Author Archives: rosecoveredglasses

About rosecoveredglasses

2 Tours in US Army Vietnam. Retired from 36 Years in the Defense Industrial Complex after working on 25 major weapons systems, many of which are in use today in the Middle East. Volunteer, SCORE and Micro Mentor. I specialize in Small, Veteran-owned, Minority-Owned and Woman-Owned Businesses beginning work for the Federal Government. Micro Mentor and SCORE are non-profit organization offering free assistance to small business in business planning, operations, marketing and other aspects of starting and successfully operating a small enterprise. You can set up a case with me at MicroMentor by going to: https://www.micromentor.org/mentor/38640

CARES Act Delivery Hampered By Old Tech, Bad Data

Standard
Image: “FCW”

FCW

Aspects of the federal government’s economic response to the coronavirus pandemic were marred by outdated state technology software and a crushing volume of beneficiaries that overwhelmed many systems, according to a new report from the watchdog Government Accountability Office.

_____________________________________________________________________________

“Federal officials said “the ability to easily modify data systems to incorporate new flexibilities varies among state and local agencies,” leading to numerous delays and interoperability challenges across multiple recovery programs related to the Coronavirus Aid, Relief, and Economic Security Act passed in March.

Agencies like Health and Human Services reported that states had to coordinate across different data systems to serve existing beneficiaries as well as a surge of new applicants for programs like Electronic Benefit Transfer and Supplemental Nutrition Assistance Program payments. Meanwhile, uneven technological sophistication across different states made remote collaboration in the wake of the pandemic caused challenges while coordinating payments for the Women, Infants and Children (WIC) program.

According to Department of Labor officials, many states processing unemployment claims were using “information technology systems that date as far back as the 1970s” and crashed under the load of newly laid off workers filing for benefits. The department has provided federal grants, technical assistance and guidance to help modernize those systems, but “relatively few” states conducted adequate load-testing to handle the volume of claims they have received since March.

These systems was already straining, with federal and state governments overseeing more than $2.7 billion in improper unemployment payments in 2019, and overseers worry the numbers will look even worse this year as the government has rushed to respond to the economic fallout of the virus.

“DOL’s experience with temporary UI programs following natural disasters suggests there may be an increased risk of improper payments associated with CARES Act UI programs,” auditors wrote.

A rushed response also led the IRS to send more than a million stimulus checks to citizens who were deceased. As FCW has reported, the agency emphasized speed to get relief dollars into the hands of Americans as soon as possible, leading to processing errors and opening the door to potential fraud. Auditors suggest that implementing 2018 recommendations to align their authentication practices with NIST cybersecurity guidance making better use of death data housed at the Department of Treasury and other agencies could address the problem.

Auditors noted that ” IRS has full access to the death data maintained by the Social Security Administration…but Treasury and its Bureau of the Fiscal Service, which distribute the payments, do not.”

In a response attached to the audit, IRS Chief Risk Officer Tom Brandt said employee worked “around the clock since mid-March to develop new tools and new guidance” to make handle economic impact payments but that “our work is not done yet” and the agency will consider the GAO’s recommendations further.

Information technology challenges and delays also reportedly hampered efforts by the Small Business Administration to process economic injury disaster loans, though details are scarce. The report paints a portrait of disorganized agency that at times unresponsive to oversight. While auditors asked to meet with agency officials on April 13 to get more detailed information on individual loan data and other aspects of the response, SBA didn’t agree to a meeting until June 1 and provided “primarily publicly available information in response to our inquiries” about loan data.

In a statement, House Oversight and Government Reform Chairwoman Rep. Carolyn Maloney (D-N.Y.) said the report “provides a comprehensive and independent look at the Trump administration’s incompetent and dangerous response to the coronavirus pandemic” and pressed for more information on IRS stimulus payments to dead Americans. She also called on SBA to address transparency concerns about its loan program “immediately.”

SBA responded to a draft version of the report disputing GAO’s claims, saying they offered staff for interviews and provided 420 pages, including “information on loan numbers and loan volume, the number and type of lenders participating in [the Paycheck Protection Program], loan numbers and loan volume for each type of lender, loan numbers and volume by industry and state” and other figures.

“To be clear, SBA has never refused to provide data to GAO,” wrote William Manger, Chief of Staff for Administrator Jovita Carranza.

Federal agencies were of course not immune from technological troubles, and the audit suggests modernization efforts at the IRS, the Department of Housing and Urban Development and other agencies can better position them to process funds related to the CARES Act.

The report also posits that agencies could make better use of a number of existing contracting authorities and programs, including contracts that allow work to begin before a final agreement is reached, Other Transaction Authority (OTA) that sidestep certain federal regulations to prototype new technologies and higher spending thresholds for emergency purchases.

