Behind the Curtain: National Contract Management Association

As we've written here, the contracting and procurement market is at an interesting crossroads. The current workforce is aging and retiring making it difficult to find and train incoming talent. Additionally, new technologies such as AI and blockchain are being introduced and changing daily workflow. Now more than ever, the contracting community needs ways to keep the workforce trained on tried and true processes of this profession as well as get up to speed on emerging technologies and tactics. Luckily, an organization exists to do just this.

The National Contract Management Association (NCMA) celebrates its 60th anniversary in 2019 but with the industry pressures detailed above they have no plans of slowing down. The group brought in a new CEO in 2018 to lead their growth and support for members. Kraig Conrad comes to NCMA with 20 years of association leadership and experience helping organizations evolve to meet changing member and market needs. Kraig took some time to share how NCMA is ramping up efforts to support contract professionals through their events and training. Continue reading

FITARA 6.0: The Case of the Falling Scores

As summer vacation is in full swing across the country, we're sure many of you are missing tracking the grades of your students (insert sarcasm font here). We wanted to fill that void with a look at where agencies stand on their FITARA report cards. We've written here before about the progress, and lack of progress, agencies are making regarding modernizing IT infrastructure and services. The sixth report card on FITARA compliance was issued in May so we wanted to revisit the topic.

The Federal Information Technology Acquisition Reform Act (FITARA) was enacted in December 2014 and agencies are evaluated on their progress against the Act's goals about twice a year. The latest report found that despite a renewed focus on modernization from both the executive and legislative branch, agencies are actually backsliding in terms of grades.

Part of the challenge agencies had with this reporting period was the addition of a new category to track progress on the Modernizing Government Technology (MGT) Act. This "failure" should perhaps have been graded on a curve since MGT has only been in place since December 2017, meaning many agencies have not yet had a chance to have their proposals funded, much less started work.

But even discounting the MGT "learning curve," agency scores show that there is a real struggle across the board in meeting FITARA goals around: Continue reading

Insider Threat Within Government

Whether it's an Edward Snowden situation or "simply" just someone clicking on a rogue link, insider threat is a real issue for every organization. Insider threat is defined as a malicious threat to the security of an organization and its data that comes from people within the organization, such as employees, former employees, contractors or business associates. These people have some level of legitimate access to systems and information and therefore can open an organization up to attack or a breach. One statistic estimates there is one insider threat for every 6,000 to 8,000 employees within a government agency.[Tweet "Agencies need a combination of monitoring and detection technologies. #GovEventsBlog"]

To mitigate this threat, government agencies need a combination of monitoring and detection technologies, identity management tools, process and policy reviews, forensic capabilities, and user training.  It's a complex problem to "solve" but luckily there are a number of events and resources available to help make sense of all of the issues.

We've pulled together a list of several upcoming events to help in understanding and mitigating insider threats to any agency or organization.[Tweet "Upcoming events covering insider threats to any agency or organization. #GovEventsBlog"] Continue reading

Digital Forensics 101

The digitization of records and processes across government increases the need for sound digital investigation tools and processes. Whether it is looking into a data breach or gathering information for litigation, organizations are spending a lot of time culling through this data to get answers to pressing issues. An IDG survey found that a vast majority of organizations conduct digital investigations on a weekly basis. These investigations range from proving regulatory compliance, security incident response (including post-event analysis), and stopping high risk employee behavior (acceptable use violations).[Tweet "A look at digital investigations with Tod Ewasko, Director of Product Mgmt. at AccessData. #GovEventsBlog"]

We sat down with Tod Ewasko, Director of Product Management at AccessData to learn more about the role of digital investigations as a part of everyday IT efforts.

Q: Who "owns" forensics? IT? Legal? HR?

A: The answer is kind of all three. Many people lump forensics in with cybersecurity, but it's really a separate entity. Yes, forensics tools are used to investigate cyber incidents, but they are not preventative. That is what you have the "hunting" tools out there for - watching firewalls and logs for anomalous behavior or activity. Once that is stopped, then the forensics tools come in to make sense of it - to see how it happened and drive the plans to make sure it does not happen again. Forensic tools look beyond the event and gather all data relevant to the systems in question.

Q: Is forensics all reactive then? Continue reading

National Guard Chief Predicts Changes In Training

From time to time GovEvents will come across information we feel our members and audience would benefit from. Here's something we wanted to share:

As some Army National Guard soldiers begin training under a new system that increases the number of days on the range, the chief of the National Guard Bureau predicts "some changes" if the greater demands are not sustainable over the next few years.

In remarks at a March 12 forum hosted by the Association of the U.S. Army's Institute of Land Warfare, Air Force Gen. Joseph L. Lengyel said the Sustainable Readiness Model put in place in fiscal 2017 as a means of reaching a higher level of readiness across all components makes higher training demands on reserve forces. It may not be sustainable for individual soldiers whose "civilian lives won't be able to tolerate it," he said. "I predict there will be some changes."

"Those heavy brigades are going to do 39 days one year, 48 days next year, 60 days in that third year and to sustain that readiness they're going to do 51 days the following year," Lengyel said. "That's a lot of training days. A lot of days." Continue reading