The much-anticipated first award under Phase 1 and task order 2 of the continuous diagnostics and mitigation (CDM) program finally is out.

Knowledge Consulting Group will implement tools and services from three vendors on the Homeland Security Department’s network.

According to the award notice obtained by Federal News Radio, KCG received a $29 million contract to implement McAfee’s vulnerability manager and ePolicy Orchestrator tools, ForeScout’s CounterACT’s tool for network access control and Splunk’s big data analytics software.

“This is in order to fill gaps in DHS’s existing continuous monitoring services by installing tools and sensors to reach a common set of capabilities,” the award notice stated.

One vendor said the award shows DHS and GSA are committed to providing a certain level of technology to implement CDM.

“This award is encouraging in the fact it proves the government is actually using a best value determination. This wasn’t a LPTA award,” said the vendor, who requested anonymity because the award wasn’t officially announced.

The General Services Administration, which acts as the procurement arm for DHS, said it received 10 proposals for task order 2A.

Matt Brown, vice president for homeland security at Knowledge Consulting Group, said in an interview that the award is validation of the technical direction of the CDM program.

“The continuous monitoring concept has been around for a while, and the CDM program has a specific level of requirements,” Brown said. “I compare it to the three-pedal car, which used to be developed differently by all the automakers until it was standardized. Continuous monitoring was the same but now you have consistency and standards with DHS defining what it means to be CDM compliant.”

Unsuccessful bidders have three days to request a debriefing and then 10 days after that to file a bid protest. Sources said DHS doesn’t plan to set a start date for the implementation of the tools until the protest window closes.

“CDM provides an integrated way to assess, prioritize and manage cyber risk. And understanding and prioritizing risk is what the NIST cybersecurity framework is all about. You have to know what your biggest risks are before you can decide how best to protect them,” said Patrick Flynn, Intel Security director of homeland and national security programs, in a statement. “Another benefit of CDM is that it will provide standardization of information, operations and tools across federal agencies. There are a lot of cybersecurity technologies in place across the government today, but they’re not always coordinated and integrated. Integration of cyber tools is essential if we’re going to protect agencies against breaches. At Intel Security (formerly McAfee) we spent years preparing for CDM and developing new tools to meet the government’s needs.”

The award comes as GSA also is facing an agency-level pre-award protest as of Jan. 30 on the task order for Group B, which likely includes the departments of Energy, Transportation, Agriculture and Veterans Affairs.

GSA asked vendors to validate their bids for task order 2B until April 1.

DHS worked with agencies to group them by cyber needs and architectures.

Brown said DHS detailed the schedule for next set of task orders. As Group B goes through the protest, vendors are finalizing their bids, which are due in the next two weeks, for Group C, working on the task order for Group D, which are due at the end of March or early April and in the early stages of preparing their proposals for Group E, which are due at the end of April or early May.

“DHS encouraged the teaming of vendors under the BPA because of extent of work coming for phase 2,” Brown said. “We knew the task order to support DHS would be highly competitive as most companies which originally went after the CDM contract had DHS focused teams.”

Recently, Grant Schneider, a federal cybersecurity adviser within the Office of Management and Budget, said these tools will integrate with the recently awarded agencywide dashboards.

The award to KCG was the third one under the $6 billion CDM program. DHS/GSA awarded $60 million in tools in January 2014 and then the agency-level dashboard late in 2014.

But this deal was the first of seven contracts for tools and services under CDM, which the 17 vendors are most excited about.

The Defense Department has the perfect job for the executive with a passion for technology and human resources.

DoD is looking for a new director of its enterprise HR information systems in the Office of the Secretary of Defense.

This Senior Executive Service position would oversee and lead DoD’s HR modernization efforts, work closely with the deputy chief management officer and have a budget of more than $60 million.

Applications are due March 6.

The Securities and Exchange Commission is promoting from within for its new chief information officer. NASA is losing a key senior technology executive to retirement.

At the SEC, Pam Dyson officially took over for Tom Bayer on Feb. 12 after being the acting CIO since October. Bayer recently became the CIO of the Standard & Poor’s Rating Service.