GAO is currently working on separate reports examining how agencies planned and managed contracts related to the pandemic, reimbursement policies for contractors who performed emergency work and the use of the Defense Product Act.”

First Time Fed Contractors With No Experience Or Competition Receive COVID-19 Supply Contracts

Standard
Image: Getty Images

PROPUBLICA

BlackPoint Distribution is one of more than 445 first-time federal contractors awarded contracts during the government’s response to the coronavirus pandemic, according to a ProPublica analysis of federal contracting data.

These new contractors have received more than $2 billion in federal spending as of June 25, often without competitive bidding or direct experience in the areas they won deals in.

______________________________________________________________________________

“A company created by a former Pentagon official who describes himself as a White House volunteer for Vice President Mike Pence won a $2.4 million dollar contract in May — its first federal award — to supply the Bureau of Prisons with surgical gowns.

Mathew J. Konkler, who worked in the Department of Defense during the George W. Bush administration, formed BlackPoint Distribution Company LLC in August 2019 in Indiana, state records show, but had won no federal work until May 26. The Bureau of Prisons chose the company with limited competition for a contract to supply surgical gowns to its facilities.

It is at least the second contract awarded to a company formed by an individual who had worked in or volunteered for the Trump administration; a company formed by Zach Fuentes, a former White House deputy chief of staff, won a $3 million contract just days after forming to supply face masks to the Indian Health Service. The masks did not meet FDA standards for use in health care settings, and an IHS spokesman said this week that the agency is trying to return the masks to Fuentes. Members of Congress called for investigations into the contract, and the Government Accountability Office now plans to review the deal “in the coming few months, as staff become available,” spokesman Charles Young said last week.

A lawyer for Fuentes’ company said the firm fulfilled all of its obligations to IHS under the contract.

BlackPoint Distribution’s website does not mention Konkler but describes its work as “locating, verifying and successfully delivering vital products and equipment in the midst of extremely challenging environments.” The domain name was registered on April 9, 2020. In its incorporation documents, Konkler is listed as the CEO of BlackPoint Distribution. The only contact information on the site is a web form and an email address. Emails sent to it were returned as undeliverable, and Konkler did not return multiple phone calls and messages seeking comment.

On the website for BlackPoint Creative LLC, another Indiana firm where Konkler serves as managing partner, his bio says that “since 2018, Mr. Konkler has also served as a volunteer at the White House on the staff of the Vice President, Michael R. Pence.”

In a 2018 interview with an Indiana business publication, Konkler said that another of his companies, BlackPoint Strategies was a “full-service consulting firm offering a variety of other advisory services, which focus on strategic marketing, digital marketing and crisis communications,” but also assisted Indiana companies in selling products in international markets. A search of Indiana state contracts yielded no previous or current government contracts for BlackPoint Distribution or other firms that Konkler is involved in.

A spokesman for Pence said that Konkler previously had helped coordinate some of the vice president’s travel but was not currently a volunteer.

“Mr. Konkler is not nor ever has been a member of Vice President Pence’s staff,” said Devin O’Malley in an email. “Mr. Konkler has previously helped in a volunteer capacity doing advance on trips, but has not done so since June 2019. No one in the Office of the Vice President was aware of or had any role in Mr. Konkler receiving this contract.”

Researchers at American Bridge 21st Century, a Democratic opposition research group, identified Konkler’s role.

White House volunteers are not uncommon, and typically they are involved in specific projects such as the correspondence office, which reads and answers messages sent to the administration, or in holiday decoration efforts.

Government ethics experts said that conflict of interest rules do apply to volunteers but depend on the kind of work being done. “I’m worried about conflicts of interest but also about someone who isn’t a government employee knowing the [vice president’s] travel plans,” said Scott Amey, general counsel at the Project on Government Oversight. Konkler’s online biography states that he has held a Top Secret/Sensitive Compartmented Information security clearance.

“The Bureau of Prisons took a risk awarding a $2.5 million contract to a new company,” Amey said. “Let’s hope this ends up as a success story and not another example of a pop-up contractor trying to profit from an emergency situation.”

The contract itself was awarded under urgent circumstances. The Bureau of Prisons did not issue a request for proposals because the pandemic “resulted in the need to limit competition due to compelling urgency,” Justin Long, a spokesman for the bureau, wrote in an email. The contract originally stated June 3 as the date for gown delivery to six different federal prisons, but Long said in an email that the final shipment was delivered on June 25.

BlackPoint’s contract is the largest of all federal contracts that specifically mention “surgical gowns,” according to federal contracting data.

