Alliant 2 is Out/Polaris is In

After a year of protests and federal court hearings, the Government Accountability Office has canceled its $15 billion Alliant 2 Small Business contract. GAO is calling the replacement contract “Polaris.” A GSA spokesperson said, “Polaris will not only guide small businesses through the federal market, it will also help GSA customer agencies through the acquisition of IT service-based solutions, and give GSA a chance to improve our offerings and set the agency on a solid course for the future.” (GSAblogs.gsa.gov, October 1, 2020)

Administration sees the industrial base broadening by:

  • Pricing Strategy: GSA plans to increase its pool of qualified small businesses that serve federal agencies. GSA will employ Section 876 of the Fiscal Year 2019 National Defense Authorization Act, allowing contract awards to qualifying contractors without consideration of prices for hourly services. Focus on price competition ultimately takes place at the task order level.
  • On-ramps: Allows for an expanded industrial base as technology changes and for vendors to be considered on the GWAC following an initial award period.
  • Opportunity Expansion: An increased opportunity for HUBZone and woman-owned businesses.
  • Embracing Technology to Maximize Efficiency: Polaris will provide agencies with access to emerging technology providers, especially those offering artificial intelligence, automated technologies, blockchain, 5G implementation, cybersecurity, and cloud. (ibid)

The vendor evaluation strategy will be similar to that used in the Veterans Technology Services 2 and Alliant 2 contracts. Both were guided by industry comments. FAS may utilize an online proposal submission tool to speed up Polaris contract awards, as well as a modified evaluation strategy. (Federal Computer Week, October 5, 2020)

Questions about the Polaris evaluation strategy and how your company might do business on the platform? Give us a call.

Updating Govt Cloud Security

Cloud vendors will soon see standardized security liability language in all government contracts. This is partly due to agencies’ migration to the cloud being sped up once the pandemic hit and increased teleworking, making the need for cybersecurity assurances essential. (Nextgov, May 20, 2020)

Thomas Santucci, the director of the Data Center and Cloud Optimization Infrastructure Program Management Office at GSA, recently elaborated on the subject, “I think there is a need to update our [service level agreements] with the cloud providers and we’re actively working on that within [the General Services Administration]…. OMB has just stood up a [program management office] to work on a cloud SLA template for the federal government to be attached to every contract.” (ibid)

When referring to the pandemic, Santucci said, “Users are now remote rather than in a central building or campus. Agencies that are doing well are mostly in the cloud with little or no impact. Remote users do not need a [virtual private network] to gain access to their emails or files, collaboration products have significantly reduced file duplicates, and bandwidth consumption is between the home internet connection and the cloud. It’s a great success story.” (ibid)

Officials at the National Institute of Standards and Technology (NIST) believe moving to the cloud does not mean security is a “one and done” feature. There are many considerations that customers may be responsible for under contracts. Increased use of cloud services is not 100 percent secure.

Rep. Doris Matsui, D-California recently wrote to NIST Director Walter Copan, requesting NIST work to establish metrics to accompany their Cybersecurity Framework. The framework allows entities to implement security controls based on their needs. Matsui’s letter to Copan asked for ways to evaluate the security implications of those decisions. Matsui states, “with quantifiable measurement tools, cybersecurity strategies can be compared across industries and between entities. Metrics and measurements that facilitate comparisons and assess risk will be valuable for consumers, companies, and governments.” (ibid)

Wondering how your contract or upcoming proposal might be impacted by cloud migration and updated service level agreements? Give us a call.

Wanna Connect a Hybrid Cloud?

The Department of Defense (DoD) wants a hybrid cloud environment to serve as the cornerstone for department-wide use of artificial intelligence. The Joint Artificial Intelligence Center (JAIC) issued two sources sought notices from all business that can provide system engineering and integration “to support the procurement, implementation, and operation of a hybrid and multi-cloud deployable development and production platform for Artificial Intelligence and Machine Learning (AI/ML) solutions.” (Fedscoop, November 25, 2019)

This hybrid cloud environment will form the basis of the Joint Common Foundation (JCF), a DoD/Government  AI/ML development platform, containing Data, Tools, and Processes. JCF will include shared data, reusable tools, frameworks, and standards. Additionally, it will include cloud and edge services to develop, secure, test and evaluate, deliver, and sustain capabilities. “The JCF will incorporate the architecture and software artifacts of the Enterprise Development, Security and Operations (DevSecOps) initiative and evolve toward enabling the DoD Artificial Intelligence Strategy.” (ibid)

Proposed vendors answer specific questions about past experience integrating multiple cloud providers at scale with continuous development and integration while meeting security compliance standards. A solicitation conference will be held in early 2020, followed by a request for quotation, and award by the end of September 2020.

The award of JCF will move swiftly. Give us a call if we can answer any questions or assist with your proposal efforts.

COMET Commeth!

The General Services Administration (GSA) has released the second and much sought after piece of the IT services procurement known as COMET. The solicitation aims to create a multiple-award blanket purchase agreement (BPA) on top of IT schedule 70.

GSA plans to make between 10 and 12 awards with a minimum of 25 percent set aside for small businesses. The BPA will require a host of IT services, including operations and maintenance, cloud and the continued development, and support of the acquisition systems portal beta.SAM.gov. GSA’s goal is a three-step evaluation approach, including an in-person technical challenge.

In April, GSA issued the RFP for the first and substantially smaller piece of COMET focused on architecture, engineering, and advisory support. (FedBizOpps)

Have questions about COMET and how your company fits in? Give us a call at 301-913-5000.

We See the Future and it is … Single Sign On

By now you’ve likely heard of Single Sign On (SSO). It’s not exactly new, and it’s currently used by just a few agencies, but it is the wave of the future as agencies move to more cloud-based apps. In fact, 6 U.S. Code § 1523(b)(1)(D), a provision of law governing federal cybersecurity regulations, states that agency heads must “implement a single sign-on trusted identity platform for individuals accessing each public website of the agency that requires user authentication.” This provision was created by GSA working with the Department of Homeland Security. (FedTech, May 24, 2019)

What exactly is SSO? SSO allows a user to sign in one time with one high-strength password and access all that specific user’s authorized applications. With SSO, a user need not memorize a different password for each and every application they access. SSO uses the Security Assertion Markup Language protocol that gives the user the ability to log on once for affiliated but separate websites. According to Tracy David, a cloud client executive at CDW, SSO uses “highly complex encrypted keys, which the end user has no access to view or change.” Ultimately, this makes for a much higher level of security for each agency. (ibid)

At this time, you must log in to each app with a different password. More often than not, passwords across applications are similar (if not the same) and easily remembered. This weakens the security level of the agency as stolen credentials account for roughly 80 percent of breaches. With SSO, you have one complex, single-sign-on password protected with multi-factor authentication.  (ibid)

Many agencies are still using on-premises SSO, which will be more difficult as apps move to the cloud. Insiders believe that the Defense Department’s forthcoming Joint Enterprise Defense Infrastructure cloud contract signals cloud adoption becoming the “norm” in government.

Questions about how this affects your current government contract, or how you might work with the government on SSO Technology? Give us a call at 301-913-5000.