Dyson has been with the SEC since 2010 and served as deputy CIO before becoming acting CIO with Bayer’s departure.

“Pam has been instrumental in our ongoing efforts to enhance the Commission’s information technology capabilities,” SEC Chairwoman Mary Jo White said in a release. “I am confident she will provide the expertise, leadership, and vision necessary to further advance the commission’s technology operations.”

Among Dyson’s top priorities will be to continue the SEC’s innovation path. Bayer said in August that the commission already moved more than 50 applications to the cloud, including its call center support, human resources, training and assorted back-office applications.

While Dyson takes on a new role, Gary Cox, NASA’s deputy CIO for IT reform, announced he’s retiring March 31.

In an email to staff and colleagues, which Federal News Radio obtained, Cox said he applied for and was accepted to get early retirement under the Voluntary Early Retirement Authority (VERA) program.

“Fortunately, this will provide time for me to finish our important work on the Business Services Assessment (BSA) IT Core Team, and also allows [NASA CIO] Larry [Sweet] a little time to work a succession plan with NASA leaders. I am very excited to have this opportunity to retire while my health is still relatively good, but will certainly miss working with all of you and the great team here at NASA.”

The BSA pilot will help determine the health of IT services across NASA by focusing on improved efficiencies and improved IT security, and to provide an affordable service and operating model that meets the agency’s needs.

Cox has worked at NASA since 1998 where he slowly moved up the leadership ladder, starting as branch manager for IT services at the Goddard Space Center, then to program manager of the Outsourcing Desktop Initiative for NASA (ODIN) initiative before moving into the CIOs office to work on a variety of issues. He joined the government in 1986 where he worked in a variety of construction management positions at the U.S. Naval Academy.

One last CIO note — Ann Dunkin is up before the Senate once again to become the Environmental Protection Agency’s CIO and assistant administrator for environmental information. President Barack Obama sent Dunkin’s nomination back to the Senate on Feb. 12.

She’s been waiting for more than a year to receive approval, and the EPA has been without a permanent CIO since August 2014. The Senate Committee on Environment and Public Works supported Dunkin’s nomination in July, but the full Senate never acted on it. The President had to resend all nominations back to the Senate with the start of the new Congress.

The Office of Management and Budget is getting kudos for its initial steps to implement the Federal Information Technology Reform Act (FITARA).

Not only has OMB begun discussions with federal CIOs — as reported in this column about a month ago — but several sources confirmed officials from the Office of Electronic Government and IT are on a listening tour of sorts with former federal IT and other CXO community officials.

Several sources confirmed OMB reached out to the Partnership for Public Service’s CIO SAGE community for a series of conversations, including one in the last week or so that included not only former CIOs, but former CFOs and chief human capital officers.

Several participants, who requested anonymity, said the conversations are focused on how best to implement the new CIO authorities outlined in the law.

One participant said OMB is intent on making sure FITARA avoids the mistakes made with the Clinger-Cohen Act implementation.

With that 1996 law, many CIOs were placed too far down in the organization to have the intended impact lawmakers hoped they could have in how the government manages and buys technology.

FITARA, in some respects, is a recognition that agencies failed to meet the spirit and intent of the Clinger-Cohen Act, and it was time to modernize CIO authorities and responsibilities.

Sources say the most important thing isn’t just to give CIOs new authorities, but how to ensure those mandates translate into improving how the agency delivers on its mission.

Along with talking to former federal IT executives, OMB on Feb. 2 issued a “management alert” to agencies about FITARA, telling them to be prepared for governmentwide guidance.

That guidance is expected in spring 2015, according to a presentation by Ben Sweezy, the E-Gov Strategy lead, at the Information Security and Privacy Advisory Board meeting on Friday in Washington.

