The final push to spend fiscal 2015 money begins Sept. 1. And with sequestration rearing its ugly head once again and Congress speaking out of both sides of its mouth about a shutdown or no shutdown starting Oct. 1, agencies seem to be going on a spending spree before the 2016 horror story returns.

“We are looking at agencies motivated right now to spend against any authority they have, even multi-year money because theoretically that multi-year money could be reduced by a certain authority come Oct. 1,” said Steve Charles, co-founder of the ImmixGroup. “It’s a little like the year before sequestration kicked in, I guess two years ago. We saw a real cleaning of the pipes so to speak, a real spurt at year-end. This is similar, maybe not quite as dramatic, and so it’s going to be big year end.”

Take the Alliant IT services multiple award contract (MAC) run by the General Services Administration.

Casey Kelley, the Alliant program manager, said as of Aug. 21, agencies have obligated more than $211.3 million against the contract. That is way up from August 2014, when agencies only spent $13.2 million, and even higher than 2012 and about equal to 2011. In 2013, Alliant saw a huge spike of $954 million in revenue in August.

Kelley said he expects agencies to continue to use Alliant over the last month of the fiscal year in a big way. He said he conservatively estimates agencies will obligate at least $500 million against the IT services contract.

Traditionally, September is Alliant’s busiest month of the year where agencies are spending anywhere from $1.9 billion in 2012 to $865 million in 2013 to almost $700 million in 2014.

Larry Allen, president of Allen Federal Partners, said he’s heard from vendor clients that NASA’s SEWP V also is seeing a huge increase in action.

He said this indicates a real shift from agencies issuing requests for information or sources sought notices to actually buying the products and services they need.

Two of the federal market research firms say this year is trending very similar to previous years.

Govini compared federal civilian agency spending between July 1 and Aug. 28 in 2014 and 2015 and found overall contract obligations are down to $18.3 billion from $25 billion. Govini says the Office of Personnel Management is spending almost 66 percent less, while the departments of Education, Health and Human Services and Veterans Affairs also have reduced their spending by more than 48 percent.

On the positive side, Govini says the Energy Department is spending 80 percent more so far in the fourth quarter than it did in 2014 and the Labor Department is up by more than 74 percent.

Bloomberg Government reported about 37 percent of obligations are going through MACs. Bloomberg says GSA’s OASIS and the National Institute of Health’s CIO-SP3 governmentwide acquisition contracts are seeing “notable” year-over-year increases too.

Bloomberg says one other notable trend is small business set-asides are increasing and they expect it to continue to grow in the fourth quarter.

This post is part of Jason Miller’s Inside the Reporter’s Notebook feature. Read more from this edition of Jason’s Notebook.

Behind closed doors, there is a growing disagreement — I wouldn’t call it a dispute quite yet — about how make services to veterans easier.

Sources say the departments of Labor and Veterans Affairs don’t quite see eye-to-eye about how best to use the domain veterans.gov.

VA Secretary Bob McDonald brought the discussion semi-public recently in comments made during an event hosted by Politico where he said, “Our websites have unusual names. E-Benefits, MyHealtheVet, etc. What’s wrong with Veterans.gov or Vets.gov? Rather than looking at everything through the lens of the bureaucracy toward the customer, let’s look at everything from the lens of the customer.”

Sources say there have been some discussions between Labor and VA about whether VA should own the veterans.gov site or whether Labor should continue to run it — as they have since 2001. By the way, veterans.gov redirects to the Veterans Employment and Training Service.

Neither VA or Labor would bite on my questions as to how far those discussions have progressed.

A VA spokeswoman said, “Regardless of who owns the webpage, Veterans will be given access to programs and information that will benefit their lives. This cross-agency collaboration is what the spirit of MyVA is about, government agencies coming together to create accessible opportunities and benefits for Veterans. VA is committed to working with partners to provide transitioning servicemembers, veterans and their families with meaningful career opportunities.”

