Understanding Barriers to Zero Trust

Two years following the "Cyber EO" naming zero trust as the security architecture of the future and after one year of implementing the Federal Zero Trust Strategy, federal agencies have made important progress predicting and identifying roadblocks. With the first major deadlines coming at the end of 2023, this year is critical for figuring out how to overcome identified barriers.

Resource Issues

A survey found that 35% of federal CIOs say they have "intermediate or advanced" zero trust capabilities in place, but there are concerns about having the right resources and funding to fully meet administration mandates. Nine in 10 respondents agreed a key step is having a zero trust assessment performed by an outside resource to identify gaps and key focus areas, but contracting and finding funding for this effort is difficult. With this assessment, existing resources can be assigned to the most critical and impactful areas, and the need for additional funding and resources can be prioritized. Funding specifically earmarked for zero trust will be in FY24 budgets. This funding is determined by aligning the work and tools needed across each capability area. Continue reading

Continuing Cloud Innovation

Use of Cloud Computing is now standard practice across federal, state, and local government agencies, but that does not mean the technology is growing stale. Organizations are finding new ways to use the flexibility of cloud computing to deliver on their missions.

Radio in the Clouds

The National Oceanic and Atmospheric Administration (NOAA) is examining options for a "transition from hardware-based ground radio processing to cloud-based software applications." In practice, this would mean digitizing NOAA radio frequencies using devices that are software-driven, rather than traditional hardware-based devices, to support the agency's satellite programs' need for telemetry processing--the reading and transmission of data from a remote source. Continue reading

FITARA Report Looks to Future Evolution

The 15th Federal Information Technology Acquisition Reform Act (FITARA) scorecard was issued in December 2022 to provide a look at how agencies are meeting modernization goals. Much like the 14th report, all measured agencies improved their scores or stayed the same indicating that changes are needed to ensure the report fully reflects today's modernization goals that have shifted from data center consolidation to cloud usage, and onward to Zero Trust cybersecurity strategies. The committee overseeing the scorecard, as well as industry groups, are looking at ways to better align modernization activities with the report.

FITARA 15 Findings

Currently, the seven active grading categories on the scorecard are: 1) progress in transitioning to EIS contracts; 2) CIO authority enhancements; 3) transparency and risk management; 4) portfolio review; 5) data center consolidation; 6) Modernizing Government Technology (MGT) Act; and 7) cybersecurity/FISMA. Continue reading

Building the Case for Software Factories

The term "software factories" conjures up images of pristinely clean technology assembly lines with super-efficient singularly focused line workers. In reality, a software factory is not a place, but rather a process for improving the speed of software development and release. A software factory provides a repeatable, well-defined path to create and update software. As the name implies, a software factory applies manufacturing techniques and principles to software development. This means software factories provide templates, playbooks, and reusable code that people across the organization can use to quickly create new applications.

With DevOps and agile software development methods as a basis, a software factory combines tools, teams, and practices to standardize and reuse code, building upon accumulated knowledge. Organizations using software factories not only speed up software delivery but find that software is of higher quality being built on proven code. Continue reading

FITARA 14 Serves as Reset on Modernization Measurement

After issuing the last set of Federal Information Technology Acquisition Reform Act (FITARA) scores, the parties responsible for the program said they would begin examining ways to evolve the measurements to be more meaningful to today's modernization goals. The latest report was issued in July of 2022 and reflected a shift to new measures resulting in eight agencies with declining marks and 15 agencies holding steady with the previous grades. This backslide and stasis is not bad news and was expected given the removal of data center consolidation goals, an area all agencies had mastered with "A" scores.

This 14th FITARA scorecard should be viewed as a measure of where agencies are in relation to newer IT modernization goals. One such measure that drove low scores is the fact that many agencies have not fully transitioned to the Enterprise Infrastructure Solutions (EIS) contract. Numerous agencies report that they are close to finalizing the plans to do so and could be compliant with this measure by the next report. Continue reading