Two interesting items to keep an eye out on Capitol Hill. First, Rep. Mac Thornberry (R-Texas), the chairman of the Armed Services Committee, is expected to issue the first draft of his acquisition reform bill this week.
Details about the proposals in this annual Defense authorization legislation still are being closely held, but Thornberry told the press in late April that the bill will try to address several procurement areas where the committee hasn’t spent a lot of time on in recent years.
Industry sources say one of those areas is the buying of commercial items. The sources say Thornberry’s staff has been active in talking to DoD and industry about what’s needed to improve the military’s access to commercial items.
As I reported in last week’s notebook, the process to buy commercial items has become more and more complicated over the past decade. From 2009 to 2016, the Aerospace Industries Association (AIA) found the number of commercial item regulations increased five-fold to 142 in the Federal Acquisition Regulations or the Defense FAR.
Thornberry likely is trying to address this regulatory burden by making it easier for DoD to buy from commercial companies and services.
As one source told me, this idea of changing commercial buying rules for DoD has a lot of supporters and detractors. The supporters like the potential doors it opens up for new vendors, quicker and simpler contracts. The detractors, however, say the vendors who have invested heavily in the federal market with systems and processes to track and sell commercial items may not like the opening up of the regulations.
The good news here is Thornberry usually puts the acquisition reforms out to the public for comment and then folds them into the Defense authorization bill giving both sides ample opportunity to lobby, er, I mean comment.
DoD and Congress have been trying to improve how it buys commercial products and services for some time.
In the 2017 NDAA, Congress included several provisions around commercial contracting, including a new pilot program geared specifically toward fostering more commercially-oriented buying.
In the 2013 Defense authorization bill, Congress ordered the department to refine its processes for pushing acquisitions through more-streamlined procurement channels that have been on the books for commercial items since the mid-1990s.
A 2015 proposed rule around cost realism drew the ire of Sen. John McCain (R-Ariz.) because he felt it would create major disincentive for high-tech commercial firms to venture into the development of innovative new defense capabilities.
The second item to watch for on Capitol Hill is whether Sen. Ron Wyden (D-Ore.) April 20 letter to the Senate Committee on Rules and Administration about why the upper chamber isn’t using two-factor authentication to log onto its network is starting to affect change.
The Library of Congress issued a notice that it will award a contract to a federally-funded research and development center (FFRDC) to “assess the requirements and constraints in implementing multi-factor authentication for Legislative Branch agencies.”
The library initially said it would award the contract to the National Cybersecurity Center of Excellence, sponsored by the National Institute of Standards and Technology and administered by the MITRE Corporation. But on May 11, it changed the notice to say an “FFRDC.”
Either way, LoC wants to implement an identity and access management solution for all Legislative Branch agencies.
This happens to be what Wyden called for in his letter.
LoC spokeswoman Gayle Osterberg wouldn’t confirm the request for proposals was related to Wyden’s letter.
“As the Library of Congress (LOC) pursues the IT modernization necessary to ensure its status as a digital leader, the Office of the Chief Information Officer actively explores industry-proven methods of improving the security of its systems and data,” Osterberg said in an emailed statement. “Multi-factor authentication is one such method, and LOC is confident the solicitation will result in a contract providing optimal implementation at the best value to the government.”
A Wyden spokesman deferred all questions to the Rules Committee and the Library of Congress.
No matter why the LoC decided to bring on a FFRDC to figure out what it would take to get to two-factor authentication for network access, it’s obviously long overdue.