All posts by : Shamima A

The FBI is conducting market research to identify qualified sources that can provide advanced facial recognition technology for its law enforcement operations.

FRT enables the development of investigative leads and detection of relevant case information, which could prove critical to catching perpetrators and mitigating threats, the agency said Monday.

Through the request for information, the FBI wants to hear from parties with existing open-source and publicly available face image repositories and functioning FR capabilities to search the same database.

The potential vendors should also ensure they can deliver the required capabilities in a software-as-a-service package.

The FBI envisions that open-source FRT would support its mission of safeguarding national security, protecting the American people and upholding the Constitution.

The data gathered through the RFI will inform the bureau’s acquisition approach for an upcoming solicitation.

Interested businesses are invited to submit their capability statements no later than Oct. 15.

The Potomac Officers Club’s 2024 Intel Summit will bring together top intelligence community officials, government decision-makers and industry executives on Sept. 19 to discuss the challenges, opportunities, innovation initiatives and technologies shaping the future of U.S. intelligence.

U.S. intelligence agencies are working toward closer collaboration with government and industry partners. As a result, intelligence community leaders are increasingly vying for industry talent to fill capability gaps. 

Join us at the Potomac Officers Club’s 2024 Intel Summit on Sept. 19 to connect with intelligence officials who spearhead efforts to transform the modern intelligence domain. Click here for additional information and register to attend the summit before it’s too late!

Avril Haines, the director of national intelligence and a 2024 Wash100 awardee, said, “We know that the private sector increasingly possesses certain unique and specialized talent, knowledge and capabilities in key fields of critical importance to national security that we don’t have access to in the government.”

Key Intelligence Community Collaboration Efforts

The Office of the Director of National Intelligence has established an Office of Partnership Engagement designed to foster closer industry collaboration and provide ODNI with access to commercial insights about AI, cybersecurity and space, among other areas. The office will train professionals in declassifying information for companies, develop guidance for better acquisition processes and communicate with external industry partners.

“There is no question that certain industries now wield substantial geopolitical influence, and as the threat landscape has diversified and power has become more diffuse, so has the potential impact of the private sector’s work,” Haines said. “This makes it crucial that we better understand developments in the private sector, as well as the overall balance of competitive strength and security within key sectors.”

Other IC agencies like the National Security Agency have established information exchange programs that help the government and industry get on the same page about cyber threats. NSA’s Cybersecurity Collaboration Center authorizes the government and the private sector to share information about cyber criminals and nation-state hackers. 

“The first phase of this is an expansion of the current and unclassified analytic exchange program in scale and scope, while simultaneously evaluating opportunities to conduct analytic exchanges that include classified information, which we know will take some time, but is absolutely worth it,” Haines emphasized.

ODNI has also recently issued new protocols for using the other transaction authority, which Haines said, “offers greater flexibility for IC elements to develop programs that leverage technological innovation.”

Joint Cyber Defense Collaborative 

The Cybersecurity and Infrastructure Security Agency stood up the Joint Cyber Defense Collaborative in 2001. The group comprises industry and government officials who encourage cyber firms to team up with the government to detect and deter hacking threats.

In August 2023, the Joint Cyber Defense Collaborative created the RMM Cyber Defense Plan. The strategy includes two key pillars — operational collaboration and cyber defense guidance — with the first pillar featuring two corresponding lines of effort that involve broadening data-sharing concerning threats and vulnerabilities. 

Learn more about the recent and future intelligence community efforts at the 2024 Intel Summit!

Tom Temin And every year we go through this song and dance. But somehow the politics are a little bit more rigid this year. And the idea of House bill failed week before last. So what what are your members doing and what’s going on?

David Berteau Well, Tom, as you know, you’re right. We do approach this every September, and then we usually approach it again in November and in December and sometimes in January, February, March.  We come close to the deadline. And generally speaking, we actually get a continuing resolution or sometimes a final appropriation in time. It’s usually at the last minute, though. And so even though history says we’re likely to get a continuing resolution and not have a government shutdown, the probability is not zero. And the consequences are very, very significant if we do have such a shutdown. So it’s really important for contractors to begin preparing now, if they haven’t already, for that possibility.

