In a Thursday statement, managing associate general counsel for procurement law at GAO Kenneth E. Patton said the agency’s decision to not advance those proposals was “flawed”, citing NIH’s inability to show that it both reasonably evaluated phase one proposals and determined which would move on to the next stages of the competition.

“GAO recommended that the agency reevaluate proposals consistent with the decision, and make new determinations of which proposals advance past phase 1 of the competition based on the results of these new evaluations,” Patton said, echoing previous statements from the organization.

Patton also said the GAO found the agency “unreasonably evaluated specific aspects” of a phase one proposal from Sky Solutions LLC. GAO denied remaining arguments the protesters raised, which included challenges to other aspects of the evaluations and untimely challenges, he said.

The decision was issued under a protective order because it “may contain proprietary and source selection sensitive information,” according to Patton. It addressed protests by entities represented by outside counsel who were eligible for a protective order. Protests filed by entities not represented by counsel will be addressed in a separate, forthcoming decision, Patton added.

CIO-SP4 is the fourth iteration of a contract vehicle for acquiring commoditized IT products and specialized services that has been dogged by pre-award protests since the agency first requested proposals in May 2021. The CIO-SP4 vehicle has a $50 billion ceiling.

Entities seeking inclusion in National Institutes of Health Information Technology Acquisition and Assessment Center (NITAAC)’s 10-year solicitation have made multiple challenges through bid protests over the last two years. Those challenges have focused on the process and criteria by which the awarding agency was using to select awardees. They’ve been both dismissed and sustained, as the agency pushes forward with the solicitation.

In March, the GAO dismissed a round of bid protests after the agency agreed to voluntary corrective action to make a new phase one determination on highest rated offerors. GAO previously dismissed 117 complaints in November 2022 over the use of a points based scoring system used to analyze prior performance of the entities bidding. The agency agreed to voluntary corrective action in that case as well.

Both of those decisions came after GAO partially sustained a pre-award protest arguing the procurement unfairly disadvantaged large companies in mentor-protégé arrangements in November 2021.

Commenting on the bid protest decisions, founder of federal procurement consultancy ProcureLinx, Mark Hijar, said: “This is a sign, to me, that they have some very serious retooling to do before they move to the next phase of evaluation. And for this to happen at this late date is not a good sign.”

Hijar, who has worked with contractors who were awardees under past iterations of the vehicle, said he’ll be watching how the agency addresses the recommendation efficiently “without materially changing the evaluation criteria that were originally provided.”

Editor’s note, 6/29/23: This story was updated to add further context about prior CIO-SP4 bid protests and to include comment from ProcureLinx.

The post GAO sustains 98 bid protests filed over CIO-SP4 solicitation appeared first on FedScoop.

But, at least from a software perspective, keeping track of crypto is a lot harder than selling a Chagall. For that reason, the law enforcement agency has spent the past few years trying to hire a private tech company to help. But despite settling on contracts with crypto companies, at least two agreements appear to have fallen through. Today, the Marshals Service is still maintaining seized crypto on its own. 

“As the seizure and forfeiture of cryptocurrency has become commonplace, the USMS has sought to create a contract with private industry, just as it does with nearly all other asset types,” a spokesperson for the DOJ’s Asset Forfeiture Division told FedScoop. “Currently there is no private company that manages USMS’s cryptocurrency portfolio.” 

The search for a contractor started several years ago, when the US Marshals Service requested information from companies about the prospect of managing the agency’s cryptocurrency. In April 2021, a company called Bitgo, a crypto security company based in California, won a $4.5 million contract.

But, then, BitGo lost the agreement a few months after the Small Business Administration flagged the company as being too big to meet the contract eligibility. (Back in May, a company called Galaxy Digital had announced it planned to spend $1.2 billion to acquire BitGo, though the deal fell apart afterward.) In July, the Marshals Service hired another company, Anchorage Digital, which is based in San Francisco and also offers cryptocurrency holding services. 

Now, though, the Anchorage Digital contract also appears to have collapsed. As with the BitGo contract, the federal procurement data system shows that a Marshal Service contract with Anchor Labs was “terminate[d] for convenience.” Anchorage Digital is a subsidiary of Anchor Labs, according to its website. The company appears to have taken down a Medium post touting the agreement.

“Both awards were subsequently stayed pending the outcome of protests filed with the U.S. Small Business Administration (SBA), challenging the companies’ business size,” the USMS spokesperson told FedScoop. “Ultimately, SBA determined that both companies were other than small business.”

The company did not respond to a request for comment, though it’s worth noting that the Comptroller of the Currency issued a consent order against the company, which has an OCC banking charter, in 2022.  The Small Business Administration did not provide a comment by the time of publication.

