• NARA: Lisa Haralampus, director of federal records management policy and outreach
• NARA: Denise Henderson, digitization director, Office of Research Services
• Customs and Border Protection: Dawn Watts, chief records officer
• Tennessee Vallery Authority: Rebecca Coffey, agency records officer and senior manager of enterprise records
• Canon: Tae Chong, manager of new business development
• Canon: Anthony Massey, strategic business developer

Download our exclusive ebook now!

The post Agencies dispense with paper records (mostly) first appeared on Federal News Network.

• The Defense Department generally escaped the effects of Friday’s global internet problems. That’s according to Gen. C.Q. Brown, the chairman of the Joint Chiefs of Staff. He told an audience at the Aspen Security Forum that the botched Crowdstrike update didn’t impact DoD operations, but that it’s a reminder that the department needs to be ready to respond to cyber incidents.
  (Aspen Security Forum - YouTube)
• A worldwide IT outage on Friday struck multiple government agencies. The Social Security Administration plans to reopen field offices on Monday after a global IT outage forced SSA to close all local operations Friday. The outage is linked to a faulty software update from cybersecurity firm Crowdstrike. U.S. Citizenship and Immigration Services also warned some callers to expect long wait times due to the outage. The White House is convening agencies to better understand the impacts of the incident across government.
  (Crowdstrike outage: SSA shutters offices, other agency impacts - Federal News Network)
• The governmentwide Technology Modernization Fund is awarding more money to agency AI projects. The TMF is giving $10 million to the National Institute of Standards and Technology to support the growth of its recently launched AI Safety Institute. The TMF board also granted nearly $4 million to the Energy Department to modernize its critical nuclear emergency response infrastructure.
  (Technology Modernization Fund announces investments in nuclear safety and AI governance - General Services Administration)
• The Army’s new memo on generative artificial intelligence provides guidance for developers, system owners, users, and commands on how to use GenAI tools. The document instructs system owners and developers to ensure that users can easily determine if their systems rely on GenAI and have the option of accepting or rejecting Gen AI-generated outputs. The guidance encourages the commands to use Gen AI tools and puts the onus on them to identify their GenAI developers, system owners and users to mitigate risk when introducing AI tools into their workflows. The guidance is effective immediately. The Pentagon’s chief information officer office will review this guidance annually.
  (Army’s memo on GenAI setting guardrails around technology - Army Publishing Directorate (APD))
• Higher pay rates could be coming soon for some blue-collar federal employees. A proposal to reform the Federal Wage System is entering the early stages of the government’s rulemaking process. The pay system was first created to improve pay rates of nearly 200,000 blue-collar feds. But now decades after its creation, three-quarters of the pay system’s localities have fallen out of step with the private sector. Proposed regulations to fix the issue by re-mapping the Federal Wage System are expected to be published to the Federal Register this October.
  (Blue-collar federal pay reform heading toward rulemaking process - Federal News Network)
• Federal employees can now donate their unused annual leave to feds impacted by Hurricane Beryl. The Office of Personnel Management program lets feds offer any leave hours that they haven’t used, to those who may need additional time off during emergencies. Launching the program for Hurricane Beryl is the most recent instance, but OPM’s use of the emergency leave transfer program has grown in recent years. In 2023, there were seven emergencies that led to OPM initiating a new leave transfer opportunity.
  (Emergency leave transfer for feds affected by Hurricane Beryl - Office of Personnel Management)
• The Defense Innovation Board said the Pentagon continues to overclassify information. The advisory board wants the Pentagon to revisit the issue of classification when working with allies and partners. Board members said the Pentagon defaults to no foreign dissemination protocols. The Defense Department even failed to develop processes for communicating controlled unclassified information in an environment where information sharing is important from the earliest stages of projects.
  (Defense Innovation Board wants DoD to address overclassification - Defense Department)
• A longtime intelligence official is taking the reins at the National Counterterrorism Center. Brett Holmgren has been named acting director of the NCTC. He replaces Christine Abizaid, who had served as NCTC director for the past three years. Holmgren previously served at the State Department as assistant secretary of state for intelligence and research. He spearheaded a new digital modernization strategy at the Bureau of Intelligence and Research. Holmgren started out his career as an analyst at the Defense Intelligence Agency.
  (DNI Haines thanks NCTC Director Christy Abizaid, welcomes acting Director Brett Holmgren - Office of the Director of National Intelligence)

The post Though the Defense Department managed to go unscathed through the Crowdstrike outage, it remains on the alert first appeared on Federal News Network.

In an alert posted to its website, SSA notified the public about the closures. On late Friday afternoon, an SSA spokeswoman told Federal News Network that the agency plans to re-open its field offices for public service on Monday, July 22.

“Staff impacted by the widespread Microsoft and CrowdStrike issues are being brought back online,” the spokeswoman said. “Our phone lines remain operational and many online services at ssa.gov remain available.”

The IT outage is linked to a flawed software update released by cybersecurity firm CrowdStrike. The defect affects computers running Microsoft Windows, effectively shutting them down with what’s referred to as the “blue screen of death.” Crowdstrike says the incident is “not a security incident or cyberattack.” The company also reports that a fix has been deployed.

U.S. Citizenship and Immigration Services also appears to be affected by the outage. A notice on USCIS’s E-Verify website states that “customers calling E-Verify are experiencing long wait times” because “the worldwide Microsoft outage is impacting phone support.” USCIS did not immediately respond to a request for comment.

A senior Biden administration official told reporters on Friday afternoon that the White House is in “regular contact” with Crowdstrike’s leadership to get updates on the outage and remediation efforts.

“The White House has been convening agencies to assess impacts to the US government’s operations and entities around the country,” the official said. “At this time, our understanding is that flight operations have resumed across the country, although some congestion remains, and 911 centers are able to receive and process calls. We are assessing impact to local hospitals, surface transportation systems, and law enforcement closely and will provide further updates as we learn more. We stand ready to provide assistance as needed.”

The Cybersecurity and Infrastructure Security Agency, which is responsible for overseeing the security of systems across the federal civilian executive branch, said it is working with Crowdstrike, as well as federal, state, local and critical infrastructure partners, “to fully assess and address these issues.”

“Of note, CISA has observed threat actors taking advantage of this incident for phishing and other malicious activity,” the cyber agency wrote in an alert Friday. “CISA urges organizations and individuals to remain vigilant and only follow instructions from legitimate sources. CISA recommends organizations to remind their employees to avoid clicking on phishing emails or suspicious links.”

Rep. Nancy Mace (R-S.C.), chairwoman of the House Oversight and Accountability Committee’s cybersecurity, IT and government innovation subcommittee, said the panel has requested briefings on the outage from Crowdstrike, Microsoft and CISA .

“We’re also trying to determine the breadth of impact, especially across the federal government at this time,” Mace posted to X on Friday afternoon.

While the outage forced airlines to cancel and delay thousands of flights Friday morning, a Transportation Security Administration spokeswoman said TSA has not been directly affected by the IT incident.

“TSA is monitoring the IT system issues throughout the transportation system in partnership with stakeholders and other agencies,” the spokeswoman told FNN. “There has not been any impact to TSA operations.”

In posts on X, the Federal Aviation Administration said it was working with U.S. airlines as they resume operations.

“Currently FAA operations are not impacted by the global IT issue,” the FAA posted. “We continue to monitor the situation closely.”

Meanwhile, a Department of Veterans Affairs spokesman said the VA is “not aware of any impact on health care operations or any adverse impact on veterans who get their care from VA.”