Tom Temin The shutdowns that do occur, though, seem to be narrower and narrower each time around. For example, Veterans Affairs is under a two year appropriation, and this is the middle of the two years for Veterans Affairs. And usually DoD, they pass, I think, if I recall right. So it’s a smaller part of the government of the civilian side that, quote unquote, shuts down.

David Berteau Well, it’s actually been a while since we’ve had a shutdown, which is historically anomalous. During the Reagan administration, for instance, eight years of Reagan time, there were actually eight government shutdowns, none of them longer than five days. So we don’t remember them. The ones we remember are the long ones. And the last big, long one was the Christmas 2018 that extended through January. And you’re right, that there were six cabinet departments that already had their appropriations. DoD was one of them, VA was another, HHS was another. And then there were nine cabinet departments and a bunch of other agencies that were shut down for 35 days. And that had real serious consequences. So you don’t know what you’re going to get into or when you’re going to get out of it when you do have a government shutdown.

Tom Temin We do know that the last one caused a pandemic two years later. So we don’t want to have that happen again. But in your observations, there is no guidance for a shutdown coming from the White House or GAO, for that matter.

David Berteau So one of the things we do at PSC is we track all the guidance documents, both at the agency level and at the Office of Management and Budget level. And we haven’t seen any updates of those recently. In fact, most of the last updates are from a year ago. There are a couple that were updated in January, in February, a couple of agencies. So we post those on our website. We have a whole shutdown resource center for our members. So we look at the guidance. But the other thing we look at is what can contractors be doing even if the government is not necessarily getting ready for it. And it’s almost as if the government thinks that if you get ready for it, that you’ll make it happen. We know that’s not true. And it would be wise and prudent not only for the government to get ready, and they probably are doing internal things, but to have those conversations with their contractors for continuity of operations and understanding of what’s expected.

Tom Temin And you have the Shutdown Readiness Center Resource Center, operated by PSC, which is basically advice. What is it you’re telling contractors? How can they prepare for this?

David Berteau Well, there’s three things contractors need to do, and they should be doing them now. Number one is take a look at all of their contracts and look at, for example, what’s the period of performance, what’s the funding level that’s already been committed? The obligated funds that are there. And thirdly, what the expected events coming up that might happen after Oct. 1. Is there a deliverable that has to be signed off on by the government? How do you make sure there’s somebody there to sign off on it in the event of a shutdown? Is there an option that needs to be exercised? Will there be people there to exercise those options? These are important things. So do your own assessment first. The second thing is to be, and I’ll come back to that your own assessment. The second thing is to be talking to your government customers. Even if they’re not getting guidance from above, even if they’re being told, don’t even begin to think about planning for this. You need to be having those conversations about what their expectations are. They won’t know, for instance, who’s assigned to go to work and not get paid under a shutdown in which government civilians are assigned to go home and not get paid during the shutdown. They don’t usually find that out until the morning of. But you can at least be having the conversation of here’s what we need to know from you. And the third thing you need to be doing, is to do your internal preparation. Know where your employees are, know how you’re going to get a hold of them, know where your facilities are, what your options are if you can’t get in your facility. So all of that’s an analysis and assessment that really should be ongoing all the time, but particularly as we get close to a shutdown.

Tom Temin We are speaking with David Berteau, president and CEO of the Professional Services Council. That’s a good point, that last one. Because often the government people whose agencies are affected aren’t allowed to communicate with contractors or keep things going on the fly. They’ve got to really shut down. I remember during one of the administrations, there were baskets of cell phones to be dropped in so that people couldn’t surreptitiously get on and do work.