Records show that the agency received three offers and that the contract was awarded under what are known as “simplified acquisition procedures,” a process typically used for contracts involving smaller amounts of money. Because of the national emergency declared in response to the pandemic, the threshold for using simplified procedures was raised to $13 million when purchasing commercial items such as surgical gowns. BlackPoint Distribution’s bid was the lowest, Long said.

After declaring a national emergency on March 13, the federal government relaxed procurement rules to allow federal agencies to skip competitive bidding at times in favor of a more streamlined process that could deliver personal protective equipment and other products quickly. But in doing so, it also has made deals with vendors who were unable to fulfill orders or who have provided inadequate equipment.”

https://www.propublica.org/article/a-company-run-by-a-white-house-volunteer-with-no-experience-in-medical-supplies-got-2.4-million-from-the-feds-for-medical-supplies

Adaptive Acquisition Framework — Ready, Set, Contract?

Standard
Image: Defense Acquisition University

NATIONAL DEFENSE MAGAZINEBy Dr. William A. Schleckser

This new Adaptive Acquisition Framework displays a patent willingness to put substantial trust in program managers by moving decision-making authority as close to the program manager as possible.

For this new framework to prevail, there must be trust in contracting officers by moving authority for actions as close to the decision-maker — the contracting officer — as possible.

_____________________________________________________________________________

“Undersecretary of Defense for Acquisition and Sustainment Ellen Lord has called the Adaptive Acquisition Framework “the most transformational change to acquisition policy in decades.” Her statement is difficult to argue given the revolutionary nature of the framework’s alterations to acquisition policy and the lack of truly transformational changes seen in acquisition policy and statute over the past 25 years. 

For decades, Defense Department leaders have lamented the laborious, bureaucratic acquisition process and its hindrance to innovative breakthroughs within weapon systems programs.

Many defense technologies, once fielded, lose a non-trivial portion of their relevance due to acquisition delays, a concept identified by former Defense Secretary James Mattis in the 2018 National Defense Strategy. The document pointed to processes’ non-responsiveness and a department over-optimized for exceptional performance, both of which come at the expense of providing timely capability delivery to the warfighter.

In response, Lord rapidly pushed out sweeping new guidance in the form of a six-pathway framework — the Adaptive Acquisition Framework — which is designed to put authority and agility back in the hands of program managers. With this newfound ability, executives will transition between pathways in order to speed delivery of capabilities to the warfighter.

Still, acquisition is not a solo sport. Program managers must rely on their team of acquisition professionals to embrace this new paradigm of speed, agility and risk management for this “transformation” to result in real change in capability delivery. But increasing speed, agility and risk sends a measure of anxiety through the vertebrae of the many contracting professionals who have focused on delivering contracts that are protest-proof and rigidly built to withstand the assaults of indistinct scope and performance.

Nonetheless, for the framework to deliver capabilities at the speed of relevance, contracting professionals at all levels must be willing to embrace this revolutionary change.

This change comes with a prerequisite to develop not only new and inventive processes, but an expanded tool box of soft skills necessary to bring about innovation, active management of risk, and corporate synergy to the contracting community that will result in high-speed, low-drag contracting.

The “Contracting Professional’s Career Roadmap” is a nine-step list published by the Federal Acquisition Institute. It provides contracting professionals a succinct overview of gates through which a contracting professional must successfully pass in order to be effective. Curiously, the first stop on this path, “become familiar with the federal acquisition process,” is not a contract-centric element. The federal acquisition process is not contracting, but contracting is a major subset. The process is the overarching method encompassing all relevant skills and functions by which the federal government acquires products and services.

Ironically, the second stop on the roadmap is “understand your role as a contracting professional” within this process. It was not by chance these items are numbers one and two on the path. That is because federal acquisition is a team sport, of which contracting is one player among many. As with any team sport, each player must understand his or her place and responsibilities within the team framework, otherwise the team will fail. The first thing a youth football coach should do is line up new players in formation — both offense and defense — so they can gain an understanding of where their position is in relation to all the other players. A single player lining up incorrectly could result in a penalty or failure for the team to properly execute the play.

Understanding where a manager fits in the overall formation is just as important in the acquisition team. Taking it to another level, each player also needs to understand how his play impacts his teammates. Commentators often praise a great player for their “knowledge of the game.” It isn’t just their knowledge of their specific responsibilities as a player, but the interrelation of how their play improves the play of those around them.

In federal acquisition, each team member must perform with that level of understanding in order for this new transformation to be successful. This may be even more imperative for contracting team members as the contracting processes tend to consume a significant portion of time while they deliberate source selection and performance risk.

