Skip to content Skip to left sidebar Skip to right sidebar Skip to footer

Tag: cybersecurity

Rising Civilian IT Spending Trends for FY 2025

IT spending among federal civilian agencies has surged in recent years. It is expected to continue with spending priorities for fiscal 2025 to include cybersecurity, AI, enhancing public services, and IT modernization. The total civilian IT budget has grown by 8.1% since 2023, reaching $76.8 billion for 2025. The Department of Education, Social Security Administration, and Department of Homeland Security are set to see the largest budget increases, while Veterans Affairs, NASA, and Agriculture face reductions. (Washington Technology October 7, 2024)

Key FY2025 Civilian IT Priorities:

  • Cybersecurity: Spending increases by 15% to $13 billion, with a focus on public safety, implementing Executive Order 14028, Federal Zero Trust Strategy, and other software supply chain security and OMB memorandums. Agencies must prioritize zero-trust principles and cryptography, especially in vulnerable, sensitive systems. (ibid)
  • Artificial Intelligence (AI): Major funding supports Executive Order 14110, establishing chief AI officers and allocating $300 million for AI risk management, plus $40 million for hiring and training AI talent. (ibid)
  • Digital Public Experience: Efforts to improve digital services for the civilian sector under Executive Order 14058 and the 21st Century Integrated Digital Experience Act. (ibid)
  • Data as a Strategic Asset: Emphasizing better use of data in decision-making, guided by the Federal Data Strategy.
  • IT Modernization: Adoption of modern technologies and retiring legacy systems, with an additional $75 million for the Technology Modernization Fund. (ibid)

Agency Highlights:

  • VA: Despite reduced budget requests, the VA is innovating AI integration, allocating $420.7 million for CRM, streamlining veteran services, and piloting AI for better productivity. (ibid)
  • CISA: The Cybersecurity and Infrastructure Security Agency seeks $442 million for its CADS program, aimed at advancing cybersecurity analytics and data systems to detect, mitigate, and prevent cyber threats. (ibid)

As federal budgets are finalized, IT providers might align their solutions with these key programs and priorities for success.

Questions about Fiscal Year 2025 spending? Give us a call.

-–

Three DoD DFARS will soon become permanent rules

According to a recent statement by Katie Arrington, the Pentagon’s CISO for acquisition and sustainment, three Defense Federal Acquisition Regulation Supplements (DFARS) for the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) will soon be permanent rules. (MeriTalk April 15, 2021)

The CMMC program enforces cybersecurity standards in the Defense Industrial Base (DIB) supply chain. The certification requirements will be part of all DoD contract requirements by 2026. (ibid)

The soon-to-be-permanent rules are:

  • DFARS Provision 252.204.7019 requires contractors to complete self-assessments and upload them into the DoD’s Supplier Risk Performance System (SPRS)
  • DFARS Clause 252.204.7020 takes place upon contract completion, allows DoD access to systems, facility, and personnel if DoD assesses the necessity due to risk
  • DFARS Clause 252.204.7012 requires all contractors to maintain adequate security of defense information that is “processed, stored or transmitted” on their network (ibid)

According to Arrington, 300,000 contractors need to get CMMC certified within the next five years. She said, “we have thought carefully about this, and making cybersecurity foundational to acquisition wasn’t something that we just thought “Let’s do it one time.” It has to be an enduring capability.” (ibid)

Questions concerning CMMC certification? Give us a call.

 

NIST looking for a Small Cybersecurity Business – Do you qualify?

The National Institute of Standards and Technology (NIST) is looking for a small business to assist with the creation of privacy and cybersecurity standards that will apply to federal agencies. Additionally, NIST hopes to gain assistance with the development and modeling of software and applications for various tools, including the National Vulnerability Database.(Nextgov March 29, 2021)

The sources sought notice posted on beta.SAM.gov states, “with a new and re-energized national emphasis on information security, the NIST Information Technology Laboratory’s (ITL) Computer Security Division (CSD) is uniquely positioned to ensure that new technology initiatives are selected, deployed, and operated in a manner that does not increase the risk to organizational missions, individuals and the Nation.” (ibid)

“NIST expects the requirements of its mission to expand and anticipates the need for support in meeting these requirements. The support needed to ensure a successful mission ranges from internal programmatic support to technical expertise and research consulting in a wide range of cyber and information security areas.” (ibid)

Do you qualify for the cybersecurity SINs? Give us a call.

Higher federal procurement standards for IT providers – Are you ready?

The White House is spearheading an interagency endeavor concentrating on software development that will determine federal procurement of information technology (IT). In the coming weeks, vendors can expect to see new IT security standards, governmentwide. This comes after many tech companies complained that the effort under the Trump administration limited the import of information and communications technology from “foreign adversaries.” While leaving the definition of the term “foreign adversary” up to the Commerce Secretary. In addition, the rule as it stands today is broad and raises concerns over due process.

The SolarWinds breach will ultimately raise the bar on vendor security, banning tech from many countries, not just China. It also focuses on vendors and the possibility of vulnerability disclosure policies that encourage reporting weaknesses in their products. Ultimately, vendors providing IT products and services to federal agencies must have the proper level of cybersecurity in place.

Cybersecurity and Infrastructure Security Agency Acting Director Brandon Wales said agencies are working together to ensure consistency in the government’s approach to supply chain security across the Commerce Department rule, an executive order aimed at removing foreign adversaries from the bulk power sector. Wales also said, “the administration is counting on higher federal procurement standards to elevate security across the private sector as well.”

Are your IT products compliant? Give us a call.

 

 

Alliant 2 is Out/Polaris is In

After a year of protests and federal court hearings, the Government Accountability Office has canceled its $15 billion Alliant 2 Small Business contract. GAO is calling the replacement contract “Polaris.” A GSA spokesperson said, “Polaris will not only guide small businesses through the federal market, it will also help GSA customer agencies through the acquisition of IT service-based solutions, and give GSA a chance to improve our offerings and set the agency on a solid course for the future.” (GSAblogs.gsa.gov, October 1, 2020)

Administration sees the industrial base broadening by:

  • Pricing Strategy: GSA plans to increase its pool of qualified small businesses that serve federal agencies. GSA will employ Section 876 of the Fiscal Year 2019 National Defense Authorization Act, allowing contract awards to qualifying contractors without consideration of prices for hourly services. Focus on price competition ultimately takes place at the task order level.
  • On-ramps: Allows for an expanded industrial base as technology changes and for vendors to be considered on the GWAC following an initial award period.
  • Opportunity Expansion: An increased opportunity for HUBZone and woman-owned businesses.
  • Embracing Technology to Maximize Efficiency: Polaris will provide agencies with access to emerging technology providers, especially those offering artificial intelligence, automated technologies, blockchain, 5G implementation, cybersecurity, and cloud. (ibid)

The vendor evaluation strategy will be similar to that used in the Veterans Technology Services 2 and Alliant 2 contracts. Both were guided by industry comments. FAS may utilize an online proposal submission tool to speed up Polaris contract awards, as well as a modified evaluation strategy. (Federal Computer Week, October 5, 2020)

Questions about the Polaris evaluation strategy and how your company might do business on the platform? Give us a call.