The legislation, a revitalization of the Modernizing Government Technology Reform Act from 2017, calls on agencies to adhere to the original intent of the bill and require issued funds to be repaid or reimbursed to ensure TMF sustainability and solvency. With some new amendments, Congress struck down the act’s authorized appropriations amount requirements and extended the sunset date to December 2031.

There is not currently a companion bill in the Senate, but the House Oversight and Accountability Committee is in conversation with the chamber to support the legislation further.

A committee aide said the House bill was modified to “reflect the reality that the fund is a revolving fund, and therefore has different appropriating needs every appropriation cycle.”

“That doesn’t mean we don’t intend for the fund to be appropriated,” the aide continued. “We are taking out the stagnant annual appropriations amount and allowing for more dynamic appropriations to be decided by the appropriations committees each fiscal year.”

Significantly, the bill aims to impose additional constraints on reimbursements to provide agencies with flexibility for repaying the fund.

The new bill was marked up in September and passed out of committee unanimously — a precursor to the continued bipartisan support expected by the committee. The fiscal year 2024 spending package had rescinded $100 million from the TMF, drawing calls from board chair and federal CIO Clare Martorana for Congress to “please fund the TMF.” 

The aide shared that the committee has been in “a series of positive conversations” with the General Services Administration, which manages the TMF program office. 

“I think there’s a bipartisan interest on the Hill ensuring the TMF remains a successful tool to address legacy IT for the next several years and into the future,” the aide said. “I think GSA is aligned with our vision and approach for how we hope to see that done.”

In February, GSA updated its policy for agencies seeking financial assistance from the TMF that set the repayment floor at a minimum of 50%, with room for exceptions to be decided by the GSA administrator and the Office of Management and Budget director.

Both GSA and OMB declined to comment.  

“I think we have additional conversations to have on the Hill about how to appropriately fund the TMF while ensuring that it’s a revolving fund and those funds are being best used to support legacy IT projects,” the aide said. 

Rep. Gerry Connolly, D-Va. — who is co-sponsoring the bill with Reps. Nancy Mace, R-S.C., and Ro Khanna, D-Calif. — said in an email to FedScoop that he believes “the federal government is only as good as the IT [it] utilizes,” a principle that he said led him to author the legislation and drives his “critical oversight efforts” of programs like FITARA.

“With this bill, we can ensure the federal government is able to modernize its IT, move away from its reliance on legacy systems, and better serve the American people who rely on government technology to deliver for them,” Connolly said.

Mace did not respond to a request for comment in time for publication.

The post House passes Technology Modernization Fund bill, awaits Senate’s move appeared first on FedScoop.

During a Tuesday hearing regarding the VA OIT’s budget justification, Chairman Matt Rosendale, R-Mont., and ranking member Sheila Cherfilus-McCormick, D-Fla., both questioned how the budget would affect operations. 

Kurt DelBene, the VA’s CIO and assistant secretary for IT, acknowledged that “it is a challenging budget for us,” forcing the agency to “be very focused on where we invest.” Modernization funds, he said, will have to be “judiciously” allocated “against the highest-priority projects” that the agency has. 

DelBene said that the agency’s original budget submission to the Biden administration did not reflect the same reduction to development efforts specifically for technology as the FY25 document ultimately did. 

The FY25 budget in brief, released by the VA, listed the following reductions across OIT:

• Development allocations at $960,000, a 99.2% reduction, or approximately a $125 million decrease. 
• Enhancement funds at $45 million, an 87.7% decrease, previously standing around $363 million.
• Modernization funds for FY25 are $267 million, a 66.5% cut, previously having allocated funds just under $800 million. 

As a result of the clawed-back funds for VA OIT, DelBene said that the agency is going to have to have a “very strict prioritization of the work that we do.” 

“I do think that we will be able to address the critical projects that we need to address in FY25 with this budget,” he added. “I think we’re making some trade-offs, which will not work well if we sustain those over multiple years.”

In response to a question from Cherfilus-McCormick, DeBene pointed to the need for increases in future years “because you can’t just continue to be at a lower level” for these funding allocations. 

DelBene also noted that the department is looking at a decreased budget for replacing technology, such as PCs, which he estimated to cost between $15-$20 million. 

