There was an end of the week flurry of activity among cybersecurity executives in the government.

First off, we found out Homeland Security Department’s John Streufert officially is retiring on May 1.

An email from Andy Ozment, assistant secretary for cybersecurity and communications at DHS, confirmed Streufert’s timing and said that Mark Kneidinger will be appointed acting director of Federal Network Resilience (FNR).

We first reported in February that Streufert decided to retire after more than 25 years in government.

“John has had a truly exemplary career in public service, and the Federal Government owes him a debt of gratitude for his contributions to the development of continuous monitoring and enterprise risk management,” Ozment wrote in an email obtained by Federal News Radio.

Ozment didn’t say where Streufert is heading in the private sector. One source guessed that maybe Streufert would land at the SANS Institute or similar type of organization.

At the same time, Kneidinger will begin a new job April 20 as the deputy director of FNR.

“Mark brings a truly unique set of skills to this position. He has been instrumental to the successful roll-out of CDM and in securing agreements covering 98 percent of the federal civilian government,” Ozment wrote. “I have no doubt that Mark will ably lead FNR in implementing our new FISMA authorities and helping our federal agency customers understand and manage their cybersecurity risk.”

Over at the White House, John Banghart, who holds the job Ozment once did as director of federal cybersecurity for the National Security Council, is leaving government as of May 15.

An email inviting friends and colleagues to his goodbye party obtained by Federal News Radio confirmed Banghart’s move out of the White House.

He joined the government in 2009 as an information security specialist at the National Institute of Standards and Technology. Banghart has worked for the White House since August 2013, replacing Earl Crane.

The email didn’t mention who would replace Banghart.

Finally, Martha Dorris is changing jobs inside the General Services Administration. Dorris, the director of the Office of Innovative Technologies in GSA’s Office of Citizen Services and Innovative Technologies, is taking over as the director of the Office of Strategic Programs in the Federal Acquisition Service.

“Martha has provided leadership in policy, acquisition and citizen services at GSA,” said Mary Davie, FAS’ assistant commissioner for Integrated Technology Services (ITS) in an email to staff, which was obtained by Federal News Radio. “She has driven the Office of Citizen Services to deliver products of high value and impact while leveraging the full capabilities of a creative and passionate team. In her role as deputy associate administrator, Martha provided executive leadership to efforts within OCS, including the creation of products and services that enable the federal government to be open, transparent and support the Digital Government Strategy as well as the integrated delivery of information and services to the public through USA.gov. Ms. Dorris is passionate about driving the government to provide an excellent experience to the public. Martha’s experience and leadership will be invaluable to ITS as we transform our organization into a more customer-centric, category management focused organization.”

Dorris replaces Maynard Crum, who has been acting director for much of the last year.

Crum will stay on at GSA leading the customer engagement working group.

“This was the first group we stood up, and as you know, it can be hard to “go first,” Davie wrote. “Many of you are participating on the various organizational structure teams and you know that there is lot of effort involved to help us define that future state (so thank you to all of you too). Maynard is known in ITS for his ‘will get it done’ approach and his focus on our employees.”

And in case you missed it, the Senate finally confirmed Russell Deyo, to be the DHS undersecretary for management. Deyo had been waiting since the Senate Homeland Security and Governmental Affairs Committee approved his nomination in November.

“Given the challenges associated with fusing 22 separate agencies into one cohesive department, the Under Secretary for Management at the Department of Homeland Security is an enormously important position,” Sen. Tom Carper said. “Russell Deyo has extensive management experience and will enable the department to continue making progress in challenging areas. Mr. Deyo’s perspective from the private and public sectors will be an important asset to Secretary Johnson as he works to unify the department and continue its critical mission.”

Deyo replaces Raphael Borras, who left in February 2014 to return to the private sector.

T he third generation program to improve federal identity management, Connect.gov, is barely off the ground and the General Services Administration is asking industry what the fourth generation will look like.

GSA issued a request for information April 16 asking vendors to provide insight into where cloud-based or online authentication and credentialing is heading.

“GSA envisions establishing a vibrant identity ecosystem where individual consumers can choose to use a third party-issued, government approved credential they already have and trust to access government sites and services,” GSA wrote in the RFI. “The objective of this RFI is to learn the viability, feasibility, cost- effectiveness, pricing methodology, industry readiness and to explore areas of innovation to better understand the full operating capability of Connect.Gov.”