David Berteau They’d be working. And that was back during the sequestration days. And Tom, one of the important reactions that government often has is, well, if we’re not working, you shouldn’t be working either with contractors. And this is a stark difference in a shutdown. The shutdown for federal civilians is top down. It’s driven from the top down. And you’re in one of two categories. You either work without getting paid or you go home without getting paid. But for contractors, it’s one contractor at a time. Every contract is different. And you have a responsibility to keep working unless, and until something happens to make you stop. What could happen? You could run out of money, but typically there’s plenty of money that’s been obligated, it just hasn’t been extended yet. Or you could run out of an ability to access the facility or access the networks that could stop you from working. Or the government could issue a stop work order. And what we urge contractors to do is communicate with your customers that there is no need for a stop work order unless one of those exaggerated factors comes into play. Just because the federal government isn’t necessarily working or isn’t in the office doesn’t mean the contractors can’t be working. We’ve particularly proved this under COVID with remote working, so contractors can continue going and are responsible to continue going unless something makes them stop.

Tom Temin Right. And to continue going means there are costs that keep going. The question is revenue. At some point you’ve got to cover your costs with revenue. And the revenue is what stops during the shutdown.

David Berteau That’s a great point. And one thing that contractors should all do between now and Sept. 30th is make sure their invoices are up to date and submitted, because an invoice can’t be paid if it hasn’t been submitted and approved. And you should only be submitting it after Oct. 1st if there is a shutdown, and there’s nobody there to receive an improvement.

Tom Temin Yeah. I wonder if the Bureau of the Fiscal Service is a critical function that is exempted. I don’t know, but it ought to be.

David Berteau What we’ve seen in the past is it depends on the source of their revenue. Oftentimes at the start of a shutdown, the paying agencies, whether it be the Bureau or Defense Finance and Accounting Service or whoever is paying those invoices, will often have a few days of leftover funding and they can continue working based on prior year funding. But it isn’t infinite, and it’s not indefinite. And you can’t really, as a contractor, you can’t really tell because you don’t know what invoices are going to be paid on what day. So it’s prudent to prepare for both options.

Tom Temin It’s like trying to rinse your hair when the shower has been turned off and just get the dribbles.

David Berteau Yeah, we’ve had that happen a couple of times when the power goes out.

Tom Temin Federal financial plumbing, happens and everything comes to a halt. All right. So what else? Anything else? Any final thoughts for contractors?

David Berteau Well, I think being prepared and going back to your customer is key. If the customer doesn’t want to talk to you, you have to be prepared for what you’re going to say when and if a shutdown comes along. And I think, certainly for PSC and our members, we like to be as ready as possible. The other thing is that the media tends to pay attention under a government shutdown to the impact on the federal employees. There’s also a potential impact on contractors, even if they’ve done all the things we’ve suggested. They have to be prepared for the possibility that their workers may not be able to charge that contract. You don’t want to have to fire them. And you certainly can’t do like the federal government and lay them off and say you’ll get paid later, because contractors are never made whole at the end of a shutdown, unlike federal civilian employees who now by law will be made whole as soon as an appropriation is passed. So that’s the real thing, is how do you make sure you get to keep your people on the payroll? What can you do? A couple things you can do. Send them to mandatory training. That’s something you’re going to have to do and pay for out of overhead anyway. Look at being ready to do that at a moment’s notice, or look at using leave and having employees usually leave up. October is a beautiful month anyway. Not that we want to have shutdown, but we want to be ready for it for sure.

Tom Temin And there’s also the issue of subcontractors and proteges, and they’re really out in the cold.

David Berteau They are very much out in the cold. And of course, each prime contractor has its own relationships and will have to make its own determinations as to which of its important subcontractors they need to keep in the loop with them. And those that are proteges under a mentor protege program would most likely fall into that category.

The company KBR may not be the most well-known commercial space company for those outside the business, but it’s one of the larger firms that does a ton of work with NASA — which is how it ended up being selected as NASA’s Agency-Level Large Business Prime Contractor of the Year. To find out more about the firm and what this award means for it, Federal News Network’s Eric White spoke to Todd May, Senior Vice President of KBR’s Science and Space Business on the Space Hour.

