Inside the Reporter's Notebook - January 17, 2014

Friday - 1/17/2014, 2:21pm EST

"Inside the Reporter's Notebook," is a biweekly dispatch of news and information you may have missed or that slipped through the cracks at conferences, hearings and the like.

This is neither a column nor commentary - it's news tidbits, strongly sourced buzz and other items of interest that have happened or are happening in the federal IT and acquisition communities.

As always, I encourage you to submit ideas, suggestions, and, of course, news to me at

3 takeaways from cyber hearing

The House Oversight and Government Reform Committee continues to bang the cyber drum over how secure is. They held yet another hearing about the site's development, and the security measures and testing the Centers for Medicaid and Medicare Services performed before the launch and what it continues doing today.

Here are my three takeaways from the hearing:

  1. Frank Baitman, the chief information officer for the Department of Health and Human Services, finally explained to members of Congress how the authority to operate (ATO) actually works. Baitman, Federal CIO Steve VanRoekel, federal chief technology officer Todd Park, and deputy CIO at CMS Henry Chao dropped the ball back in November at the committee's first hearing. But earlier this week, Baitman responded to a question from Rep. James Lankford (R-Okla.) about who's responsible for the ATO by fully explaining the process.

    "As I understand it, the project was built across various parts of CMS, some of which were not under [former CMS CIO] Mr. [Tony] Trenkle leadership," he said. "They also had a CMS official who was responsible for all operational security for and that person was on the ground and obviously more closely focused on it. Ultimately, I thought it was appropriate that Ms. [Marilyn] Tavenner as the administrator for CMS, be the individual who accepted risk on behalf of CMS because the project was large and being done across all parts of CMS."

    The agency CIO or CISO should have nothing to do with approving the ATO, which lawmakers continually fail to grasp and federal officials do not take the time to explain. It's the system owner's responsibility to accept the risk. That is exactly what Tavenner did — agree or disagree with the decision, it was hers to make.

  2. CMS and the White House got the message about how best to secure the Affordable Care Act portal. Teresa Fryer, the CMS CISO, said as of Dec. 18 the portal passed all testing requirements that go above and beyond industry best practices. In a response to a question from Rep. Darrell Issa (R-Calif.), chairman of the Oversight and Government Reform Committee, said the agency completed end-to-end cyber testing of the system and is confident that it meets and exceeds in many cases best practices. Fryer said an independent third-party will continue to test the cyber robustness every quarter at least.

  3. problems continue to build momentum for IT and acquisition reforms. Congress failed to pass the Federal IT Acquisition Reform Act (FITARA) last session, but a growing number of members seem poised to take another run at it. Issa and Rep. Gerry Connolly (D-Va.), the co-authors of the bill, are expected to continue their push, but at the hearing earlier this week Rep. Jackie Speier (D-Calif.) asked all three witnesses if FITARA would have helped in the development of the portal. While all three deferred answering the question, Issa put a finer point on the inquiry asking if giving CIOs more authority over the budget would help. Baitman said he thought you'd get greater accountability when you have one person who is clearly in charge. Fryer agreed with Baitman's observation. Kevin Charest, the HHS CISO, said along with greater accountability, agencies could more easily increase efficiencies and reduce costs.

    The White House is expected to address federal IT and procurement reforms in the coming weeks, possibly during President Barack Obama's State of the Union Address in two weeks.

    Sounds like there's a ground swell occurring for FITARA or other reforms.

$60.4 million in cyber awards

Four companies are first out of the gate to provide cybersecurity products under the continuous diagnostics and mitigation (CDM) contract.

The General Services Administration, on behalf of the Homeland Security Department, awarded $60.4 million worth of contracts to Technica Corp., Knowledge Consulting Group, HP Enterprise Services and Northrop Grumman Systems Corp. under a lowest-price, technically acceptable approach.

DHS says 33 agencies will receive endpoint asset management and software assurance tools. The agency would not identify which of the 33 would be first on the list to receive the cyber apps.

"We are committed to deploying CDM tools and services as quickly as and efficiently as possible," DHS stated in the FAQ document sent to Federal News Radio. "We are particularly pleased to report that strategic sourcing resulted in an average 30 percent reduction off GSA Schedule 70 pricing for the commodities purchased today, for a budget avoidance of up to $18 million. This award will allow federal departments and agencies to gain more comprehensive situational awareness into their cybersecurity risk posture and begin to mitigate the most significant risks first."

GSA issued the request for quote Nov. 13 to the 17 vendors on the CDM multiple award contract.

DHS is leading the effort to help agencies meet the Office of Management and Budget's 2017 deadline to implement dynamic, proactive cybersecurity.

GSA and DHS are working on another award in the coming months for a continuous monitoring dashboard tool.

"It's great to see DHS moving swiftly to get this first phase of a major government cybersecurity program underway," said Ken Kartsen, vice president, McAfee Federal, who is a subcontractor to the Knowledge Consulting Group under this program. "CDM will create efficiencies, cost-savings and ultimately a higher level of cybersecurity for civilian agencies — and any other entities that choose to use it. One of the best features of CDM is that it's an iterative process, which makes good sense. Government agencies shouldn't be expected to leap from A to Z immediately. With CDM, they can move progressively through thoughtfully designed steps to achieve a high level security posture. This is an important change from the past, under FISMA and the report card model."

GSA kicks off Alliant V2 planning

About half way through the potential total life of the Alliant and Alliant Small Business governmentwide acquisition contracts, agencies continue to show why it's one of the most popular GWACs ever.