Assistant Secretary of Defense for Acquisition Kevin Fahey identified a need to develop a culture of innovation and creative compliance, and enable critical thinking. In order to be innovative, creatively compliant and critical thinkers, department leadership wants acquisition teams to take calculated risks. As Gen. George S. Patton said, taking risks “is quite different from being rash.”

One tool that transforms rash behavior to measured performance is risk management. To take calculated risks, contracting professionals will need to learn how to actively manage risks. Program managers routinely manage risks and, as a programmatic community, have become comfortable mitigating, accepting, transferring or avoiding risks within their programs.

Contracting professionals must learn and implement these skills as they execute contractual actions. No longer will the acquisition community idly await the perfect contract. Perfection late is perfection lost. Too often contract award timeliness was sacrificed in an effort to gain contractual perfection through overly cumbersome approval chains and non-value-added reviews.

Timeliness has also been assaulted by excessive “documentation,” which has been a watchword for the contracting community and for good reason. However, as with any good thing, it tends to be overdone. In some ways the acquisition community may have become overly obsessive and unreasonably compulsive with its documentation, and some streamlining may be in order.

Procedural changes to contracting are only a first step. The real gains may be seen in a closer coupling of the acquisition team functional communities. In today’s continuously changing environment, requirements can no longer be developed in a vacuum only to be thrown over the fence to the next team. Requirement generators, program managers and contracting officers must integrate early and intimately in the requirements process to develop requirements, discuss possible options, perform market research, consider acquisition plans and jointly produce acquisition timelines. Contracting professionals often enter or are invited late into the acquisition process. Contracting organizations do it to themselves when they demand customers only turn over a requirement once it has been fully detailed with the finalized work statement, funding documents and cost estimates.

In today’s rapidly changing environment, contracting professionals better serve customers by entering as early in the requirements generation process as possible. The team must come together so closely and early that it would be difficult for an outsider to identify where program management stops and contracting starts.

If the first time a contracting professional sees a requirement is when it has been fully documented in a formal work statement, an opportunity to bring value to the process has been lost. Additionally, synergies that come from synchronized market research and critical thinking amid the program manager, contracting officer and other acquisition team members are missed; and with it early considerations for competition, innovative contracting and/or small business participation because the requirement has been fixed making change too difficult or time consuming.

Failing to capture the synergistic effects of close coordination, contracting will struggle to regain any status as an innovation enabler, and may continue to be relegated to chasing acquisition timelines and contract perfection.

The Adaptive Acquisition Framework is an opportunity to inject innovation, creativity and critical thinking into the federal acquisition process by placing authority and agility into the hands of program managers. However, this transformational change to acquisitions will not create true transformation unless the players are willing to embrace the change. Program and product managers can only deliver capability as fast as their team supports.

Although the framework is program management focused, it also presents a challenge to — and opportunity for — the contracting community. As a critical component to the delivery of products and services, the contracting community must get on board with the new vision being promoted by leadership. It is a vision overdue given the speed at which technological capabilities are progressing.

More specifically, contracting professionals must understand that timeliness can no longer be held hostage by contractual perfection, overly cumbersome approval chains and non-value-added reviews. Perfection late is perfection lost. As a result, contracting professionals must become intimately integrated early into the acquisition process starting at the notion of the requirement. Otherwise, they risk being a deterrent to the innovation and creativity crucial in today’s fast-moving environment.”

https://www.nationaldefensemagazine.org/articles/2020/5/29/adaptive-acquisition-framework-ready-set-contract

Dr. William A. Schleckser is a professor of contract management at the Defense Acquisition University. He is Defense Department Level III certified in contracting and program management.

US-Mexico-Canada Agreement Enters into Force, Officially Replacing NAFTA

Standard
Image: “U.S. Grains Council

U.S. SMALL BUSINESS ADMINISTRATION “- By Loretta Greene, Associate Administrator

“On July 1, 2020, the U.S.-Mexico-Canada Agreement (USMCA) enters into force, officially replacing the North American Free Trade Agreement (NAFTA).

USMCA is a ground-breaking achievement for U.S. small businesses and is the first trade agreement ever to include a full chapter dedicated to small business interests.”

____________________________________________________________________________

“Supporting and expanding U.S. small business trade with Mexico and Canada is a top priority for me as the new Associate Administrator for SBA’s Office of International Trade (OIT).  SBA OIT has a team of talented trade finance specialists and finance products to help small businesses involved in international trade to access capital, purchase inventory as a manufacturer or supplier, and expand through trade.  OIT helps ensure small businesses are adequately represented in trade negotiations led by the Office of the U.S. Trade Representative and educates U.S. small businesses on the wide range of federal and state resources that can increase their ability to compete in international trade. 