Interview transcript: 

Todd May KBR is a publicly traded company on the New York Stock Exchange that provides science, technology and engineering solutions to governments and companies around the world. The company itself has been in existence over 100 years, and KBR has 36,000 employees operating in more than 30 countries around the globe and provides solutions and strategies to help solve some of the great challenges and opportunities of our time. Through our primary solution pillars is what we call home government solutions and sustainable technology solutions. We have a standard of high impact success across the board. KBR is proud to work with its customers across the globe, providing technology, value added services and long term operations and maintenance services to ensure consistent delivery with predictable results.

Eric White And what areas do you mostly concern yourself with? What do you find yourself zeroed in on as a company and in your day to day?

Todd May Sure. You know, in the space world, KBR operates in civil space, commercial space, intelligence space and DOD space today. We recently closed on a deal to acquire Lindquist, which is a Chicago-based company in the national security space area. And so we’ve now expanded our capabilities across aerospace and digital digital domains. In terms of my business, some of my largest contracts are supporting Johnson Space Center and human spaceflight. We’re responsible for training the astronauts for planning space missions, operating the space station in support of our NASA’s contract are NASA’s customers there at Goddard. We operate about a dozen satellites, including several around the lunar area. For Goddard, we have engineering capabilities across multiple spacecraft platforms at Goddard, at AFRL. We support Johns Hopkins. We also manage the largest Earth observing data archive for the USGS, the Landsat data archive, which is over 40 years old and is really the, you know, the record of land change over that period of time. You know, things like deforestation and urban sprawl and major cataclysmic events, the ebb and flow of the Antarctic and Arctic ice floes and things like that.

Eric White It’s a really diverse amount of things that you all have your hand in. And, you know, that’s not typical for aerospace companies. Even some of the larger ones tend to narrow their focus on, you know, one area, whether it’s ground control or just creating rockets themselves. How did KBR find itself in so many realms? And, you know, was it through acquisitions like the one you just mentioned, or was it just kind of, you know, opportunity struck and that was the way things went?

Todd May Well, you know, even before I joined the company in 2018, I think KBR was looking to grow into these domains. And so through a number of acquisitions, a company called SGT, owned by a gentleman named Cam Defarion. We had acquired Wiley, we had acquired Honeywell Technical, HTSI, we call it, and really, you know, had a plan to buy into those areas and acquire into those areas and really grow out a world class platform. We later had an acquisition called Centauri, which got us into the intelligence space. And of course, the Olympus acquisition has a footprint over in Space Force. And so it has been a strategic growth vector for a long time. And I’m really proud of the way the company has taken these, you know, these smaller companies and formed a really strategic and coordinated series of business units and divisions, you know, that really has domain excellence across this entire spectrum.

Eric White Yeah. It seems as if the agencies you work with share your good feeling as NASA’s recently named KBR the agency level large business prime contractor of the year. What does that mean to a company like yourself when there is that recognition? And do you think it was because of all the work that you do with NASA in so many different areas that put you on the top echelon there?

Todd May Well, I think nothing happens alone. And so I think one of the things, you know, we are successful because, you know, our partner so successful and we try to create great partnerships. And, you know, having been on the government side myself for nearly 30 years, I was always proud to, you know, to see companies achieve this level of award. But, you know, KBR has been able to sustain this kind of recognition now for a while. You know, over the last five years, we’ve won 13 of these awards, and three of those have been at the agency level. You know, I think we do a great job of supporting NASA’s intricate missions, both as a prime contractor and as a mentor to small businesses, which is a big part of how this award is considered. You know, I think it really it builds over the years. And I think our customers have seen that and they reflected in the, you know, in giving us this award. We also secured the 2023 large business prime contractor of the year at both Johnson Space Center and Goddard, which are two of the largest centers at NASA. So, you know, I think it’s a lot of hard work by our people. You know, our people are there to provide solutions to their customers, but we also recognize that we partner with a bunch of other companies. And our job is not just to be successful ourselves, but also to, you know, I kind of view it as a rising tide raises all ships.