GSA and the Postal Service launched Connect.gov — formerly called the Federal Cloud Credentialing Exchange (FCCX) — in December. Now there are five sign-in partners, including ID.me, PayPal, Yahoo, Verizon and Google, and three federal relying partners, the departments of Agriculture and Veterans Affairs, and the National Institute of Standards and Technology.

Through Connect.gov, agencies can access all four levels of digital credentials making it easier for citizens and businesses to interact online with the government.

The program builds upon other initiatives that have had limited success, including E-Authentication — one of President George W. Bush administration’s E- Government initiatives — and the Federal Bridge and Public Key Infrastructure. Both programs were heralded with great potential, but failed to live up to the vision because of several reasons, including the technology couldn’t meet the demands and because agencies didn’t see the value.

But with the ever-growing cyber threats and the understanding that username and passwords are impossible to secure, GSA sees an opportunity to finally move the government into a broad vision that first came in the late 1990s or early 2000s.. The technology and value proposition are clear that complex and advanced identity management is not only doable, but necessary.

So that brings us to Connect.gov. USPS awarded the initial $15.1 million contrct to SecureKey Technologies in 2013 to set up the back-end infrastructure.

Now, GSA wants to see where Connect.gov can go in the future. The RFI asks for input around two potential operating models:

• GSA operates two broker contracts. One would be for a technical broker to provide a “credential exchange platform.” This would let consumer agencies leverage multiple entities to authenticate and validate the identities of their customers, while providing security, maintenance, integration and technical support services of the platform.

  The second contract would be for a business broker, which would provide business relationship management with the approved identity service, customer relationship management, and offer ancillary services such as program/project management, support, communication, reporting, billing, auditing, and other professional services necessary to fulfill consumer agency business needs.

• GSA manages a single broker contract. Under this model, the one vendor would offer all Connect.gov services, while GSA would manage the contract.

Responses to the RFI are due by June 19 and GSA says it will hold an industry day before the deadline.

On the heels of another Veterans Affairs Department inspector general report showing departmental cybersecurity practices falling short, House Veterans Affairs Committee lawmakers are pressing for more answers about just how secure the data of millions of veterans are in the agency’s network.

A committee staff member said lawmakers are conducting an analysis of the IG’s report, a redacted version of which was posted online April 15, and are asking for further details by April 29.

The IG found VA allowed 14 contractors to access its network and data from outside the United States in countries ranging from China to India to Costa Rica between October 2011 and February 2014. The contractors either received permission to telework or accessed the network without proper authorization during vacation or business travel.

The IG concluded VA suffered from a lack of policy prohibiting the access of agency networks from outside the U.S., the inability of some OIT employees to enforce the cease and desist order from Stephen Warren, VA’s CIO, and from an underwhelming response by the CIO’s office to ensure the networks and data were safe when they found out there were potential problems.

“We found that seven years after the 2006 data breach, VA information security employees still reacted with indifference, little sense of urgency, or responsibility concerning a possible cyber threat incident,” the VA IG wrote in the report. “Austin Information Technology Center (AITC) OIT employees failed to follow VA information security policy and

contract security requirements when they approved VA contractor employees to work remotely and access VA’s network from China and India. One accessed it from China using personally-owned equipment (POE) that he took to and left in China, and the other accessed it from India using POE that he took with him to India and then brought back to the United States. After the Acting CIO learned of this improper remote access, he gave verbal instructions for it to cease; however, VA information security employees at all levels failed to quickly respond to stop the practice and to determine if there was a compromise to any VA data as a result of VA’s network being accessed internationally.”

The committee sent VA’s Office of IT six questions:

• Does a policy exist and is it implemented that denies connections from foreign countries by default and only explicitly allows those connections that can be validated as authentic? If not, when will one be developed and implemented?

• Does Network Security Operations Center (NSOC) at VA provide real-time monitoring for foreign connections to VA internal resources? If not, who does and/or when will NSOC provide this service?
• Does NSOC compare foreign connections to the network with users? If not, when will they?
• Does VA OIT conduct a forensic examination of every device upon a user returning from a foreign country? This includes phones, iPad’s (or similar devices), and computers?

  If not, when will such a policy be implemented?

• Does VA OIT have a policy that provides employees traveling out of country with a clean (free of VA data) “loaner” computer so the employees regular working laptop (filled with VA data) won’t be compromised? This would be most appropriate for employees just checking emails or providing a presentation. If not, when will such a policy be implemented (or why won’t one be implemented)?
• What is VA OIT’s procedures for validating who is actually logged into any given VA resource from a foreign country?