“Not all cryptocurrency seized for forfeiture by the federal government is transferred to the USMS for custody and liquidation,” added the DOJ spokesperson. “The USMS utilizes the best practices and services of private industry to most effectively and securely manage and liquidate all assets in its custody.” 

The USMS has struggled with handling crypto, as a DOJ Office of Inspector General report highlighted last summer. At the time of the report’s publication, the Marshals Service was using multiple spreadsheets to manage its crypto, primarily because digital assets like bitcoin aren’t easily tracked in a DOJ property management program called the Consolidated Asset Tracking System (CATS).

These documents, according to the inspector general, don’t have “inventory management controls” and “documented operating procedures.” Policies for handling, storing, and valuing crypto are also “inadequate or absent, and in some instances provide conflicting guidance.” 

“The USMS’s supplemental spreadsheets do not have the capability to track edits made to the cryptocurrency entries in the USMS’s inventory records,” warned the inspector general. “As a result, these inventory records could be edited or deleted without a record of such a change being made and without the knowledge of individuals responsible for maintaining the spreadsheets.”

In some circumstances, the Marshals Service was “not fully complying” with rules for tracking crypto in CATS, the reported added.

The inspector general also said that the Marshals Service needs to develop more fleshed-out crypto policies before beginning work with a private company, cautioning that “without properly documented policies and procedures, the USMS lacks an adequate foundation for building performance requirements for a cryptocurrency services contract.”

The post Years later, the Marshals Service is still looking for help with seized crypto appeared first on FedScoop.

CISA is looking to modernize parts of EINSTEIN — the program also known as the National Cybersecurity Protection System, which provides a frontline capability to monitor network traffic in and out of federal civilian branch agencies and situational awareness of malicious activity across the federal government — as “evolutions of technologies and threat landscapes have highlighted limitations in the EINSTEIN capabilities and the benefits it provides,” the agency said in a request for information published this week.

This means replacing sensors on agency networks that have been in place, in some cases, for a decade or longer. Specifically, CISA is considering changes to EINSTEIN 1 and EINSTEIN 2, which monitor traffic routed in and out of physical networks and systems.

“The visibility provided by existing EINSTEIN sensors remains a crucial enabler of CISA’s mission to protect [federal civilian executive branch] agencies,” reads the RFI, posted by the General Services Administration on behalf of CISA. “It is one component that CISA uses to gain operational visibility, protect FCEB agencies, and respond to threats. With the limitations of EINSTEIN capabilities, CISA stands to lose that needed visibility. Consequently, a new solution may be necessary to compensate for this loss of visibility to protect FCEB agencies adequately.”

Federal agencies’ enterprise IT architectures have been modernized and have evolved, largely by migrating to the cloud, since EINSTEIN was first introduced in 2003 and subsequently added to. This means CISA and agencies will need to also “consider other broader strategies beyond replacing the existing footprint of EINSTIEN capabilities (e.g., optimal placements in federal agencies, new technologies/techniques to maximize visibility, etc.).”

“For future CISA needs, the augmentation or replacement of this visibility must be considered within the current networking environment and how it may be combined and used with other data sources acquired by CISA analysts,” the RFI reads.

Industry responses are due by July 14.

The contract motion comes after CISA, in the fiscal 2024 president’s budget proposal, requested $425 million to restructure parts of EINSTEIN into a new Cyber Analytics and Data System. That system is meant to provide “tools and capabilities to facilitate the ingestion and integration of data as well as orchestrate and automate the analysis of data that supports the rapid identification, detection, mitigation, and prevention of malicious cyber activity.”

The 2024 budget request also called for $67 million for EINSTEIN and another $408 million for the agency’s Continuous Diagnostics and Mitigation (CDM) program, which provides agencies with a “window into the security posture of agency computers, servers, and other Internet-connected devices.”

CISA recently released a separate RFI for deploying new CDM capabilities across the federal government.

The post CISA considering the future state of EINSTEIN as agencies modernize appeared first on FedScoop.

Under the single-award contract, called T-Cloud, SAIC will support Treasury’s adoption of a multi-cloud environment as a cloud broker, centralizing management of services from major cloud providers like Amazon, Google, IBM, Microsoft and Oracle, with the opportunity to onboard others.

“T-Cloud will enable the Treasury Department to rapidly and securely adopt a modern, flexible and cost-effective approach to utilizing and consuming data in the cloud,” said Bob Genter, SAIC’s president of defense and civilian sector. “SAIC is honored to be the Treasury Department’s cloud services digital transformation partner.”

SAIC will also provide services for business operations, technical, security, network, service desk, subject matter expert support, and transition services, according to a news release.

Treasury has been planning out T-Cloud since as far back as 2019, when it introduced a cloud roadmap developed by its Office of the Chief Information Officer in collaboration with the IRS, procurement offices and other stakeholders.

