriter Joe Jackson may have summed it up best in his song Got the Time: “Time – got the time tick-tick-tickin’ in my head.”

The recent updates from the General Services Administration on the Enterprise Infrastructure Solutions (EIS) program and the Office of Management and Budget around the 21^st Century IDEA Act underscore the trials and tribulations of time in the federal IT community.

GSA is giving eight agencies a new deadline to move to EIS.

OMB is expected to issue new IDEA Act guidance in early September and is encouraging agencies to apply for funding from the Technology Modernization Fund soonest to meet some of the new goals.

As the Rolling Stones famously said, time — years for some agencies with EIS and weeks for the IDEA Act — is on your side, that is, until it’s not.

Let’s start with the immediate countdown clock.

Federal Chief Information Officer Clare Martorana has said several times earlier this spring and summer that OMB finally, after four-plus years, will issue guidance to implement the IDEA Act. Sources say that guidance could come as soon as early September.

Martorana said on Aug. 2 at the IT Vendor Management Summit that while some agencies have moved out on initiatives that the IDEA Act is focused on, others have been “waiting for more deliberate guidance in order to start turning those gears of government forward so the American people can get the IT services that they deserve.”

“It basically will be a 10-year roadmap for digital transformation. Much of this is, as I like to say, motherhood and apple pie. It’s all those good things that we all know have to happen. But it’s really deliberate, thoughtful and achievable for our government to execute on the 21st century IDEA Act,” she said. “It’s very foundational things like not duplicating content, publishing content that’s easy to find and easy to understand, modernizing front-end design and improving the experience of websites and digital services, ensuring we have consistent look or feel branding across agency channels and that everyone is using the US Web Design System. We’re going to improve the design, development and accessibility, which is really critical for all of our digital products and services to ensure sufficient capacity to support Section 508 of the Rehabilitation Act of 1973.”

President Donald Trump signed the IDEA Act in December 2018, which aims to make federal “.gov” websites more mobile-friendly and more secure.

OMB’s delays in getting the guidance out the door can be attributed to several reasons, fair or not. First, OMB had little support within the Trump administration to expedite the improvements, partly because it was a Democrat priority, and partly because it came toward the end of the administration and people and focus went elsewhere, especially as the pandemic went into full swing. The Trump administration did release updated web design standards in January 2020 as part of its IDEA Act efforts.

IDEA Act delays for a host of reasons

When the Biden administration took over OMB, the pandemic remained the focus and then there was a series of cyber incidents that took a lot of time away from the IDEA Act. Biden’s executive order on customer experience, signed in December 2021, does build on the IDEA Act themes, specifically by repeatedly tasking agencies with digitizing forms, as well as improving their websites and expanding the services they offer online.

On top of all of this, Congress interest was tepid at best. Rep. Gerry Connolly (D-Va.) had talked about adding the IDEA Act to the Federal IT Acquisition Reform Act (FITARA) scorecard.

But the December 2022 version didn’t add it, and there hasn’t been a 16th FITARA scorecard yet this year with the Republicans taking control over the Oversight and Reform Committee.

In the meantime, lawmakers led by Connolly and Reps. Carolyn Maloney and Khanna, wrote one letter in May 2021, but didn’t hold a single hearing to hold agencies accountable in four-plus years.

But now it’s time to get the IDEA Act moving. To do that, Martorana and the Technology Modernization Fund Board are trying something new by encouraging agencies to submit funding proposals and use a new template.

“In collaboration with the TMF program management Office at the General Services Administration, we have developed a new streamlined process that includes pre-filled project plans to make it easier for agencies to submit initial project proposals. We are piloting the new process with two templates related to the 21^st Century IDEA focused on the following: Improving web accessibility, and digitizing public-facing forms,” Martorana said in an email to the CIO Council, obtained by Federal News Network.

Martorana added in the email that the CIOs should share the TMF funding opportunity with agency digital services and customer experience teams.

On its website, the TMF board said the initial funding opportunity is open through Sept. 22, but it will continue to accept proposals based on funding availability.

So the time is now for agencies to put together their proposals to obtain some of the $400 million or so that’s left in the TMF.

OMB didn’t mention how much money the TMF board was specifically allocating for IDEA Act projects unlike they did for customer experience proposals last summer.

GSA’s timetable shifts

Meanwhile over at GSA, the time for EIS transition went from May 2023 to May 2024 to now, for eight agencies, May 2026.

After approving two extra years for the transition to the new telecommunications contract for the departments of Justice and Homeland Security in December, GSA approved extensions for six more agencies.

A GSA spokesperson confirmed it granted more time to the departments of Transportation, Commerce and Agriculture, as well as the Federal Energy Regulatory Commission, the Government Accountability Office (Oh, the irony) and the U.S. Courts.