These questions follow several dozen sent by the committee over the last 18 months asking for more assurances that VA is protecting veterans’ data.

FedScoop first reported the details of the IG report..

This IG report comes as VA seemed to be recovering from damning testimony in June 2013 by the OIG and former chief information security officer Jerry Davis that the agency suffered from at least eight successful nation state attacks between 2010 and 2012.

VA reported in January that Mandiant, a cybersecurity vendor, had reviewed its networks and found no evidence of nation states accessing or taking over the network domain controllers.

The department recently made a redacted version of that Mandiant report public.

Warren also promised to add $60 million to the cyber budget to further protect networks after auditors continued concerns.

But this latest IG report raises alarm bells for members of Congress and other experts.

“This report is disturbing. Yet again VA OIT leadership completely missed the boat on a critical security issue,” said a source with knowledge of VA. “Instead of trying to find a policy on telework access from foreign countries, they should have been looking for the policy that restricts access to VA internal resources from foreign countries and foreign

IP address. The policy should deny by default any access to internal resources from a foreign IP address unless explicitly allowed. The VA Office of Information Security should be looking at foreign connections to internal resources in real time 24 hours a day 365 days a year. Connections to internal resources from foreign IP addresses, especially from high risk countries, must be authenticated and validated that it originated from an authorized user.”

The source, who requested anonymity in order to talk about the report, added VA should have required users to have “clean” devices when going overseas, and when they return from overseas, officials should conduce forensics analysis against those laptops or tablets or smartphones.

“In reviewing the IG report, it is easily assumed that when those users connected to VA resources in the manner that they did, they more than likely let prying eyes easy connect to those resources as well,” the source said. “The VA network will continue to have a significant problem in regaining control of the network. It is a tragedy that Veterans have to continue to be faced with the fact that VA OIT cannot sufficiently protect Veterans’ personal data.”

A VA spokesperson said in an email that the agency takes the protection of veterans’ data seriously.

“VA agreed with OIG that the department needed to immediately create and implement policy to prohibit employees or contractors from connecting to the VA network and has already begun work to address OIG’s recommendations in addition to clarifying policy and implementing technical controls,” the spokesperson said. “When issues of protecting Veteran

information are brought to the attention of VA leadership, whether due to evolving technical challenges or when individuals show poor judgment, we take the necessary and appropriate action to ensure our workforce understands and honors our obligations as stewards of Veteran information.”

The IG pointed out that VA did create a policy in January 2014 prohibiting access to VA’s network from non-NATO countries except those where VA has an established presence.

VA also blocks access to websites and network connections to certain countries, and inbound and outbound traffic is also blocked on a country-by-country basis.

Once again, VA has some difficult questions to answer about whether OIT is doing enough, taking all necessary actions and pulling out all the stops to protect veterans data.

Few would argue the challenge is great considering VA is a worldwide organization with more than 200,000 employees and tens of thousands devices. But lawmakers and other experts continue to see these reports where what many call good cyber hygiene isn’t happening and actions to fix the problems aren’t coming quickly enough.

“Inside the Reporter’s Notebook” is a biweekly dispatch of news and information you may have missed or that slipped through the cracks at conferences, hearings and other events. This is not a column or commentary – it’s news tidbits, strongly-sourced buzz, and other items of interest that have happened or are happening in the federal IT and acquisition communities.

As always, I encourage you to submit ideas, suggestions and, of course, news to me at jpmiller@federalnewsradio.com.

Be the first to know when a new Inside the Reporter’s Notebook is posted. Sign up today for our new Reporter’s Notebook email alert.

Exclusive: DoD to create single IT shared services for Pentagon reservation

As much attention as the Veterans Affairs senior executive responsible for oversight of the debacle in Boulder, Colorado of the construction of a new hospital left, his replacement got strikingly little fanfare.

VA Secretary Bob McDonald promoted Greg Giddens to replace Glenn Haggstrom as the executive director of VA’s Office of Acquisition, Logistics and Construction.

Haggstrom retired abruptly March 25 as the heat from the construction failures in Boulder mounted.

Giddens comes into the new role after spending the last five years as VA’s executive director for enterprise project management in the Office of Policy and Planning.

He is no stranger to controversy or large programs. Before coming to VA, Giddens worked at the Homeland Security Department where he ran the Secure Border Initiative (SBINet) program for its first three years. In many ways, Giddens has made a career of dealing with large and politically sensitive programs. He also was the director for the Department of Defense Acquisition Personnel Demonstration Project, program manager for the Air Force Weather Weapon System, and was deputy assistant commandant for acquisition at the U.S. Coast Guard headquarters, and the deputy program executive officer for the Integrated Deepwater System.