Eric White And not to belabor the point, but just because you all are factored into so many areas, I’d love to get your take on the sort of divide that a lot of commercial space companies are having to decide. What do they want to go towards the defense side or stay in the exploration slash commercial area? What is it about both sides of that that you could see going one way or the other? And how are you all handling that decision?

Todd May Yeah, I think there are certain aspects of those segments of the business that are different. You know, you say you get into intelligent space and a very large portion of that workforce is cleared at very high levels and do things that they can’t go home and talk about it with their families and yet on. And yet they’re very smart people. These are these are very well-trained, top of their class type people, solving very difficult issues. And then on the other side, you have very similar people who are very well trained, top of their class kind of people. And they get to do things they get to tell all their neighbors about as part of. Part of NASA’s charter is to is to inspire people with what they do. And everything’s very public. So there are some very different type aspects to it and there’s some similarities. I think KBR, we you know, we’ve segmented it out and we have an entire business unit now that is in that defense and Intel space, and they’re very well focused on their customers. And I’m in the commercial and civil side and I’m very focused on those customers. But we have a workforce that actually can flow back and forth between those because a lot of the problems are similar across those backgrounds. Some are very unique as well, but we’ve been able to to manage it well. I think I think another differentiator you have to do is decide whether you want to try to be in the OEM world to be someone who’s actually making rockets and spacecraft and selling them to the government. We’ve kind of chosen to be on the side where we’re supporting those those those people and those companies, except for a few specific areas. For example, we’re teamed with Axiom helping them build the next generation spacesuits. They’re an OEM company that, because of our expertise supporting the government on their current spacesuits, we bring a particular expertise to a new space company who is kind of just getting started. So we look for those win-win partnerships.

Eric White Yeah. And what’s the point of having a cool job if you can’t tell people about it? Right. I mean, that’s the reason you get into the space sector.

Todd May Well, I think we should all be very glad that there are some people who are doing jobs they can’t tell you about when they get home, but they are keeping us safe every day. Yes, very much guardians for a reason.

Eric White Absolutely. Absolutely. And yeah, I’d like to finish up here just by getting a little bit more info on yourself. You had mentioned some of your government experience in the past. If you could just kind of fill us in on how you got here and and what you’re all looking forward to in the future.

Todd May Yeah. So I started out at NASA’s Marshall Space Flight Center and in materials and processes, after about three years, moved the Houston work Space Station program, moved back to Huntsville and kind of got in the building where we were building Node Lab and airlock, got some manufacturing experience there, jumped over to the science side work, the Discovery New Frontiers program, which is a series of of space. Craft that explore the solar system. I went up to headquarters for a while and worked in the Science Mission Directorate. Came back down to Huntsville and started the Space Launch System program, ran that for about five years, and then ran Marshall Space Flight Center and retired in 2018. So I’ve kind of been all over the agency. We’ve been providing mission critical space support services to civil military and commercial spacecraft customers for more than 60 years. We’ve had a couple of big wins in the last year or so. And, you know, we’re looking forward to continuing to support NASA, particularly as NASA evolves, particularly helping to bring on the commercial Leo Destinations activities and the lunar mission and on to Mars. We feel like we’ve got the historical expertise in these areas and are pretty keen to help our customers evolve into the future. And you know, not just NASA, but a lot of our customers are changing the way they they acquire data, for example, or commercial companies who are coming on. As I said, there are some who are really ambitious and they could use our expertise just like NASA does, to help them be successful. So, you know, we see all of this as a continued growth business market sector and look forward to doing it for decades to come.

Eric White That’s Todd May, senior vice president of KBR Science and Space Business.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

The Pentagon is developing training and tools to ensure its program managers know when and how to mark sensitive information that will trigger Cybersecurity Maturity Model Certification (CMMC) requirements.