A Labor spokesman offered this: “DOL works closely with VA and a number of other federal agencies supporting veterans and transitioning service members. The agencies include departments of Defense, Education, Energy, Transportation, Agriculture, and Housing and Urban Development, the Small Business Administration and the Consumer Financial Protection Board and others. There is close coordination around the Transition Assistance Program as well through the White House Joining Forces initiative. DOL, VA and others collaborate regularly on further improvements to online resources provided veterans, most notably the Veterans Employment Center or VEC housed on VA’s eBenefits.va.gov website. The future of veterans.gov has also been discussed.”

But what McDonald, Labor Secretary Thomas Perez and their staffs are missing is the Office of Management and Budget already fixed this issue in 2004 under the E-Government initiative called Benefits.gov.

Take a trip in the way-back machine with me for a minute.

More than 10 years ago, Labor, which runs Benefits.gov, created a way for agencies to customize a portal for a particular segment of their mission area.

According to the owner of this way-back machine, who I’ll call Jeff, the goal of this effort was to let each partner agency build a separate portal to present their agency’s programs, but use the back-end engine that runs Benefits.gov to help citizens find services no matter the agency providing it.

The team that runs the E-Loans site realized their functionality was going to mirror the Benefits.gov functionality, so they just executed an agreement to have Benefits.gov provide the functionality for GovLoans.gov.

So what ever happened to this idea of putting a new skin on top of the website and connecting to the benfits.gov back-end database?

Well, my friend Jeff says VA pushed back against it.

Labor offered to open an application programming interface (API) into the database so that VA could consume the data as a service and present results on its own website.

But in the end, VA’s objections to this approach ended up stopping this initiative.

So fast forward to 2015 and McDonald wants an easy way for veterans to access services, maybe someone on the Benefits.gov team should bring back that plan from more than a decade ago.

Now Benefits.gov wasn’t perfect by far. For all of its promise, the portal was missing the ability to apply for services once you found them. In 2004 or 2005, that capability wasn’t as easily programmed or accepted as it is now. But now the site gives you a link to begin the application process.

So it wouldn’t take much to create a veterans.gov website using the benefits.gov customization feature and lets veterans not only find VA benefits, but every benefit all agencies offer.

“VA is building teams such as the Veterans Experience office and a dedicated Digital Service team to build a new Veteran-centric experience,” the VA spokeswoman said. “The Office of Information and Technology is also working to consolidate all customer facing digital projects into one portfolio for an organized and smooth transition to one digital property.”

While Benefits.gov was an answer to better serving citizens, agencies over last two decades built more and more websites on top of websites making it harder for users to find what they need.

In 2011, the Obama administration made it a priority to reduce duplicative websites.

OMB issued guidance freezing new websites and ordering a reduction of at least 1,000 by 2012.

OMB furthered this initiative in 2014, giving the General Services Administration overall responsibility to approve any new federal websites.

A GSA spokeswoman said that today there are 1,351 federal second-level domains, such as GSA.gov. That’s down from 1,928 in 2011.

Overall, there are 1,350 program or agency websites with about 29,870 addressable sub domains, micro-sites and URLs. That’s down from about 2,000 main websites with 66,875 sub domains, micro-sites and URLs.

“In keeping with the OMB policy, GSA continues to control the proliferation of government websites,” the spokeswoman said. “The current trend (2 years), is a slight continued reduction in federal domains through domain management.”

This post is part of Jason Miller’s Inside the Reporter’s Notebook feature. Read more from this edition of Jason’s Notebook.

Inside the Reporter’s Notebook is a biweekly dispatch of news and information you may have missed or that slipped through the cracks at conferences, hearings and other events. This is not a column or commentary – it’s news tidbits, strongly-sourced buzz, and other items of interest that have happened or are happening in the federal IT and acquisition communities.

As always, we encourage you to submit ideas, suggestions and, of course, news to Jason via email.

Be the first to know when a new Inside the Reporter’s Notebook is posted. Sign up today for our new Reporter’s Notebook email alert.