“At present, Treasury bureaus are individually moving forward with cloud solutions, and have implemented a number of cloud solutions to address unique mission priorities requiring agile and elastic approaches, often through duplicative contract actions,” that roadmap explained. “This scattered approach, while offering varying degrees of agility for individual customers, ignores opportunities for cost reduction through service deduplication and consolidated procurement actions.”

The contract has a seven-year period of performance.

Treasury isn’t the only large department to award a major cloud contract recently. The Department of the Interior last week awarded Peraton a $1 billion cloud contract. And, the Department of Agriculture is plotting a similar departmentwide contract for cloud adoption.

The post SAIC wins $1.3B Treasury cloud contract appeared first on FedScoop.

Though GSA has been in the process of conducting market research for a forthcoming Alliant 3 contract, the agency wants to give federal agencies an additional five years to contract for wide-ranging IT solutions available on the existing Alliant 2 contract, such as cloud, cybersecurity, and artificial intelligence services.

This brings the total length of the contract to 10 years.

“GSA remains committed to driving efficiency, cost savings, and innovation through our acquisition solutions,” GSA Federal Acquisition Service Commissioner Sonny Hashmi said in a statement. “Exercising the Alliant 2 option provides agencies with a flexible, streamlined, and agile procurement vehicle that keeps pace with rapidly evolving technology trends and has a proven track record of delivering results.”

The extension comes after GSA last August decided also to raise the ceiling on the contract to $75 billion, up from the previous $50 billion, citing huge demand that “surpassed our expectations at every turn,” per Hashmi.

GSA has touted the success of Alliant 2 in giving small businesses more opportunities to subcontract with other providers to deliver IT services to federal agencies.

Exodie C. Roe III, GSA’s associate administrator for the Office of Small and Disadvantaged Business Utilization, said the extension “demonstrates GSA’s dedication to promoting small business participation and economic growth, creating a win-win scenario for both federal agencies and small business owners alike.”

GSA says on its website that the request for proposals under the eventual Alliant 3 contract will come no sooner than the first quarter of fiscal 2024 to allow the market research process to move forward. The agency issued a draft solicitation for the contract last fall.

While the extension of Alliant 2 technically gives GSA more time to hash out Alliant 3, Laura Stanton, assistant commissioner of IT Category at GSA, said last year that “we’re looking at moving forward on Alliant 3 much, much faster and earlier than we ever anticipated” because of the success of its predecessor.

The post GSA extends Alliant 2 contract by five years appeared first on FedScoop.

The IRS is currently accepting comments from industry on its proposed plan to enlist a managed service provider to update its Integrated Enterprise Portals (IEP) platform through an acquisition, called IEP 2.0.

The IRS refers to these portals as the “front door” to its most vital IT systems, calling them in draft solicitation documents the “primary gateway for external users – including taxpayers, third-party tax preparers, and other business partners – and internal users – IRS employees and contractors with staff-like access – to access IRS business services.”

In essence, it’s a hybrid cloud platform that IRS manages privately to support its most mission-critical services, particularly those that involve peak tax season activities like the agency’s Modernized eFile and Integrated Customer Communications Environment applications.

The volume of traffic to the more than 90 websites and services connected to the portals is staggering: “In 2021, IRS IEP websites served over 11.4 billion page views to 660 million site visitors globally (during 2 billion sessions),” the agency said.

With the IEP 2.0 contract, the IRS wants to partner with a managed service provider to “deliver, operate, and manage the IEP services and to evolve IEP services as needed to support the changing dynamics of the many requirements due to Congressional mandates placed on the IRS.”

Accenture is the incumbent on the preceding IEP contract, which has a total value of $692 million and was awarded in 2017.

The new contract, with a proposed $1.7 billion ceiling, will likely be a single-award contract with a five-year base period of performance, and three one-year options to extend.

Interested vendors have until June 30 to submit comments on the proposed acquisition.

The IEP modernization comes as the IRS, fresh off of an $80 billion injection of funding from the Inflation Reduction Act, has leaned into becoming a more digital and modern organization. Earlier this year, it awarded spots on its $2.6 billion Enterprise Development, Operations Services, which will bring more than 400 legacy IRS systems under one contract to modernize existing systems, build out analytics and improve cybersecurity.

Meanwhile, the tax agency is also exploring a direct file option for taxpayers in forthcoming tax seasons. The IRS in May tested a prototype of a free tax filing system that could allow Americans to file tax returns digitally and free of charge.

The post IRS plans $1.7B update to its IT enterprise’s ‘front door’ appeared first on FedScoop.

In a request for information published Wednesday, State announced that a trio of its bureaus wants industry feedback about possibly using generative AI and machine learning capabilities to help with basic contract writing.

On top of this, State wants to glean “insight into the current hurdles and security considerations to introducing generative and natural language processing AI onto the Department’s network” through the RFI process.

