GovWin
B2G is moving!
Blogs posted after May 22, 2015 will be located on Deltek's central blog page at www.deltek.com/blog.
Just select the "B2G Essentials" blog to continue to receive this valuable content.
GovWin Recon - September 23, 2014

GovWin Recon, produced by Deltek's Federal Industry Analysis (FIA) team, is designed to support awareness and understanding of the issues impacting the government and the contractors that serve it. Recon highlights key developments surrounding government technology, policy, budget and vendor activities.

Headlines beginning with an * include quotes from Deltek analysts.

Federal IT:

Agency News:

Vendor News:

Cybersecurity:

Health IT:

Defense / C4ISR / Embedded Technology:

Waste, Fraud and Abuse:

State and Local:

AEC News:

GovWin Recon is Deltek's daily newsletter highlighting federal government contracting news and analysis from around the government contracting world. Get it delivered to your e-mail inbox, free!

GovWin Recon - September 22, 2014

GovWin Recon, produced by Deltek's Federal Industry Analysis (FIA) team, is designed to support awareness and understanding of the issues impacting the government and the contractors that serve it. Recon highlights key developments surrounding government technology, policy, budget and vendor activities.

 

Headlines beginning with an * include quotes from Deltek analysts.

 

Sequestration / Budget:

 

 

 

Federal IT:

 

 

Agency News:

 

 

Vendor News:

 

 

Cybersecurity:

 

 

Mobility:

 

 

Defense / C4ISR / Embedded Technology:

 

 

Contracting/Acquisition:

 

 

 

 

 

State and Local:

 

 

AEC News:

 

 

 

GovWin Recon is Deltek's daily newsletter highlighting federal government contracting news and analysis from around the government contracting world. Get it delivered to your e-mail inbox, free!

 

GovWin Recon - September 19, 2014

GovWin Recon, produced by Deltek's Federal Industry Analysis (FIA) team, is designed to support awareness and understanding of the issues impacting the government and the contractors that serve it. Recon highlights key developments surrounding government technology, policy, budget and vendor activities.

Headlines beginning with an * include quotes from Deltek analysts.

Sequestration / Budget:

Federal IT:

Agency News:

Vendor News:

Cybersecurity:

Health IT:

Defense / C4ISR / Embedded Technology:

Mergers and Acquisitions:

State and Local:

AEC News:

GovWin Recon is Deltek's daily newsletter highlighting federal government contracting news and analysis from around the government contracting world. Get it delivered to your e-mail inbox, free!

Cybersecurity Meets Soap Opera in CDM Dashboard Competition

In a budget-constrained federal IT market the competition for cybersecurity work is bound to become increasingly competitive, even cut-throat. And when things get this way a certain amount of drama is sure to follow. Such is the case with a Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) Dashboard tools competition where a premature award announcement has combined with accusations of acquisition rule-breaking to add controversy to the process.

DHS announced last summer the creation of its $6 billion Continuous Diagnostics & Mitigation (CDM) program BPA with awards to 17 primes and more than 20 subcontractors. The government-wide effort is in partnership with the General Services Administration (GSA) which is acting as the procurement agency and has established a portal to facilitate CDM program purchases. Last March, GSA awarded a contract for the CDM Dashboard design and implementation effort to Metrica Team Venture. So far, so good.

The drama started when an official with RSA announced in a blog post that DHS has selected RSA Archer's GRC solution for its CDM Dashboard effort. FCW first reported on the unofficial award announcement before the story was later clarified that RSA’s product is a finalist for the contract, but the selection process is not yet complete.  (The RSA official’s blog post has since been deleted.)

The story gained further drama when it came to light that the firm that had won the Alliant Small Business contract to evaluate the CDM Dashboard tools bid, Metrica Team Venture, is being accused of allowing one of its team members, InfoReliance, to market the RSA products (another team member) during the period between GSA's awarding the Alliant Small Business contract to Metrica and the agency's decision on the Dashboard vendor.  Agiliance, the firm that has brought the complaint to GSA, is asserting organizational conflict of interest (OCI) and marketing practices that are forbidden under federal acquisition rules, according to a subsequent article in which FCW appears to have seen their letter to GSA.