The presentation said based on the law, OMB’s guidance will ensure that:

• Each CIO certify that IT investments are adequately implementing incremental development;
• Each CIO approve the IT budget request, including the reprogramming of funds;
• CIOs must review and approve any contract or other agreement for IT or IT services that are considered major investments. For non-major IT investments, agencies may delegate this approval to an individual who reports directly to the CIO. The only exception is for major IT investments is if the agency uses a governance process to approve contracts and the CIO is a full participant in that group.
• CIOs shall approve the appointment of any other employee with the title of CIO, or who functions in the capacity of a CIO, for any component organization within the covered agency;
• The secretary or executive of each non-DoD agency shall ensure that the CIO of the agency has a significant role in the decision processes for all annual and multi-year planning, programming, budgeting, and execution decisions, related reporting requirements, and reports related to IT; and the management, governance and oversight processes related to IT;

The key to FITARA’s success is both OMB’s initial actions and Congressional oversight.

At least one of the bill’s main authors, Rep. Gerry Connolly (D-Va.), said he will be paying close attention.

“With respect to new management reform laws, the implementation phase marks the beginning of an even more difficult period where congressional oversight can make the critical difference in determining whether a new law is ultimately effective at achieving its goals, or misses the mark. For example, it has often been observed that the key weakness of Clinger-Cohen was not imbedded in the statute itself — as the act established a very strong IT management framework that FITARA was able to modernize and enhance — but rather, was found in the lack of rigorous oversight that resulted from the authors of the law either retiring or leaving the Congress,” Connolly said in a statement. “In the 114th Congress, my first Federal IT priority will be ensuring that FITARA is faithfully and fully implemented. Specifically, my oversight agenda, which I am hopeful will remain bipartisan in nature with support from Chairman [Jason] Chaffetz (R-Utah) and Ranking Member [Elijah] Cummings, along with the new Government Operations Subcommittee Chairman [Mark] Meadows, will be comprehensive and focus on two fronts. First, we must ensure that OMB, with support from the Federal CIO Council, develops high quality implementation guidance with feedback from a broad diverse array of stakeholders. Second, I plan on conducting FITARA implementation oversight on an agency-by-agency basis to ensure that every agency head is held accountable for establishing ownership over comprehensive, detailed implementation plans and policies for his or her given agency.”

Connolly said he expects agencies to have concrete implementation plans where specific individuals have clearly defined roles, and how they plan to evaluate and select department CIOs, which are presidential appointees and elevate that person into their newly established roles.

At the recent Oversight and Government Reform Committee hearing on the Government Accountability Office’s biennial High Risk list, U.S. Comptroller Gene Dodaro said one of the reasons why GAO added IT acquisition to the list this year is make sure FITARA is implemented effectively.

“It gives us and Congress to hold people accountable over time,” Dodaro said. “The basic problem I’ve seen over the years is there’s a lack of discipline to follow good practices. We get off the rails and no one is held accountable.”

Connolly said the committee will hold oversight hearings of FITARA in the coming year.

The White House is interested government procurement. No, not the Office of Management and Budget, which includes the Office of Federal Procurement Policy, but the actual West Wing.

Tom Sharpe, the commissioner of the Federal Acquisition Service in the General Services Administration, said his team recently briefed the folks in the mansion with no front door not once but twice in the last few weeks.

“Laura [Stanton] and Kevin [Youel-Page] were in to see the President about category management and the Common Acquisition Platform. That was kind of exciting,” Sharpe said during a briefing Friday hosted by the Professional Services Council in Arlington, Virginia. “Monday night, he had us back in to talk about what FAS could do to help the federal agencies, and for that matter state and local, to save money.”

It’s interesting that President Barack Obama is finally focusing on government management with but two years left in his administration.

There are several reasons for that. First off, the Republican-controlled Congress will limit the White House’s agenda. But more importantly, OMB finally has strong leadership in Beth Cobert, the deputy director for management, who not only gets performance and results, but actually cares about it. It was very difficult to say that about her predecessor.

Multiple sources in and out of government have spoken highly of Cobert, and the staff she’s putting together within the “M” side of OMB.

One long-time government executive and a former government official said they were pleased to see a lot of the management-focused initiatives in the fiscal 2016 budget request, but wished OMB would have pushed it out in 2010. The reason it took so long may be the constant rotation of OMB executives to other agencies, leaving the “M” side to be almost constantly in an “acting” mode.