Exclusive: Cyber sprint’s before and after picture gives reasons for hope, fear

There has been plenty of discussion in the federal community about the Office of Management and Budget’s 30-day cyber sprint and whether it made any difference or not.

Some experts say the cyber sprint was just window dressing on long-standing problems. Others pointed to finally forcing agencies to use their smart identity cards to log-on to their networks and computers, and that was, at least, the type of difference maker that had been missing over the last decade.

A new document obtained by Federal News Radio shows just how bad a shape agencies were in as of June, and just how far they’ve come over the summer.

When OMB released results of the cyber sprint, federal Chief Information Officer Tony Scott highlighted governmentwide progress in using secure identity cards to log on to networks. But it’s what Scott didn’t talk about publicly that creates both hope and fear.

Read more

The CDM quandary many agencies are facing

The Office of Personnel Management faced a quandary. As one of the first agencies out of the gate under the Continuous Diagnostics and Mitigation (CDM) program, the question officials had to ponder was both simple in the idea, but complicated in the final decision: Does an agency wait until the Homeland Security Department and Booz Allen Hamilton, the contractor which won the task order for Group B, implement the tools and technologies, or does it pay for similar tools for another year on its own?

In the end, Jeff Wagner, OPM’s director of IT security operations, said the agency decided it couldn’t do without these tools even though DHS, through its CDM fund, is paying for similar applications and expects them to be installed by next spring.

Read more

NASA CIO to retire in December

NASA could be soon looking for another chief information officer.

Sources say Larry Sweet has told his staff he plans on retiring at the end of the calendar year.
Sweet moved to NASA headquarters from Johnson Space Center in June 2013 and worked for the agency for what will be 28 years in December.

Over the last two years, he has been advocating a concept called “enterprise first,” where the 18 space centers and organizations could take advantage of shared IT services.

Read more

NASA could be soon looking for another chief information officer.

Sources say Larry Sweet has told his staff he plans on retiring at the end of the calendar year.
Sweet moved to NASA headquarters from Johnson Space Center in June 2013 and worked for the agency for what will be 28 years in December.

Over the last two years, he has been advocating a concept called “enterprise first,” where the 18 space centers and organizations could take advantage of shared IT services.

Sweet told me in May his goal was to get “80 percent to 90 percent use of commodity-based IT that is offered through these enterprise services and shared service center.” Sweet said NASA already has moved about 70 percent of all commodity IT to I3P or the shared services center.

Two other personnel changes of note.

Cheri Tyner is coming over to the Defense Department to be the director, of the acquisition directorate for the Washington Headquarters Services. She had been deputy director in the Office of Acquisition Management for the Immigration and Customs Enforcement directorate at the Department of Homeland Security.

The Defense Contract Audit Agency also is grabbing a civilian agency expert to run its human resources office.
DoD named Maureen Higgins as the assistant director for Human Capital and Resource Management at DCAA. Higgins previously was the deputy director of the Center for Leadership Development at the Office of Personnel Management.

This post is part of Jason Miller’s Inside the Reporter’s Notebook feature. Read more from this edition of Jason’s Notebook.

The Office of Personnel Management faced a quandary. As one of the first agencies out of the gate under the Continuous Diagnostics and Mitigation (CDM) program, the question officials had to ponder was both simple in the idea, but complicated in the final decision: Does an agency wait until the Homeland Security Department and Booz Allen Hamilton, the contractor which won the task order for Group B, implement the tools and technologies, or does it pay for similar tools for another year on its own?

In the end, Jeff Wagner, OPM’s director of IT security operations, said the agency decided it couldn’t do without these tools even though DHS, through its CDM fund, is paying for similar applications and expects them to be installed by next spring.

“One of the pitfalls, and this is my own personal frustration with CDM, and I don’t like talking bad about CDM because I love it, is timeframe, timing, issuance and getting things moving,” he said during an event on CDM sponsored by 1105 Government Information Group and RedHat.

Wagner said DHS told OPM —  and likely the other seven agencies that are first in line—the tools and technologies are coming, but it may take a year to get through all the processes to get them implemented.