General Services Administration statistics show agencies have obligated more than $15 billion through 357 task orders between 2009 and 2013.

So it's no wonder GSA already is planning the follow-on contracts even though Alliant and Alliant SB don't expire until 2019.

GSA earlier this week launched a social media site for industry and federal acquisition officials to discuss what the next generation of the Alliant contracts should look like.

"The final option on both Alliant and Alliant Small Business will be exercised in early to mid-2014," GSA wrote on the site. "The development of a new contract vehicle starts first with industry and government agency feedback. By starting this market research early and involving all stakeholders the Alliant II and Alliant Small Business II GWACs will be awarded on schedule."

GSA offered no timeline for the release of new solicitations or even awards.

Fiscal Year:

Alliant TO Awards

Estimated Value

Obligated Dollars

























Grand Total




Source: General Services Administration

One industry executive praised Alliant, saying agencies like it for its flexibility and vendors like it for its variety of services and ease of use.

And the numbers support that opinion. GSA says the Defense Department is the biggest user of Alliant, issuing 77 percent of all task orders. The Air Force is the biggest users, awarding 24 percent all task orders. Civilian agencies issued 33 percent of all task orders, led by the departments of Homeland Security and Health and Human Services.

As for the companies under the Alliant contracts, SAIC has received the most task orders, 37 worth more than $3.7 billion, followed by Northrop Grumman with 25 task orders worth more than $1.4 billion and Booz Allen Hamilton with 23 task orders worth more than $879 million.

Recognizing the contributions of a long-time homeland security official

The start of a new year always is one of the most popular times for federal employees to retire or leave government. GSA, for example, is one of many agencies feeling the impact of senior officials exiting to other agencies or the private sector.

But one person who flew under the radar for much of his career, but should get some recognition recently called it a career.

Charlie Bartoldus retired after almost 35 years in government, including the last year working on detail at the White House's National Security Staff. With the White House, chief among his focus areas was the collaboration with Kshemendra Paul, the program manager for the Information Sharing Environment, on the National Strategy for Information Sharing and Safeguarding Implementation Plan.

Bartoldus is one of those smart, hardworking career feds who stays out of the limelight, but gets the job done, and too often is not recognized for their contributions.

Before coming to the White House as senior director for transportation and border security, Bartoldus was the deputy assistant secretary for resilience in DHS' Office of Policy, where he oversaw the development and implementation of disaster planning policies.

He also spent time as the homeland security attaché to the United Kingdom and Republic of Ireland for DHS from 2009 to 2012 and was the senior director in the DHS Screening Coordination Office.

Over his career his work has been recognized with the DHS Silver Star for Meritorious Service, the Senior Executive Service Presidential Rank Award and the Vice President's National Performance Review Hammer Award.

Too often, federal employees such as Bartoldus, are overlooked for their contributions, advice and experience, and that shouldn't be the case.

Do you know someone like Bartoldus that should be recognized for their long- time contributions? Let me know:

New Feature: IT Job of the Week

The Navy is seeking an executive director for the Cyber Warfare Development Group. It's a Defense Intelligence Senior Level position in charge of developing and implementing policy and conducting acquisitions to get the department cyber capabilities. The Navy is accepting applications until Feb. 6.

OUT&ABOUT: Next week is a bit slow with Congress out of session, but there are a few events that you shouldn't miss. AFCEA DC hosts its monthly lunch Tuesday featuring a panel of Defense Information Systems Agency IT and acquisition officials, including Dave Mihelcic, CTO, and Dave Bennett, CIO. The Federal Mobile Computing Summit takes place Wednesday in Washington featuring Margie Graves, DHS deputy CIO and Rick Holgate, CIO of the Bureau of Alcohol, Tobacco, Firearms and Explosives, discussing version 2 of the federal mobile strategy. I'll be moderating a panel in the afternoon on mobile integration with Walter Bigelow from ATF, Greg Capella, from DHS, Jerome Davin, from Agriculture, and James Miller, from the FCC. Also on Wednesday is the quarterly meeting of the Government Accountability and Transparency Board, where members will begin developing their annual plan. On Thursday, the IT Innovation Forum hosts Data Innovation Day, where federal deputy CTO Nick Sinai and Eric Newburger, the assistant to the associate director of communications for the Census Bureau, are expected to speak.


Dec. 20--Inside the Reporter's Notebook: Top federal IT stories of 2013 provide few surprises

Dec. 9--Inside the Reporter's Notebook: Labor pinched by poor cloud contracting; Financial shared services progresses

Nov. 15----Inside the Reporter's Notebook: 3 takeaways from IT hearing; First task order for continuous monitoring is out

Nov. 4--Inside the Reporter's Notebook: DATA Act substitute minus accountability provisions; OFPP testing prices paid portal

Oct. 18--Inside the Reporter's Notebook: Acquisition, IT trends; Is cybersecurity awareness month still necessary?

Oct. 4--Inside the Reporter's Notebook: OMB adds clarity to new cyber policy; Cyber risks during shutdown overstated; OASIS delayed indefinitely

Sept. 13--Inside the Reporter's Notebook: FEMA to name Gardner as CIO; new DHS CIO close; NASA struggles with HSPD-12

Aug. 16--Inside the Reporter's Notebook: A new job for a former VA senior official; Countdown to cloud credential pilot begins

Aug. 2--Inside the Reporter's Notebook: Shining a light on GSA contract awards; Congress continues battle over E-Gov Fund

July 12--Inside the Reporter's Notebook: DHS cyber contract awards delayed; musical chairs in federal IT ranks