Category management is at the center of OFPP’s Administrator Anne Rung’s agenda over the next two years.

Sharpe said she recently issued new guidance to the agency chief acquisition officers to focus on a new concept called “spend under management” (SUM).

Sharpe said the guidance is asking agencies to baseline how and where they spend their procurement dollars, and then improve upon that spending by getting better prices or value.

Rung issued initial guidance in December outlining her vision for three priorities, including category management.

She said in December the SUM included “collecting prices paid and other key performance information that allow easy comparisons” to help agencies ensure they “get the same competitive price and quality of performance when they are buying similar commodities under similar circumstances.”

Sharpe said FAS’ role under SUM and category management will continue to be big.

He said his organization is taking several steps to provide data to the governmentwide category management effort and to use this approach to improve how FAS serves its agency and vendor customers.

FAS opened up six hallways under its category management initiative across the schedules and governmentwide acquisition service, including professional services, IT hardware and IT software. Sharpe said by June there should be 17 hallways in place.

Currently, the hallways are open only to federal acquisition officials, but FAS offered a tour at the PSC event on Friday.

The hallways goal is to represent the government acquisition landscape, not just what GSA runs or produces, in a particular category.

Stanton said each category includes all the contracts available for that product or service, which agency runs it, which agencies can use it, what the fees are for using that contract, what can agencies buy from that contract, the terms and conditions and how you can buy from it.

She said it’s not transactional as of yet, but includes links and points of contact, expiration dates and other research needs for contracting officers and program managers.

Stanton said the hallways also include expert advice for those who don’t buy that specific type of category often.

“We are asking the experts to put information up there to help walk them through it,” she said. “We have things like how to access the Interact community for professional services. We also have visualization tools, which gets into all of the data pulled from the Federal Procurement Data System.”

FAS also developed a statement of work library, which includes examples that experts have considered successful ones from which others can borrow.

Sharpe said FAS also is modernizing the schedules through a combination of listening to customer via a recent survey, and developing new tools for contracting officers, such as the prices paid portal.

He said of all the eligible procurement dollars that could come through FAS, only about 15 percent is spent with GSA. Agencies spent about $38 billion under the schedules program in 2014.

Sharpe said he’s goal is to increase that percentage to 33 over the next three years.

“We are focused on customers and earning that business,” he said. “We did a customer loyalty survey recently and asked some key questions to try to understand the real value of the schedules to our customers. They came back to tell us it’s fast. I can prove it’s fast, up to 50 percent faster than open market buying behavior. And something didn’t expect to hear, it helps with compliance with the Federal Acquisition Regulations.. That represents public policy and proper business controls. We found there is work to be done at the price. Buyers across the civilian agencies — and we got separate feedback from the Defense Department agencies — they are not achieving the discounts they should, given the size and demographics of their orders. I realized we should have a program around some sort of supplier report card. We are off on an effort to meet that need particularly around the price of the schedules.”

Sharpe was clear about the big changes coming to how the government buys, and if the fact that the White House is asking for briefings is any indication of how serious the administration is taking this category management approach, agencies and vendors alike need to keep a close eye on what’s happening.

In radio world, we call this a two-for-Tuesday.Not only do you know about the FTC’s CIO job, but there’s another interesting opening in the federal community. The Secret Service is looking for a new CIO.

This senior executive will “drive the evolution of how information technology is used in order to ensure the protection of the President of the United States, the Vice President of the United States, the White House and the nation’s critical financial infrastructure. The position of CIO requires insight into emerging technology and business trends, an understanding of global threats and cybersecurity risks, and knowledge of current technology standards, frameworks and best practices.”

There isn’t a ton of information about the Secret Service’s IT infrastructure or plans out there, but in its 2014 strategic plan, the organization said advanced technology was one of its four goals.

“We face important decisions regarding many aspects of our IT infrastructure, including its governance, enterprise architecture, capital planning, and security. A growing demand for employees to have instantaneous information on wireless devices also exists,” the plan stated. “We must invest in infrastructure that advances our command and control capabilities and ensures mission success.”