The Defense Department released proposed CMMC acquisition rules last month after releasing a complementary regulatory proposed rule late last year. DoD could start rolling out CMMC as soon as next year.

Under current defense acquisition rules, contractors that handle controlled unclassified information, or CUI, are required to protect it by following National Institute of Standards and Technology cybersecurity standards. The CMMC program is intended to provide third-party audits to verify whether contractors have implemented the NIST standards.

But DoD officials acknowledge CUI can be a vexing issue for program offices and contractors alike.

The Pentagon plans to do a “phased rollout” of CMMC over three years. During that period, programs will have the discretion to use CMMC requirements. Stacy Bostjanick, chief of industrial base cybersecurity at DoD, said program offices will need to identify their CUI before putting CMMC requirements into solicitations.

“They’ve got to understand how it lays in, how to disaggregate it and pass it down the supply chain, and we’ve got to be prepped and ready to do that,” Bostjanick said during a Sept. 12 event hosted by the Coalition for Government Procurement.

DoD is primarily concerned about U.S. adversaries stealing sensitive data about weapon system design and operations from defense contractors. But the department’s “CUI registry” identifies more than 100 categories of CUI, ranging from technical weapon system data to historic properties and death records.

In a report released last year, the DoD inspector general found the department largely wasn’t tracking whether programs were using CUI markings for emails and other potentially sensitive documents. DoD and contracting officials were also found not to be checking whether personnel completed required CUI training.

Those gaps “can increase the risk of the unauthorized disclosure of CUI or unnecessarily restrict the dissemination of information and create obstacles to authorized information sharing,” the IG wrote in the report.

‘More work to do’

During last week’s event, Bostjanick emphasized the importance of CUI training as the Pentagon rolls out the CMMC requirements.

“There’s training that we’re going to do to make sure that program managers know exactly what is CUI and what needs to be marked,” Bostjanick said. “I would say for companies, if you feel like you are developing information that should be protected, that you state that and let us know. So when we get it, we handle it correctly. And vice versa: if you don’t think that what you’ve got is supposed to be CUI, then you push back and you have the discussion.”

During the same event, Jeff Spinnanger, director of information and acquisition protection within the office of the under secretary of defense for intelligence and security, said his office is working with the DoD chief information officer to build tools for identifying when CUI markings are necessary.

“We have more work to do to fully implement the regulation,” Spinnanger said. “Those are the things that will help to create more consistency of application.”

But the Pentagon has yet to codify any CUI requirements into either of its CMMC rules. Dan Ramish, a procurement attorney with Haynes Boone, said CUI is “the crux of the whole system.”

“There’s no specific either regulatory or contractual requirement for DoD to identify what information that will be provided or generated under the contract is CUI,” Ramish said on the Federal Drive with Tom Temin last week. “And that’s a really fundamental point that should be addressed. It’s addressed in DoD policy and then frequently asked questions, but it should be in the regulations in the contract as well.”

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Up to 60% of all federal procurement spending happens at the end of the fiscal year, leaving little time for the government to conduct thorough contractor performance assessments.

And while self-assessments have emerged as a potential solution to the challenges of the contractor performance assessment ratings reporting process, Michael Derrios, the senior procurement executive at the State Department, said vendors rarely submit their self-assessments.

“Little to none,” Derrios said when asked what percentage of CPARS include vendor self-assessments. “It’s an incredibly underutilized tool. We would love to see more of it.”

“I will be the first to admit that our ratings at the State Department are not high. It’s challenging, and it almost always happens at the end of the fiscal year. It’s hard for people to find the time to do it. I also think there’s something skittish on the government side about, ‘I don’t want to really engage in a conflict with you.’ But if there’s a self-assessment that can serve as a starting point for that dialog, I think that kind of breaks the ice.”

