Self Certification — No More ;-(

The 2015 National Defense Authorization Act mandated that the Small Business Administration (SBA) discontinue self-certification of women-owned and other small businesses. In 2020, SBA plans to finalize a self-certification rule that closes a loophole allowing participants in the SBA’s Women-Owned Small Business (WOSB) program to self-certify. (Federal News Network, June 2019)

Approximately one-quarter of all federal contracts are held by small businesses, which over the past six years has helped federal agencies to  exceed  SBA’s governmentwide small business contracting goal. This year’s spending of more than $120 billion on small business contracts surpasses last year’s spending by nearly $15 billion.

The Government Accountability Office reported in March that almost 40 percent of WOSB-certified businesses were ineligible. Meanwhile, SBA’s Office of Inspector General June 2018 audit found 89 percent of sole-source (50 out of 56 contracts) did not meet all program criteria. Basically, there is currently no way to know if the contracts, listed in the chart below, were actually eligible for the sole-source awards. (ibid)

Rob Wong, SBA’s associate administrator of the Office of Government promotes a formal certification to  give the program some much-needed integrity. Wong said, “simply put, the wrong companies were receiving our contracts, we want to make sure that, if a company receives a contract through these programs, they’re actually eligible to receive it.” (ibid)

SBA has subsequently published a proposed rule in the Federal Register eliminating self-certification and providing a free online certification application to WOSB. Comments on the proposed rule are being accepted until July 15. In Wong’s opinion, it is high time to streamline the vetting process for the many other set-aside programs, all of which have different sets of eligibility criteria. Wong feels that going to three formal certifications for 8(a), Historically Underutilized Business Zones, women-owned, and service-disabled veterans will unify the processes. The rule with set-aside screening is expected to take a year for the changes to take effect. (ibid)

Do you have questions about the new certification process and how it may affect your current contract or an upcoming opportunity? Give us a call at 301-913-5000.

Strategy of the Federal Data Strategy

The recently released Federal Data Strategy focuses on making agency data more transparent and usable while maintaining security. It also strives to make the data more accessible to government agencies. (Federal Times, June 4, 2019)

Agencies must perform 40 actions to build cultures that value data and its public use, protect their data, and promote the appropriate internal use. (ibid)

The principles promoted by the Federal Data Strategy include:

  • Ethical governance – Agencies are to consider current and potential uses of their data and how those can benefit the population the agency serves. “To derive value from these potential uses, agencies need leadership champions, management buy-in, and staff capacity to conduct the data-driven decision-making cycle that prioritizes the informative value of data.” Agencies are instructed to:
    1. Identify data needs to answer key agency questions
    2. Assess and balance the needs of stakeholders
    3. Champion data use
    4. Use data to guide decision-making
    5. Prepare to share
    6. Convey insights from data
    7. Use data to increase accountability
    8. Monitor and address public perceptions
    9. Connect data functions across agencies
    10. Provide resources explicitly to leverage data assets (ibid)
  • Conscious design – agencies are to create a structure that promotes proper management and protection of data. According to the memorandum, “A data governance structure helps agencies use data to answer important questions while meeting legal and ethical requirements essential to maintaining public trust, including protecting the privacy and ensuring confidentiality.” Under this practice, agencies are looking at the largest number of action items:
    1. Prioritize Data governance
    2. Govern data to protect confidentiality and privacy
    3. Protect data integrity
    4. Convey data authenticity
    5. Assess maturity
    6. Inventory data assets
    7. Recognize the value of data assets
    8. Manage with a long view
    9. Maintain data documentation
    10. Leverage data standards
    11. Align agreements with data management requirements
    12. Identify opportunities to overcome resource obstacles
    13. Allow amendment
    14. Enhance data preservation
    15. Coordinate federal data assets
    16. Share data between state, local and tribal governments and federal agencies (ibid)
  • Learning culture – under the final practice, agencies must ensure that data is only used to a favorable effect, and that unauthorized users are denied access. The memorandum states, “Access to data resources includes practices related to sharing data assets, including open data and tiered access to protected data, disclosure review and interoperability of federal data. Use of data resources includes practices related to data documentation, emerging technologies for protecting confidential data and federal data expertise.” The most efficient and suitable use of data will often require cooperation between agencies not only within the government but also outside of the government:
    1. Increase capacity for data management and analysis
    2. Align quality with the intended use
    3. Design data for use and re-use
    4. Communicate planned and potential uses of data
    5. Explicitly communicate allowable use
    6. Harness safe data linkage
    7. Promote wide access
    8. Diversify data access methods
    9. Review data releases for disclosure risk
    10. Leverage partnerships
    11. Leverage buying power
    12. Leverage collaborative computing platforms
    13. Support federal stakeholders
    14. Support non-federal stakeholders (ibid)

Within the Federal Data Strategy is a draft one-year action plan in which goals laid out in the original memo are addressed. Designated agencies will develop and share government-wide resources and tools for implementing the Strategy. Some agencies will be assigned to improve the management and use of specific data while working together with other agencies to determine how they might make their data better to serve their needs both internal and external. (ibid)

Agency comments on the action plan are due July 5.

Questions about how this affects your ability to work with agency data? Give us a call at 301-913-5000.

 

We See the Future and it is … Single Sign On

By now you’ve likely heard of Single Sign On (SSO). It’s not exactly new, and it’s currently used by just a few agencies, but it is the wave of the future as agencies move to more cloud-based apps. In fact, 6 U.S. Code § 1523(b)(1)(D), a provision of law governing federal cybersecurity regulations, states that agency heads must “implement a single sign-on trusted identity platform for individuals accessing each public website of the agency that requires user authentication.” This provision was created by GSA working with the Department of Homeland Security. (FedTech, May 24, 2019)

What exactly is SSO? SSO allows a user to sign in one time with one high-strength password and access all that specific user’s authorized applications. With SSO, a user need not memorize a different password for each and every application they access. SSO uses the Security Assertion Markup Language protocol that gives the user the ability to log on once for affiliated but separate websites. According to Tracy David, a cloud client executive at CDW, SSO uses “highly complex encrypted keys, which the end user has no access to view or change.” Ultimately, this makes for a much higher level of security for each agency. (ibid)

At this time, you must log in to each app with a different password. More often than not, passwords across applications are similar (if not the same) and easily remembered. This weakens the security level of the agency as stolen credentials account for roughly 80 percent of breaches. With SSO, you have one complex, single-sign-on password protected with multi-factor authentication.  (ibid)

Many agencies are still using on-premises SSO, which will be more difficult as apps move to the cloud. Insiders believe that the Defense Department’s forthcoming Joint Enterprise Defense Infrastructure cloud contract signals cloud adoption becoming the “norm” in government.

Questions about how this affects your current government contract, or how you might work with the government on SSO Technology? Give us a call at 301-913-5000.

 

 

 

Training to Go FAST!

GSA recently announced that it will be holding a Federal Acquisition Service Training (FAST) Conference in Atlanta April 12 – 16, 2020. This event will promote constructive dialogue and facilitate an environment where the government and industry can come together to be educated on GSA’s contracting programs. (Federal News Network, May 2019)

The FAST conference is expected to provide many hours of procurement training, as well as providing GSA, government agencies, and industry with an opportunity to share information on key program initiatives, acquisition policies, commercial capabilities, and commercial marketplace trends. It will provide a forum to bring together all of GSA’s agency customers and industry partners under one roof to collaborate, educate and network. (ibid)

Have questions about the FAST conference and whether you should attend? Give us a call at 301-913-5000, and we can discuss it with you.