Scott Cragg was the Secret Service’s CIO up until last year, but he recently became the deputy chief technology officer at the Federal Retirement Thrift Investment Board. Cragg was with the Secret Service for about four years.

Applications are due Feb. 19.

Wanted: A cloud infrastructure where the vendor is responsible for not only the technology, but moving petabytes of data from legacy systems and making it all available on multiple form factors.

It’s a simple request from the Transportation Department’s Federal Highway Administration in a new request for information.

“Only a small percentage of FHWA’s data is posted on public servers and websites. In many cases these data are hosted to multiple public servers, which may not use the same standard services and formats,” the RFI stated. “Therefore, it is difficult to find and integrate data from these sources for cross-domain analysis and decision-making. Furthermore, FHWA’s large data volumes require users to have substantial network, storage and computing capabilities of their own in order to interact with and exploit the value of these data. FHWA is exploring opportunities to unleash the potential of its transportation data through alternative approaches to strategically position these data with analytic and computational capabilities.”

The FHWA asks vendors to submit response to 29 questions across seven functional areas, such as data services, data infrastructure and partnership methods.

“The expectation is that a copy of FHWA data moved to the cloud would remain free to the public in its original, unaltered form, but this model will enable the hosting partner to establish and perhaps charge for new value-added services and products,” the RFI stated. “The free data must be easily accessible and have the same visibility on the hosting entities website as any value-added services or products. A proposed solution must also enable FHWA compliance with existing and future federal open data policies…”

The RFI likely is part of DoT push to take advantage of its data and offer companies and citizens more access to its information. DoT recently hired Dan Morgan as its chief data officer — one of the first ones in government — to lead this effort. Morgan said in December that he’s focused on the quality of the data, and will release a framework for DoT components to follow.

Responses to the RFI are due March 26.

On to greener pastures, almost literally. Bajinder Paul, who spent the last 17 months as the Federal Trade Commission’s chief information officer, now is with the Federal Reserve Bank.

A bank spokeswoman confirmed that Paul is the associate director for IT in the Division of Reserve Bank Operations and Payment Systems. He started in his new position last week, sources confirmed.

Patricia Bak is the acting CIO at the FTC until a new one is named. The FTC put out the job announcement on USAJobs.gov, looking for “primary executive with direct oversight of the OCIO and as the principal information technology and information security advisor to the Executive Director and other high-level Commission officials. The CIO is also responsible for strategic planning, developing, organizing, directing, and maintaining a comprehensive information technology and information resources management strategic plan that aligns to the agency business strategy, and for ensuring critical IT investments that impact business results are funded.”

Paul’s move to the Reserve Bank was a bit surprising. He came to the FTC in September 2013 and sought to modernize the agency’s IT infrastructure.

Paul said in August 2014 that the FTC could take big advantage of cloud computing, especially around data analytics. But after only a year plus, he’s moving back the financial community.

Before coming to the FTC, Paul spent almost three years at the General Services Administration as the deputy associate administrator of citizen services and innovation technology and more than three years as the CIO of the Office of Comptroller of the Currency.

In other personnel news, the Defense Information Systems Agency named John Hickey to replace Mark Orndorff, who retired after 35-plus years in government on Jan. 31.

Orndorff held the role as program executive officer for mission assurance for several years before DISA’s recent reorg, which gave him a new title of risk management executive and CIO.

Hickey has been DISA’s program manager for mobility for the last almost three years. In that role, Hickey has focused on moving DISA toward offering secure commercial mobile devices — listen to DoD reporter Jared Serbu’s interview with Hickey from July.

Another Defense agency also will have a new CIO on Feb. 15. The National Geospatial Intelligence Agency restructured its IT shops and named Douglas McGovern as its new CIO.

McGovern will replace David White , who will serve as NGA’s first fellow to the recently established intelligence and national security foundation.

The change mergers the CIO and the IT services office into a new construct.