“These agencies have entered into memoranda of understanding with GSA that they will be authorized to use the expiring telecommunications contracts up to May 31, 2026, once those contracts are extended to that date. GSA is currently working with the contractors to extend each contract,” the GSA spokesperson said in an email to Federal News Network.

In October, GSA approved a year extension for 82 other agencies finalize their move off of Networx.

Laura Stanton, GSA’s assistant commissioner for the IT category in the Federal Acquisition Service, wrote in an Aug. 10 blog post that this extension is limited to just the eight agencies. She said GSA will update the terms and conditions of the Networks Authorized User List (NAUL), and will remove those agencies which are no longer authorized to use the contracts and will order contractors to disconnect services to such agencies.

“Unless an agency is working with GSA to use the extended CoS to May 31, 2026, the NAUL will be updated to remove the agency and its services will be disconnected on or before May 31, 2024. Agencies should continue to work aggressively with their contractors to transition prior to May 31, 2024. If an agency requires days, weeks or months beyond May 2024, it should contact their solutions broker on the GSA team to explore options,” she wrote.

Between now and 2024, Jake Marcellus, who became the executive director for Enterprise Technology Solutions (ETS) in FAS in February, will continue to improve the customer agency EIS transition experience and outcomes.

“His team developed a system to use disconnect data to identify the most significant transition risks and make the appropriate executive engagements with agencies,” Stanton wrote. “They’re engaging agencies, assisting with problem identification, consulting on technical solutions and facilitating requests for 2026 extensions. In addition to meeting with agency CIOs staff, Jake is also meeting with executives of our EIS contractors.”

EIS and the 21^st Century IDEA Act, two important initiatives whose time has come and, in some ways gone, and now are caught in the time warp of federal IT where deadlines are fungible and progress is measured in years.

To keep with the theme of the day, I’ll end with the chorus from hard-rock group Anthrax’s Time to sum up when it comes to federal IT initiatives:

My mind keeps thinking
Clockwise as the seconds tick away
I make my move today
Time and life, life and time
To have and hold
And sometimes find
It isn’t mine, it isn’t yours
Man to man, I’ll fight you for
Time and life, life and time
One day I’ll get what’s mine
Through the persistence of time
Huh!

A 200 year-old law created to protect the government from paying for goods and services they may never receive is the latest obstacle agencies in how they buy cloud computing services.

GSA lawyers are interpreting the Advance Payment Statute, which originated in 1823, in a way that is causing agencies to pay 10% to 20% premium for software-as-a-service subscriptions.

Value-added resellers and other industry experts say this interpretation of the law is causing major headaches for agencies and providers alike.

“The government is arbitrarily categorizing subscription licenses delivered through cloud as a service when in practicality it is not a service. It’s a known quantity and it rarely deviates from that known quantity,” said Tony Colangelo, founder and CEO of Minburn Technology Group, a value added reseller. “Microsoft O365 is perfect example. It’s a subscription that is sold on a per user, per year basis. So if you have 500 users, some will use the product more than others, but all 500 will need to use the product throughout the annual subscription term to accomplish agency business. This is a non-partisan conversation and simplicity should prevail in saving taxpayers’ money. We are not trying to charge the government more, but to align commercial practices to the way the government is buying cloud services. This also is impacting small businesses as they have to finance money to pay for the contracts.”

The primary purpose of the Advance Payment Statute is to protect the government against the risk of contractor nonperformance, namely “to preclude the possibility of loss to the government in the event a contractor — after receipt of payment — should fail to perform his contract or refuse or fail to refund moneys advanced,” according to a position paper on this topic produced by Minburn Technology.

Experts say because software-as-a-service is labeled a “service,” GSA lawyers determined agencies buying from the GSA schedule, and possibly other GSA run acquisition vehicles, providers are to be paid in the arrears — like the electricity or water bill at your house when you are paying for something that you’ve already received.

Industry experts say paying in arrears is fine for consumption based cloud services like platform or infrastructure-as-a-service, but in the case for SaaS, it’s more like a magazine subscription where you know you will get 52 issues and you pay for all 52 issues up front.

Two reasons for SaaS concerns

Companies and other acquisition experts say GSA’s lawyers are conflating the term services and what cloud services or software-as-a-service really entails versus the delivery of say food or even paper and pens.

The issue, and GSA’s interpretation, isn’t necessarily a new problem. But it’s come to ahead because of two recent issues. First, the struggles of the high-profile Defense Department’s Defense Enterprise Office Solutions (DEOS) vehicle came to light only recently. The fact that military services and defense agencies are using the Navy’s enterprise software initiative contract instead of DEOS due to as much as a 20% markup of the price for the same Microsoft Office 365 license was surprising to many in the federal community.