The modernization of trade with Mexico and Canada under USMCA is designed to benefit U.S. small businesses and to ensure more balanced trade. U.S. companies with fewer than 500 employees comprise 65 to 70 percent of all identified U.S. companies trading goods with our closest neighbors, according to the most recent statistics. 

Companies selling goods to Mexico and Canada can now achieve expanded export opportunities under the USMCA.   In 2019, U.S. companies sold $292.6 billion in U.S. goods to Canada and $256.5 billion in U.S. goods to Mexico. 

As part of USMCA, SBA OIT launched a new international sales information resource sitewww.sba.gov/tradetools, which is part of the http://www.trade.gov/usmca to assist small businesses to use USMCA. Both links also connect to pages created by Mexico and Canada.  Small businesses can explore the agreement, learn about the rules, and identify where to direct questions and find resources through these information sharing platforms. Resources include a new Customs and Border Protection’s USMCA Center staffed with experts.

As small businesses use the USMCA, they will find important commitments across the agreement including:

  • The Small and Medium-Sized Enterprise Chapter creates a SME Dialogue to consider small business trade opportunities and challenges across the three countries.  This is an important innovation to ensure U.S. small businesses will continue to be heard and considered.
  • The USMCA Cross-Border Trade in ServicesChapter enhances market access.  U.S. small business services can now be provided market access across North America without requirements for a foreign office or foreign representative.
  • The Customs and Trade Facilitation Chapter increases certainty by providing for advance rulings commitments with expanded scope and a free, publicly accessible websites for advance rulings.  
  • Furthermore, to decrease unintended trade costs, this Chapter also provides procedures to correct errors.
  • To support small e-commerce sellers shipping with express services, Canada has raised its de minimis level for North American express shipments for the first time in decades, doubling it from $C20 to $C40 for taxes.
  • Canada will also provide for duty free shipments up to $C150.
  • Mexico will continue to provide tax free treatment for shipments up to $US50 and will provide duty free treatment for shipments up to US$117.
  • The Good Regulatory Practices Chapter, a first in a U.S. trade agreement, specifically includes provisions encouraging the Parties to take into consideration the effects on small businesses in the development and implementation of regulations.  The USMCA’s prioritization of small business traders is exciting as it will increase small business friendly ecosystems in North America and facilitate more trade.

SBA is proud to be part of this achievement. We look forward to helping more U.S. small businesses trade with Mexico and Canada, while supporting those already exporting to further expand their sales. To learn more, visit www.sba.gov/tradetools or contact the SBA International Trade Ombudsman Hotline at (855) 722-4877 or international@sba.gov with questions.”

ABOUT THE AUTHOR:

Loretta Greene

Loretta Greene is the Associate Administrator for SBA’s Office of International Trade https://www.sba.gov/person/loretta-greene/

MicroMentor – A Free Business Mentoring Program For Entrepreneurs

Standard
https://www.micromentor.org/

It has been a pleasure being part of the MicroMentor Team for the last 9 years of our dramatic growth in volunteer mentoring services worldwide. 

https://www.smalltofeds.com/2019/09/micromentor-free-business-mentoring.html

Five Regulatory Changes For Government Contractors to Watch

Standard
Image: Mastercontrol.com

“WASHINGTON TECHNOLOGY”

In recent years, both Congress and the Executive Branch have made it a key priority to mitigate risks across the industrial and innovation supply chains that provide hardware, software, and services to the U.S. government.

Five of these initiatives are likely to result in new regulations in 2020, each of which could have a fundamental impact on companies’ ability to sell Information, Communications, Technology and Services to the USG.

______________________________________________________________________________

“In recent years, both Congress and the Executive Branch have made it a key priority to mitigate risks across the industrial and innovation supply chains that provide hardware, software, and services to the U.S. government.

Five of these initiatives are likely to result in new regulations in 2020, each of which could have a fundamental impact on companies’ ability to sell Information, Communications, Technology and Services to the USG. As these requirements begin to take hold, federal contractors should be mindful of potential impacts and the actions that can be taken now to prepare for increased USG scrutiny of their supply chain security.

Section 889 of the Fiscal Year 2019 National Defense Authorization Act

As many USG contractors are now painfully aware, Section 889 of the Fiscal Year 2019 National Defense Authorization Act establishes two constraints on telecommunications supply chains. Subsection 889(a)(1)(A), effective as of August 13, 2019, prohibits USG agencies from acquiring certain telecommunications equipment or services from Huawei, ZTE, Hytera Communications Corporation, Hikvision, or Dahua, or any of their subsidiaries or affiliates.