To make things even more colorful, Agiliance’s letter to GSA is not a formal protest. It is unclear whether the move was made to preempt the need for Agiliance to protest the forthcoming DHS Dashboard tool award or if it was because Agiliance is not an Alliant Small Business contract holder, or both. Either way, it’s clear that they are trying to get GSA to take a closer look at the process that is unfolding and to take action.

These events underscore how competitive the market has become and will continue to be in the close-knit world of cybersecurity. In an era where winning or losing a contract can mean life of death for your company it is crucial that vendors know the acquisition rules and keep solid documentation of your processes out of self-protection.  Further, any appearance of possible impropriety – even if none exists – will raise hackles in an increasingly competitive market where awards are often “winner takes all.”

Also, Agiliance’s letter to GSA could be considered a form of “protest by another name” where a company sees anomalies that raise their concern enough to look for ways to raise a flag in a formal way. Such methods may grow in frequency as federal agencies look for efficiencies in their acquisition processes like turning to GSA or another agency to facilitate procurements.

---
Originally published in the GovWin FIA Analysts Perspectives Blog. Follow me on Twitter @GovWinSlye.

GovWin Recon - September 18, 2014

Federal IT:

Agency News:

Vendor News:

Cybersecurity:

Cloud Computing / Data Center Consolidation / Virtualization:

Health IT:

Big Data / Analytics:

Transparency and Performance:

Defense / C4ISR / Embedded Technology:

Contracting / Acquisition:

Legislation:

State and Local:

AEC News:

GovWin Recon is Deltek's daily newsletter highlighting federal government contracting news and analysis from around the government contracting world. Get it delivered to your e-mail inbox, free!

GAO: Federal Agencies are Falling Short in Overseeing IT Contractors

Federal agencies need to improve at overseeing the IT contractors that operate their computer systems and process their information, according to a study by the Government Accountability Office (GAO). Agencies are legally required to ensure that contractors adequately protect these assets, but GAO shows that there are inconsistencies among agencies’ handling of this responsibility.

GAO set out to assess how well certain agencies oversee the security and privacy controls for systems that are operated by contractors and how well the agencies with government-wide security and privacy guidance and oversight responsibilities were doing in helping them. In their audit, GAO reviewed the implementation of security and privacy controls for selected contractor-operated systems across six federal agencies, based on their reported number of contractor-operated systems. These were the Departments of Energy (DOE), Homeland Security (DHS), State, and Transportation (DOT), the Environmental Protection Agency (EPA) and the Office of Personnel Management (OPM). 

GAO found that the agencies generally had established security and privacy requirements for contractors to follow and prepared for assessments to determine the effectiveness of contractor implementation of controls. However, all but DHS were inconsistent in overseeing the execution and review of those assessments. One frequent area of inconsistency was in executing test plans that would identify potential security and privacy risks. In one example, GAO found that the DOT officials did not have evidence that 44 of 133 contractor employees operating one particular system had undergone a current background investigation.

A contributing reason for shortfalls that GAO identified in agency oversight of contractors was that agencies had not effectively documented procedures to direct officials in performing such oversight activities. None of the agencies had procedures in place to direct officials in how to conduct such oversight and that led to inconsistencies.

Another area mentioned by GAO is inconsistently-applied or unclear guidance. OMB FISMA reporting instructions to agencies state that systems operated by contractors are to be reported as part of the agency’s system inventory. But GAO found that agencies are interpreting and applying the guidance differently because the guidance for categorizing and reporting contractor-operated systems does not clearly define what constitutes a contractor-operated system. The difference in application causes many systems that are contractor-operated to not be classified as such.  This has resulted in incomplete information on the number of contractor-operated systems within the government.