“I don’t have a year. I have six weeks,” he said. “Especially in a time like right now, if you jump on CDM, you can either buy this product for a year or not have a solution in place. It’s going to become a risk-based decision. In the instance in which CDM is buying us tools, I made the decision with the CIO that this year I will renew all the tools that I have in place that CDM is supposed to replace, but they will not be in place until March or April. I’m getting all this stuff, but they will not be configured until then. And until then, I still need to patch. I still need vulnerability scanning. I still need compliance scanning. I still need to do some sort of software inventory. It’s going to be one of those roll the dice. Do I but it this year or don’t I?”

Wagner said DHS and the General Services Administration have been phenomenal in working with agencies to get the tools rolled out, but the reality is it takes time.

“There’s going to be a gray area and there is going to have to be risk and we do call back to DHS and GSA and say ‘Hey look, what are the fine lines we can do, what are the pieces we can do, where can we cut, where can we get you guys to pick up the costs?’” he said. “They work with us on it. In some, they say they can totally do it and in other cases they say it’s not in this phase, and they have rules like everybody else.”

Wagner’s challenges are specific to OPM.

Every chief information security officer and chief information officer as they finalize their fiscal 2017 budget request over the next month must decide how much money they need and where to spend it.

Wagner’s initial budget request his office is putting together for 2017 is $7 million more than OPM said he could have for IT security.

“Like anybody I put in a budget, I’m $7 million over because I have more wishes and some of them like, ‘Yeah, no, not going to happen,’” he said.

One of the long-standing complaints about CDM is the size of the program and how long it takes to go from contract award to full implementation.

And if OPM with a fairly small cyber budget and modest network is struggling with these buy or wait decisions, imagine what the departments of Veterans Affairs, Transportation and Energy—all of which are in Group B along with OPM — must be going through and how much money they are spending while waiting for DHS and the contractor to get moving.

There may not be an answer to this problem either. DHS and Booz Allen, in this case, can’t just throw more people or money at the problem. Configuring tools on a network takes time to get it right and the larger the agency and more complex network, the longer it will take.

Maybe that’s one of the shortcomings of a program like CDM that can’t be avoided. As Wagner said, he’s a huge supporter of DHS and GSA as both partners and of the concepts behind CDM, but he knows firsthand that the risk is too high to wait for new tools, leaving him like others having to spend money they hoped they wouldn’t have to in 2016 and beyond.

This post is part of Jason Miller’s Inside the Reporter’s Notebook feature. Read more from this edition of Jason’s Notebook.

There has been plenty of discussion in the federal community about the Office of Management and Budget’s 30-day cyber sprint and whether it made any difference or not.

Some experts say the cyber sprint was just window dressing on long-standing problems. Others pointed to finally forcing agencies to use their smart identity cards to log-on to their networks and computers, and that was, at least, the type of difference maker that had been missing over the last decade.

A new document obtained by Federal News Radio shows just how bad a shape agencies were in as of June, including how many critical vulnerabilities that existed for more than 30 days and how many potential holes in individual agency networks, and just how far they’ve come over the summer.

When OMB released results of the cyber sprint, federal Chief Information Officer Tony Scott highlighted governmentwide progress in using secure identity cards to log on to networks. But it’s what Scott didn’t talk about publicly that creates both hope and fear.

The document from June, when the sprint began, shows just how bad agencies were doing in closing critical vulnerabilities, including those open for more than 30 days. It also details indicators of compromise that agencies said they had and the number of privileged users who had access to the network.

At the request of an administration official citing national security concerns, Federal News Radio decided not to publish the chart or talk about specific agencies.

But generally speaking, the “before” picture was scary.

Agencies listed more than a dozen indicators of compromise, including one agency with a majority of them. An indicator of compromise means strong evidence exists the system or network has been compromised by hackers.

Agencies also said they had more than 50 critical vulnerabilities open for more than 30 days and more than 75 active critical vulnerabilities. Several agencies listed double-digit vulnerabilities open for more than 30 days and/or active problems.

So that was the bad news.