“We will continue to monitor this situation, and we encourage any Veterans who need support – including those who may be impacted by challenges at non-VA health care facilities – to call 1-800-MYVA411 or visit their local VA medical center for assistance,” VA Press Secretary Terrence Hayes said in a statement. “We are standing by and ready to help.”

The U.S. Postal Service on Friday also said it has not experienced any immediate impacts from the IT outage.

“The Postal Service was not directly impacted by the global IT outage,” USPS spokesman David Walton said. “We are aware of impacts to some of our third-party vendors, however, this has not impacted our ability to move mail and packages for the American people.”

Officials highlight IT consolidation risks

Anne Neuberger, deputy national security advisor for cyber and emerging technology, said the Crowdstrike outage showcased the “risks of consolidation.”

“The irony of this morning is that a major international cybersecurity company was impacted,” Neuberger said during an event hosted by the Aspen Institute on Friday. “So, we need to really think about our digital resilience – not just in the systems we run, but in the globally connected security systems, the risks of consolidation, how we deal with that consolidation, and how we ensure that if an incident does occur, it can be contained and we can recover quickly.”

In a letter to acting Defense Department Chief Information Officer Leslie Beavers, Sen. Eric Schmitt (R-Mo.) requested a briefing on any potential impacts to DoD networks by July 26.

“This outage is a warning that consolidation and dependence on one provider can be catastrophic, which is why business and government IT systems should have requisite redundancies in place that promote resiliency, as well as competition and innovation,” Schmitt wrote.

This is an evolving story, and we will continue to update it.

(With additional reporting from Jory Heckman)

The post Crowdstrike outage: SSA shutters offices, other agency impacts first appeared on Federal News Network.

OPM previously suspended all new enrollments in the program after a recent surge in fraudulent activity that impacted hundreds of federal employees with Flexible Spending Accounts. OPM’s inspector general said the suspension came “out of an abundance of caution,” and to try to prevent further fraud in the program.

Enrollments in FSAFEDS, including any enrollments based on Qualifying Life Events (QLEs), will reopen Aug. 1, OPM wrote in an email to agency benefit officers Thursday afternoon, shared with Federal News Network. Also beginning Aug. 1, the program will transition to a “.gov” website domain, FSAFEDS.gov, rather than the current domain, FSAFEDS.com.

Enrollees who missed a QLE deadline due to the pause on enrollments should still be able to make modifications once the enrollment pause is lifted, OPM said. Employees who are in that situation will have to call FSAFEDS at 877-372-3337 to request a change to the effective date for the QLE.

Additionally, federal employees will be able to get reimbursed for any claims that were incurred after the effective date for the QLE, OPM said.

OPM is also taking more long-term steps to address security concerns in FSAFEDS, including transitioning to Login.gov, the government’s platform for accessing government benefits and services online.

Once the enrollment pause is lifted next month, any federal employees who create new FSAFEDS accounts or update their enrollments following a QLE will have to complete identify verification using Login.gov.

Overall, the switch to Login.gov for FSAFEDS users will take place in a phased approach. Beginning this October, FSAFEDS users who created their accounts during or after 2023 will be required to complete identity verification steps through Login.gov to be able to continue accessing their accounts. Feds who created their accounts prior to 2023 will then have to go through the same verification process starting in January 2025.

“Enhanced identity verification is one of several steps we’ve taken to combat fraud in the FSAFEDS program,” OPM wrote in Thursday afternoon’s email.

Along with pausing FSAFEDS enrollments for several weeks, OPM also for a short time suspended claims payments from getting distributed to enrollees. All reimbursement payments were paused on June 16, and subsequently restarted on June 26.

During the 10-day payments pause, several federal employees told Federal News Network they did not receive any advance notice that the reimbursement payments would be paused.

OPM said it has been working with third-party vendor HealthEquity, which manages the Flexible Spending Account program, to strengthen security measures and secure all accounts impacted by the fraud. A HealthEquity spokesperson has referred all questions on the situation to OPM.

OPM said it will continue to communicate with federal employees and agency benefits officers in the coming days and weeks with any new updates on the situation.

The post OPM to lift pause on FSAFEDS enrollments in August first appeared on Federal News Network.

Michele Sandiford |

As technology continues to evolve and reshape entire industries and work environments, the federal workforce is no exception — they must adopt innovative technologies in their focus on global talent management in order to enhance productivity, efficiency, and effectiveness of both the individual employees and the overall agencies.

Don Bauer, chief technology officer for global talent management at the Department of State, said that, in today’s times, “every single thing we do has a nexus with technology.”

“That’s part of my job — not only to make sure that we have technology, but to make sure that the actual technology interacts well with the rest of the technology that we have,” Bauer said.

The Department of State, according to Bauer, supports a global workforce of 278 locations across the world — and, “when it comes to technology and having systems talk to each other, it’s always a challenge when you have to integrate platforms.”

“The biggest challenge in the federal government has been, ‘I don’t want my data going outside into other people’s systems,’” Bauer said on Federal Monthly Insight — Trustworthy AI in the Workforce.

Challenges to modernization

For Bauer, keeping as much corporate IP within the department’s own control, as opposed to putting it into a third-party platform, is ideal “because [platforms] go away, they change. And then you eventually have to take that logic and put it somewhere else.”

Much of modernization efforts happen because they have to, Bauer said. He points to the cyclic nature of his organization — recurring seasonal bidding seasons and performance management cycles, to name a few — as another challenge to accomplishing that.

“HR modernization is somewhat unique in the fact that we don’t get to stop doing our jobs while we’re modernizing,” Bauer said. “We have to continue to fly the plane while we’re working on it, because pay doesn’t stop, promotion doesn’t stop. These cycles continue, and the systems have to support it.”

Leveraging the power of trustworthy AI

Some technologies, like the transformative technology of artificial intelligence (AI), showcase a great deal of promise when it comes to implementing new, effective and efficient solutions for the federal workforce.

AI is already making significant strides in the federal sector. Bauer said the Department of State has already started to implement generative AI internally, with what they currently call “state chat,” where users can upload documents and ask questions related to those documents.

“If I can upload 100 policy documents, and then interactively ask a question about it, that’s powerful,” Bauer told the Federal Drive with Tom Temin. “It brings it to the masses, like you say, I don’t have to be a guru in order to get it. And the beauty of what they’re building right now internally is, every single answer comes a little icon with an eye. You click that eye and it shows you where it got that data.”

The quick and easy ability to identify the source of AI’s answer is key to its trustworthiness and use in the federal workforce, according to Bauer.

“Not only do I want the answer, but I want to know where it came from so that I can make sure that it isn’t a hallucination,” he said.

Embracing modernization in global talent management

To support global talent management, federal agencies are implementing comprehensive talent acquisition and retention strategies. Perhaps just as important, the use of technology to modernize these strategies and processes is helping to streamline recruitment and onboarding efforts.

The integration of advanced technologies and strategic global talent management is transforming the federal workforce. Modernization plays a crucial role in this transformation, keeping federal agencies and their workers poised and ready with the best tools to succeed.

Bauer says connectivity and integration are paramount to building the optimal modern user experience.

“I’m still kind of weaving my way through my legacy platforms,” Bauer said. “So, I call it ‘subsumption’. I’m subsuming a lot of these tools into my current platform, which is ServiceNow as my front end. … I’ve already built all this connectivity, I have integration with my personnel system with my electronic personnel records, all those integrations are built on one platform.”

He explains that he then doesn’t have “all the extra integrations to manage.”

