Department of Commerce mulls IT help acquisition approach
Specifically, the S&P draft announcement of labor seeks providers capable of delivering lifecycle support of web sites, operations and protection aid for legacy Minority Business Development Agency data, MBDA MedWeek and national convention support, Salesforce integration offerings, assignment management, and SharePoint support.
Vendors might be anticipated to take an agile technique improving existing solutions and developing new ones, often communicate task updates and paintings with agencies as a way to request products.
Respondents are requested to publish overall performance measures, as well as ability pricing structures and settlement types.
Sen. Marco Rubio asks for putting off to JEDI cloud contract award
Sen. Marco Rubio. R-Fla. has asked a put off inside the Department of Defense’s $10 billion Joint Enterprise Defense Infrastructure (JEDI) cloud procurement, citing difficulty over the constrained competition.
Rubio wrote a letter to country wide protection adviser John Bolton announcing he concerns the unmarried-award settlement will “result in wasted taxpayer greenbacks and fail to offer our warfighters with the first-rate generation solutions.” While Bolton doesn’t have direct authority over the DOD’s procurement tactics, he’s one of the president’s closest advisers.
The letter comes as protests to put off and trade the JEDI process via Oracle seems to have failed. The competition for the settlement is now right down to simply Amazon Web Services and Microsoft.
Rubio’s letter echoes worries of fellow Republican lawmakers and conservatives who’ve raised that JEDI’s single-award strategy and gate access requirements had been tailormade for AWS and limit marketplace opposition.
Rubio is going on to cite the DOD inspector widespread’s investigation of capability conflicts of interest surrounding the contract. He stated he’s “additionally writing to Acting [DOD] Secretary Esper approximately these conflicts of interest, and it’s far my desire the IG’s work may be taken seriously. “
The Florida senator also referenced the Intelligence Community’s circulate far from a single-cloud infrastructure as proof of the prevalence of a multi-cloud model. IC CIO John Sherman recently confirmed the Central Intelligence Agency plans to pursue a multi-cloud multi-supplier cloud machine, but stressed their pass became no longer a repudiation of the DODs cloud mission.
“We don’t trust it is appropriate … to be used as a yardstick for JEDI as DOD and the intelligence community are at one-of-a-kind locations in our prospective cloud modernization trips,” Sherman stated.
Government eyes ‘assisting role’ in identity management
The Trump administration is still identifying what position the federal authorities must play in identity, credential and get right of entry to control, and as a minimum one industry affiliation wants it to be a “supporting role.”
In May, the White House up to date its ICAM coverage to offer organizations extra manage over how they authenticate network customers. The Office of Management and Budget memo directs each employer to create an ICAM oversight structure, strategy, and technology roadmap.
But that’s just the “commencing chapter,” stated Matt Lira, a special assistant to the president on the White House Office of American Innovation.
“This is certainly one of the fundamental questions of the following technology of what our economic system looks as if, and the federal government has a prime function to play in that,” Lira stated Wednesday at a Business Roundtable event in D.C. “But it’s now not necessarily a dominant function, and it’s really no longer the handiest function.”
That equal day, BRT — which represents the CEOs of some of America’s leading agencies — launched an eight-step, short-time period action plan for enterprise-led improvement of virtual identification answers.
The white paper recommends the government reduce dependency on passwords in the desire of tested, secure authenticators like cellular apps or biometric sensors on cell gadgets. Additionally, BRT advises groups to move away from identity-proofing solutions which are solely expertise-primarily based like social security numbers and understand them as identifiers, now not authenticators.
Section 215 of the Economic Growth, Regulatory Relief, and Consumer Protection Act of 2018 permits the top of the Social Security Administration to permit different groups to validate SSNs. And that’s exactly what BRT needs SSA to do.
“What we need to do within the future is create an atmosphere,” said Donna Beatty, executive director of digital identification and authentication at JPMorgan Chase. “An identification provider issuer can affirm information on our behalf.”
In that model, JPMorgan ought to act because the trustee of a consenting purchaser’s identity whether they need to e-book a flight or buy a television — vouching for them as opposed to them having to reveal credentials. A smartphone range the person makes use of often, GPS place and day by day experience-sharing or purchasing activity could all thing into the “virtual footprint” identification provider vendors hold, Beatty said.
SSA can be the check case — if it gets higher about partnering with industry to make verification services more steady, she delivered.
Now that Congress confirmed Andrew Saul as SSA commissioner in early June, the organization ought to be extra cooperative. Agencies are in various degrees of enforcing ICAM with maximum within the middle and Federal Chief Information Security Officer Grant Schneider “leading a technique to type of herd those cats along,” Lira stated.
“I want this to be greater than a surely passionate dash,” he stated. “We need to create the process and relationships which could clearly see this through inside a long time.”
For the procedure to work, the authorities wish to improve guide for validating identification attributes like driving force’s licenses, passports, navy IDs, and financial bills. And that requires improved data sharing from, especially, the IRS, State Department, Department of Defense, Department of Veterans Affairs, and SSA, consistent with BRT’s motion plan.
BRT indicates validations be “yes-no,” as opposed to screen non-public facts, and identities be federated throughout companies so tactics like Transportation Security Administration Pre-Check additionally applies to filling out federal activity packages and obtaining advantages.
Some humans have as many as 25 identities among the SSA, severa “subs” like their driver’s license and health care account, and processors, stated Kelly Bissell, worldwide protection lead at Accenture.
“That’s the essential problem that we’ve, that attack vector if you’ll,” Bissell said. “The greater identities we’ve got, the extra availability there’s to breach those identities.”
Fraud will increase as a result, Beatty said.
Other actions the white paper recommends include government getting rid of limitations to tech adoption, establishing a public-private partnership to scale digital identification answers, enhancing privateness by means of giving users manage of facts collection and use, and investment schooling projects around those troubles.