“We will replace PCs less frequently as a result,” DelBene said. “That’s my point, is that we can’t continue to do that every year. But I feel especially with some of the funding we’ve got recently and the fact the fleet has been updated, we can do that for one year and make that through. But we’re going to have to be diligent about it in future years.”

DelBene said his goal is to not allow veteran care to be hampered as a result of budgetary pitfalls.

“There are difficult choices that have to be made across the entire administration so I respect the challenges of making those cuts,” DelBene said.

The post Veterans Affairs’ IT budget sparks bipartisan concern for modernization and development appeared first on FedScoop.

The Office of Science and Technology Policy said in a fact sheet that it had secured  hundreds of commitments with non-federal organizations to assist in areas of need within STEMM, such as improving representation in entertainment, ensuring inclusive workplaces, enabling related programs to be more accessible, and more.

OSTP’s announcement came during a White House summit on STEMM equity and excellence, expanding on the 2022 STEMM Opportunity Alliance (SOA) initiative to “lead and coordinate cross-sector action to help achieve greater equity” across science and technology-facing fields.  

The commitment to this effort is intended to “help drive progress” on STEMM Equity and Excellence 2050, a strategic plan released Wednesday by SOA that outlines a national strategy for constructing a diverse workforce with expanded opportunities.

“Knowing that those from underserved communities, individuals from underrepresented racial and ethnic groups, rural communities, women, people with disabilities and LGBTQI+ people have long faced barriers to equitable participation in STEMM, this administration has acted to foster a more just STEMM ecosystem,” Kei Koizumi, the principal deputy director for policy at OSTP, said during the event.

The office said in its press release that the SOA’s coalition represents over 200 organizations and “has powered additional commitments towards STEMM equity,” bringing a total of $2 billion to support these efforts. 

“The bold goal is to add 20 million new diverse STEMM professionals to the U.S. workforce across all jobs and sectors by 2050,” the strategic plan’s executive summary states. “This vision requires decades of concerted, coordinated action beginning now.”

OSTP touted non-federal partnerships that complement work done by federal entities, such as the Department of Energy’s first cohort for the agency’s Faculty-Applied Clean Energy Sciences program. That partnership, also announced Wednesday, will work to support the expansion of opportunities and diversification of the STEMM workforce. 

Participants in the DOE’s 10-week summer program were selected from minority-serving institutions that included tribal colleges and universities, historically Black colleges and universities, Asian-American and Native American Pacific Islander-serving institutions and others. 

Christy Jackiewicz, chief of the Minority Educational Institutions Division in DOE’s Office of Energy Justice and Equity, said in a statement that program leaders are “excited to partner with [the agency’s Office of Energy Justice and Equity] and [the National Renewable Energy Laboratory] to improve the future of STEM, not only through the faculty of minority-serving institutions but also through the students who will benefit from their knowledge and understanding, both in the classroom and as they enter the workforce of the future.”

The post OSTP unveils national STEMM strategy centered on improving workforce diversity and opportunities appeared first on FedScoop.

The guidance released this week from a CISA and NSA-led panel of government and industry experts highlighted confusion over MFA terminology and vague policy instructions as primary challenges that have so far prevented seamless application of the user authentication process. 

While one seemingly simple proposed fix from the panel is to settle on a more standardized MFA vocabulary, a thornier problem identified is the “lack of clarity regarding the security properties that certain implementations provide.” Additional steps to standardize and simplify the benefits provided by MFA were recommended by the panel, including greater investments by vendors into “phishing-resistant authenticators to more use cases to provide greater defense against sophisticated attacks.”

Other MFA-related challenges raised by the panel centered on sustainability and governance of user sign-ups, noting that a reliance on self-enrollment and “one time enrollment code[s]” leaves systems vulnerable to cyber threats.

On the single sign-on front, experts highlighted the “significant tradeoff” between functionality and complexity, adding that R&D efforts should prioritize a “secure-by-default, easy to use, SSO system to address these gaps in the market.”

Additionally, the panel suggested that SSO accessibility could be improved by bundling those capabilities in all high-enterprise product features, ensuring that small- and medium-sized organizations aren’t priced out.  

The concepts called out in the CISA-NSA guidance fall under the broader framework of identity and access management, a critical component of zero-trust security and a pillar of the government’s efforts in that space. The White House’s 2021 executive order on improving the nation’s cybersecurity called for advancements in zero-trust architecture within the federal government, while the 2022 OMB memorandum doubled down on the strategy, calling for stronger enterprise identity and access controls, including MFA.