“I don’t have all this extra overhead because every single integration point now is a vulnerability, potentially, and it has to be remediated if there’s security,” Bauer said. “So, this is reducing my footprint while consolidating and giving the modern user experience. So, it’s kind of like, it’s a win-win, but it’s a slow process.”

The post How the State Department is leaning into AI, modernization efforts to support federal workers first appeared on Federal News Network.

This is the fifth article in our IT lifecycle management series, Delivering the tech that delivers for government.

The headline on this article, asking about the most important technology in you organization, is not meant as clickbait. It’s a question that Future Tech Enterprise President and CEO Bob Venero likes to ask current and would-be customers.

As IT assets go, Venero ranks the PC at No. 1. But that’s not what people typically tell him. They might say their enterprise resource planning systems, or their capture systems or a host of other tools and capabilities. But rarely do they mention their end user devices, Venero said during an interview for Federal News Network’s series, Delivering the tech that delivers for government.

“I might say, ‘OK, now how do you access all of that information,’ and they access that information through a PC, and every one of their employees has a PC,” he said. “So when we look at the importance of what that PC does, and making sure that you are having the proper lifecycle components tied to that PC, it is one of the most important tools that they have in their organizations.”

Squeezing value out of end user devices and improving lifecycle management is a passion for Venero. He has built his business at Future Tech helping organizations — particularly federal systems integrators — get the most from their IT assets.

“We really started working with federal systems integrators on day one, when we started the company in the basement of my house in 1996,” he recalled. “We were really focused on, ‘How do we help those federal systems integrators accomplish their mission?’ — whether that was supporting the warfighter, whether that was putting satellites into space, whether that was keeping our borders safe, whatever their mission was.”

More than a quarter-century later, Venero shared critical factors that continue to affect lifecycle management and how Future Tech helps FSIs and other organizations address them.

Make productivity a priority to derive savings through cost avoidance

Without doubt, organizations sleep on the cost avoidance savings potential of good PC lifecycle management, Venero said.

In part that’s because PCs often are the first technology that organizations look to when budgets are tight or drop, he said. “Everybody jumps to the PC to reduce cost, whether they make it last another two years beyond its lifecycle than they should, or whether they’re going to not refresh or whether they’re going to reduce the specs.”

But it’s possible to radically avoid costs through the productivity advantages that come from maintaining PCs across the enterprise, Venero said. He recounted one example where a Future Tech team did a productivity assessment at one company of all the machines in use for four or more years.

“They were losing about $300 million a year in lost productivity by having 26,000 devices that were over four years old,” he said. “If a machine is running slow or has problems, you’re impacting that cost. This customer did not have a budget for it, but after we did the productivity analysis, they refreshed those 26,000 devices in one year.”

Centralize configuration management to keep current, tighten up security

The move to hybrid environments in a post-COVID world changed device management with the need to ensure most employees can work effectively when remote. It also made consistent security-minded configuration important, Venero said.

“There are security constraints and concerns, things that you have to look at differently, in order to support the mass of folks that are now working remote,” he said.

Future Tech helps organizations by managing configuration services so that their applications are already implemented and installed on every device at its factory. It ensures that employees, no matter their location, “can be up and running day one, making sure that they’re being productive for their environment, making sure that the right security attributes are tied into that system — and they are being monitored and managed,” Venero said.

This enterprise approach to configuration also has set the stage for being able to deliver consistent customer and employee experiences for end users and to take advantage of automation and artificial intelligence capabilities at scale, he said. But it’s important for FSIs to be able adhere to government’s CX directives and agencies’ AI guardrails, Venero added.

To that end, Future Tech brought together a team of technologists, who came from the FSI space and understand large language models and AI, to develop an AI readiness assessment.

The idea is to help FSI’s by addressing a couple of questions: “Where are you on your journey, and what are the things that we can do to help you go down that path? We’re talking about future investment protection,” he said. “AI-enabled PCs are definitely one of those investments where you want to buy into it early. Because when you need it and you’ve created the proper guardrails around it, you want to be able to activate it and let it go.”

Future Tech partners with Dell Technologies to bring AI journey decision-making to customers, Venero said. “No matter where organizations are on their AI journey, or even if they’re unsure where to start, we are ready to help them stay ahead and act quickly to ensure their technology remains competitive. Delaying decisions on AI investments is not an option.”

Lean into OpEx models with PC as service, Day 1 readiness

Increasingly, Future Tech also has been moving capital expenditures for PCs to operational expenditures.

By providing an OpEx capability for PCs, Future Tech can offer organizations a complete solution — PC as a service at a monthly fee — that supports remote workers while reducing failures, Venero said. It means an organization can pay  “a one-time charge on a new asset that will last the life of that asset in support through our organization.”

Likewise the company has tried to ease startup on new projects and help FSIs with capture activities by creating a new Day 1 Readiness program that’s based on common needs across capture activities.

Looking at its own data from working with integrators, Future Tech found that capture activities directly depended on 80% of the same infrastructure components, Venero said.

Future Tech Day 1 Readiness “allows a company to be able to have their architects and their engineers go into our portal, and based on a use case, see the exact bill of materials that they need, be able to look at the budget associated with it, look at the architecture design and then take it right out of that portal and go to management for approval,” he said.

What’s next? A company can then buy those components on an as-needed basis from Future Tech, which stocks what Venero calls the “80 percenters” in its warehouses and has configuration centers ready to make necessary customizations.

“We’ve taken the time to implement down from months to weeks. We’ve taken the time to quote down from weeks to hours. That helps FSIs win more programs and more deals and stand up quicker. Speed of delivery, speed of quote, speed of support today is extremely important.”

Discover more stories about how federal systems integrators and government contractors manage their enterprise infrastructure environments in our series Delivering the tech that delivers for government, sponsored by Future Tech Enterprise.

To listen to the full discussion with Future Tech’s Bob Venero, click the podcast play button below:

Check out all podcast episodes of the Delivering the tech that delivers for government series.

The post Quick: What’s the most critical technology asset in your organization? first appeared on Federal News Network.

This is the fourth article in our IT lifecycle management series, Delivering the tech that delivers for government. It’s Part 2 of a two-part roundtable with enterprise tech leaders from CACI, Future Tech Enterprise, MITRE and SAIC. Find Part 1 here.

ASAP. It’s an acronym thrown around with impunity by almost anyone who has a technology need. For the leaders of technology enterprise operations at government contractors though, delivering capabilities right now is increasingly the desired norm.

Part of that is driven by the needs of the agencies that federal systems integrators work with. Federal agencies often look to their industry partners to provide technology they might not have themselves, said Cedric Sims, senior vice president of enterprise innovation and integration at MITRE.

“We have an obligation to our sponsors to be able to provide some compute and capacity that they don’t have access to now — at scale,” Sims said during the second half of a two-part roundtable discussion for our Federal News Network series, Delivering the tech that delivers for government.

Sims went on to point out that such needs have led MITRE to make investments in technologies ahead of government agencies making their own in some instances. For example, he said, “we’re building out a fairly significant artificial intelligence sandbox.”

For the roundtable, we talked with Sims and also technology leaders from CACI, Future Tech Enterprise and SAIC about how they increasingly deliver technology capabilities at speed to support users across their organizations and also the government organizations and missions that their companies support.

They shared the tactics and technology approaches they’re deploying now to meet these ASAP demands. The discussion homed in on five critical areas that impact delivering and supporting services for users in real or near-real time: cloud, data, security, AI and preparing for the future of lifecycle management. (You can find the first part of the discussion, “How federal contractors put users first — whether employee or fed — to deliver on government missions,” here.)

