GSA names FedRAMP third party assessment organizations
May 15th, 2012 | Cybersecurity General Services Administration Information Technology | Posted by Nicole Johnson
An initial group of nine organizations has been selected to provide independent security reviews of cloud products and services used in the federal government.
As part of the Federal Risk and Authorization program (FedRAMP), expected to launch June 6, vendors must work with an approved third party assessment organization, or 3PAO, to validate if they’ve implemented baseline security standards. For years, these security reviews have varied across government and have cost agencies millions of dollars each year.
Approved 3PAOs include (click here for contact information):
COACT, Inc.
Department of Transportation Enterprise Service Center
Dynamics Research Corporation
J.D. Biggs and Associates Inc.
Knowledge Consulting Group, Inc.
Logyx LLC
Lunarline, Inc.
SRA International, Inc.
Veris Group, LLC
A review board, comprised of officials from the National Institute of Standards and Technology and GSA, selected the first wave of 3PAOs. As part of the FedRAMP process, vendors must contract with a 3PAO to assess the security of their products and services.
“The accreditation process will eventually migrate to a board managed by private sector organizations,” according to FedRAMP concept of operations document. “After the private sector accreditation body has been established, the FedRAMP PMO (program management office) will establish a transition timeframe for all 3PAOs to be accredited by the privatized board.”
SSA’s CIO overhaul lacked adequate planning, GAO says
May 14th, 2012 | Information Technology Social Security Administration | Posted by Nicole Johnson
The Social Security Administration did not fully assess the impact of a major internal overhaul last June, which eliminated the chief information office and reassigned its functions, according to testimony from a Government Accountability Office official.
At the time, most of the responsibilities for managing information technology and the IT budget were reassigned to SSA’s Office of Systems. Two months later, then CIO Frank Baitman resigned. Kelly Croft, deputy commissioner for systems, assumed the CIO duties and oversight of those IT workers.
SSA Commissioner Michael Astrue said the effort would increase efficiency, but SSA did not develop a management plan that describes the challenges associated with the realignment or how to resolve them, time frames, resources, performance measures and accountability structures, according to written testimony from Valerie Melvin, GAO’s director of information management and technology resources issues. Melvin spoke on the issue at a House subcommittee hearing last week.
SSA also failed to analyze what roles and responsibilities were needed to support the new changes, Melvin said in her testimony.
She said the new structure should provide effective oversight and management of SSA’s systems and modernization if implemented properly, but it “cannot be determined whether the reassignment of staff that occurred as a result of the realignment represents an optimal allocation of resources.”
Tags: chief information officer, GAO, Kelly Croft
House bill would provide $749 million for DHS cybersecurity
May 8th, 2012 | 2013 Budget Congress Cybersecurity Homeland Security Information Technology | Posted by Nicole Johnson
Cybersecurity funding at the Department of Homeland Security would increase 63 percent from $459 million to $749 million under a proposed 2013 spending bill by the House Appropriations Committee.
The increase would fund new initiatives to improve federal network security and defend against foreign espionage, according to a committee press release. The House Homeland Security Appropriations Subcommittee will mark up the bill on Wednesday.
Cyber funding would be $20 million below the president’s $769 million request. Both the administration and some members of the Senate are backing legislation that would give DHS new authorities to regulate cybersecurity. The 2012 Cybersecurity Act, S 2105, would authorize the DHS to regulate security standards for certain privately owned critical networks, such as those affecting the power grid and other systems that, if attacked, would cause death, severe economic damage or national security risks.
Skeptics of DHS’ ability to regulate industry point to the department’s troubled chemical facility security program, or CFATS. Congress in 2007 directed DHS to beef up the physical security and cybersecurity of chemical facilities. But that program suffered from unstable leadership, inadequate training and poor hiring decisions.
The spending bill would provide $45 million for CFATS, $29 million below what was requested and $47 million below current spending levels. “This reduction is due to significant managerial problems, program delays and poor budget execution,” the new release said.
Tags: CFATS
NASA’s Spacebook website to shut down June 1
May 2nd, 2012 | Information Technology NASA | Posted by Nicole Johnson
Lower than expected usage rates have forced NASA to decommission its three-year-old social networking website Spacebook.
NASA plans to shut the site down on June 1 and archive all user accounts and content uploaded to the website, according to an internal email sent to employees last month.
“When Spacebook came, we were on the initial cusp, but with Facebook and MySpace…the marketplace is a far more challenging space,” Sasi Pillay, NASA’s chief technology officer for information technology, said during a telework event inWashington. “Even getting some tools adopted internally is hard.”
NASA launched Spacebook in June 2009 to facilitate collaboration among new and established staff and the agency’s community of scientists, engineers, project managers and support personnel, said Emma Antunes, web manager for Goddard Space Flight Center.
