The Office of Management and Budget (“OMB”) has issued final guidance (the “Guidance”) implementing the Federal IT Acquisition Reform Act (FITARA).  We have previously discussed FITARA’s requirements that seek to reform and streamline the Government’s information technology (“IT”) acquisitions, which account for approximately $80 billion in annual spending.

At its core, the Guidance implements the mandate of FITARA to increase the involvement and responsibility of agencies’ Chief Information Officers (“CIOs”) in IT procurement and management.  According to Tony Scott, the United States Chief Information Officer, the Guidance also “position[s] CIOs so that they can reasonably be held accountable for how effectively their agencies use modern digital approaches to achieve the objectives of effective and efficient programs and operations.”  Indeed, although CIOs may delegate some of their decisions concerning IT resources to other agency officials through CIO Assignment Plans, the Guidance makes clear that CIOs remain accountable and must monitor those to whom they delegate decision-making authority.

Continue Reading OMB Issues Final Guidance Implementing FITARA

URL

On May 11, 2017, the U.S. China Economic and Security Review Commission (“Commission”) issued a Request for Proposal to “to provide a one-time unclassified report on supply chain vulnerabilities from China in U.S. federal information technology (IT) procurement.”

Congress established the Commission in 2000 to monitor and report to Congress on the national security implications of China’s economic relationship with the United States.  See Commission website here.  The Commission is composed of 12 members serving two year terms, three of whom are selected by each of the Majority and Minority Leaders of the Senate, and the Speaker and the Minority Leader of the House.

The report being sought via the RFP will serve as a “reference guide for policymakers on how the U.S. government manages risks associated with Chinese-made products and services and the participation of Chinese companies in its information technology (IT) supply chains.”  It is envisioned that the report would be briefed to the Commission and interested members of Congress, among others.  The winning contractor must produce a report that addresses at least the following:

  • Summary of the laws, regulations, and other requirements since the passage of the Federal Information Technology Acquisition Reform Act in 2015.  See our discussion of final OMB guidance on implementing FITARA here.  Among the requirements is a comparison of the risk management process for non-national security and national-security-related IT procurements.
  • Evaluation of how Chinese firms and Chinese-made IT products and services enter U.S. government IT supply chains.  In particular, an evaluation of how reliant U.S. government and U.S. government IT contractors are on Chinese firms and Chinese-made IT products and services.
  • Assessment of points of vulnerability in the procurement system, particularly for IT products and services designated as high risk by the U.S. government’s Chief Information Officers (CIO).  Evaluation of whether the CIOs are adequately assessing risk in their ratings of IT products and services.
  • Assessment of why the vulnerability points identified above exist, and an explanation of the factors contributing to the challenge of supply chain insecurity.  Explanation of how vulnerabilities are expected to shift in the next 5–10 years, particularly as Chinese firms move up the value-added chain.
  • Assessment of whether the U.S. government’s management of the risks associated with Chinese firms and Chinese-made products and services to its IT procurement supply chains is sufficient.  Provide a comprehensive description of cases in which the Chinese government, Chinese companies, or Chinese products have been implicated in connection with U.S. supply chain vulnerabilities or exploitation.

This focus on supply chain vulnerabilities is consistent with DoD’s emphasis in the past few years on protecting its supply chain, including rules that address the exclusion of contractors that DoD perceives as presenting a supply chain risk in national security systems, as well as the Department’s rules requiring contractors to provide more oversight of their supply chains to help prevent counterfeit electronic parts.

Proposals are due on June 14 with a report due 90 days from contract execution.

IT-acquisition reform remains an area of ongoing concern for Federal agencies and government contractors.  Indeed, as we previously discussed, the GAO has added IT Acquisitions and Operations to its bi-annual list of programs it identifies as posing a high risk for fraud, waste, abuse, and mismanagement.  Strengthened by Congress’ passage in December 2014 of the Federal IT Acquisition Reform Act (“FITARA”), OMB has implemented several initiatives to reduce redundancy, improve efficiencies, and lower costs with respect to the government’s procurement and management of IT resources.  However, a recent Department of Defense (“DoD”) Inspector General (“IG”) audit report analyzing one of these initiatives—the Federal Data Center Consolidation Initiative (“FDCCI”) —highlights the ongoing struggle that Federal agencies face when seeking to execute IT reform.  If DoD responds to this audit report by stepping up its efforts under FDCCI, one result could be increased opportunities for IT contractors offering cloud computing and other services. Continue Reading DoD IG Report Reveals Ongoing Struggles in IT-Acquisition Reform

As federal agencies are slated to spend almost $80 billion on federal information technology (“IT”) acquisitions this fiscal year and the OMB prepares to issue its final guidance on the Federal Information Technology Acquisition Reform Act (“FITARA”), GAO has released two reports this month that discuss ongoing efforts to improve IT procurement.  Combined with GAO’s recent addition of IT acquisitions and operations to its list of high-risk programs (which we previously discussed), these new reports underscore GAO’s ongoing emphasis on reforming IT acquisitions to reduce redundancy and increase efficiency.