Now 45 days later, a government official said the picture is much brighter, but far from perfect.

“The indicators of compromise were all false positives,” said the official, who spoke on condition of anonymity in order to address the sensitive data in the chart. “Some of that is the agencies are learning how to search for indicators the Homeland Security Department sends out, and some of that was on DHS for writing better descriptions of what to look for.”

The official said all agency-reported indicators of compromise were investigated either on site or by DHS reviewing the computer images agencies sent them.

The official said if an agency did have a compromise, it’s a big deal so there was a huge effort to figure out what exactly was going on.

Agencies are reporting new potential indicators regularly, and the official said they expect to have some false positives.

“If we don’t get false positives, we aren’t looking hard enough,” the official added.

Another federal cyber expert took a more pragmatic spin on the situation.

The official, who also spoke on condition of anonymity in order to address the sensitive nature of the data, said it’s definitely good news that the indicators of compromise were false positives.

“Your agency has to have a good cyber threat management arm to its cyber program. If you have a good one, they can identify indicators of compromise and validate them,” the official said. “But most agencies don’t have good threat management program to fully identify indicators of compromise. It’s very serious to have an indicator of compromise, especially if you don’t have a good threat management process.”

The official said agencies also need to have a strong relationship with DHS, the FBI and the intelligence community, which can validate the threats and help you remediate or protect data.

“If you are on your own, you will not get far,” the official said.

As for the critical vulnerabilities, the news is less cheery.

As DHS Secretary Jeh Jonhson said publicly, agencies patched or remediated about 60 percent of the critical vulnerabilities The official said that number continues to increase.

“The trick with these vulnerabilities is two-fold: they are constantly replenished. For example, we just had Windows 2003 server go out of support mode, so any agency with that server will have critical vulnerability where they didn’t have it 30 days ago,” the official said. “Our goal is to get to the point where few if any are around for more than 30 days. Really to have none around for 30 days. We know that will be a constant battle and demand a lot of attention, so the trick is to maintain focus for the next two-three-five years.”

The second challenges with critical vulnerabilities is agencies may not necessarily have updated the IP addresses that DHS scans regularly and there may be problems with the address, but the agency no longer had data on that system, the official said.

A third related challenge is some software vendors don’t update their version numbers when they  push out a new, more secure application, and that too causes false positives.

The federal cyber expert said the progress against the critical vulnerabilities data was like adding a new shine to a beat-up car.

“There is no reason why DHS should be telling us about our critical vulnerabilities on our Internet facing systems,” the expert said. “It puts a huge spotlight on agencies that they can’t manage their resources. But when you step back and look at the bigger picture, most of those vulnerabilities were looking at Windows 2003 server vulnerability, that, yes, could be used as entrance vector. When you look at external systems, those are systems we know of that we can see, but there are a lot that we can’t see, called internal systems, and there are many, many more critical vulnerabilities in them.”

The expert said they know of one agency that had tens of thousands of critical vulnerabilities on internal facing systems.

“Internal systems are behind the firewall but most of the systems are on the same network. So if a spear phishing hack is successful, someone could get into a system, move laterally until they find a system that hosts sensitive data and has critical vulnerability and they hop on that system,” the second official said. “The hacker also can move system-to-system or application-to-application so they are using those vulnerabilities to steal data just the same.”

This is why OMB seems to be marching toward mandating or at least outlining the specifics of what a “defense in-depth strategy” would look like governmentwide.

This could include reassessing how quickly agencies can install two-factor authentication on applications or systems. OMB initially told agencies to meet the 75 percent goal during the sprint, but sources said they backed away and required employees to use two-factor to authenticate only to the desktop.

The security expert said while two-factor to the desktop helps, it’s not closing a huge gap that hackers commonly exploit.

“In today’s environment, the technique we see most often is to spear phish and if the hacker does it 100 times and 10 let him in, then two-factor at the desktop is a joke,” the security expert said. “The hacker just has to wait for the right person to let him in and then move laterally in environment because patches are missing on internal facing systems. The move to a defense in-depth concept means if you have a crack in one layer, then you can survive because you have the protection at other layers. But if you have crack at many levels, then you are in trouble.”