The internal website allows users to create profiles, show their status update and current projects, join forums and groups and share files, Antunes said in an interview Wednesday. If you had a small team, this was a great way to get around not having to email everyone and users could view past discussions.
She said the concept evolved from NASA’s need to improve teamwork, communication and access to information across its diverse projects and centers.
But “participation has not been as high as anticipated,” according to the email. “On average, only 14 users log on per weekday and zero on the weekends. There are alternate internal social media tools, such as Yammer,” that employees can access using their nasa.gov email addresses.
Users were encouraged to download any documents or media saved on Spacebook before the June deadline. Although the website is shutting down, Antunes said Spacebook is viewed as a success because it was innovative and NASA learned a lot from the project.
“In 2009, there were not a lot of products out there that could do what we wanted,” Antunes said. But social collaboration tools have evolved since then, and NASA will adopt new technology that best supports the mission.
“We need to be agile and not be wedded to any one thing,” she said.
The ideal approach is for the government to partner with vendors and influence their product offerings early on so that agencies can readily adopt them upon release, Pillay said
“Why would someone want to recreate something available in the commercial [sector]?” he said. “We should use these tools and adopt them as necessary.”
Tags: social networking, Spacebook
Interior awards $35 million contract for Google cloud email
May 1st, 2012 | Information Technology Interior | Posted by Nicole Johnson
The Interior Department expects to migrate 92,000 employees to a single cloud-based email system by December, according to a senior agency official.
Interior awarded a $35 million contract for cloud email and collaboration tools to Ohio-based Onix Networking Corp, according to an announcement on fbo.gov. The Google Apps for Government solution will also provide employees with instant messaging, desktop video conferencing, web-based collaboration systems and email on their mobile devices.
“That is one of our first big enterprise services that we hope we can ramp up quickly,” Andrew Jackson, deputy assistant secretary for technology, information and business services, said in an interview. “There will be a dedicated group that is launching and migrating and implementing the enterprise services.”
The award comes more than a year after a contentious battle between Google and Microsoft for Interior’s business.
Tags: cloud computing, email, Google, Microsoft
Update:GSA cancels Oracle IT contract
April 19th, 2012 | General Services Administration Information Technology | Posted by Sarah Chacko
The General Services Administration is canceling Oracle Corp.’s Schedule 70 contract for information technology services because the company failed to meet the terms of its contract agreement, the agency confirmed.
The company can finish work on existing task orders, but agencies cannot place new orders or extend existing task orders with Oracle after May 17, GSA announced on its website Wednesday. Blanket purchase agreements with Oracle through Schedule 70 will terminate on May 17. Agencies can still purchase Oracle software from technology resellers that have Schedule 70 contracts.
An Oracle spokeswoman declined to comment.
“Based on the GSA’s review of Oracle America, Inc.’s IT Schedule 70 contract… which offers only professional services, it was determined that it was not in the best interest of the government to continue the contract,” Mary Davie, an assistant commissioner at GSA, said in an emailed statement.
GSA notified agencies about the cancelled contract on the FedBizOpps website.
Oracle earned more than $387 million in total schedule sales in fiscal 2011, according to data from FedSources. The company earned more than $203 million in direct contracts across the government during that time, according to USASpending.gov.
The company had recently resolved past issues with GSA. In October, Oracle Corp. agreed to pay $199.5 million to settle a False Claims Act lawsuit that alleged the company intentionally gave GSA inaccurate information about discounts it gave to commercial customers and failed to pass those discounts on to the government, according to a Justice Department news release annoucing the settlement.
No reason was given for the schedule contract cancellation on the GSA website. A spokeswoman for Oracle declined to comment.
More details to come …
Tags: GSA, Information Technology, Oracle Corp., Schedule 70
GSA conducts FedRAMP stress test
April 13th, 2012 | General Services Administration Information Technology | Posted by Nicole Johnson
Federal officials have completed two test runs of the government’s new cloud computing assesment program to work out any kinks before the June launch.
The General Services Administration, which manages the Federal Risk and Authorization Management Program (FedRAMP), held training sessions for chief information officers from GSA and the Defense and Homeland Security departments to simulate their roles on an interagency review board, said Dave McClure, associate administrator of GSA’s Office of Citizen Services and Innovative Technologies. CIOs reviewed mock security assesments to discuss if they met FedRAMP standards.
Starting in June, the interagency board will review companies on GSA’s Infrastructure-as-a-Service contract and others that are providing similar services to agencies across government. Vendors that are not initially reviewed by the board will have to show they meet FedRAMP security standards through an approved independent assessor.
“We are trying to get the process worked out and tested,” McClure said. “How do we set this up so that we streamline [FedRAMP] and… become aggressive solution finders for answers to questions or problems?”
There is often miscommunication between the agency and vendor on what is acceptable proof to verify security of a service or product, said McClure, who spoke at an Association for Federal Information Resource Management event Friday morning. GSA will soon provide standard templates for agencies and cloud providers to use throughout the process, McClure said.