Potential Cost Implications

Given the areas of shortfall within agencies it is possible that renewed efforts could have cost and administrative implications in several areas:

  • Personnel Security – Scrutiny of contractor background investigations is at an all-time high and inconsistencies discovered by GAO may result in direct costs and/or delays to companies and agencies while sufficient background investigations are completed. Similar implications may result if required agency-specific training in security or contingency planning has not been consistently administered.
  • Compliance Efforts – Given GAO’s spotlight on inconsistencies in how systems are evaluated, assessments of systems and personnel for compliance with agency requirements will likely increase, adding short-term burden until processes are in place and efforts are routine.
  • FISMA Assessment – Increased clarity or education from OMB on applying their FISMA reporting standards for contractor-operated systems could increase scrutiny on some systems – both government-owned, contractor-operated and contractor-owned, contractor-operated.  Many of these systems may have been previously overlooked or mis-categorized, which could spur deeper scrutiny and increased costs.

Potential Contractor Opportunities

As agencies strive to improve they may look to industry experts for assistance in the following areas:

  • Procedure Development – Agencies will need to document the procedures for their officials to follow in order to perform effective oversight of contractors. While these efforts may be considered inherently governmental in nature, some agencies may seek the help of contracted experts to aid in solidifying such procedures. Expect agencies to maintain directive control over this process.
  • Independent Assessments – GAO found that five of the six agencies they studied used independent assessors for system reviews, as required by NIST, and this included contracting for these assessment services. There may be continued opportunities for contractors to find work in this area. Expect agency officials to verify that the selected assessor is independent.
  • Test Plan Development and Execution – While most agencies that GAO audited had developed test plans, almost none of them had effectively executed test plans. Here is another area where independent contracted services may be in demand.

Considering GAO’s recommendations focus on both procedures and policies – that agencies develop procedures for contractor oversight and that OMB clarify reporting instructions to agencies – it will take some time for agencies to fully address the concerns raised in the report.

---
Originally published in the GovWin FIA Analysts Perspectives Blog. Follow me on Twitter @GovWinSlye.

Army Spending on ITES-2S

Army customers have put more than $3 billion worth of procurements through the Army’s Information Technology Enterprise Solutions 2 – Services contract vehicle.  Now that competition for the follow-on is expected to begin in fiscal 2015 it is worth looking at how that spending data shakes out by customer, product service code, and competitor.  This post provides a brief analysis of all three spending areas to help industry prepare for the coming competition.

The Army’s Information Technology Enterprise Solutions 3 – Services (ITES-3S) is one of the most hotly anticipated contract competitions coming in fiscal year 2015.  For this reason I thought it would be worthwhile to provide readers with a brief analysis of spending by Army customers on the current iteration of the contract vehicle – ITES-2S.  In the process of this analysis I’ll also provide some insight into the performance of incumbent contractors as measured by their earnings with Army customers on this list.  The data shown here comes from all contract actions that have been reported through the end of May 2014.

Top 10 Army Customers

The table below shows the ten Army customers that have obligated the highest amount of contract dollars on ITES-2S since the inception of the contract vehicle.  Altogether, these customers alone have put $3 billion through ITES-2S.  It is not surprising, perhaps, to see the Program Executive Office Enterprise Services at the head of this list.  PEO EIS is the organization responsible for the administration of ITES-2S and its sister vehicle for commodity IT products – ITES-2H (now 3H).  PEO EIS thus keeps much of its spending close to home, a reality that every vendor seeking to do work at EIS needs to know.   

Top 10 Product Service Codes

Having identified the top spending entities using ITES-2S, let’s take a look at what they are buying.  The government data does not provide sufficient detail in all cases to make an apples to apples comparison by customer so the analysis will have to be limited to the Product Service Codes assigned to each purchase.

Source: FPDS, Deltek

 

The table above shows that by far and away the most money obligated is for “D399: Other ADP & Telecommunications Services.”  D399 is a default code or general catch-all category for IT services, so the designation of work under D399 doesn’t tell us much.