In the first report, GAO added federal software licenses to its list of twenty-four areas in which it discovered evidence of fragmentation, overlap, or duplication in federal government programs.  Citing its May 2014 report on federal agencies’ management of software licenses, GAO explained that a vast majority of agencies do not have sufficient policies to manage their software licenses.  According to GAO, this mismanagement results in over-purchasing licenses, which leads to unnecessary spending, and under-purchasing licenses, which leads to fees for violating licensing agreements.  Therefore, GAO reemphasized that agencies should implement software license management policies that, among other things, provide for centralized management of software licenses and ensure that a software license inventory is created and maintained. Continue Reading GAO Reports Highlight Ongoing Struggles in Reforming IT Acquisitions and Operations

GAO has added IT Acquisitions and Operations to its list of programs it identifies as posing a high risk for fraud, waste, abuse, and mismanagement.  This biennial list contains GAO’s analysis of newly- and previously-added high-risk programs and recommendations for improving their economy, efficiency, and effectiveness.

In adding IT Acquisitions and Operations to this list, GAO observed that “federal IT investments too frequently fail to be completed or incur cost overruns and schedule slippages while contributing little to mission-related outcomes.”  The GAO noted that “the federal government has spent billions of dollars on failed and poorly performing IT investments, which often suffered from ineffective management, such as project planning, requirements definition, and program oversight and governance.”  As a result, improving IT acquisition requires “[p]erseverance by the executive branch in implementing GAO’s recommended solutions and continued oversight and action by Congress.”

Continue Reading IT Acquisitions and Operations Added to GAO’s List of High-Risk Programs

A major piece of IT acquisition reform legislation called the Federal Information Technology Acquisition Reform Act (“FITARA”), on which we have previously reported, was included in version of the National Defense Authorization Act for Fiscal Year 2015 (“NDAA FY 15”) passed by the House on December 4, 2014, along with other significant IT reform provisions related to open systems requirements for the Department of Defense (“DoD”).

The FITARA portion of the bill includes provisions that would require the federal government to:

  • empower Chief Information Officers (“CIOs”) and prevent the CIO from delegating the duty of reviewing IT contracts before the agency enters into the contract;
  • provide a publicly available list for each major information technology investment, both new and existing, that lists information specified in forthcoming investment evaluation guidance;
  • engage in a detailed review of high-risk information technology investments to identify problems;
  • inventory all information technology;
  • implement a federal data center consolidation initiative, which will include publicized goals regarding cost savings and optimization improvements to be achieved as a result of the initiative, and must be performed consistent with federal guidelines on cloud computing and cybersecurity such as FedRAMP and NIST guidelines;
  • expand the use of specialized IT acquisition experts;
  • develop a federal strategic sourcing initiative to be developed by GSA, which will allow for the use of governmentwide user license agreements.

Additional provisions require the use of open and modular strategies by the DoD, including the following requirements Continue Reading Federal Information Technology Reform Act Included in the House-Passed NDAA FY 15

Rep. Anna G. Eshoo (D-Calif.) recently introduced the Reforming Federal Procurement of Information Technology (“RFP-IT”) Act. This Act is similar in many ways to earlier drafts of the FITARA bill on which we have previously reported, with a few notable differences. Among other things, the RFP-IT Act would:

  • significantly increase the Simplified Acquisition Threshold for the purchase of IT services from small business concerns to $500,000;
  • create a “Digital Service Pilot Program” which would “provide digital service experts to support executive agencies on high-priority Federal information technology projects”;
  • establish a new, high-level Digital Government Office to coordinate Federal IT policy and to partner with agencies to address high-risk or failing IT projects;
  • codify the Presidential Innovation Fellows program, with the goal of improving the quality of solicitations issued for IT procurements by “bridg[ing] the gap between the private sector and the public sector by bringing non-Government innovators into the Government to work collaboratively for a period of time with Government innovators in order to rapidly solve challenges of national importance”;
  • require that the Federal Acquisition Regulation (“FAR”) be revised “to clarify that agency acquisition personnel are permitted and encouraged to engage in responsible and constructive exchanges with industry, so long as those exchanges are consistent with existing law and regulation and do not promote an unfair competitive advantage to particular firms”;
  • utilize controversial “commodity” language to describe some information technology; and
  • add the Small Business Administrator to the FAR Council, which sets federal procurement policy.

This bill follows the recent pattern of many Congressional iterations of legislation aimed at improving federal procurement policy, and, although the prospects of passage of this specific bill are unclear, it typifies some of the post-FITARA reform ideas that are gaining ground in Congress.