“It creates shared expectations up front… based on clear tangible documents that explain what needs to be done,” said Kathy Conrad, principal deputy associate administrator for GSA’s Office of Citizen Services and Innovative Technologies.
The interagency group of CIOs, called the joint authorization board, will have to meet virtually and in person to work through the FedRAMP review process, McClure said. The board will rely heavily on technical representatives to help review vendors’ security packets and streamline the review process.
Still, there are other issues that must be addressed, such as continuous monitoring.
GSA has not decided how the government will determine the ongoing security of its vendors. What information will be exchanged and who can access the information has not yet been determined, McClure said.
GSA is still working through program logistics, but CIOs are confident that FedRAMP will have many benefits.
FedRAMP will drive greater adoption of cloud computing in the federal government and spur increased competition for federal business, said DHS CIO Richard Spires, who also spoke at the event.
The program is also in line with the federal CIOs vision for shared services, said GSA CIO Casey Coleman.
“It’s not going to be perfect, but we have spent a lot of time trying to think through how to make sure this works well,” McClure said.
Tags: FedRAMP
IT professionals give agency telework programs high ratings
April 12th, 2012 | Information Technology | Posted by Nicole Johnson
Most federal information technology professionals are very satisfied with their agencies’ ability to enable telework and support a mobile workforce, according to a survey released last week by Telework Exchange.
The organization, a public private partnership that promotes telework, surveyed 152 Defense and civilian IT professionals about their current telework programs, shortfalls and projections for the future mobile workforce.
Of those surveyed, 65 percent said their agencies offer above average IT programs to support telework, compared with 14 percent of professionals who rated their IT programs below average. Agencies with a “B” rating or below should provide more cloud-based services, expand videoconferencing and establish formal telework plans with employees.
Overall, agencies need to address security challenges to provide employees with a reliable telework program.
Other findings include:
- Improved workforce productivity, employee work-life balance and business continuity are among the top telework drivers.
- 59 percent expect an increase in the number of employees who telework at least two days a week.
- Most employees who telework have to cover all or some of their Internet, phone and printing supply costs.
- 54 percent said their agency is working to reduce mobile device costs, in response to a November executive order.
Tags: cloud computing, mobile device, mobile technology, telework, Telework Exchange
Mobile devices help FAA save money and time
April 6th, 2012 | Information Technology Transportation | Posted by Nicole Johnson
The Federal Aviation Administration has saved money and increased efficiency since it began issuing iPads and Android devices to employees a year ago, an agency official said.
FAA’s legal department, for example, uses iPads during cases it prosecutes to show radar images of air traffic conditions at the time of a contested incident. Such evidence often leads to defendants ending cases earlier, said Robert Corcoran, manager for architecture and applied technology at FAA.
The legal department estimates that FAA saves about $100,000 per case when cases end early, Corcoran said Tuesday at the FOSE conference inWashington.
FAA has issued 1,100 tablet devices to employees as part of an ongoing pilot program. The long-term goal is to give the employees the option of mobile devices when they trade in their old technology, Corcoran said.
The Defense, Veterans Affairs and Homeland Security departments are among other agencies that offer mobile devices toselect employees.
“We are trying to afford choices to the DoD,” said deputy chief information officer Robert Carey during another FOSE panel. But “the ‘I wants’ have to be offset by the ‘I needs’.”
Corcoran said FAA provided tablet devices and Internet connections to employees who could show a credible need for the devices. Employees have come up with 72 different use cases for the devices.
Within the next three months, FAA plans to study whether iPads can enhance air traffic controller training, Corcoran said.
Trainees will use iPads to access training materials, he said. Results from the study will be compared with training classes that don’t use iPads.
Tags: FAA, FOSE, iPad, mobile device, tablet computer
VanRoekel: Agencies must innovate on flat, declining budget
April 3rd, 2012 | Information Technology | Posted by Nicole Johnson
New technology and innovation in the federal government won’t come from increased budget growth as it has in the past, federal Chief Information Officer Steven VanRoekel said Tuesday.
Agencies will have to embrace what VanRoekel calls a “cut and invest” strategy by decreasing or eliminating funding for older projects and pouring that into new technology like cloud computing. “In government we don’t have a culture of take from the old and give to the new,” VanRoekel said at the Federal Office Systems Expo on Tuesday.
VanRoekel said funding for new projects will come from initiatives like Shared First and data center consolidation, although savings won’t be immediate as agencies use those dollars to shut down centers and build state-of-the-art facilities.
The Defense Department saw a $300 million reduction in its proposed IT budget for fiscal 2013, driven entirely by data center consolidation, VanRoekel said.
“That is an early indicator of a trend that you’re going to see in a much bigger way across the federal portfolio,” he said.
Tags: FOSE, Steven VanRoekel