The second issue that brought the Advance Payment Statue and SaaS problem to the forefront is inflation.

Colangelo said the cost to borrow money has gone up requiring companies like his to borrow money to pay for the annual license and wait to get paid back monthly by the government.

“It’s a large amount of money that you have to finance, and the harder it is to get the financing, the harder it is to support these orders,” he said. “Whether I have to support a $100,000 or a $50 million task order that we received through say, DEOS, I have to finance that and I know that I signed up for that. But as a taxpayer, I’m frustrated the government is paying 10%-to-12% more than they need to and when talking about a $50 million task order, that adds up. That is $5 million or more.”

Minburn had two orders where it offered the agency customer seven-figure discounts to get the payment up front, but the department couldn’t accept the discount because of this interpretation of the law.

“The government is paying for a payment structure that it doesn’t want or need,” Colangelo said.

GSA’s tail is wagging the dog?

Other value-added reseller companies are in similar situations as Minburn, having to front the funding because commercial companies do not sell SaaS this way where the customer is paying in the arrears anywhere else in the world.

One industry executive have requested anonymity because they didn’t ask permission to talk to the press, said it’s a case of the tail wagging the dog.

“Government policy and law needs to be able to keep up with how industry is changing. We are on the front end of that as the true cloud consumption model is just starting to take off. That is why the government is struggling. It takes a long time to turn a big ship around,” said the industry executive. “But by the same token, the catalyst of how much money you could save if you just change government policy and change the laws is fairly strong.”

GSA officials knew this interpretation of the Advance Payment Statute contradicted industry best practices. But former officials say attempt to make change went nowhere over the years.

To GSA’s credit, current officials recognize something needs to change as agency buying of cloud services, particularly off the schedule, closes in on $1 billion. In 2022, GSA says agencies spent about $993 million through the schedules cloud special item number. GSA says 662 contractors current sell cloud services through the schedules, and SaaS is overwhelmingly the most popular cloud service under the Federal Risk Authorization Management Program (FedRAMP) with 380 out of 422 approvals.

GSA issued a request for information on July 31 asking for industry feedback on SaaS pricing best practices and what are its options better align the schedules with industry practices for pricing and invoicing term-based software.

A GSA spokesperson said, “the RFI is designed to gather information to understand differences between federal and commercial practices, including what discounts vendors may offer if payment in advance were permitted.”

Once GSA analyzes the feedback to the RFI, which is due Aug. 23, it will determine its next steps, the spokesperson said.

Previous attempts to improve cloud buying

Colangelo said GSA implemented a re-write of the cloud SIN payment terms in July 2022, under solicitation refresh No. 13, which let cloud computing service pricing set increments beyond one month, so as to better align with commercial billing practices.

“We thought this revision to the cloud SIN billing terms was supposed to fix the advance payment issue, but it hasn’t been interpreted that way,” he said. “It’s hard to understand what the purpose was for this change to the billing term for cloud services, if not to fix the advance payment issue.”

GSA also issued a new cloud buying policy in December 2021 to promote the ability to buy cloud services on a consumption basis. But this approach helped more with infrastructure — and platform-as-a-service, than SaaS.

A former senior acquisition official in government with industry experience, who requested anonymity because they still do business with GSA, said changing the policy would be beneficial to GSA as much as industry. The former official said GSA and the Defense Department, for example, are not aligned with their interpretation and that is causing problems across the government.

“We are always trying to show ways where the government can show consistency in procurement and this is prime example of where government can and should do that,” the former official said. “GSA easily could make paying up front for cloud services an option within a blanket purchase agreement. So if an agency customer has the authority pay up front, they could have one price, but if they have to pay in the arrears, here’s your other price. GSA could do that if they didn’t want to address this policy head on.”

Larry Allen, president of Allen Federal Business Partners, worked with Senate lawmakers to try to add a technical clarification to the defense authorization bill to help solve this issue to allow for SaaS subscriptions to be paid up front.

Allen said while there was some support on Capitol Hill, it’s unlikely the provision will make it across the finish line.

This leaves industry and agencies waiting until GSA goes through the RFI process, which can take months. Meanwhile, the cost to buy SaaS, an ever growing segment of the federal IT sector, is hung up around inconsistent interpretation of a 200-year-old law. The result is costing some agencies millions of dollars more than they need to spend.

GSA acquisition leadership, its lawyers, the smart folks at the Office of Federal Procurement Policy and the Defense Department should get together to find a pragmatic approach to applying the Advanced Payment Statute to cloud services, a law which was never intended to be applied to cloud or any modern technologies.