Looking at the numbers and categories that follow D399 we can get a little better idea of what the ten customers above are spending on.  Using these categories we can determine that they are buying equipment maintenance and repair services ($195 million), systems development services ($118 million), and engineering/technical services ($95 million), among others.  Interesting here is the amount spent in commodity IT categories - $179 million under PSC 7022 for computers and $39 million for software (PSC 7030) – totaling less than 1% of spending represented.  Assuming that there is minimal equipment represented under D399, we can tentatively conclude that these customers aren’t buying much new IT equipment as part of the services they are procuring through ITES-2S.  These purchases probably all went through ITES-2H.

Top 10 Vendors

Lastly, let’s take a look at the competitive landscape.  All of the current players on ITES-2S can be expected to compete for places on the follow-on vehicle, so a comparison of earnings on 2S can provide a slight indication of potential strength in the follow-on competition.  The chart below shows that Northrop Grumman and Lockheed Martin have both earned the most on ITES-2S, followed by a number of other companies.  Curiously, Dell Federal is missing from this list despite having acquired Perot Systems, which was an original awardee on ITES-2S.  Perot Systems had in turn acquired QSS Group, which was also originally on ITES-2S.  Dell therefore receives credit in the data for three companies on ITES-2S and still it failed to crack the top ten shown on this graphic.

Parting Thoughts

ITES-3S is expected to be even more heavily utilized than its predecessor due to the Army’s desire to push more of its IT acquisition dollars through a smaller number of contract vehicles.  Therefore, in terms of customer spending, PEO EIS is likely to put an even greater percentage of its acquisition dollars through 3S.  This makes it absolutely critical for competitors to know what EIS is working on and which kinds of solutions it wants to buy.  One important consideration here is that EIS, like customers across the DoD as a whole, will be seeking solutions that can be implemented using commercial-off-the-shelf equipment and software.  The more COTS products that bidders are able to put into their proposed solution sets, the more likely it is that EIS will give them the nod.  More importantly, if bids can be based on a COTS baseline with readily identifiable commodity IT costs, bidders will have gone a long way toward giving EIS proposal evaluators the clarity they need when evaluating responses.

For more detailed analysis of task order contract vehicles used in the federal IT market, see Federal Industry Analysis’ new report Federal Information Technology Task Order Vehicle Trends.

 

 

 

GovWin Recon - September 17, 2014

GovWin Recon, produced by Deltek's Federal Industry Analysis (FIA) team, is designed to support awareness and understanding of the issues impacting the government and the contractors that serve it. Recon highlights key developments surrounding government technology, policy, budget and vendor activities.

Headlines beginning with an * include quotes from Deltek analysts.

Sequestration / Budget:

Federal IT:

Agency News:

Vendor News:

Cybersecurity:

Cloud Computing / Data Center Consolidation / Virtualization:

Mobility:

Defense / C4ISR / Embedded Technology:

State and Local:

AEC News:

GovWin Recon is Deltek's daily newsletter highlighting federal government contracting news and analysis from around the government contracting world. Get it delivered to your e-mail inbox, free!

Defense CIO Wants Risk-Based Information Security Solutions

At an industry event in early September 2014, Department of Defense CIO Richard Hale described the setbacks associated with the current "one-size-fits-all" model for security system standards.

The goal of implementing risk-based security solutions is not a new concept, but there are differing opinions on how best to approach a risk-based model. Historically, there's also been an absence of best practices. In fact, the lack of consensus on best practices received a fair amount of attention over the past year during planning session targeting improvement for critical infrastructure protection.

Some of the barriers that the Defense Department faces are not unique. In many cases, however, defense information systems do require higher or additional levels of security. The administration has even called out improving information security as a Cross-Agency Priority (CAP) Goal, focusing on making network security advances and developing metrics for success as well as best practice sharing.

One of the hurdles agencies have faced in implementing risk-based security is getting a handle on their data. With the swelling volume and variety of information on government systems, organizations have been playing catch up to understand the information they currently store and manage. This effort is further complicated by varying levels of data sensitivity and classification.

