FCW Insider: Nov. 16

Top stories, quick hits and more from FCW's reporters and editors.

The Pentagon and the Department of Homeland Security recently agreed to a framework for defending U.S. critical infrastructure and computer networks from cyber threats. A top defense official told lawmakers at a House hearing on Wednesday that the joint memorandum "marks a sea change in the level of collaboration between our departments." But concerns remain over funding structures, and legislation might be needed to permit DOD to assist in domestic breaches. Lauren C. Williams has more.

Two of the top managers at the Federal Acquisition Service are switching jobs, and there are ramifications for the $50 billion Enterprise Infrastructure Systems contract. Mark Rockwell reports.

Three federal unions are suing the Department of Veterans Affairs for its plan to alter its current collective bargaining deal to move more than 400 employees off of "official time" duties and back into the delivery of health care. Chase Gunter has the story.

Is right now an inflection point for IT modernization? In a commentary for FCW, former DHS CIO Richard Spires sees real momentum and top-level focus, but says the challenge now is to translate that into agency-specific action.

Quick Hits

 *** The Office of Personnel Management is making changes to the performance appraisal process for senior executives, senior-level feds and scientific and professional personnel, announced through a memo from acting Director Margaret Weichert to agency heads.

Among the changes, OPM will be able to automatically renew fully certified appraisal systems, and agencies will be allowed to combine performance-based pay adjustments and performance awards demonstrating pay differences to OPM.

OPM will also no longer require agencies to submit a sample performance plan as part of a certification submission; agencies will verify those as part of the certification request letter.

Senior Executives Association head Bill Valdez applauded the move, calling the changes "long overdue."

"A common complaint we receive from SEA members is that their agency performance appraisal system certification process is too bureaucratic and sacrifices process to true performance management," he said. "OPM's actions will fix that problem."

*** The General Services Administration announced an update of its offerings for its Highly Adaptable Cybersecurity Services purchasing program.

The HACS program was established in 2016 as a way for agencies to buy pre-vetted cybersecurity services such as penetration testing, incident response, cyber hunt and risk and vulnerability assessments through GSA's IT Schedule 70 contracting vehicle. Previously, each of those offerings constituted their own, separate Special Item Number. Under GSA's proposed restructuring, those services as well as assessment services for high value assets, a prioritization the Department of Homeland Security has been pushing agencies to adopt, would fall under a single SIN. 

"Federal agencies use large complex network and data systems to maintain and manage varying types of data and information, including [high value assets] that hold sensitive information critical to national and economic security," the agency wrote.

GSA pointed to the White House IT modernization report and the changing cybersecurity landscape as drivers of the proposed change. At a Nov. 14 event hosted by FCW, Larry Hale, director of the IT Security Services subcategory at GSA, said the agency was also reacting to industry responses from a pair of Requests for Information released in May to modernize the HACS program. Hale said the decision to bundle those services together under a single SIN will make it easier for agencies to buy off the program, turning what was previously a four or five solicitation process into one. 

GSA will host a presolicitation webinar on the program and proposed changes Monday, Nov. 19, at 10am.

*** GSA also posted a proposed rule in the Federal Register that would impose new cybersecurity requirements on federal contracts that touch GSA information systems. 

Citing the agency's "unique policies on cybersecurity," the proposed amendment to the General Services Administration Acquisition Regulation would mandate that contracting officers incorporate cybersecurity and data protection rules from the 2014 Federal Information Security and Modernization Act into statements of work for future federal contracts. The proposed rule would cover internal agency information systems, external contractor systems, cloud systems and mobile systems. GSA will be seeking public comments on the proposed change next year between February 2019 and April 2019. 

*** Steve Lipner, executive director for the nonprofit SafeCode, was appointed as chair of the Information Security and Privacy Advisory Board at a meeting earlier this month. The board, which operates under the auspices of the National Institute of Standards and Technology, is composed of members from the federal agencies, industry and nonprofit groups and advises the federal government on a number of tech policy issues, including cybersecurity, encryption, supply chain security and technology standards. Lipner, a former partner director of program management at Microsoft, replaces AT&T's Chris Boyer, who had served as chair since 2016.