Too often, there is little to no engagement between the vendor and the government from the beginning of the contract performance, so continuous communication throughout the contract period to avoid any surprises when CPARS ratings are finalized is crucial, said Derrios. “If any of you are ever shocked and surprised by a bad CPARS rating — somebody on the contract probably needs to get fired. Your program manager is not doing their job if they’re shocked that there’s a bad rating.”

“The dialog has to be happening throughout the year, and it’s almost like you have to be writing your CPARS the entire time with direct questions like, ‘How do you think this is going to play into CPARS ratings? You have to be that direct about the dialog.”

Dion Turner, the supervisory contracting officer at the Interior Department, said while CPARS can be somewhat subjective based on the contracting officer, documentation is key to ensuring fair evaluations.

“What’s not subjective is your documentation and what you did performing under that contract. One of the things I try to push is it’s not just about putting in rebuttals. That’s another reason why I’m a huge fan of the self-assessments because we should see your performance in the highlights that you have, even the ones that we have problems that the government didn’t know about that you resolved, but you did, just performing normally on the contract. Those are the types of things that I like to push for documenting your performance.”

“From a government’s perspective, I always push to have those conversations early on and to ensure you’re talking about performance. From a business perspective, you don’t know what to fix if you don’t know that there’s a problem and that leads to us having a project on the government side that may not go to full fruition or may have performance problems. At the end of the day, we’re always pushing for that win, win. It’s just a matter of how you document that,” said Turner.

Getting exceptional rating is possible even if you encounter problems

Contractors can still get an exceptional rating even after encountering progress — it’s more important how a company recovers from setbacks.

Soraya Correa, former chief procurement officer at the Department of Homeland Security and the CEO of the National Industries for the Blind, said contractors tend to hesitate to admit any contract problems during self-evaluation, but most of the time the strategy is counterproductive.

“Believe it or not, a lot of times it’s okay to have something go wrong. It’s how you recover. I’ll be very honest with you when I’m looking at self-assessment, if you tell me you’re great and wonderful and walk on water and never made a mistake — frankly, I don’t want you on my team. I want people that know how to recover from problems, know how to address failures and how to solve issues,” said Correa.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Defense contractors aren’t the only ones preparing for the launch of the Cybersecurity Maturity Model Certification 2.0. The Defense Logistics Agency is in the process of automating some of its contracting systems, including verifying a contractor’s compliance with the National Institutes of Standards and Technology’s Special Publication 800-171. This is a step in the direction of implementing the new CMMC proposed rule, released last month, which would incorporate CMMC requirements into contracts and solicitations once finalized.

“We’re gearing up as we speak to implement that into our processes as well as our automated program to assess the cybersecurity processes or practices, I would say, of our vendors,” said Jajuan Evans, systems procurement analyst for DLA, on Federal Monthly Insights — Contract Management Modernization. “NIST is the precursor. So we are in a position now where we validate that a vendor is covered by a NIST assessment if they’re going to have access to unclassified data or covered defense information. And then it’s going to be an overlap where we start to update our systems to implement CMMC.”

Evans said DLA analyzes risk in relation to vendors and the item being purchased, in relation to the price quoted for that item. That’s part of the supplier performance risk system, DLA’s authoritative source for vendor performance. As the supplier performance risk system lead for the DLA enterprise, Evans said he’s been involved specifically in tying certain cybersecurity assessments into that system, allowing DoD to access the system security plans of vendors who use controlled unclassified information or covered Defense information. DLA’s efforts to increase the use of automation in their contracting system include using that information to asses a supplier’s risk and quality score as a necessary validation before making an award.

Improving contracting efficiency

DLA already uses an extensive amount of automation in its contracting system, Evans said, as part of a recent push to improve contracting efficiency.

“Over the last few years, we really made a push to automate processes where we can. We already have a really robust automated solicitation program that, without any manual intervention, publicizes solicitations, requests for quotes, as well as an automated award program that will award procurements that meet certain criteria automatically,” Evans told the Federal Drive with Tom Temin. “So really reducing that need for manual intervention or for a contracting officer to make that award decision. We’re also leveraging new technology to improve contracting efficiency.”