The first government official recognized there is plenty of more work that needs to be done.

“Government cybersecurity is not where we want it to be , but the sprint accomplished what it should and moved us forward rapidly,” the official said. “There are now far fewer privileged users who can log in with only a password and that is a significant achievement. We now have to turn the sprint into a marathon. We have done a burst of activity and that was valuable, and now we have to sustain our pace.”

This post is part of Jason Miller’s Inside the Reporter’s Notebook feature. Read more from this edition of Jason’s Notebook.

There is a little more clarity about the mystery of Barry West, the seemingly now-former chief information officer at the Federal Deposit Insurance Corporation.

West updated his LinkedIn page over the weekend, writing he’s the president of the Mason Harriman Group, a management consulting firm that utilizes former CXOs as advisers or consultants. Mason Harriman holds several contract vehicles including EAGLE II at the Homeland Security Department, three General Services Administration’s schedules contract — financial and business solutions (FABS), 70 and MOBIS — and Immigration and Customs Enforcement independent verification and validation services.

West’s LinkedIn page says he left the FDIC in this month and also started at the Mason Harriman Group this month.

An email to West seeking comment was not immediately returned.

The FDIC website continues to list West as the CIO and chief privacy officer, but it hasn’t been updated since Aug. 12.

West has been on administrative leave from the FDIC since early June.

It’s unclear why West left the FDIC. Some industry sources say it’s related to problems he had while CIO at Commerce back in 2008.

But West and the agency have been mum on what’s really going on.

So maybe West’s LinkedIn entry sheds a little light on this federal IT mystery.

Three other agencies are more upfront with some personnel changes.

The Recovery Board is losing its CIO, while the Treasury Department is getting a new deputy CIO. And another industry veteran is taking a turn as a fed.

Let’s start with Hemanth Setty, the Recovery Board’s CIO. He’s leaving government to become the vice president of technology for BESTech.

Setty took over as CIO for Shawn Kingsberry, who left government in October to join TASC, which now is Engility.

Setty has been with the board since 2010, when he started as a solutions architect and was promoted to chief technology officer in 2012.

He also worked as a solutions architect for the Department of Agriculture for 13 years before coming to the Recovery Board, where he developed enterprise IT practices for architectural governance, project methodology and infrastructure migration from legacy systems.

With his move to the private sector, Setty will help BESTech, an 8(a) firm, provide services back to the government. BESTech customers include USDA, the Forest Service and the National Transportation Safety Board.

Over at Treasury, Eric Olson will be the new deputy CIO, leaving the Justice Department after 12 years.

In an email obtained by Federal News Radio, Justice CIO Joe Klimavicz announced Olson’s plans to move to Treasury. Olson was the agency’s director of service engineering and previously served as the director of e-government services.

Klimavicz said Jeffrey Johnson, the FBI chief technology officer, who is on detail to Justice, will take over for Olson as acting director of service engineering starting Aug. 23.

Olson heads to Treasury after spending the last 12 years at Justice. He also worked for Accenture, Verizon and Sprint before coming into the government.

GSA also is getting new personnel. Steve Krauss is leaving Censeo Consulting Services to run the program management office for category management in the Federal Acquisition Service.

Sources said Krauss will help the PMO build tools, processes and strategies for the various categories and managers as they get named. He also will play a big role in getting the tools in the categories adopted governmentwide.

Krauss has been the corporate development officer at Censeo for the last four years. This is his first stint in government after working in industry at Pragmatics, GTSI and HP during his career.

He’s the second long-time industry executive to join GSA under the category management umbrella. Dan Twomey also made the jump to GSA in May to work in the category management area.

This post is part of Jason Miller’s Inside the Reporter’s Notebook feature. Read more from this edition of Jason’s Notebook.