Determining an agency's risk tolerance has also been a challenge. Fiscal constraints, however, are making it clear that treating all systems and data equally is unsustainable and impractical. As Hale noted, "I shouldn't spend as much money on morel and welfare websites as I do on nuclear command control. It doesn't make sense."

Cost efficiency wouldn't be the only benefit of adopting a risk-based information security posture. Innovation is another area that stands to gain as the Defense Department could more readily adopt commercial technologies. As the Defense Department looks to leverage cloud and mobile computing technologies, the issue of risk tolerance takes on an additional layer as the role of service providers increases. As the Defense Department pursues shared cyber defense capabilities, they need to establish common security controls requirements and identify trusted providers.

Hale's comments mentioned "zoning by mission risk," which could assess general levels of computing and network infrastructure risk-tolerance for different missions. This would help address the problem that Hale called out around security spending for websites and nuclear missions. It also allows missions with similar levels of risk-tolerance to benefit from efforts around common issues like sharing information and defining security requirements. Before such an approach could transition into general practice on an enterprise-level, an agency needs to have a handle on its data.

----------------------------------

Originally published in the GovWin FIA Analysts Perspectives Blog. Follow me on Twitter @FIAGovWin .

HHS Inspector General Reports on Healthcare.gov Spending

In the wake of the troubled launch of the Federal Marketplace for health insurance, the Office of Inspector General (OIG) for Health and Human Services (HHS) is reviewing the planning, acquisition, management, and performance oversight of the contracts associated with the effort as well as aspects of Federal Marketplace Operations. The first in a series of reports on the findings of the review was released in August 2014.

On December 10, 2013, Kathleen Sebelius, Secretary of Health and Human Services from 2009 to 2014, issued a letter to the department's Inspector General. The letter requested review of several aspects of the contracting process including:

  • the acquisition process for the contracts that supported the October 1st launch,
  • contractor selection, contract administration, and project management of the development of Healthcare.gov,
  • contractor performance, supervision of the development contracts, and payments to contractors throughout the process, and
  • whether contract specification were met.

Between January 2009 and January 2014, some sixty different contracts started work on the development and operations for the Federal Marketplace. One third of the contracts started before 2012. Just over one third of the contracts started during 2012. Most of the remaining began in 2013, and a single contract started in 2014. These contracts covered a range of goods and services including health benefit data collection, consumer research, cloud computing, and website development.

OIG found that the development of the Federal Marketplace primarily leveraged two types of contracts: fixed-price and cost-reimbursement. In the former, the contractor assumes the risk of cost overruns. In the latter, the government carries the cost overrun risks (as far as prescribed in the contract). This is worth noting because combined obligations for the federal marketplace grew from $86 million in September 2011 to over $294 million in February 2014. This rise was related to cost increases, schedule delays, and lagging system functionality related to changing requirements. With contract values spanning from under $700,000 to over $200 million, the original value of these contract totaled $1.7 billion. Through February 2014, one third of these contracts exceeded the estimated value of the awards. Over ten percent of those contracts surpassed the estimated value in excess of 100 percent.

Not long before HHS OIG released its first report on the review, the Government Accountability Office (GAO) issued a study on Healthcare.gov that had been requested by Congress. GAO's study assessed selected contracts from the Center for Medicare and Medicaid Services (CMS) for acquisition planning, oversight of cost and schedule, system capability changes, and actions to regarding contactor performance. Among other things, GAO recommended that CMS take immediate actions to assess ballooning contract costs and that required oversight tools be used.

This first report from HHS's Inspector General offers an overview of the contracts such as basic financial information. HHS OIG reports from additional, ongoing reviews related to contract procurement and oversight are expected in 2014 and 2015. These reports will offer more detailed analysis, findings, and recommendations.

----------------------------------

Originally published in the GovWin FIA Analysts Perspectives Blog. Follow me on Twitter @FIAGovWin .

 

More Entries