Section 889(a)(1)(B), effective August 13, 2020, prohibits USG agencies from “enter[ing] into a contract (or extend[ing] or renew[ing] a contract) with an entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.” As drafted, the statute is broad enough to apply in cases where a company uses such equipment or services solely in connection with its commercial sales outside of work the company does for the USG.

The interim rule for Section 889(a)(1)(A) was released last August and opened for comment. The FAR Council has indicated that it will provide feedback to those comments when it issues the proposed regulations for Section 889(a)(1)(B), which have not yet been released. This means that key terms, such as “entity”and “use” remain undefined. Accordingly, contractors, especially those with a mix of commercial and government business, must take educated guesses in preparing compliance programs to begin to address these requirements.

SECURE Technology Act

On December 21, 2018, the President signed into law the Strengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure Technology Act. The Act establishes the Federal Acquisition Security Council, which is charged with building greater cybersecurity resilience into federal procurement and acquisition rules.

The Act also gives the Secretary of the Department of Homeland Security, the Secretary of Defense, and the Director of National Intelligence the authority to issue exclusion and removal orders for information technology products and/or companies that supply such products if the FASC determines that they represent a risk to the USG’s supply chain. The Act also permits federal agencies to exclude companies or products they deem to pose a supply chain risk from individual procurements.

Recent reports indicate that the FASC is nearing completion of a final interim rule that would specify the exclusion criteria and detail the appeal process from an exclusion order. Although the Department of Defense and the Intelligence Community currently have the authority to exclude products in certain instances, this interim rule would apply government wide. Still to be seen is whether the exclusion determinations will be publicly available.

Cybersecurity Maturity Model Certification

On January 31, 2020, DoD released Version 1.0 (since updated to Version 1.02) of its Cybersecurity Maturity Model Certification. CMMC is DoD’s upcoming framework for managing cybersecurity risks in the Defense supply chain. Under the current paradigm, contractors that handle “Covered Defense Information” must self-attest to providing “adequate security” to protect that information, but are allowed to work toward implementing 110 NIST SP 800-171 security controls over time so long as the plans for doing so are appropriately documented.

Not only does the new CMMC add additional security controls (depending on the level of sensitivity assigned to the procurement), contactors must be in full compliance with each control at the time that contract performance begins. Most importantly, contractors will no longer be able to self-certify compliance. Instead, compliance with a particular CMMC level must be externally validated by trained auditors.

DoD is in the process of promulgating an update to the current Defense Federal Acquisition Regulation Supplement cybersecurity clause to account for the shift to CMMC requirements and is planning on choosing a subset of procurements where CMMC can be applied by the end of this year. DoD’s goal is to fully implement CMMC certification requirements in all DoD awards by Fiscal Year 2026. DoD has indicated, however, that COVID-19 could delay release of the DFARS clause.

Executive Order on Securing the ICTS Supply Chain

On May 15, 2019, the President issued an EO declaring a national emergency with respect to threats against ICTS in the United States. The EO authorizes the Secretary of Commerce to prohibit, block, unwind, or mitigate any transaction involving ICTS that is “designed, developed, manufactured, or supplied, by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary.” Reviews of transactions will be conducted on a case-by-case basis.

Commerce received comments on a November 2019 proposed rule in January 2020. There has been no known use of the authority during the rulemaking process and an update is expected from Commerce soon.

Sections 1654 and 1655 of the Fiscal Year 2019 National Defense Authorization Act

Sections 1654 and 1655 of the FY19 NDAA generally require contractors to disclose whether they have allowed within the last five years a foreign government that poses a cybersecurity risk to USG defense and national security systems and infrastructure (or for non-commercial items, any foreign government) to review the source code of any product, system, or service that DoD is using or intends to use.

The law also requires contractors to disclose whether they are under an agreement to allow a foreign government or a foreign person to review the source code of a product, system, or service that DoD is using or intends to use. DoD will be able to condition contract awards on contractors’ mitigation of any risks that DoD identifies because of the foreign source code review.

The DFARS regulatory implementation of this requirement is currently on hold “pending resolution of technical issues,” and specific countries of concern have not been publicly identified, but regulations are still expected within the next year.”

https://washingtontechnology.com/articles/2020/06/26/insights-covington-regulatory-changes.aspx

GSA Bumps STARS II Ceiling By $7 Billion

Standard
Image: “FCW

FCW

The General Services Administration raised the ceiling of its 8(a) Streamlined Technology Application Resource for Services (STARS) II contract by $7 billion, to $22 billion.

STARS II is a small business set-aside for customized IT services and IT-services-based solutions from 787 small business contractors that qualify under Small Business Administration standards. GSA said the contract is used by 50 federal agencies to plan and supply long-term IT projects.