The General Services Administration also is shuffling some acquisition chairs.

Tom Sharpe, commissioner of the Federal Acquisition Service, said Gregory Hammond is the new region 2, regional commissioner. Region 2 includes New York, New Jersey, the Commonwealth of Puerto Rico and the U.S. Virgin Islands. Hammond replaces Frank Mayer and Jeff Lau, both of which served as acting commissioners over the last few years. Lau will continue to serve region 2’s deputy commissioner.

FAS is losing a key executive in the Obama administration’s category management effort.

Amanda Fredriksen is leaving her role as assistant commissioner (AC) of Strategy Management on May 3. Sharpe said Fredriksen will move to a new role in Fleet for Travel, Motor Vehicles and Card Services.

“Among many other accomplishments in her tenure as AC, most notable is Amanda’s role in launching Category Management for FAS and the federal government,” Sharpe wrote in an email obtained by Federal News Radio. “Her work has ensured category management will be the ongoing business strategy for managing federal procurement into the future. We have begun a search for Amanda’s replacement; in the meantime, Laura Stanton will serve as acting commissioner of Strategy Management.”

If you remember, Fredriksen got caught up in the post Western Regions Conference clamp down across all facets of GSA. She was one of six GSA officials put on administrative leave for a short time in June 2013. Fredriksen was cleared of any wrong doing, and returned to the assistant commissioner role. She also ran the Integrated Acquisition Environment (IAE) and System for Award Management (SAM) initiatives.

Finally on the GSA front, Region 8 commissioner Tim Horne is leaving FAS to join the Public Building Service. He will assume the role of region 8 PBS commissioner, Sharpe said.

And finally, Larry Gross is moving on from the Interior Department. After spending the last almost five years as the principle deputy CIO at Interior, Gross said he’ll become the Agriculture Department’s Farm Service Agency’s top IT guy on April 20.

Gross replaces Jim Gwinn, who left as the USDA FSA CIO in March 2014 and now is the CIO for the First Responder Network Authority (FirstNet). FirstNet’s mission is to build, operate and maintain the first high-speed, nationwide wireless broadband network dedicated to public safety.

Loretta Burns has been acting since Gwinn left nearly a year ago.

Gross came to Interior in 2010 after spending the five previous years as the associate CIO for Electronic Government at the Treasury Department.

Tony Scott, the federal chief information officer, is a big fan of Marcus Vitruvius Pollio.

Vitruvius lived in Rome between 80-15 BC. He was the first person to write books explaining the basic teachings of architecture.

Before Vitruvius, architects handed down their craft and expertise in the form of a mentor-apprentice relationship.

Scott told the 39 participants who kicked off the IT Solutions Challenge last week to become the Vitruvius Pollio for the federal government.

“He was thinking in the large. How do I make what I know universally known throughout what was then considered the civilized world?” he said. “So when you’re thinking about the problems you’re going to identify and work on as a team.. I’d ask you to focus on two things: What’s long term sustainable? What fundamentally has to change to make a big difference? Take on the hardest challenge and ask how do I scale across the federal government or some large part of the ecosystem? Those would be the two big challenges I lay out for you today.”

The CIO Council is leading the IT Solutions Challenge by bringing in General Schedule 9-13s from 19 agencies for six-months to work significant and broad IT challenges.

Scott said Vitruvius Pollio thought about architecture differently and helped it spread more quickly and more successfully than previous approaches. He said the goal of the Solutions challenge is not to focus on lowering costs because that rarely leads to sustainability and long-term improvements, but to figure out what can be done to improve federal services and then shared more broadly.

“I like to focus teams on what are the long-term stable things that we can do that will ultimately lead to, and sometimes even in the short run, the cost savings that we are looking for,” Scott said. “What are the things can we maintain and sometimes even improve…by making these changes. Then it’s a great approach to how we think about change, systemic, dynamic and evolving organizations and processes in government. The second thing is how to make it scalable. So it’s easy to get small organizations to agree to some change of behavior. I’m pretty sure we can bring about that change because I can eye ball each one of you and I can see if you are committed or not. But if I’m dealing with really large organization the concept of scale I’m not going to be able to eye ball to eye ball every person I want to impact. So I have to be able to influence through logic, through communication or through rulemaking or other sorts of techniques or tools that I have.”