Three years into the Commercial Platforms Initiative, the vision Congress had for the initiative isn’t necessarily coming to fruition. But new data and analysis shows that doesn’t mean it’s a failure by any means.

The number of agencies using the platform more than quadrupled between 2020 and 2022 to 27 and the spending, while far below initial estimates of $6 billion have increased to $40 million last fiscal year.

And beyond the raw numbers, agencies told the Government Accountability Office in a new report that it is saving them time, money and giving them better data about their purchase card spending — all of which were major reasons why Congress created the program in the fiscal 2018 Defense Authorization Act.

“What we are seeing is a rapid increase in the platforms’ use and it’s an interesting experiment,” said Chris Yukins, a professor at the George Washington Law School and a federal acquisition expert. “In the 1990s, the use of the schedule contracts exploded largely because General Services Administration senior executives were pushing hard for line purchasing officials to understand and appreciate the schedules program. It was a successful marketing effort. It was completely appropriate and fine, but it took time for government purchasers to get comfortable. I think the same thing is happening with commercial platforms and we are seeing them get more comfortable with them.”

Where the vision of the CPI is falling well short is lawmakers wanted GSA to develop the platform to make it easier for Defense Department purchasers to find commercial items.

The top agencies using the commercial platforms are the departments of Veterans Affairs and Agriculture.

Yukins said the fact DoD users haven’t found or are not attracted to the platform is surprising.

“We interact with DoD personnel including contracting officers and about one-third to one-half are mid-career contracting officers from DoD. We talk about the commercial platforms initiative in our classes, and what has emerged is DoD is insisting users must be trained and followed rules like Section 508 and Accessibility. That is creating a steep learning curve for those who want to buy from commercial platforms at DoD,” he said. “For those individuals who are required to undertake training, it can be 5 or 6 tutorials before they are allowed to use it. That is a steep mountain to climb for many.”

Another piece of the NDAA vision that isn’t coming together is the goal to create several platforms that agencies could take advantage of. Initially, vendors and others were calling Section 846 the “Amazon amendment” as experts believed the CPI would benefit the online retail giant the most.

That has become the reality as Amazon has accounted for an increasingly larger amount of sales each year with 92% in 2020, 94% in 2021 and 96% in 2022.

The other two platform providers, Fisher Scientific and Overstock Government have struggled to gain a bigger foothold.

Part of the reason seems to be what agencies are buying.

“The average order size was approximately $270 per order for fiscal years 2021 and 2022 combined. Agencies spent more on the IT broadcasting and telecommunications category —including computer displays, phone headsets, and computer docking stations — than any other product category in the program,” GAO reported. “Agencies’ purchases in this category were almost three times larger than the next highest category. Agencies also purchased office supplies, furniture and domestic appliances through the program.”

Yukins said it’s not surprising to see that Amazon is the most popular of the platforms given there is little to no learning curve to use it. He said the only real barriers are training and the acceptance of this approach to buying in the first place.

Another long running concern about the commercial platforms was GSA’s ability to collect, understand and share data with agencies.

GAO found mixed results.

On data visibility, GAO says, “Officials from seven agencies said that the program provides increased data and enhanced visibility into purchases made by agency cardholders. For example, officials from two selected agencies stated that the program has provided visibility that they did not have before into what individual cardholders were purchasing.”

But data on sales to small businesses and the use of the AbilityOne program was inconsistent.

The challenges around AbilityOne continue to be a matter of contention. The National Industries for the Blind filed a lawsuit against GSA in February after the agency’s solicitation to expand CPI missed the mark for addressing mandatory requirements for certain products.

Concerns about meeting AbilityOne remain

Kevin Lynch, the CEO of NIB, told Federal News Network in an email that his organization dropped the lawsuit in May after GSA reconsidered its approach to AbilityOne program compliance.

“Ultimately, GSA acknowledged it could do more to ensure that CPI purchases meet AbilityOne requirements and amended the solicitation to strengthen language on compliance. Nonetheless, the report GAO issued concludes GSA could still improve its efforts to help federal agencies increase their use of AbilityOne on the commercial platforms,” he said. “We can’t help but feel vindicated by GAO’s conclusion. Acknowledging that GSA’s actions are ‘steps in the right direction,’ GAO said that, as the implementing agency for the CPI, GSA has the opportunity to provide guidance to federal agencies to increase awareness of, and improve future spend on AbilityOne products.”

GSA re-released its solicitation in May to expand the number of platforms after Congress mandated it in the 2022 NDAA.