The post Stumbling blocks abound in federal push to stronger identity and access management, CISA and NSA panel finds appeared first on FedScoop.

The post Planning a robust response to cyberthreats with a zero-trust mindset appeared first on FedScoop.

The Government Accountability Office found that with reported and future closures, 4,716 federal data centers will continue to operate. That number, in general, puts the 24 CFO Act agencies collectively behind on OMB’s Data Center Optimization Initiative, launched in 2016 with the goal of reducing outdated or duplicative facilities.

“Until agencies consolidate the data centers required to meet their targets, as well as identify and report the associated cost savings, they will be challenged to realize expected efficiencies and the full benefits of DCOI will not be fully realized,” reads the report, released April 11.

Since the passage of the Federal Information Technology Acquisition Reform Act in 2014, GAO has reviewed agencies’ data center inventories. In March 2018, GAO found 74 of 81 prior recommendations to agencies for consolidating and optimizing their data centers had gone unaddressed, compared to 47 in December.

OMB defines a data center as any facility used to process or store data, and about 6,250 centers closed between 2010 and September 2018 in order to, among other things, reduce the amount of time data servers sit idle. Another 1,200 centers are slated for closure through 2023, according to the GAO. 

As of August 2018, agencies identified 12,166 data centers once or currently under their operation, a 9,000-center increase since October 2011 — largely due to the broadening of the definition.

DOT, Defense, Interior: We need revised targets

Of the 11 agencies with no plans to meet some or all closure goals, some are seeking revised targets from OMB. CIOs at the departments of the Interior and Defense, as well as the Department of Transportation’s director for IT compliance, cited mission-critical data centers like those in airport control towers, in the case of DOT.

GAO estimates the total savings from data center closures at $2.36 billion between fiscal 2016 and fiscal 2018, but five agencies collectively missed their cost savings goals by $380 million. Those agencies were the DOD, DOI, Department of Veterans Affairs, Office of Personnel Management, and Social Security Administration.

Another three agencies never even set a cost savings target: the Department of Housing and Urban Development, the Environmental Protection Agency and the National Science Foundation.

All 24 agencies made limited progress improving server utilization and automated monitoring, energy metering, power usage effectiveness, facility utilization and virtualization, according to the report. Only three agencies met three targets, nine met one, and 10 met none, with two agencies not owning any data centers to report progress.

The most agencies, eight, reported meeting OMB’s target for reduced energy use by IT equipment, followed by six agencies increasing their ratio of systems in operation to physical servers.

“The continuing shortcomings in data center optimization can also be attributed, in part, to agencies viewing OMB’s optimization metric targets as unrealistic,” reads the report.

DOT said lack of sufficient funds and competing priorities hindered implementation, according to the agency’s DCOI strategic plan.

GAO found the six agencies that “demonstrated success” in optimizing data centers had executive leadership buy-in for consolidation, developed an organizational communications plan, and focused on closures. Those agencies were the Department of Agriculture, Department of Commerce, Department of Justice, EPA, General Services Administration, and SSA.

Only the Department of Health and Human Services disagreed with all of GAO’s recommendations that it meet data closure and data center optimization targets, calling them
“expired requirements.” HHS hit its tiered data center closure goal but had no plan to meet the goal for non-tiered data centers or four of the optimization goals because OMB is in the process of setting new targets for the agency.

The post Federal agencies continue to face challenges in consolidating data centers, GAO says appeared first on FedScoop.

Because task orders under the CDM program are centrally funded by the Office of Management and Budget to provide basic continuous monitoring capabilities for all CFO Act agencies, CDM mirrors the business case behind a centralized, governmentwide IT modernization fund in that the federal government could invest in capabilities that each could benefit dozens of agencies, said Jim Piche of the General Services Administration during a panel hosted Wednesday by the Institute for Critical Infrastructure Technology.

“The CDM program is actually a pilot of that investment fund where we’re getting a centralized appropriation to leapfrog every agency’s technology to the next level of CDM, whether it be hardware, software management, role and authentication, HSPD-12, or any kind of FISMA reporting,” said Piche, senior director for the homeland sector in the GSA’s FEDSIM, the office leading the CDM program procurement. “There’s this core investment that is being centrally funded through OMB.”