The IT Solutions Challenge held its first meeting April 10th led by members of the Performance Improvement Council as facilitators.

Lisa Danzig, OMB’s associate director for personnel and performance, said this was one of several recent events the PIC helped lead to bring people together to solve a problem.

“The PIC talked through the objectives and facilitated the session to get to outcomes,” Danzig said. “They are our hands-on team with expertise and really enjoy that interaction whenever we have these sessions. Where there is a barrier or when a team needs to resolve an issue or it could be leadership team that needs to identify priorities, what has been happening over the last 12-to-18 months, we’ve been doing a better job leveraging that effort on cross agency issues.”

The IT Solutions Challenge’s timeline is for the teams to present their ideas in September.

Federal chief information officer Tony Scott, a growing number of lawmakers on Capitol Hill and industry associations are warming to the idea of new legislation to make it easier for agencies to buy cloud services.

The Professional Services Council and the IT Alliance for Public Sector (ITAPS) created working groups to explore the assorted challenges agencies face, and there is an ongoing series of meetings and discussions about the topics within the government.

Rich Beutel is the driving force behind this effort after several of the cloud provisions didn’t make it into the Federal IT Acquisition Reform Act (FITARA) last year.

Beutel, the lead House staff member for FITARA, left the Hill after the 113th session ended in December, and now is trying to create momentum for the legislation from the outside.

“This is a good bill and I think there is a lot of interest in getting stuff done,” he said.

“The bill includes a new model for buying cloud, the requirement to create standards for data flow and interoperability, and a lot more.”

Beutel said the two provisions gaining both interest and concern are focused on accessing cloud services.

He said industry and law enforcement officials are interested in new rights the law would give inspector generals or other auditors to retrieve data from commercial cloud service providers.

“Law enforcement has a legitimate equity in doing their job,” Beutel said. “This provision will get some Hill support, but the bigger question will be how best to balance privacy and legitimate law enforcement needs to go after bad guys in the cloud.”

The second provision would create a working capital fund for the General Services Administration to pay for cloud transition costs for agencies.

Beutel said it’s modeled after a similar fund the Homeland Security Department is using to implement the continuous diagnostic and mitigation (CDM) program.

“If you go back to OMB’s 25-point IT reform plan, one of the key obstacles or impediments to fulfillment of cloud first was how we buy and fund these services. It’s hard to expedite government adoption of cloud when there is a fundamental problem with the appropriations process and the development of technology writ large. We are too often using today’s resources to buy yesterday’s technology,” he said. “The best way to solve this is to create a revolving fund or working capital fund. This kind of idea would be used to fund major technology transitions. We know it works and there is support within OMB for doing this kind of thing if you consider CDM.”

Beutel said GSA’s Federal Acquisition Service’s Acquisition Service Fund, which has more than $1 billion in reserve, would be a perfect candidate to fund this effort.

He said the House put this concept in the original version of FITARA, and it gained a lot of support from industry.

“It was carried it all the way through and it passed the House, but the appropriators had concerns before CDM got off the ground that a revolving capital fund would give agencies too much discretion to spend money,” he said. “In the end, we had to strip it out. What has changed is the appropriators seem to have seen light with CDM. Now there is precedent for doing something very similar for cloud.”

Beutel said he’s hopeful to find broader support on Capitol Hill, especially in the Senate this time around.

He said he’s been meeting with staff members on both sides of Congress, and with OMB about the idea of moving legislation to make cloud adoption easier.

The Army’s last bastion of control in the Pentagon building is coming to an end. The Defense Department is creating a single shared services office for all commodity information technology for the Washington metro area, known as the National Capital Region, and placing it under the Defense Information Systems Agency.

DoD and industry sources say a memo ordering this change is awaiting final signature to create the Pentagon DISA Field Service Activity (Pentagon SSP).

According to a DoD plan for this new organization obtained by Federal News Radio, the Pentagon SSP initial phase will be “limited to analysis and consolidation of common or shared IT services within Office of the Secretary of Defense (OSD) (4th Estate), Joint Staff offices in the Pentagon, and selected OSD (4th Estate) offices/organizations in the NCR.

Later efforts will extend to the military department headquarters in the Pentagon and NCR, and remaining OSD agencies in the NCR.”

The Pentagon SSP will bring together Army ITA, OSD Enterprise Information Technology Service Division (EITSD) and possible some smaller IT service providers in the new organization under DISA.