That includes the use of robotic process automation, he said, to free up contracting professionals from repetitive tasks. For example, DLA created a “master solicitation” — a 12-to-15 page master list of clauses and provisions that apply to solicitations. Automated solicitations then refer back to the latest revision of that document, so that vendors can refer to that document, determine what applies to them and their particular proposal, and ensure they’re in compliance.

Evans said there’s a bit of a learning curve for new contractors working with the federal government, but with a little time and investment, they’re able to learn it and use it effectively.

That’s not to say every contract goes through this automated process; Evans said some more critical solicitations still require manual assembly by a contracting officer. In those cases, it’s incumbent upon the contracting officer to manually include the required provisions.

“So the goal is to leverage that capability as much as possible where it makes sense,” Evans said. “And then for more complex contract actions, we’ll lean on the acquisition specialist or the contracting officer to create those.”

Similarly, DLA is using an automated system to make awards in certain cases, where it determines the product is an correct fit and within pricing parameters. In other instances, however, it will flag an award for manual review. For example, it would do so if a contractor objected to a specific term.

Reducing acquisition lead time

DLA has implemented all of this automation as part of a larger effort to reduce procurement acquisition lead time. DLA tracks time-to-award in on-time deliveries. Acquisition specialists and contracting officers have certain metrics they’re required to meet, like specific solicitation or award times. This helps DLA identify and address bottlenecks in the acquisition process.

“At the end of the day, our goal is to provide that item or that service to our customers, to the warfighter, where it needs to be, when it needs to be there,” Evans said.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

The U.S. Army has reportedly made significant progress with its Future Tactical Uncrewed Aircraft System, or FTUAS, program.

Two competitors — Griffon Aerospace and Textron Systems — completed the modular open system approach, or MOSA, conformance evaluations in May and later conducted flight demonstrations of their prototype aircraft, the Army announced Tuesday.

The FTUAS are intended to help brigade combat teams by providing reconnaissance and surveillance. The data they collect will enable the BCT commanders to make the right decisions during multi-domain operations.

The MOSA certification was done by replacing the hardware and software of the vendors’ prototype aircraft with the mission computer from a third-party surrogate. This allowed the independent assessor to determine the openness and modularity of the prototype.

During the flight demonstrations, held at the Army Redstone Test Center, the unmanned systems were evaluated based on their vertical takeoff and landing, on-the-move command and control, reduced acoustic signature, system integration, rapid emplacement and flight performance.

The FTUAS program is in accordance with the mission of the Program Executive Office for Aviation, particularly the Uncrewed Aircraft Systems Project Office, of modernizing the Army’s aviation fleet of crewed and uncrewed aircraft.

MITRE has released its response to a request for information issued by the Federal Risk and Authorization Management Program regarding a set of metrics meant to measure the end-to-end FedRAMP authorization experience.

Public input had been sought for those metrics with the aim of focusing and refining them, MITRE said Tuesday.

Input was solicited from a variety of stakeholders, including cloud service providers and third-party assessment organizations. Responses were to be submitted no later than Aug. 29.

For its part, MITRE recommended that the metrics be expanded to enhance the effectiveness of FedRAMP beyond cost and timeliness to include the streamlining of compliance and the reduction of redundant assessments.

Concerning the latter, MITRE specifically proposed that FedRAMP processes and metrics be revised to bring about “reciprocity-at-scale,” a concept that calls for the reuse of assessment information across risk management frameworks and assessment and authorization processes.

MITRE believes that through reciprocity, the government would be able to deploy secure cloud services faster by being able to recognize certifications and authorizations across varying frameworks, while service providers would be able to expand their services into new markets while enjoying savings from not having to undergo multiple certifications.

MITRE’s other recommendations include those concerning continuous monitoring and support for the adoption of quantum resistant cryptography and zero trust.