The Continuous Diagnostics and Mitigation (CDM) program, led by the Department of Homeland Security, was designed to fortify the cybersecurity of government networks and systems with capabilities and tools that identify risks on an ongoing basis, prioritize these risks based on potential impacts, and enable personnel to mitigate the most significant problems first. The program was rolled out in phases with phases one and two pretty much complete across government.
Now that agencies know what and who is on their network, they need to move onto phase three - what is happening on the network. This involves installing and managing the network and perimeter security measures. Given that the perimeter now includes mobile devices, securing those devices and the way they access the network is critical to meeting CDM goals. Currently,agencies are mapping out mobile connections at the agency level, and the networks with which agencies are regularly interacting.
As we've written here, the contracting and procurement market is at an interesting crossroads. The current workforce is aging and retiring making it difficult to find and train incoming talent. Additionally, new technologies such as AI and blockchain are being introduced and changing daily workflow. Now more than ever, the contracting community needs ways to keep the workforce trained on tried and true processes of this profession as well as get up to speed on emerging technologies and tactics. Luckily, an organization exists to do just this.
The National Contract Management Association (NCMA) celebrates its 60th anniversary in 2019 but with the industry pressures detailed above they have no plans of slowing down. The group brought in a new CEO in 2018 to lead their growth and support for members. Kraig Conrad comes to NCMA with 20 years of association leadership and experience helping organizations evolve to meet changing member and market needs. Kraig took some time to share how NCMA is ramping up efforts to support contract professionals through their events and training. Continue reading →
The last time we wrote about FITARA, the news was pretty grim. The 6th check-in since the Federal Information Technology Acquisition Reform Act (FITARA) was enacted in December 2014 found that many agencies were backsliding regarding their ability to show progress against FITARA goals of Data Center Consolidation, IT Portfolio Review Savings, Incremental Development, and Risk Assessment Transparency. This was a bit surprising given that the introduction of the Modernizing Government Technology (MGT) Act was expected to help improve FITARA scores. While compliance with MGT is still slow, some other areas picked up momentum helping propel the FITARA scores upward.
The seventh version of the FITARA scorecard showed progress at many agencies over the six months between reports. No agencies saw their grades drop. Additionally, for the first time, there were no Fs on the report. Now, getting excited about no Fs may be setting the bar a bit low, but the DoD, due in part to sheer size and complexity, has struggled with the scorecard, and this cycle earned a D+. Other agencies making notable progress were the VA moving from a C+ to a B+, HHS from C- to B+, and Small Business Administration moving from a D+ to a B+. Continue reading →
As we complete another trip around the sun, we took some time to look back at the past year and do some thinking about what's to come in 2019. Market Connections helped with this reflection when they released their 2018 Federal Media and Marketing Study with a focus on confidence in news sources. Federal news media and associations were among the most trusted sources of content for federal buyers both in terms of written information and events. Additionally, the study found that participation in events and webinars has remained very steady over the past several years. This finding was echoed in our own survey conducted late last year. Events have proven to be a staple for marketers and attendees alike.
2018 saw us celebrating our own place as a staple in the events community. We celebrated eight years of providing an online, one-stop-shop for the public sector and supporting industry. Users are able to find the events that aid in their professional development, their organization's mission, and their business goals. Continue reading →
The Federal Risk and Automation Management Program, commonly known as FedRAMP, was introduced in 2010 and signed into policy at the end of 2011 as a "standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services." In plain English, it provides a baseline for agencies to determine if a cloud solution is secure enough for them to use. Vendors get FedRAMP certified as a way to prove their solution is ready to plug and play into federal systems.
In recent years, cloud has moved from a curiosity for most agencies to a key part of IT infrastructure. With this change in cloud acceptance and use, FedRAMP has also started to evolve to meet today's needs. Last summer, Rep. Gerry Connolly introduced the FedRAMP Reform Act of 2018 as a more stringent enforcement of the use of FedRAMP guidance. Continue reading →