When cloud and on-prem cross paths

Managing the needs of users as well as preparing for Day 1 readiness on programs increasingly involves cloud — even cloud-like management in the data center.

“We’ve tried to go to a model that’s a little bit more hyperscaler, to where at least from an original equipment manufacturer standpoint, they can provision hardware, new hardware into that environment — creating that hyperscaler environment within the data center,” said Bernie Tomasky, vice president of enterprise IT at SAIC.

That said, he quickly added that ultimately “it’s all about trying to drive everybody into a hyperscaler cloud.”

It’s now more common for agencies to ask about shutting down data centers rather than standing them up for new programs — and how to maximize their existing capital investment while leaning into the cloud for scale, said Erik Nelson, senior vice president of the enterprise IT operating group at CACI.

On premise versus in the cloud are often competing needs, he said, especially for agencies with missions that take them to remote locations where they must deliver technology capabilities for temporary missions. Think the military services or the Federal Emergency Management Agency, for instance.

“It’s being able to figure out how to configure what is available to be out there in that austere location. And you don’t have a lot of time to deploy it,” Nelson said. “So you have to figure out how to kind of MacGyver some things to make things work. What is important about that is to have all the smart people in a room and be able to say, ‘Hey, here’s how this is going to work here.’ Then, test it out, pilot and deploy pretty quickly.”

The ability to easily navigate between cloud and on-premise environments is critical, said Rick Schindel, leader of federal systems integrator programs at Future Tech Enterprise.

“The OEMs have done a good job in kind of reinventing their as-a-service model,” he said, adding that it led Future Tech to develop Day 1 Readiness capability that blends the OEM elements with any mission-unique technology that may be required as FSIs work with agencies.

Security and data at the forefront of enterprise lifecycle services

Although everyone agreed that agencies no longer resist migrating to the cloud, security still leads government organizations to keep some systems on premise. But the ability to support users interactively, provide services as needed, and proactively manage lifecycle and cybersecurity is pushing agencies to actively embrace cloud’s consumption-based and operational expenditure model, Tomasky said.

“Data security is paramount to what the customer is thinking when they typically are on-prem. But by and large, the obstacles they’re already facing by having on-prem solutions, they want to get past,” he said.

The data security focus ties directly to the government’s numerous cyber requirements, such as establishing zero trust architectures (with a fall 2024 deadline looming for agencies) and ensuring supply chain risk management through vendors providing third-party verification.

What is known about each industry provider’s infrastructure has become critical with the move to software as a service and multiuser platforms, Sims said. Plus, it’s common to integrate multiple vendors’ products and tools for federal projects or to host data and environments on the large cloud services providers’ platforms, he pointed out. Going forward, this makes visibility and transparency essential, Sims said.

It also requires reimagining how agencies and vendors manage data so that users can access exactly what they need when they need it to do their jobs, Nelson said. Yes, agencies and their industry partners are implementing least-privilege and role-based access models, but rethinking privacy and classification practices and extracting data selectively must occur in tandem, he advised. This is particularly challenging as the federal government houses vast stores of personally identifiable, sensitive and classified information.

“Being able to, to plan out, ‘Hey, this is the portion of that data that’s really important. Everything else around it, we can do something different,’ ” Nelson said. “It’s really a cultural change for all these government agencies because it’s easier to classify something than to say, ‘Well, only this is classified.’”

AI and the future of lifecycle management

Artificial intelligence should help provide answers to data needs — both culling data but also managing end user devices and meeting users’ needs, Sims added.

At MITRE, AI and machine learning are “being used for things that we could have never imagined,” he said. Its network engineers apply AI models to log data to identify functions on the network that may not be performing as anticipated.

“We have some very bespoke capabilities around some of our security capability logs that come in,” Sims explained. “It allows our staff, our talent, to really explore: What does it actually mean to approach these problems in a different way? And we’ve seen some really impactful outcomes because of it.”

Schindel agreed that AI has potential to improve sustainment and maintenance operations of existing devices and platforms. “Our government has deployed all of these platforms across their operations. AI will help them sustain them for longer periods of time because you’re going to be able to do a ton more in terms of predictive and preventive maintenance,” he said.

Sims added that MITRE expects the development of new small language models trained specifically to do just that, to run on the edge so that IT and security needs can be “responsive, adaptive and predictive — without [devices] having to kind of dial back to a mothership.”

But for that evolution to take place, Schindel circled back to what Nelson shared about the need to focus on data management. Agencies will need to consider the security aspect of how their organizations use AI models, he said. Agencies will need to protect the resulting data and manage who has access to it and who can take part in discussions around it, Schindel noted. In other words, what are the appropriate guardrails for managing transparency and security simultaneously?

“It is an irony of AI” and definitely generative AI, Tomasky noted with a laugh. “We want all the data brought in, but we’re not going to put any of our data back out.”

He expects though that AI will let technology teams get away from looking at dashboards and screens before making changes. Throughout  the IT lifecycle, “you’re going to see AI and automation play a bigger and bigger role,” Tomasky said. “It already has in the service desk environment. And you’ll see it across the network, and cyber, and everything else as well.”

Part of getting there depends on avoiding data overload, by focusing on the value that any given AI use and dataset delivers to the end user or the organization, and also on demystifying AI as well, Nelson said. That’s how to take advantage of “lots of AI ops capabilities and service desk to really draw down the mundane tasks and make them much easier to do.”

Discover more stories about how federal systems integrators and government contractors manage their enterprise infrastructure environments in our series Delivering the tech that delivers for government, sponsored by Future Tech Enterprise.

To listen to the full Part 2 discussion, click the podcast play button below:

Check out all podcast episodes of the Delivering the tech that delivers for government series.

The post Ready, set, run: Meeting users’ tech expectations and needs now first appeared on Federal News Network.

The Defense Department and Space Force (USSF) recently released aligned strategies that prioritize expanding commercial partnerships to enhance mission capabilities, resilience and operational advantage. The USSF Commercial Space Strategy (CSS) emphasizes leveraging industry innovation, prioritizing operational utility, feasibility, resilience and speed to fielding.

The CSS highlights the need for beyond-line-of-sight satellite communications (SATCOM) to support command and control, data transport and reach-back requirements for the Joint Force worldwide. Through commercial SATCOM partnerships, the USSF aims to enhance data transport, capacity, flexibility, reliability and resiliency to support multi-domain and joint mission operations. The CSS also acknowledges commercial space sector’s role as an accelerator, fostering innovation and helping reduce barriers to entry for new capabilities.

The DoD’s Commercial Space Integration Strategy (CSIS) recognizes the importance of leveraging all available tools to prioritize the resilience of the national security space architecture. It identifies 13 mission areas, including SATCOM as a hybrid mission area. The CSIS emphasizes the integration of government and commercial SATCOM systems, highlighting the need to make “commercial solutions integral — and not just supplementary — to national security space architectures.”

These strategies demonstrate the military’s commitment to embracing private sector partnerships and commercial innovations to enhance mission capabilities and resilience for modern military operations.

Collaborative, user-driven innovation

Ideal collaboration will drive a continuous loop in which industry invests, develops and demonstrates with federal agency end user requirements foremost in mind. Through continuous iteration, testing and customer feedback, commercial operators can deliver solutions that are proven, strong and resilient.

While shifts toward this type of development and adoption will face budget and acquisition challenges, the government is making meaningful progress through several rapid experimentation and development initiatives designed to accelerate creation of national security and warfighter operation capabilities.