“NGA is at a pivotal crossroads where policy and business processes must move as quickly as IT implementation,” said NGA Director Robert Cardillo in a release. “Executing new missions and leveraging new sources, along with our traditional missions and sources, require us to unify our IT management with IT delivery and sustainment. This merger will enable additional agility to accelerate IT delivery of capabilities while fully leveraging ICITE and incorporating new data sources.”

David Bottom will move from the director of the IT service division to lead the agency’s leader development program.

What’s interesting about this merger is no one wants to talk about it. Two former NGA CIOs declined to comment, or at least the companies they work for said they didn’t want to make them available.

I also asked the Intelligence and National Security Association (INSA) to see if they had anyone available to comment. They also deferred.

The cynical reporter in me says there’s something more going on here than meets the eye.

I talked to White in November for my Ask the CIO show and I found him to be articulate and to have a solid grasp on how to modernize NGA. Among his top priorities were ICITE, where NGA is working with the Defense Intelligence Agency to deliver the common enterprise desktop to the intelligence community, which includes awarding the second part of the desktop environment contract in 2015, and using the cloud more effectively for geospatial intelligence.

The Alliant governmentwide acquisition contract for IT services widely has been considered one of the most successful multiple award contracts over the last decade. Two recent blogs highlight some interesting trends.

Mary Davie, the General Services Administration’s assistant commissioner of the Office of Integrated Technology Services at the Federal Acquisition Service, wrote in a recent blog post that Alliant saw agencies obligate more than $2.6 billion in revenue in fiscal 2014, bringing its total to $18.7 billion since March 2009.

Davie has been releasing a series of interesting acquisition related blog posts over the last month or so highlighting the success of her portfolio. They are well worth checking out, especially the small business GWAC and Schedule 70 state and local growth posts.

But while Davie hit the good news around Alliant, another blog post found some real limitations of the GWAC, and more broadly, the problem with the proliferation of multiple award contracts.

Marc Vogtman, the CFO of GovTribe, a startup in the government market intelligence field, crunched the numbers in a fascinating blog post on Alliant.

Vogtman wrote that while the use of Alliant is back on the upward swing after a huge drop between 2011 and 2012, a few agencies — State and the Homeland Security Department, to name two — are spending a huge amount of money on internal IT services contracts. Vogtman will be writing two more blogs highlighting Alliant trends in the coming weeks so be on the lookout for those.

GovTribe found since State, for example, awarded SAIC a $2.5 billion contract under the Vanguard IT modernization program in December 2010, the company has earned about $800 million in revenue in four years.

SAIC also has done quite well under Alliant. Davie wrote SAIC is the dominating contractor under Alliant in 2014 with more than $1.6 billion in obligations across 42 task orders. The next closes competitor is Booz Allen Hamilton with $720 million.

Do you see the trend here? If you are a company wanting some subcontract work, you better get on SAIC’s good side.

Vogtman wrote that SAIC has awarded its 61 subcontractors about 38 percent of the $800 million obligated so far under Vanguard.

Then again, if you looking to get on SAIC’s team for either contract and want to see where you fit in, good luck trying to access the task orders under the multiple award contracts.

Despite the continued assurance from Davie and many others at GSA that they agree that task orders should be publicly viewed by anyone, contracting officers continue to hide them behind the iron curtain.

The other question that continues to come up is why are State, DHS and others continuing to run their own MACs? Alliant was supposed to be the be-all, end-all for IT services. It is supposed to have the flexibility and agility everyone wants in a contract. Its fees are capped, yet the proliferation of large multiple award contracts continue — DISA announced that the draft RFP for its ENCORE 3 contract is coming in March and a final solicitation in June time frame.

It’s clear that the Office of Federal Procurement Policy’s requirement for business cases isn’t working, and needs to be reviewed, even by Congress.

In the meantime, GSA has extended Alliant to April 30, 2019 with an option for another five years after that while it develops the Alliant 2 program. As of December, GSA expects to issue a draft request for proposals for Alliant 2 in March, a second draft sometime between May and August after incorporating industry feedback and a final RFP in the October/November timeframe.