A centralized, governmentwide IT modernization fund has been championed by U.S. CIO Tony Scott and proposed in legislation by Rep. Will Hurd, R-Texas, that is known as the Modernizing Government Technology Act. The Treasury Department would house the fund and the GSA would administer it at the discretion of a board. The bill passed the House last year before stalling in the Senate due to a steep cost estimate from congressional budget analysts.

While money from that fund could be given to individual agencies for modernization needs, it could also be used for “the development, operation, and procurement of information technology products, services, and acquisition vehicles for use by agencies to improve Governmentwide efficiency and cybersecurity,” the bill reads.

DHS is currently in the phase of working with agencies to implement the second phase of the program, particularly credentials and authentication management, which it calls CRED. GSA recently awarded a single contract for the CRED portion of phase 2 to integrator CGI, who brought in Centrify and SailPoint to provide base-level continuous monitoring services around credentialing.

“The whole program is centered around leveraging funding that’s already in place for agencies to start to upgrade their controls around cyber-identity,” said Jeremy Grant, a managing director with the Chertoff Group and the National Institute of Standards and Technology’s former identity management buff.

Doing so, the federal government is able to “achieve incredible bang for the buck,” Piche said, “rather than distributing the funding to all the agencies and diluting the capability of what industry is providing to government.”

The beauty of the way CDM has been funded and procured, panelists explained, is that beyond the initial capabilities DHS helps provide through the task orders, agencies have the ownership to expand upon them as they wish. Rather than dictating federal agencies’ full path to cybersecurity competency, CDM is more of a nudge in the right direction.

The companies under the CDM task orders can provide much more than what DHS has asked them to do, said Ross Foard a CDM phase 2 engineer at DHS.

“We asked for a limited set of capabilities that we wanted with these products, and these products do much more than we asked for under the CDM capabilities,” Foard said.

DHS will provide a period of operations and maintenance under the program before leaving the agencies with the licenses to operate the tools on their own. At that point, he said, “You are able to as an agency do other things with these products that you have license to do.”

Paula Wells, vice president with CGI, said the integrator chose to partner with SailPoint and Centrify “for their broad capabilities,” despite the CRED task order’s “very narrow focus.”

During the initial implementation phase, she said, the challenge is “going to be walking that line between these great tools and great capabilities but the constraints of our task order is to deliver these very specific capabilities.”

“Once you own it, you can turn on all these other great functions,” Wells explained.

The future of CDM really lays in the hands of the agencies, Piche said.

Though the first three phases of CDM are centrally appropriated “and DHS is providing the candy store of ‘look at all these great and wonderful things you can do,’ they are only tasked with providing and delivering the base, core capabilities,” he explained.

“So while DHS will continue to be the technical leader and the technical policy guide in where agencies are going with CDM, OMB is committed to putting CDM funding in the agencies’ hands [after that],” Piche said.

The post CDM — a pilot for a central IT modernization fund? appeared first on FedScoop.

“We had a few protests on Alliant 2 on several issues,” Mary Davie, head of GSA’s Information Technology Category office, tweeted Wednesday. “They have all been dismissed. We are proceeding with evaluations and award.”

The next-gen Alliant 2 contracts — one open to all contractors and another dedicated only to small businesses — is a follow up to the premier federal IT governmentwide acquisition contract, Alliant, which pools custom IT providers on one full-range vehicle to meet the evolving needs of federal agencies. The original Alliant contract was launched in 2007.

Like many of GSA’s governmentwide contracts, the new Alliant 2 vehicles are indefinite delivery, indefinite quantity contracts, inviting IT contractors to compete for a spot on the vehicle through which agencies can place task orders for their services.

Sevatec, Inc., InfoReliance Corporation, Enterprise Information Services, Inc, and Buchanan & Edwards, Inc. — all Northern Virginia-based IT contractors — protested the terms of the vehicle’s request for proposals, arguing collectively “that the RFP’s evaluation scheme is improper, that the agency is unreasonably assigning certain points to small businesses, and that limiting the number of awardees to 60 will not result in competition at the task order level,” according to the Government Accountability Office, which serves as a body to hear and resolve federal bid protests.

Going point-by-point, GAO explains why it deemed each of those concerns invalid:

• On the evaluation scheme: It’s “impermissible for failing to properly consider price is denied; the Federal Acquisition Regulation permits agencies to use any one or a combination of source selection approaches to obtain the best value.”
• On the assignment of points to small businesses: “[T]he protesters have not shown that the agency’s allocation of points is unreasonable, or otherwise alleged that the agency is engaging in improper disparate treatment.”
• On limiting awardees to 60: “Record shows that the agency intends to award approximately 60 contracts, and has taken other steps to encourage competition at the task order level.”