While not a defense-focused initiative, NASA’s Communications Services Project is an example of embracing collaborative public-private partnership, helping create a market for new COMSATCOM solutions and services that could be replicated by government agencies. NASA is working with five commercial companies to develop and demonstrate COMSATCOM solutions for future launch and near-Earth communications. NASA recognized that commercial systems could meet their mission communications needs rather than investing heavily to replace its Tracking and Data Relay Satellite system.

The Air Force Research Laboratory’s Defense Experimentation Using Commercial Space Internet program has awarded several major industry contracts that explore the capabilities of commercial space constellations to connect military platforms with user terminals that can talk to multiple space broadband providers, including across different spectrum and orbits.

Last year, Space Systems Command announced the launch of the Commercial Space Office (COMSO) to pave pathways for collaboration in its “race to resilience” by 2026. Senior Materiel Leader Col. Richard Kniseley explained that “The goal of COMSO is to leverage the full force of this innovation with speed, cost efficiency and minimal duplication of effort to deliver efficient and sufficient commercial space capabilities to the warfighter.”

These innovative programs offer models for mutually beneficial public-private partnerships that USSF and other DoD components can leverage.

Building blocks for success 

The next phase of realizing this collaborative vision requires a strong, aligned partnership foundation. Implementing effective and scalable SATCOM hinges on engaging trusted commercial partners that are willing and able to deliver current and future solutions fully in sync with DoD operational and mission needs.

Looking ahead, four essential building blocks for successful SATCOM initiatives include:

1. Intentional innovation: Commercial industry continuously innovates advancements in satellite and ground networks, applied with the intent to meet operational and resilience needs. Trusted public-private partnerships should promote transparency to better understand mission requirements and enhance iterative SATCOM
2. Flexibility: Dynamic mission needs demand flexible technologies and service models from commercial providers. Additionally, greater agility in agency procurement can accelerate the adoption of new capabilities for warfighters.
3. Expertise: The commercial industry attracts top talent, and government customers can access this expertise without incurring recruitment and training costs. Managed services also deliver ongoing technology maintenance updates, shifting that responsibility to industry to conserve time and resources.
4. Commitment: Commercial SATCOM providers should immerse themselves in government partnerships to understand specific environments and requirements. This customer-focused approach ensures mission-aligned capabilities, solutions and services, executed with efficiency and efficacy.

President Kennedy’s famous 1962 speech emphasized the pursuit of difficult goals; more than 60 years on, developing advanced SATCOM capabilities remains a challenge. Space is hard, but strong commercial-government partnerships engendering trust and commitment will yield the solutions we need to reliably support space missions and protect our warfighters.

Sunil Pandit is vice president of strategy at Viasat Government.

The post Four essential elements of trustworthy public-private SATCOM partnership first appeared on Federal News Network.

DoD’s recent 90-day review of the NBIS system has led to a new 18-month roadmap for the software development project. But Milancy Harris, acting under secretary of defense for intelligence and security, said her office and the under secretary of defense for acquisition and sustainment are engaged in a “month-long” process of re-baselining the project.

“We’re looking to make sure that we can use what has been built,” Harris said during a July 10 Senate Select Committee on Intelligence hearing. “We are exploring exactly what needs to happen going forward to ensure we meet the full level of capability that is expected from this system. At this time, we are in the process of refining exactly our understanding of that timeline.”

Harris said the new documentation will include an independent cost estimate.

During the hearing, Committee Chairman Mark Warner (D-Va.) called the NBIS delays a “disaster.” The next-generation background investigation system still potentially faces years of development, even though it was originally planned to be delivered in 2019.

“If we don’t get NBIS right, the whole security clearance reform process crumbles,” Warner said.

NBIS is a lynchpin in the White House-led “Trusted Workforce 2.0” personnel vetting reform initiative. The goal of the overarching initiative is to overhaul and modernize the federal government’s vetting process, including by bringing most agencies under one background investigation system.

But the Government Accountability Office in recent years has reported on significant challenges with NBIS, including funding shortfalls due to shifting priorities at DCSA, as well as an unreliable schedule and cost estimate.

Background investigation system requirements

During last week’s Senate hearing, lawmakers and witnesses also focused on challenges with how the NBIS program office managed requirements for the background investigation system.

“The requirements were outlined in Trusted Workforce 2.0,” Harris said. “I think what we had was a breakdown in how those requirements were being managed into technical requirements for the development and how we were taking account of the delays in that process. And that is something that we are seeking to remedy immediately with more proactive oversight.”

The Pentagon has recently elevated the acquisition decision authority for NBIS from the DCSA director to the under secretary for acquisition and sustainment, while the program sponsor is now the under secretary for intelligence and security.

Meanwhile, new DCSA Director David Cattler has said getting NBIS back on track is one of his top priorities. DCSA also manages about 95% of the federal government’s background investigation cases.

During the Senate hearing, Cattler acknowledged that while the original NBIS requirements were achievable, DCSA did not have a “firm understanding of the complexity, of the technical features, nor how exactly to approach those and accomplish them.”

“We’ve brought in some new people,” Cattler said. “We know where our gaps are in the skill sets that we need to hire on the government side, we’re working with the contractor as well on actions need to be taken there. And we’re also evaluating the requirements baseline.”

The post Troubled background investigation system still under review at Pentagon first appeared on Federal News Network.

The Defense Information Systems Agency’s program executive office for transport provides the foundational infrastructure for the Defense Department’s networking — it oversees satellite communication gateways, integrates command and control systems and operates the transport for internet access points. 

The office works closely with DISA’s J9 hosting and compute directorate to ensure that the cloud access providers have the necessary network infrastructure to support reliable communication and data transport. It also helps the J6 endpoint services and global service center make sure that various locations are interconnected and can communicate seamlessly.

“We are like the electric company. No one knows about us until something goes wrong —  the same thing goes with the transport,” Chris Paczkowski, the PEO transport director, told Federal News Network at the AFCEA TechNet Cyber conference in Baltimore in June.

Paczkowski’s office is essentially the internet for the department. This means that the office oversees a wide range of programs, each with its own goals and objectives, making it challenging for Paczkowski’s teams to manage those projects in a more integrated way. 

Paczkowski said the office is looking to standardize its teams to create more consistency across more than 50 projects the office manages. It is also moving toward more centralized contracts, particularly in areas such as cybersecurity. And as the Defense Department is moving toward adopting next-generation networking gear, the PEO transport is seeking standards-based solutions from multiple vendors. But DISA is dealing with a mountain of legacy equipment as new technology gets piled on top of it.

“We’re hoarders. If there is something that works — I’m going to use this until it doesn’t work anymore because I usually don’t have the dollars to keep trying to do the next greatest thing,” Paczkowski said. 

“As you go from one booth to the next, it’s something just a leapfrog better. If I did that all the time, I would be trying to shift over 350 different locations worldwide constantly. And we just can’t operate that way. We look for a capability that has lifespan standards and being able to work it. We have thousands of pieces of equipment. And just imagine if all the highways getting into Baltimore were going to get paved today. And so they shut it down just to do the paving, that’s no different than we have to say, ‘Hey, we have to upgrade our equipment, let’s take down this link to be able to do that.’ No, I’ve got a conference, I work at the hospital, fire depart, I need to be going to work. Trying to balance that is another reason why we have to find a capability that has that longevity and flexibility for us to be able to implement things in a parallel manner.”