Inside the Reporter’s Notebook is a biweekly dispatch of news and information you may have missed or that slipped through the cracks at conferences, hearings and other events. This is not a column or commentary – it’s news tidbits, strongly-sourced buzz, and other items of interest that have happened or are happening in the federal IT and acquisition communities.

As always, we encourage you to submit ideas, suggestions and, of course, news to Jason via email.

Be the first to know when a new Inside the Reporter’s Notebook is posted. Sign up today for our new Reporter’s Notebook email alert.

Countdown to launch of CDM dashboard begins

The first iteration of the cybersecurity dashboard under the continuous diagnostic and mitigation (CDM) is scheduled to be released this month.

The Homeland Security Department and the General Services Administration plan to roll out the three components of the Arrow Electronics tool that is based on the RSA Archer eGRC platform to task order awardees under the CDM program in August, according to a DHS/GSA PowerPoint presentation detailing the program’s plans obtained by Federal News Radio.

The dashboard modules include a federal enterprise management module, a continuous monitoring module and an on-demand applications (ODA) capability, the presentation stated.

Read more

Barry West surfaces; Recovery Board CIO heads to industry; New expertise at Treasury, GSA

There is a little more clarity about the mystery of Barry West, the seemingly now-former chief information officer at the Federal Deposit Insurance Corporation.

West updated his LinkedIn page over the weekend, writing he’s the president of the Mason Harriman Group, a management consulting firm that utilizes former CXOs as advisers or consultants. Mason Harriman holds several contract vehicles including EAGLE II at the Homeland Security Department, three General Services Administration’s schedules contract — financial and business solutions (FABS), 70 and MOBIS — and Immigration and Customs Enforcement independent verification and validation services.

West’s LinkedIn page says he left the FDIC in this month and also started at the Mason Harriman Group this month.

An email to West seeking comment was not immediately returned.

Read more

Rethinking cybersecurity on the GSA schedule

The General Services Administration’s IT schedule currently lists six different special item numbers (SINs) for cybersecurity products and services. GSA wants to know from agencies and vendors whether it would make sense to consolidate those six SINs into one major grouping called cyber and information assurance, then break the categories and subcategories down within that grouping.

GSA released a request for information Aug. 12 detailing some ideas and concepts to make this change.

“The purpose of this change would be to improve the way that GSA offers Cyber/IA products and services through IT Schedule 70, increase visibility, improve access to CyberIA offerings and to provide industry partners the opportunity to differentiate their Cyber/IA products and services from other IT related products and services,” GSA wrote in the RFI. “This effort would support initiatives to improve customer procurement of Cyber/IA offerings and enable agencies to take full advantage of Cyber/IA benefits to maximize capacity utilization, improve IT flexibility and responsiveness, and minimize cost.”

Read more

Where’s the transparency, GSA?

Let me get back on my soap box for a minute. This is reason number 347 why GSA needs to make access to RFQs and RFIs on the schedules available for everyone to see.

GSA, on behalf of the Defense Information Systems Agency, made a $296 million award for email-as-a-service to Dell Federal. GSA made the award to Dell June 19.

This award is good news. It’s the largest task order ever on the email-as-a-service blanket purchase agreement. It’s a huge commitment by DISA to move Defense Department agencies to the cloud.

Here’s the long-standing frustration with the schedules: No one but the 15 vendors, DISA and GSA know about the good news, and trying to get a copy of the RFQ is painfully difficult.

Read more

Civilian agencies drawn to DoD’s secret-level mobile device program

The Defense Department’s program to let employees use smartphones on the secret network is becoming more popular than ever imagined. After moving from the pilot to the full production stage in June, the Defense Mobile Classified Capability — Secret (DMCC-S) is in demand not just in the military, but across the government.

At least 10 civilian agencies are interested in the devices and the State Department already put in an order for the hardened version of the Samsung Galaxy S4.

In fact, Secretary of State John Kerry was a part of the Defense Information Systems Agency pilot over the last year. DISA tested about 2,000 Samsung Galaxy S4 devices.

Additionally, DoD coalition partners also are interested in using the technology to communicate with American military units.

Read more