_____________________________________________________________________________

“In early April, the GSA’s 8(a) STARS II governmentwide contract hit its $15 billion ordering obligation limit.

“By raising the 8(a) STARS II ceiling, GSA continues to ensure that we meet the needs of our federal agency customers,” said GSA Administrator Emily Murphy in a June 23 statement on the increase. “As agency demand for IT products and services has increased during the COVID-19 pandemic, GSA is proud that STARS II will remain available to help agencies deliver world class IT services.”

GSA started limiting task orders on the GWAC to agencies whose contracting officers had obtained a “control number” to use the contract vehicle, but it stopped issuing new control numbers.

All 787 contractors remain on the vehicle, GSA said in its announcement. Agencies can place new task orders through Aug. 30, 2021, and work can continue on those new orders through June 30, 2022.

GSA is working on a new iteration of the contract, 8(a)STARS III.

In a June 10 blog post, Laura Stanton, acting assistant commissioner of GSA’s Federal Acquisition Services’ Office of Information Technology Category, said the agency plans to issue the final solicitation for the STARS III contract by end of the federal government’s fiscal year on Sept. 30.

The initial STARS III request for information went out last August.

Stanton said the increase to STARS II wasn’t the first for the popular contract to accommodate agency demand.

“As we move into this contract’s fourth generation we can say for certain that this program is a huge success. A significant number of prior 8(a) STARS program participants have grown their businesses so much that we now see them thriving with the big companies on GSA’s Alliant 2 GWAC,” she said.”

https://fcw.com/articles/2020/06/24/rockwell-stars-ii-ceiling-bump.aspx?oly_enc_id=

Ways To Solve The Cyber Talent Gap

Standard
Image: “Itproportal

FCW

Two biggest impediments hindering the federal government’s cyber recruiting efforts are money and the lengthy hiring process that consumes most federal agencies.

Declining budgets and a lack of career development programs contributing factors for rising turnover rates among federal IT contractors.”

______________________________________________________________________________

“Federal agencies and Congress have increasingly looked to bug bounty programs to find and stamp out cybersecurity vulnerabilities in their software. A new survey of nearly 3,500 security researchers who use Bugcrowd’s platform offers a glimpse into the backgrounds and motivations of a highly coveted pool of emerging cyber talent that both government and industry are desperate to recruit.

More than half of those surveyed live in urban environments, and three out of four speak multiple languages. Despite efforts within the information security community in recent years to improve diversity, the average age of those who participated in the survey skewed overwhelmingly young and male.

According to the survey, higher education is an important feature for many security researchers and their families. They’re most likely to have obtained a college degree (49%), have parents who have done the same (36%) and are three times less likely to drop out than their parents. The survey data “suggests most security researchers are degree-qualified because they come from educated families that value the acquisition of worldly knowledge, skills, values, beliefs and habits.”

While the size of the average American household has been in decline for decades, nearly half (48%) of respondents come from large families with between 4-12 members. Even with more mouths to feed, 64% reported pulling down a median annual income of just $25,000 or less, though many also say they only chase bug bounties on a part-time basis. Perhaps not surprisingly, making money was cited as the most important issue, followed by flexible hours and improved skills.

The report predicts that over the next six months, cybercriminals will exploit the widespread shift to remote telework in the wake of the COVID-19 pandemic, increasingly targeting vulnerable infrastructure through expanded reconnaissance activities and asset discovery. That in turn will lead to organizations boosting their reliance on white hat hackers over the next year as they race to identify and fix hidden software vulnerabilities.

The pandemic “has demystified many of the perceived differences between employees working remotely and security researchers” and emerging technologies such as machine learning that are not yet mature enough to meet the increased demand.

“This gap between automation and human adversarial creativity suggests organizations will increasingly seek to augment their human expertise in securing their assets via crowdsourcing, the most efficient and practical approach to finding available talent,” the company forecasts.

John Zangardi, former CIO at the Departments of Defense and Homeland Security, told FCW in an interview that in his experience, two biggest impediments hindering the federal government’s cyber recruiting efforts are money and the lengthy hiring process that consumes most federal agencies.

While they often cannot compete on pay, one potential advantage for federal agencies could be through supporting the continuing education goals of its IT and cyber employees. A recent study by government contracting intelligence firm Deltek cited declining budgets and a lack of career development programs as a contributing factor for rising turnover rates among federal IT contractors, while a majority of respondents to the Bugcrowd survey say they use the platform for personal development and improving their skills.

Last year the Trump administration issued an executive order creating a new rotational program for federal employees to detail at the Cybersecurity and Infrastructure Security Agency and other agencies to improve their technical skills. CISA has also sought ways to sidestep normal federal hiring procedures to more easily hire information security specialists and pay them more.