To address the issue of mounting legacy equipment, Paczkowski said he wants to see more roadmaps and more “graceful transitions” from the industry.

“Everyone wants to sell something new and, and when this is done, then I get something else that’s newer — there isn’t really a graceful transition plan in those cases if it’s non standards-based,” Paczkowski said. 

In addition, Paczkowski said the components need to prioritize infrastructure upgrades even despite budget constraints, 

“If you have an iPhone 7 — no one does anymore — but we have a lot of iPhone 7s. We’re hoarders in the department. Well, now my app doesn’t really work, now we need to upgrade. Well, I don’t have money for a phone. Well, if that’s a priority, make sure that you need to be keeping up with your infrastructure. Because not just from a functionality perspective, with the legacy challenges their cyber components to it, there are vendors saying, Hey, I’m not supporting that anymore.’ So again, it is prioritization,” Paczkowski said.

The post DISA’s PEO Transport wants ‘graceful transition plan’ from industry first appeared on Federal News Network.

Derace Lauderdale |

The Office of Naval Research is developing an automated hiring portal to track its onboarding and offboarding processes, hoping to improve customer experience for both.

ONR, the Navy Department’s main science and technology organization, is constantly looking for new talents all over the world while having the largest total of PhDs in any federal agency, from trained scientists to research professionals.

For now, the customer experience for new hires is somewhere between good and very good, but ONR is still spending a lot of time looking into automation and areas where they can improve, said Curtis Pelzer, the organization’s chief information officer. He said ONR is looking at reducing the time it takes to onboard personnel and providing more information to leadership on why employees are leaving.

“In terms of our onboarding process, a lot of that process is manual. And when we identify a potential hiring candidate, a lot of that initial interaction also happens manually.  In terms of all the forms that they need to fill out to become a federal employee or transition from another federal agency, what we’re looking to do is allow them to provide all that information online, through what we’re calling a program or hiring portal. They log in, and they are able to see all the information that they need in terms of completing forms and being able to transmit those forms back to the hiring manager,” Pelzer said on Federal Monthly Insight — Customer Experience. “And, then, after the employee has been onboarded to the command, we’d be able to automate the entire lifecycle of that employee. So all those documents that were generated during the hiring process are made available to that employee.”

Information would also be automatically passed on to others in the organization who need to know about the onboarding process, including hiring managers, supervisors, and HR personnel, depending on their roles.

“The system would provide for the individual roles that are needed to make sure that the employee lifecycle is being met, and the things that the employee would need during their tenure. I speak of this in terms of lifecycle, because I believe that there’s a beginning, which is the onboarding process,” Pelzer said. “And then you look at the sustainment of that employee during their tenure, and you look at the offboarding process. That would entail, how do you recover those assets that have been provisioned for the employee? And then how do you successfully offboard that employee, making sure that they have everything that they need when they’re departing the organization?”

Other information in the portal could provide insights into why an employee decides to leave the agency might enhance the automated process in the future,

Prior to the development of the new automated portal, ONR has experienced issues automating processes due to their existing manual process. Originally, they would overlay new technology over the manual process — but would not receive the  level of efficiency they were expecting.

Artificial intelligence has also been a conversation at ONR, as they’re working on AI-enabled capabilities. Pelzer said the challenge is identifying what data will be allowed, and making sure the data remains secure, not putting anything at risk.

“We have been looking at using bots using robotic process automation to help streamline routine processes that we believe can be done better by a bot, or using an AI. And most certainly bring a level of efficiency to these processes like onboarding and offboarding of personnel and tracking personnel better,” Pelzer said. “When you look at our data and analytics program, we’re building AI-enabled capabilities every single day. These are taking systems that we’ve already built, and then layering that generative AI on top of that, to be able to better serve our workforce, to give them an additional capability that we previously didn’t have, prior to the advancement of AI.”

ONR is also looking at new ways to track metrics on how many personnel are onboarding and offboarding. Currently, they’re manually capturing these metrics. For Pelzer, looking at metrics provides insight when it comes to a call for resolution and meeting customer needs.

“One thing that’s the most gratifying in terms of customer satisfaction is the messages that I receive from the customer that say, ‘Hey, well done, your team has done something that I didn’t think was possible,’ or the response time, or the level of satisfaction the customer received. So, the metrics certainly give you insight into how well your team is performing. We look at the data, but having those notes that come in is really something that I look forward to,” Pelzer said.

The post ONR looks to automation to speed hiring federal hiring process first appeared on Federal News Network.

Federal agencies sought to transfer nearly 1 million cubic feet of records to the National Archives and federal records centers ahead of a landmark electronic records deadline.

On July 1, the National Archives and Records Administration stopped accepting transfer requests for analog records, including paper. Going forward, agencies will only be able to transfer electronic records, with some limited exceptions.

The passing of the June 30 deadline marks a key moment in the federal government’s shift to digital processes.

“The deadline has been the focus for so many agency federal records management programs, it’s sometimes hard to believe we’ve made it to the other side,” Lisa Haralampus, director of records management policy and outreach at NARA, said in an interview with Federal News Network.

The impending deadline sparked a surge of transfer requests, as agencies sought to shed paper and analog records.

Over the past year, Haralampus said agencies made more than 1,000 direct offers to the Archives, representing approximately 65,000 cubic feet of records. Direct offers are permanent records considered to be historically valuable. They’re directly “accessioned” into the Archives. “Not many records” clear that threshold, Haralampus said, and the amount of direct offers made ahead of the June 30 deadline is “a higher number than normal.”

Meanwhile, agencies also submitted a collective 40,000 transfer requests for records to be stored at one of NARA’s 18 Federal Records Centers over the past year. Those requests represent a cumulative 930,000 cubic feet of records. Records are stored at the FRCs until final disposition.

“The surge was real,” Haralampus said.

While the deadline for submitting analog transfer requests has passed, the Archives and the records centers will still be taking paper records “for a year or two” as NARA officials work through the backlogs of requests, Haralampus said.

But in the future, most records transfer requests will be measured in bytes rather than cubic feet.

“It is exciting and scary to realize at some point within our careers . . . we will have moved to fully electronic records management,” Haralampus said.

The move away from paper

The shift to electronic record-keeping has been more than a decade in the making. The Obama administration issued requirements for agencies to eliminate paper “to the fullest extent possible” in a 2012 directive.

In 2019, the Trump administration set a deadline of Dec. 31, 2022, for when NARA would stop accepting paper records from agencies.

“The federal government spends hundreds of millions of taxpayer dollars and thousands of hours annually to create, use, and store Federal records in analog (paper and other non-electronic) formats,” the June 2019 memo from the Office of Management and Budget stated. “Maintaining large volumes of analog records requires dedicated resources, management attention, and security investments that should be applied to more effectively managing electronic records.”

At the time, many agencies were confidently transitioning from paper to digital records. The memo sparked a flurry of additional digitization activities across government.

But COVID-19 tripped up those plans. And even without the pandemic, many agencies said they would have struggled to digitize their legacy records in time due to resource constraints.

After one-third of agencies signaled they wouldn’t meet the 2022 deadline, the Biden administration extended the cutoff date to June 30 of this year.

NARA exceptions to e-records deadline

Even after NARA clears through the backlog of requests, agencies will still be able to transfer analog records in some cases.

Haralampus said NARA has so far approved 24 exceptions to the requirements, with 20 exception requests still under consideration.

In addition to NARA no longer accepting analog record transfer requests, agencies were also required to shut down their own records storage facilities.