As part of the new RFP, GSA is trying to address NIB’s concerns by requiring companies who are submitting offers to have a demonstrated “block and sub” system to ensure that mandatory source AbilityOne items are bought when they should be.

An industry source said GSA likely will ask the vendors bidding to demonstrate the block and sub systems during the live test demonstration of the evaluation process.

“Each company will be scored on how well their system meets the requirements. This will be one evaluation factor for a new award,” the source, who requested anonymity, said. “I do not believe that GSA has yet scheduled the live test demonstrations, but I suspect that this is the next step in the acquisition process.”

GSA says it extended the current three CPI contracts an extra six months through December 2023. They were set to expire in June.

GAO makes two recommendations

GAO stated in its first solicitation for the platform provider contracts, GSA sought platforms that could either mark AbilityOne products as preferred or hide “essentially the same” products, a subset of products that the AbilityOne Commission has identified as essentially the same as AbilityOne products.

GAO says Fisher Scientific and Overstock hide essentially the same products while Amazon marks AbilityOne products as preferred.

“Even with these features, officials from two selected agencies stated that the program’s ability to help them meet AbilityOne mandatory sourcing requirements is a work in progress. For example, an official from one selected agency noted that the search filters on the Amazon platform were not working as expected. The officials from this agency told us that the hierarchy of search filters failed to prioritize products that are mandatory sources (e.g., AbilityOne) above other priorities or preferences, such as products sold by small businesses. Rather, the search filters are all prioritized at the same level,” GAO stated. “During the time of our interviews, Amazon representatives and GSA officials told us they were aware of this concern and are working to resolve the issue. In addition, Amazon representatives told us that they established an AbilityOne online storefront in an effort to increase the availability and visibility of AbilityOne products and increase the number of AbilityOne products sold.”

GSA officials told GAO they have taken steps to educate agency buyers and promote AbilityOne items, such as creating a desk guide that reminds buyers of how to identify AbilityOne items on the platforms and demonstrating how to use search filters in monthly trainings.

“[W]e found that there are opportunities for GSA to help participating agencies improve the process to buy AbilityOne products. Similarly, the program has the potential to help agencies purchase from small businesses; however, it currently does not facilitate participating agencies’ ability to report purchases from small businesses,” GAO stated.

One of GAO’s two recommendations focused on GSA developing a plan to formalize its manufacturer part number efforts intended to help ensure AbilityOne products are procured in lieu of their essentially the same counterparts.

NIB’s Lynch said he hopes GSA takes more aggressive steps to enforce AbilityOne compliance.

“That plan could provide details on how GSA will compare manufacturer part numbers to the list of essentially the same (ETS) products and outline actions that will be taken when GSA identifies that an ETS product has been purchased — including how GSA plans to share this information with agencies,” he said. “We continue to believe that the best way to ensure compliance is to prevent the sale of commercial items that are essentially the same as AbilityOne items to federal customers.”

GAO’s second recommendation focused on small business data. GAO says GSA and the Small Business Administration should develop a better process for agency customers to get credit for small business purchases.

“GSA officials acknowledged that given the potentially large number of agency purchases from individual small businesses with relatively small dollar value, the process is resource intensive, which likely discourages agencies from taking the additional steps required to collect small business contracting credit on applicable purchases,” GAO stated. “In addition, as GSA officials explained previously, businesses would have no reason to register with SAM and certify as small businesses if they do not intend to contract with the federal government.”

Yukins added the fact small business sales can’t be tracked more accurately, suggests platform providers are not delivering line item sales data to the government.

“All of the commercial platform providers are slow to change their models to accommodate government requirements for things like socio economic category tracking,” he said. “What we see here is the intersection of private business practices and government socio economic requirements. Over time as private contractors leverage their negotiations, they could resist accommodating all of the government’s requirements and we may be seeing that play out.”

A huge fine for a big name government contractor.

A flood of interest for the next great governmentwide acquisition contract.

And despite all the challenges with the federal procurement market, there is a lot of optimism about where agencies and contractors are heading.

Welcome to another edition of As the [Procurement] World Turns.

The Biden administration use of the False Claims Act to prosecute contractors was tepid to say the least. The Justice Department brought in $2.2 billion in fiscal 2022 around settlements and judgements. That is down from $5.6 billion in 2021, $2.2 billion in 2020 and more than $3 billion in 2019.

The majority of those 2022 cases were in the healthcare sector, accounting for $1.7 billion in all. Federal acquisition judgements and settlements barely registered in DoJ’s annual release about their successes.

That all seems to be changing in 2023, however.

In the last few weeks, two cases may just be a sign of things to come.