Zangardi said during his tenure, cyber retention incentive bonus programs at DHS that provided extra compensation to employees who complete new certifications acted as a partial salve to some of the government’s inherent recruiting challenges. However, he acknowledged that for many positions — particularly highly-skilled ones — individuals can still earn tens of thousands of dollars more per year by doing similar work in the private sector.

“I can’t change the GS federal pay scale, but we can take steps to ensure that we’re giving them what we can,” said Zangardi.”

https://fcw.com/articles/2020/06/23/johnson-cyber-workforce-survey.aspx?oly_enc_id=

Suspended and Debarred Contractors Have Not Been Added To Contract Exclusion Lists

Standard

FCW

“According to a June 19 oversight report, the General Services Administration isn’t adding suspended and debarred vendors to exclusions lists in acquisition systems including eBuy, eLibrary and GSA Advantage! 

Consequently, the report from GSA’s Office of Inspector General states, federal agencies are able to award new contracts and new task to ineligible contractors. GSA CIO David Shive said in reply comments that the problem was identified and corrective actions have been developed.

https://fcw.com/blogs/fcw-insider/2020/06/june22topstories.aspx

“GAO”

“What We Found
GSA does not update the exclusion status for suspended and debarred contractors in its eTools, which consist of GSA Advantage!, GSA eLibrary, and GSA eBuy, in a timely manner.

As a result,
federal agencies can unknowingly execute contract actions, including awarding a new contract,to contractors that have been suspended or debarred. We found several instances where excluded contractors were incorrectly listed on GSA’s eTools and one instance where an agency
purchased services off a GSA Multiple Award Schedule contract from an excluded contractor.


In addition, exclusion information for suspended and debarred contractors was not entered into SAM in accordance with federal regulations. We found that agencies are selecting the incorrect classification type, omitting the unique entity identifier, inputting incorrect contractor addresses, and omitting cross-reference data. This can prevent agencies from discovering the affiliations between entities with active exclusions and could lead to suspended and debarred contractors improperly receiving government awards.”

___________________________________________________________________________

Retention Woes Challenge Government Contractors

Standard
Image: “Association for Talent Development” Magazine

FCW

Finding, recruiting and retaining qualified talent continues to challenge the government contracting sector. Talent shortages and commercial competition for candidates have complicated matters for human capital management leaders.

Despite record-breaking levels of unemployment due to the COVID-19 pandemic, the need for personnel to fulfill government contracting roles remained the same.

_________________________________________________________________________

“According to a recent study from Deltek, government contractors are struggling to attract and retain qualified candidates.

Deltek’s 11th Government Contracting Industry Study, carried out between January and March 2020, said that turnover was common, and that the need for highly specialized roles in fields such as information technology made for a tight labor market.

Deltek’s report speculated that part of the issue were declining budgets and a lack of mechanisms in place to ensure career development, noting that 79% of responding companies did not have career development plans in place.

According to the study, 73% of respondents struggled to find qualified talent.

“These are highly specialized roles. The qualifications are highly regulated, in high demand and short supply,” Amy Champigny told FCW in an interview.

“For a lot of contractors, it’s been business as usual.”

Deltek also reported that turnover rates made a “considerable jump” from the previous year; 47% of large companies responded that they had 16% or higher turnover rates, though the report noted that the average amount of time it took to fill vacancies remained steady year over year.

The study noted that more and more firms were relying on outsourcing companies to recruit job candidates, “an expensive solution to a potentially broader problem.”

In attention to retention and an inability to compete with private companies’ compensation and benefits packages, both human resources and talent acquisition experts reported that complying with HR policies proved challenging.

“Producing reports and documentation to satisfy audit requests continues to challenge many organizations,” the report read, noting that this specified complying with “ever changing regulations” and understanding new policies and their impacts.

“Adequate tracking and reporting continue to be a hindrance for HR professionals using outdated or generic solutions.”

Champigny said that the pandemic illuminated the failings of conventional performance management techniques, as managers no longer had immediate access to their employees once offices pivoted to remote work.

“A lot of companies still do annual performance appraisals. How do you do that when people are working remotely?” she said, adding that continuous performance evaluations could be a solution.

She said she expected the pandemic to induce contractors to rethink current workplace arrangements and introduce new flexibilities to attract much needed talent.

“It’s been interesting to watch this year and for next and see how organizations are going to adopt a hybrid approach [of remote work and in-person offices]. We haven’t seen government contractors do this before. There are some sectors where that’s not possible, but the market might now demand it.”

https://fcw.com/articles/2020/06/19/russell-contract-workforce-study.aspx?oly_enc_id=