But Haralampus said NARA granted an exception for the FBI to continue operating its Central Records Complex in Winchester, Va. “It makes sense,” she said. “The government has invested so much. And those records are of such a sensitive nature.”

In another case, NARA approved the Environmental Protection Agency’s exception request to continue operating its new National Digitization Centers.

In addition to granting specific agency requests, NARA is also finalizing a government-wide exception for official personnel folders and employee medical files. That means agencies will still be able to transfer paper personnel records to NARA’s National Personnel Records Center (NPRC) for the foreseeable future. Haralampus said NARA will soon release more guidance on managing federal personnel records.

And even though some agencies will still be managing paper and analog records, Haralampus said the continuing work to digitize legacy records and adopt electronic processes shows a continuing commitment to the e-records goals.

“If we as the government are as a whole are getting down to talking about exceptions for specific agencies and specific record series, that means the big picture has been taken care of,” she said. “Big things have moved in the right direction with business processes, workflows, how we’re managing all of our records electronically.”

The post NARA sees requests to transfer nearly 1M cubic feet of records ahead of deadline first appeared on Federal News Network.

For the last three years, the General Services Administration’s Federal Systems Integration and Management Center has supported most of the lifecycle IT support for the Advana platform, including assisting with the acquisition and ongoing maintenance of the system.

But the platform, which was originally developed to support the comptroller’s office, has grown exponentially. Advana now houses everything from financial management to personnel, logistics and management data for roughly 100,000 users, so the existing management model provided by the GSA’s FedSIM service is no longer effective enough to meet the platform’s expanded requirements.

“Advana was like a victim of its own success — it scaled tremendously over the last few years. And that data infrastructure itself — we’re doing some internal upgrades — I think, will benefit from an overall look at the data engineering and kind of what the right solutions are for the back-end architecture,” Radha Plumb, the Pentagon’s chief digital and artificial intelligence officer, said during the Center for Strategic and International Studies event on Monday.

“We are looking forward to going through that competitive process to see who’s interested in working with us on that.”

Moving away from the current acquisition approach and introducing more vendors into the process will allow the CDAO to create a “clear data infrastructure investment” in a more modular way.

“We are now looking at what the next journey for Advana looks like. How do we make sure we build the right back-end data architecture, the right enterprise-level analytics and we have the right acquisition strategy to make sure that it can launch into the future just as successfully as it has over the last several years?” said Plumb.

Recompeting the contract for Advana platform is part of the CDAO’s broader approach to scale data, analytics and artificial intelligence capabilities across the DoD dubbed Open DAGIR, short for Open Data and Applications Government-owned Interoperable Repositories.

Open DAGIR  has become a significant initiative for the CDAO as it represents a major shift in how the Defense Department procures and manages its digital infrastructure. The goal for this new approach is to create a more modular, multi-vendor ecosystem, which will increase competition and bring in diverse solutions to support DoD’s data systems.

“It’s clear we need these different interfaces, it’s clear we have a bunch of mature applications that need to be scaled. And it’s clear we need an open interoperable data architecture. How do we get all three of these at once? So that’s really what Open DAGIR is intended to get after — it breaks that procurement process into three big chunks,” said Plumb.

In May, the Defense Department awarded a $513 million contract to Palantir for its Maven Smart System prototype. The Maven Smart System, foundational to the Open DAGIR initiative, expanded to thousands of users from five combatant commands beginning in June. The CDAO is now focused on aligning the recompeting process for Advana with the Open DAGIR framework.

“We’re working to recompete [Advana] in the construct of Open DAGIR, which again means that we need to compete the data infrastructure, the enterprise applications, which will probably be more than one particular application set, and then this prototype pathway for analytic applications that need to be tested and evaluated on that Advana stack,” said Plumb.

The CDAO plans to host an Advana Insight Day early in September. The office will start seeking solicitations shortly after the event.

The post DoD preparing to recompete contract for Advana first appeared on Federal News Network.

Core civilian agencies are tasked each day with ensuring U.S. prosperity, continuity and trust on a national level — and these agencies now find themselves in a unique position at the intersection of massive mission needs combined with increasing volumes of data. The key to pulling it all together: artificial intelligence, the most important technology advancement in a generation. Stemming from last year’s Executive Order on AI, deadlines are quickly approaching for agencies to comply with the EO and Office of Management and Budget requirements, serving as a critical impetus to ensure the resiliency of the country — powered by data and AI — no matter what is happening on the global scale.

It is critical that civilian agencies forge ahead with robust, coordinated, scalable and repeatable strategies to take advantage of AI and the power of data to prepare all-of-government responses to not only maintain equilibrium, but also prepare to meet challenges at home — from extreme weather events, public health crises drawing on lessons from the COVID-19 pandemic, financial and critical infrastructure threats, and beyond. In an era marked by geopolitical tensions, climate crises and cybercrime, being prepared is not merely an option but a necessity.

AI and data: The key to empowering critical civil agencies

So what does preparation look like in action? Technology and data are not just tools, but lifelines that can significantly impact emergency responses and day-to-day operations. Here are three critical areas where AI-powered and data-enabled mission approaches can revolutionize civilian and public sector efficiency and efficacy:

1. Climate resilience: As natural disasters become more frequent and severe, the need for comprehensive data sharing across agencies has never been more urgent. AI can process vast datasets rapidly, pinpointing at-risk communities and extending the lead time for extreme weather forecasts, turning hours into minutes and saving lives in the process.
2. Public health: Early detection of public health threats can prevent them from spiraling into endemics and full-blown pandemics. Through enhanced data sharing between local and federal entities, and AI-driven pattern recognition, agencies can quickly identify potential outbreaks, ensuring that preparedness is a step ahead of the problem.
3. Fraud Prevention: The importance of bolstering the resilience and security of systems cannot be overstated. A recent advisory from the Cybersecurity and Infrastructure Security Agency highlights the threat of nation-state hackers targeting civil society organizations to destabilize democratic values. The repercussions of such cyberattacks have already disrupted our healthcare systems. By employing AI to continuously monitor and analyze systems and data, and to respond to security breaches and fraudulent activities swiftly, we can enhance the integrity of our civil agencies and protect the interests of our citizens. This proactive approach is vital in safeguarding our nation, its people, and our democratic way of life against nefarious threat actors.

Investing in the future: The human factor and reimagined automation

The potency of AI and implementation of data enabled missions hinges on skilled talent. To meet the challenge of tomorrow, agencies need to double down on investing in their people to modernize their workforce the same way they are modernizing their technology. Reflecting on how the widespread availability of Microsoft Office tools transformed workforce skillsets three decades ago, it’s clear that tools alone do not suffice; adoption and proficiency in their use does.

Today, we find ourselves at a similar juncture with AI and data. It’s not just data scientists and people in technical roles who need to become proficient — it’s everyone. You don’t need to be a data scientist, but you do need to be data fluent. As technology perpetually evolves, the constant that remains is the people behind the machines. Success hinges not just on having the latest technology but on working collaboratively to leverage these tools for better mission outcomes.

Tied to reimagined talent development in the quest for public sector modernization, it will be paramount to transition from manual to automated processes, particularly in data management and emergency response. Reimagining workflows with AI and real-time data can free up agency staff to focus on strategic priorities and empower urgent, data-informed action in crisis situations. Civil agencies must make their data readily available to stakeholders and be equipped with AI tools and proficient personnel to deploy solutions at a moment’s notice when American lives and livelihoods hang in the balance.