Booz Allen Hamilton settled acquisition fraud allegations to the tune of paying $377.4 million. This is one of the largest settlements related to federal procurement in the last 20 years. It’s among the largest ever win for a Qui Tam or whistleblower case as well. The former Booz Allen Hamilton employee is expected to receive more than $69 million for bringing the case to light.

You can read the entire Justice press release, but the crux of the allegations against Booz Allen stem from the company allegedly improperly charging costs to its government contracts and subcontracts, and getting reimbursed for those charges that instead should have been billed to its commercial and international contracts from 2011 to 2021.

As one person said to me, if Booz Allen agreed to settle for $377.4 million, imagine how much money was actually improperly charged back to the government over that decade? Makes you wonder a bit…

In a press release, Booz Allen stated, it “has always believed it acted lawfully and responsibly. It decided to settle this civil inquiry for pragmatic business reasons to avoid the delay, uncertainty, and expense of protracted litigation. The company did not want to engage in what likely would have been a years-long court fight with its largest client, the U.S. government, on an immensely complex matter. This settlement ends the DOJ’s civil investigation more than six years after it began. DOJ closed its parallel criminal investigation more than two years ago, taking no action.”

The other False Claims Act from earlier this month was much smaller in terms of a settlement, but nonetheless still interesting.

Justice won a $7 million settlement from Foresee Results, Inc. and Verint Americas, Inc. (collectively, Foresee) to resolve allegations that the company violated the False Claims Act by falsely representing that they used the methodology of the American Customer Satisfaction Index (ACSI) to measure customer satisfaction.

This case stems from a 2011 contract from the Federal Consulting Group (FCG), which is part of the Department of the Interior, for website assessment and improvement services, through which Foresee agreed to measure the public’s satisfaction with certain government websites and make recommendations regarding how to improve satisfaction.

“The settlement announced resolves the government’s allegations that Foresee did not use the ACSI methodology, but instead used a different methodology to measure the public’s satisfaction with certain government websites,” Justice stated in its release.

Eric Crusius, a partner with Holland and Knight and a procurement attorney, said what the federal acquisition community maybe seeing now is DoJ ramping up to implement the Biden administration’s priorities with oversight and accountability.

“With this administration, anecdotally, it appears DoJ has been more active recently in the False Claims Act arena; particularly when looking at the Civil Cyber Fraud initiative that was announced in late 2021 and the Procurement Collusion Strike Force. I expect we will continue to see increased activity in these areas, in particular,” he said.

Flood of OASIS+ questions

Speaking of ramping up, industry’s excitement, or better yet attraction, to the General Services Administration’s OASIS+ multiple award program may not have hit the apex yet, but is rushing up the hill.

Contractors submitted more than 4,500 questions about the six solicitations GSA released in June for this professional services governmentwide contract.

GSA says it plans to release its responses in batches in the coming weeks, and will notify industry via SAM.gov and this OASIS+ Interact Community forum.

Bids on OASIS+ are due by Sept. 13, but anyone who has watched these mega-contracts over the last two decades knows, deadlines tend to slip to the right several times, particularly with the amount of interest OASIS+ is garnering.

Now on top of the OASIS+ bid, GSA said today it plans to issue an amendment to Polaris GWAC Small Business Pool offerors in August 2023.

“The amendment will incorporate submission of a price proposal, as well as adjustment to the evaluation requirements specific to protégé firms. Solicitation amendments for the WOSB, HUBZone, and SDVOSB Pools are planned for September 2023.”

Both of these will keep companies, bid and capture experts and GSA contracting officials busy into the new year.

Survey says: Acquisition workers optimistic

Within all of these challenges and opportunities, contracting officers and other acquisition leaders are generally optimistic about where the market is heading.

A recent survey by the Professional Services Council of officials from 13 agencies found, generally speaking, acquisition processes have been functioning well, and there is continued confidence in federal acquisition efforts.

”PSC’s 2023 Acquisition Policy Survey indicates government acquisitions are in a stable condition, though ambiguity at programmatic and policy levels creates an opportunity for federal leadership action at many different decision points,” PSC wrote in the survey summary. “Decision points exist on how best to apply the composing parts of impact areas for mission execution and to determine if some of these composing parts even work at all.”

Survey respondents highlighted several positive outcomes, including the benefits of multi-agency contracts like the GSA schedules or NASA SEWP.

“Sixty-one percent of respondents believed multi-agency contract vehicles — ranked most beneficial to acquisition outcomes and key to the Category Management framework — grow the available vendor base,” the survey stated. “Worth noting: 39% believed that those contracts shrink the base, enough to indicate that while these vehicles are beneficial to acquisition outcomes, those beneficial outcomes may not necessarily result from vendor base growth.”