GSA issued the Alliant 2 RFP in June 2016, originally accepting bids through Aug. 29 last year. Shortly before that deadline, though, the agency announced an extension into September to “be sure that our intentions are vetted, are on the right track, and cover all angles,” Davie explained in a blog post.

Alliant 2 has a five-year base period of performance for companies awarded a spot on the vehicle and a five-year option to extend, with a total ceiling value of $50 billion for all task orders.

The post GSA’s $50B Alliant 2 ready to go after protests denied appeared first on FedScoop.

The General Services Administration’s Federal Risk and Authorization Management Program granted provisional authorities to operate Jan. 5 to Amazon Relational Database Service, Amazon CloudWatch Logs and AWS CloudTrail within the AWS GovCloud region, which serves federal, state and local governments.

FedRAMP’s Joint Authorization Board assessed the services at the high baseline level, meaning federal agencies can use them to process the most sensitive unclassified data, like personally identifiable information and personal health information.

The three services will speed up agencies’ delivery in the cloud, according to AWS Vice President of Worldwide Public Sector Teresa Carlson, by allowing them to easily develop databases for data management, and secure and monitor user access.

“We are constantly listening to our customers and work to deliver more services to help accelerate their missions in the regions where they do business, and it is no different in the AWS GovCloud (US) Region,” Carlson said in a statement. “We are thrilled to offer these three new services that meet the FedRAMP High baseline.”

The larger GovCloud service was one of three authorized under the high baseline when it was first launched in June 2016, along with CSRA and Microsoft Azure services.

The post FedRAMP authorizes three AWS services under high baseline appeared first on FedScoop.

The program, which embeds private-sector innovators into federal agencies for a yearlong tour, launched in 2012 during the Obama administration. Fellows — known as PIFs — have contributed to major federal technology projects such as the launch of Data.gov, the Police Data Initiative, Blue Button and the RFP-EZ platform.

“Over the past several years, the PIF program has unquestionably demonstrated its unique ability to deliver tangible results for the American public,” Kevin McCarthy wrote in a LinkedIn post Thursday about the bill.

The legislation would firm up the program’s place in the government. President Barack Obama issued in 2015 an executive order in an attempt to make PIF more permanent.

The bill, known as the TALENT ACT, passed the House in July 2016, but a companion bill introduced in November languished in the Senate. McCarthy reintroduced the bill on Tuesday.

The bill is part of McCathy’s Innovation Initiative, which seeks to “advance policy solutions that will foster more private-sector innovation and job growth, by empowering entrepreneurs to pursue their dreams.”

Anyone is eligible to be a PIF, and the program primarily chooses people with tech backgrounds. As described on its website, many fellows “have significant experience and track records of delivering at a very high-level, are proven leaders, and innovative thinkers.”

[Read more: Senate legislation would codify Presidential Innovation Fellows]

As one example of PIF efforts, several fellows this year worked on a project with the Commerce Department and the White House’s Council on Women and Girls called Hack the Pay Gap, which was designed to “open up troves of census data at the intersection of income and gender” to encourage citizens to build tools to close the gender pay gap, Smita Satiani, then deputy director for the Presidential Innovation Fellows program, told FedScoop in July.

[Read more: Citizens use census data to Hack the Pay Gap]

The tools created as a part of the initiative tackled everything from salary negotiation and the cost of goods based on wage inequality to how maternity leave affects the pay disparity.

McCarthy noted that due to the work of PIFs, “it is easier for veterans to find career options in the civilian workforce, government data has been made available for researchers and entrepreneurs, a new generation of innovators have discovered STEM education, and many other important projects.”

Many PIFs have stayed on with the federal government after their fellowship ended, taking innovative roles with agencies — many as part of the 18F team at the General Services Administration, which currently houses the Presidential Innovation Fellows program.

Indeed, McCarthy added that “the PIF program has demonstrated its ability to drive long-term cultural change within government.” Nearly one-third of fellows have assumed government leadership roles after participating in the program, he said.

The post Effort to codify Presidential Innovation Fellows program is back in House appeared first on FedScoop.