A former DoD official, who requested anonymity because the document wasn’t finalized, said the Army had been fighting this change for the last six months or so, but finally Deputy Secretary Bob Work decided the consolidation was necessary and would happen.

“There was a long standing family feud between the Army and Washington Headquarters Services (WHS),” the former official said. “The Army, back in the day, dominated the Pentagon in terms of providing every service.

But over the years, those services eroded and many of the services were given to different organizations. The Army’s IT Agency was one of last standing. But WHS wanted to get rid of ITA for some time and now it looks like it’s finally happening.”

A request to ITA for comment on the new organization wasn’t returned. A Defense Department spokeswoman said DoD declined comment and DISA referred questions back to DoD.

But the document clearly outlines plans, milestones and expected savings to come from the consolidation.

“By 3 June 2015, DISA in partnership with the Pentagon IT Study group will establish a Pentagon DISA Field Service Activity referred to as the Pentagon SSP,” the document stated. “The Deputy Chief Management Officer (DCMO) will have interim financial control and oversight of the Pentagon SSP with the Department of Defense Chief Information Officer (DoD CIO) providing technical oversight until the Pentagon SSP reaches full operational capability.”

Initially the consolidation will bring together three main technology functions: Video-teleconferencing, IT support and help desk, and computer network defense, the DoD document stated.

The DCMO and DoD CIO will continue to oversee the Pentagon SSP until it reaches full operational capability at which time DISA will have full operational control over the new organization, the document stated.

DoD estimates by moving to shared services the Pentagon can save up at least $144 million by 2020 — mainly by reducing about 125 full time employees running the duplicative technology infrastructure services.

“Consolidation of IT services for OSD organizations in the Pentagon and NCR will net IT savings for realignment to the warfighter while improving overall cybersecurity,” the document stated. “The majority of identified savings are labor equivalents from multiple organizations providing IT services today outside of ITA and EITSD.”

Once the merger begins on June 3, the Pentagon SSP will decide on a standard set of common IT services for the Pentagon and NCR offices. It will public a list of those shared services and associated performance standards, which must meet or exceed current metrics in place today.

Then by June 17, the Pentagon SSP will begin using the best capabilities from ITA and EITSD.

“Authorization of interim funding authority, resources, and oversight will reside with DCMO. Funding will transition to the Pentagon SSP no later than 18 months or as directed in future published directives,” the document stated. “DCMO and the DoD CIO will publish follow-on guidance for the process by which these transitions and savings will be tracked and reported on a quarterly basis to the deputy secretary of Defense.”

The push for the creation of the SSP came from Deputy Secretary Work. In an October memo, Work called for a review of the cost of the Pentagon reservation operations, specifically around the technology operations.

“This review will identify where these activities are occurring and will utilize fact-based, data-driven, alternatives for integrating such services,” Work wrote in the memo. “This review will be difficult, and will challenge many of our institutional interests, but it is essential that it be undertaken with the most focused aim of achieving significant savings that can off-set reductions in the most critical of our mission areas — preserving our war-fighter capability.”

Another former DoD official said the creation of a SSP is part of an ongoing process to collapse OSD headquarters information systems.

“The intent of this move is not to take over control of all of the military department’s systems and services, which could have military operational impact,” the source said.

DoD’s document doesn’t answer several questions such as happens to the senior executives running ITA and EITSD?

Nor does it say where the Pentagon SSP fits under DISA, and how DISA’s reorganization helps meet the goals of the consolidated services.

“From customer perspective, they will get more streamlined services and everyone will have one entity to call on to take care of problems or needs,” said the first former DoD official. “There is a substantial amount of commodity IT so this will end all those little organic organizations that have popped up across the Pentagon.”

One former Office of Management and Budget official called working at the big gray building on Pennsylvania Ave. in Washington the best job you’ll ever hate. That’s why this two-year term appointment to be the IT category manager could be so enticing to some.

OMB is looking for a senior executive with at least 10 years of experience managing IT acquisitions, expert knowledge of the IT supplier base and at least five years managing large-scale strategy initiatives.

Anne Rung, the administrator of the Office of Federal Procurement Policy, said this position would be the first governmentwide full-time category manager.

In that role, the IT category manager would work with Rung and federal CIO Tony Scott to improve the governmentwide coordination of agency buys for hardware, software, telecommunications and other related goods and services.

Applications are due April 10.

MORE FROM INSIDE THE REPORTER’S NOTEBOOK:

Pentagon dipping its toe into BYOD; new panel to guide electronic warfare programs

CFOs fight over budget authority; HHS shared services shortcomings