A call to action

Agencies need to balance today’s demands with tomorrow’s potential. As we continue to navigate the digital age, the mandate for civil government agencies is clear: Embrace technological advancement, invest in talent, and create and maintain a proactive roadmap for modernization. There’s greater awareness and excitement about civil agencies being able to solve challenges through better use of their data. While agencies are at different points in their digital transformation journeys, the potential to overcome challenges with data is becoming more apparent.

The challenge is that agencies need to deliver on the missions in front of them today with the tools they have, while taking modernization steps to build the road for tomorrow. Only then can we truly safeguard and serve the American public.

Richard Crowe is president of the civil sector at Booz Allen Hamilton, the leading provider of AI services to the U.S. federal government.

The post The power of AI, data in preparing for the next national emergency first appeared on Federal News Network.

GSA launched two new initiatives to continue to relieve some of the burdens of getting cloud services authorized under the Federal Risk Authorization and Management Program (FedRAMP) that contractors and agencies have long-complained about.

Eric Mill, the executive director of cloud strategy at GSA, said the agile delivery pilot will choose about 20 contractors to test out how to use secure software delivery approaches to accelerate the “significant change request” process, which essentially is an approval gate for cloud providers to add new features or capabilities to a FedRAMP authorized service.

“For a lot of cloud providers, this can go on for a long time and really get in the way of what we know to be secure software deployment and delivery practices, which are agile software delivery practices and the federal government absolutely needs to get the benefits of these companies who we are relying on for them to be able to share as many security improvements and updates as possible, new security tools, new patches, and new technology and new capabilities,” Mill said at the GovForward conference sponsored by Carahsoft. “This is an area where we think we can take a look at the way that FedRAMP has operated to date and refactor the process to be one that is based on continuous assessment. I think that’s a phrase you’re going to hear us use a lot because we think we should be getting both more security and more speed at the same time. When we focus our attention on overseeing the process by which changes are made, rather than repeatedly exercising like a stop and go process on every point in time change that a cloud provider makes.”

The PMO says as part of its plan to limit the scope and potential impact of changes to agencies, the new features CSPs launched as part of this pilot must be opt-in.

The PMO says any changes to the fundamental underlying architecture, or new security control implementations that apply to the entire offering, will be excluded from the pilot.

For the purposes of this pilot, the PMO says agencies must choose to use the new feature and the new feature cannot change the:

• System’s fundamental architecture,
• Types of components used such as databases, operating systems, or containers,
• Tooling used to configure, secure, and scan those components, and
• Customer responsibilities for existing features or services.

The FedRAMP program management office will accept applications from vendors to take part in the pilot through July 26 and then make selections by Aug. 16.

The second new initiative is focused on bringing more automation to the program.

The new technical documentation hub will help CSPs in the development, validation and submission of digital authorization packages, and the developers of governance, risk and compliance (GRC) applications and other tools that produce and consume digital authorization package data.

Mill said one of the goals of FedRAMP more broadly is to reduce the time and costs to industry to get their services authorized.

“We’re still in a universe where we traffic 600-page Word documents and PDFs, which is really not how to run a data oriented organization,” Mill said. “We’ve made, what I think are, very concrete investments in changing that dynamic over time. Some of that is who we have hired and brought on to the program where we have a dedicated Open Security Controls Assessment Language (OSCAL) and data standards lead. We already have more technical expertise and practitioner background in the program now than it has had historically, and we’re going to be increasing that very significantly in the near future. We think that by bolstering our technical capacity, we’re going to be able to move dramatically more effectively, and be a more empathetic and effective partner with the cloud providers and agencies who ultimately have the tools that need to integrate with our program so that we don’t have to have people emailing things around much less emailing things around with passwords and stuff like that.”

The website initially is focused on promoting the use of OSCAL and application programming interfaces (APIs) to share digital authorization packages with the PMO and among agencies.

The PMO says this technical hub site will help make the FedRAMP authorization process more efficient and accessible by:

• Providing faster and more frequent documentation updates
• Expanding the breadth and depth of available technical documentation
• Improving the user experience for stakeholders who are implementing OSCAL-based FedRAMP packages and tools
• Establishing a collaborative workflow that supports community contributions for improvements to the documentation

Mill added this approach isn’t necessarily new because FedRAMP is doing all of this work out on GitHub and open source development already.

VA proved out automation

FedRAMP has long held out for the promise of OSCAL. In May 2022, it received the first security authorization package using the framework. The National Institute of Standards and Technology released version 1.0 of OSCAL in June 2021 and in August 2021, FedRAMP released the first set of validation rules via GitHub.

But both the program and vendors have been slow to catch on.

Amber Pearson, the deputy chief information officer at the Department of Veterans Affairs, said at the event that VA was the first agency to deploy and submit a systems security plan using OSCAL.

“We were able to actually transform our standard 426 page system security plan from a text file to machine readable language. We’re really excited where automation is going to take us to help us speed up how we deploy our authority to operates (ATOs) in our environment,” Pearson said. “OSCAL will be the first step to explore automation during our assessment and authorization process because it allows us to programmatically look at how do we build in key metrics to do automatic control testing. We’re actually exploring that with our partnerships with NIST and others. How do we actually speed up from a 360-day ATO timeline to receive an ATO to maybe an assessment and authorization (A&A) in a day? That’s some of the efforts that we’re looking at and how do we quickly assess the security controls and most importantly, about automation, it comes into play when you think about continuous monitoring and being able to measure your risk in near real time.”

Drew Mykelgard, the federal deputy chief information officer, said he hopes OSCAL becomes common place for any organization building or approving software within the next year.

“At every stage, I hope people are like, OSCAL is saving me from Word flat files, PDFs and it is changing the game from one of the biggest points of friction that we feel. We also know that when like the federal government gets behind a standard, we can really push it forward,” he said. “When we have people like Amber and her team pushing this through their governance, risk and compliance (GRC) platforms to intake OSCAL more effectively, running the tests on it and increasing, we can write all the policy we want, but without people like Amber, it’s doesn’t happen.”

The agile delivery pilot and the automation hub are two of the latest efforts the program management office has released since January.

FedRAMP’s continued modernization march

In June, FedRAMP finalized its emerging technology framework, focusing initially on generative artificial intelligence.

In May, OMB and GSA detailed the new structure of FedRAMP, replacing the joint authorization board with the new FedRAMP Board and creating the technical advisory group.

And two months before that, the FedRAMP PMO outlined 28 near-term initiatives in a new roadmap for the future.

All of this started in October when OMB issued the draft policy update to FedRAMP.

The PMO is still without a permanent director after more than three years.

Mykelgard said GSA is close to hiring a new permanent director of the program management office after receiving more than 400 applications.

GSA’s Mill said these and other upcoming changes are all about making concrete investments to change the dynamic over time. He said speed and security don’t have to be polar opposites.

“If you look at the elements on our roadmap, a very healthy chunk of them are designed to chip away in different ways and different slices of the things that generate that time and cost,” Mill said. “What we really need when commodity services out there exist, which can do core functions by companies and other agencies sometimes, it’s the shared services strategy in another form. We benefit from a security perspective, as federal agencies and the federal government when we’re able to stop doing things ourselves. Now when we’re talking about software, we have different and new and exciting opportunities to start running fewer things that are held together by shoestring apps and use things that are given dedicated maintenance, love and security investment. That, in and of itself, is a huge security boon for the government, which should be able to focus its limited IT and security people on the things that cannot be commoditized, that are just unique and core to their mission. That’s the theory of FedRAMP.”

The post FedRAMP’s 2 new efforts target long-time vendor frustrations first appeared on Federal News Network.