Many respondents say longer-term contracts help improve communication of expectations with contractors and create more stable partnerships. These vehicles also reduce the stress or impact on understaffed procurement shops.

Workforce remains a major challenge with the workforce facing an attrition rate of 25% over two years, the median age of 46 and 23% of staff already retirement eligible.

“Our survey and interviews demonstrated surprising results — that while the government still has difficulty attracting a new generation of workers, employees leave mostly to other agencies and components, instead of to retirement, resignation or private industry,” PSC stated. “Respondents said government hires need to be promoted quickly. Promotion takes training, and acquisition training takes time. Sometimes, ‘we turn to contractors for trained professionalism — especially for knowledge of legacy systems. This is reaching a crisis level.’ Respondents said their employees need more skills to reach the right experience, right fit. Respondents most often stated they are weakest on training in program management.”

Optimism in how agencies communicate and collaborate with contractors is another sign of optimism.

PSC says 67% of respondents believe communication with industry has improved over the last 2-3 years and 70% say it will continue to get better over the next few years.

Respondents said issuing requests for information, holding one-on-one meetings and reverse industry days are among the most effective ways to communicate with industry.

Let me riddle you this: When it comes to government contracting, if you are not a small business, what are you?

The answer, of course, is “other than small.”

Not much of a riddle, except if you are a “medium-sized” business in the $34.1 million to $250 million revenue range (feel free to argue for that end range to be closer to $500 million) over the last year, specifically under NAICS Code 541512 — computer systems design services.

Then the riddle clearly is how to compete in a market that favors small and very large firms.

This decades-long challenge is coming to a head with the General Services Administration’s Alliant 3 multiple award contract, currently in the planning phase.

There are growing concerns that based on GSA’s draft request for proposals, these “medium-sized” firms will be locked out of the vehicle, further impacting the industrial base and forcing these firms to sell to the large companies, figure out a way to drop back into the small business size standard, meaning potentially laying off employees, or leaving the federal market altogether. There is no official federal definition for medium-sized businesses. As many of you know, a company is either small or not small. There is nothing in-between.

“There’s a lot of a lot of these indefinite delivery, indefinite quantity (IDIQ) self scoring contracts that are out there that that favor the small business category or the very large businesses. If you are not an Alliant prime in one of the categories, you basically are excluded from a lot of the market, including your existing customers that are moving to best-in-class vehicles,” said Doug Sickler, the chief growth officer for Pyramid Systems, an IT services company with approximately 200 employees, in an interview with Federal News Network. “We did research and wanted to have a fact-based discussion, really regarding some of the key requirements [of Alliant 3] that would exclude companies like ours and others. In our situation, scoring well enough to be one of the 60 companies to receive this contract vehicle will be difficult with things like the past performance, the size of the past performance, which is really incongruent with the average size of the average Alliant task order and having an approved accounting system, which require not only that you have the accounting system but also that you have the contracts that require the audit because you can’t just request an audit out of the blue and have that done from the Defense Contract Audit Agency.”

RFP coming next spring

If you aren’t familiar with Alliant 3, it is the next great battleground for federal contractors. It portends to be one of the most sought-after governmentwide multiple award contracts of 2024.

GSA wrote on its Interact site that it expects to release the final RFP in spring 2024 after issuing a second draft RFP before the end of calendar year 2023.

“We had hoped to issue the RFP in 2023 after a single draft RFP, but as a result of feedback from the first draft, the one-on-one listening sessions, and other factors, changes were made to the solicitation that warrant the release of a full second draft RFP slated for before the end of the calendar year and a subsequent solicitation planned for spring 2024,” said Laura Stanton, the assistant commissioner for the Office of Information Technology Category in GSA’s Federal Acquisition Service, in an email to Federal News Network. “We will be holding a pre-proposal conference and taking other steps to ensure that all companies have equal access to information.”

Pyramid Systems joined with several “medium-sized” businesses to outline the potential challenges with Alliant 3 and develop recommendations for how GSA could improve the final RFP.

Sickler said part of the goal of the medium-sized group white paper is to shine a light on the current state of Alliant 2 and how GSA’s draft requirements do not seem to take them into account. There’s also the need to continue to push back against the “we need the best-of-the-best” type of thinking by agency acquisition leaders and contracting officers.

“That’s our whole argument is that they’re not getting us to the best when they compete these GWACs this way. What they’re getting is the biggest of them. They’re measuring volume, they’re measuring quantity and size. They’re not measuring quality, agility, innovativeness and those things that are more subjective, which are harder to draw concrete lines in the sand,” he said. “The default becomes just pure statistics of dollars, of employees and of size. It’s not necessarily an indication of the best of the best. If you really want the best of the best, then make sure those folks are available to bid on the task orders.”

