Defense officials said Tuesday that they had awarded a $75 million other transaction agreement to build major components of the IT system that will eventually handle all background investigations and security clearance adjudications for federal employees and contractors.
The award went to a team of vendors led by Perspecta, the same large government contractor that won a separate $49 million OTA last year to build another portion of the National Background Investigation System (NBIS).
Insight by GitLab: During this webinar executives from the State Department, U.S. Securities and Exchange Commission, U.S. Patent and Trademark Office and GitLab will discuss how institutionalizing a DevSecOps approach to software development is a journey that must bring together the technology and business sides to change an organization’s culture.
The new agreement is specifically meant to build the security architecture and data services for NBIS. Officials decided it was needed after lessons learned from the first OTA, which focused primarily on building investigation management tools.
“We’ve had pieces of the NBIS application running at other DoD agency data centers and being built by other partners, independent of this common enterprise architecture,” said Terry Carpenter, the program executive officer for NBIS. “What we’re figuring out is by building out a common data broker, we can get an even greater efficiency. This is a federal-wide service that has to be up 365 days a year, 24 by seven. And to assure that type of robustness, we really wanted to make sure we were taking advantage of the cloud architecture to make sure that the application has those kinds of properties: Self-healing, self-aware, can expand with the demand. And all of those pieces are in this new OTA.”
DISA and the Defense Security Service, which will take ownership of the system next year, intend to host at least the unclassified portion in Amazon Web Services’ GovCloud.
Officials said they believed the cloud-based approach would help NBIS adapt over time as new security clearance policies, including the government’s move toward continuous evaluation, are implemented. And eventually, funneling data from various government data systems into a common cloud structure will let DSS apply emerging artificial intelligence and machine learning technologies to help speed the clearance process.
“Everybody is looking at how we apply machine learning to reduce the labor and amount of time it takes to find anomalies in data sets that are hard to see,” Carpenter said. “There’s a pretty deliberate process to separate the research work from the production system and to look at different techniques, different data elements of interest that will allow us to try to do something that would reduce the amount of labor it takes for people to adjudicate. If some percentage are really easy, clean cases, why are we spending so much time having people go through the entire file to figure that out? Spend your human capital on the hard cases.”
The new OTA spans the next two years, but officials said they were not certain exactly when it would yield a working system that could begin to process clearances.
In budget documents, the Defense Department has already indicated it will need to continue using the Office of Personnel Management’s legacy IT systems even after it assumes responsibility for governmentwide security clearances in October. But Carpenter said at least some elements of the older OPM systems will likely need to stay up-and-running for several more years.
“We know there’s a legacy system that needs to be turned off. Everybody’s familiar with what happened there, so we’re very sensitive to the pressures of getting this done, but we’re also sensitive to doing it right,” Carpenter said. “But we really feel very confident in the approach and the capabilities that we’re getting from our industry partners to do this right and to do it really well.”
DISA and DSS said they were using the OTA approach instead of a traditional contract vehicle partly because of speed, and partly because it encouraged nontraditional vendors to contribute their technologies to NBIS. Besides Perspecta, the contracting team includes five smaller companies, including three who have never done business with the government.
The section of federal law the agencies are leaning on to justify the OTA requires that nontraditional vendors perform a “significant” amount of the work.
“It’s ‘significant’ because of the nontraditional defense contractors and the technology stack and the subject matter expertise that they’re bringing in,” said Chandler Grice, the program and acquisitions chief for NBIS. “They’re critical enabling pieces to the entire solution architecture. Without those, we wouldn’t be able to go build a prototype solution.”
Officials said they expected to eventually award another OTA to move NBIS into a “production” state assuming the system proves itself during the period of the current OTA, which is technically classified as a prototype project. The law allows the government to make such an award without conducting a new competition, so the same industry team would be the likely recipient.
And asked whether it was appropriate in the first place to use an acquisition authority that Congress created for prototypes — when the government has clear requirements, a timeline, and a clear intent to use the system as its long-term solution for security clearances — they defended the decision to follow the OTA route.
Matthew Palmer, another senior NBIS acquisition official, said the government’s role as the system integrator is a major key to how DSS will update the technology infrastructure over time, including by incorporating the government’s transition from point-in-time background investigations to a framework of continuous evaluation for an individual’s suitability to hold a clearance.
“All of this is modular so that as industry improves and new technology improves, we can do individual tech refreshes on pieces of the application without having to revamp and do a whole new recompete like you would with a traditional vendor, where the software system would age, become noncompliant or outdated,” he said. “It won’t be a gargantuan process to revamp it again over a period of years. We’ll be able [to] revamp it internally so it’s always kept up to date.”