The group is suggesting several things GSA could do to improve Alliant 3 to address what they see as a playing field tilted to small or very large businesses.

First, the coalition is encouraging GSA to expand the number of awardees from the initial plan of just 60.

“As witnessed during the life span of the Alliant 2 contract, significant (roughly 30%) market consolidation took place due to mergers and acquisitions. Without significant policy changes, the federal government should anticipate the market consolidation trend to continue and address this for Alliant 3. One practical solution would be to create a mandatory, annual on-ramp for new participants, with a goal of adding twenty percent (20%) of new awards over the life of the GWAC,” the white papers stated. “Currently, there is also no plan to allow for an on-ramp to Alliant 3, and there is currently no on-ramp to Alliant 2. Over the 10-year period of performance, this inhibits the government’s flexibility to source additional providers. This could include companies who grew from small to large during that period as well as commercial providers who decided to bring their innovative solutions to the federal sector.”

Kevin Cooley, the CEO of Resource Management Concepts, which also is an IT services company and has about 350 employees, said agencies too often limit the number of awardees because of inaccurate concerns of having too many bids per task orders.

He pointed to how Alliant 2, with initially 61 awardees — now down to 41 because of the aforementioned M&A — averaged only 2.5 bids per task order. GSA’s schedule contracts with tens of thousands of vendors has seen similar numbers over the years.

“GSA probably needs to double the pool size on Alliant 3. They will not end up with 10 bids per task order. That’s not going to happen,” he said. “By doubling the number of awards on this to probably about 120, they get more medium-sized companies in there and it actually wouldn’t corrupt the GSA business model. They really can’t afford to have 2,000 contracts to manage because it drives their cost. But 200 would still be small enough to keep their costs manageable.”

A second suggestion is to change the past performance criteria for other-than-small businesses. The coalition says the current draft requirements do not give medium-sized businesses a chance to compete.

“As currently designed, a successful bidder on Alliant 3 will need a nearly perfect score. There are 10,500 points available if the bidder provides seven past performance examples, each with a $275 million contract value. This requirement effectively limits competition to only very large businesses,” the white paper stated. “[O]f the 517 task orders under Alliant 2, the average contract size is $84.38 million and 80%+ of the task orders are less than $85 million. Another example of the 517 task orders on Alliant 2, only 14% of the task orders are cost-based, yet the requirements for Alliant 3 include an accounting system approved by the Defense Contract Audit Agency (DCAA). Contractors cannot request this audit; it can only be received if the government asks DCAA to audit your system on their behalf.”

Cooley said most of Resource Management Concepts’ work is with the Navy and maybe 1% or 2% of all task orders the Navy puts out are above $200 million, meaning GSA set the past performance bar way too high.

“When you think about winning a spot on Alliant 3, you basically have to max your points, so getting points for all seven of those past performance examples,” he said. “They’re pretty darn rare in the big picture. So the idea that the mid-sized companies are going to go out and clean up six or seven of those, it’s ludicrous. It’s just not going to happen.”

The coalition recommends GSA set the minimum scoring line to 78% of total points and include an on-ramp for companies to earn their way on Alliant 3 in the future.

Additionally, the companies suggest creating pools of awardees based on revenue size:

• Under $50 million;
• $50 million-to-$150 million;
• $150 million-to-$250 million; and
• Over $250 million

Stanton said GSA has been heeding the feedback in the RFI and draft RFPs so far.

While she couldn’t offer too many specifics on the changes to Alliant 3 that are coming, she said they will publish the list of questions, answers and comments received on Alliant 3, and that they expect the changes GSA is making will be welcomed by businesses of various sizes.

“I’ll give you a couple of tangible examples that came out of the listening sessions. One company suggested that we add a technology area to the RFP in climate/environmental technology. We think this is a great suggestion and would distinguish Alliant 3 as the only one that offered something like this. We intend to act on this and to add a technology area to the RFP,” Stanton said. “Many medium-sized companies expressed a concern over the cost of completing a proposal. A number of companies wanted to get a feel for how many points are needed to get on the contract as they consider whether to put forward a proposal to prime, or seek a teaming relationship with a larger prime. To address this, we plan to issue some data in the RFI responses that will help to inform industry of the total available points for Alliant 2, and the lowest number of points earned that resulted in an award. While not an exact reflection of Alliant 3, it should give industry a good idea of the investment needed to get an award.”

It’s clear there are some real concerns about GSA’s current approach to Alliant 3. While everyone recognizes the final acquisition strategy is not set in stone, the signals are clear. It would behoove GSA to increase the number of awardees and relook at the past performance requirements as both seem to predestine Alliant 3 to protest purgatory.