Generative AI has exploded in popularity recently with the emergence of ChatGPT and other similar products that can generate new content, such as text or images, based on their training, which can include the use of large language models.

State’s bureaus of Information Resource Management — its CIO’s office — Consular Affairs, and International Narcotics and Law Enforcement are leading the effort.

“DOS business operations rely on outdated technology and manually intensive processes that result in unexploited data resources, wasted labor hours, and gross inefficiencies,” the RFI states. “The goal of embedding AI technology into an existing and recurring process is to reduce inefficiencies from manual laborious tasks, simplifying workflows, and improving the accuracy of repetitive tasks in the market research and acquisition planning phases while also addressing the nuances of IT-acquisitions.”

Currently, contracting officers typically copy and paste information from previous contracts to save time, State says in the document. But this can lead to errors or introduce risks, like “creating opportunities to exclude mandatory cybersecurity requirements while incorporating outdated provisions and clauses.”

The ideal solution would prompt a user to write a problem statement for the acquisition at hand and the generative AI solution would “generate a complete, draft PR package for any type of IT purchase, for a government procurement professional to review for potential edits, prior to submission in the contracting writing system,” the RFI explains.

The goal is this would not only reduce costs, manual labor and the chance of errors but also improve decision-making and deliver better contract outcomes, the department believes.

State admits there are some constraining factors that could limit moving forward with generative AI, including that the technology hasn’t been approved for use by the department, and the department doesn’t have a published AI policy yet. And as is the case with any federal RFI, the department is cl

Interested parties have until July 17 to respond to State’s RFI.

Secretary of State Antony Blinken is a major advocate for the U.S. being on the cutting edge of adopting emerging technologies like AI for global diplomacy. In January, Blinken kicked off operations of a new Office of the Special Envoy for Critical and Emerging Technology dedicated to the intersection of technology and diplomacy. And the department already has an extensive inventory of AI applications.

“We want the internet to remain a transformative force for learning, for connection, for economic growth, not a tool of repression,” Blinken said then. “We want to shape the standards that govern new technology, so they ensure quality, protect consumer health and safety, facilitate trade, respect people’s rights. We want to make sure the technology works for democracy, fighting back against disinformation, standing up for internet freedom, reducing the misuse of surveillance technology. And we want to promote cooperation, advancing this agenda tech by tech, issue by issue, with democratic partners by our side.”

The post State Department considers generative AI for contract writing appeared first on FedScoop.

Awarded by the Interior’s U.S. Geological Survey, the $1 billion indefinite-delivery, indefinite-quantity contract will enlist Peraton to “manage a portfolio of cloud computing, storage and application services across multiple vendor offerings, supplying DOI with a flexible solution for the delivery of those cloud services,” per the solicitation’s request for quotes issued last November.

“Cloud services provide a wealth of benefits that DOI can leverage to provide the right services, at the right place, at the right time in service to our country needs,” contracting documents read. “Cloud services will enable the Bureaus to improve efficiency, align with administration goals and provide a sound technical platform for our future. DOI needs a consistent approach to reviewing, securing, managing and procuring cloud services to ensure optimized coordination and integration between vendors, which provides the best value for the taxpayer. A partnership between portfolio managers with DOI processes, will rapidly provide the benefits DOI needs for success.”

It added: “The Cloud Hosting Solutions (CHS) III acquisition puts DOI bureaus in control of how, when, and where they wish to receive service.” 

Specifically, Interior called out in acquisition documents that it wanted a partner to build a “Virtual Private Cloud” environment. Overseeing that, the cloud broker will “procure ‘third-party’ services from vendors that provide services on a rental or ‘pay as you go’ nature that are designed to enhance or complement the CSP environment associated with the award.”

The contract has a five-year base period of performance with three two-year options to extend.

This award comes as Interior’s Foundation Cloud Hosting Services contract, awarded to a group of 10 contractors in 2013 with a total ceiling of $10 billion, will expire this year. That contract saw a lengthy bid protest process led by losing bidder Centurylink.

Peraton’s win follows a similar large cloud contract it was awarded by the Department of Homeland Security in the fall of 2021 to shift the department’s data center operations to the cloud.

The company also won a place on the U.S. Postal Service’s $2.7 billion Information Technology Solutions (ITS) contract vehicle with 10 other vendors this year.

The post Interior awards $1B cloud contract to Peraton appeared first on FedScoop.

Discussing CISA’s recently issued guidance to software vendors on developing code that is “secure by design and secure by default,” Easterly said Monday in a conversation at the Aspen Institute in D.C. that “government can have a big role” in incentivizing and driving private companies to employ those principles just by doing business with the ones that do.

“And that will help, I think, drive a good portion of the market to start creating products that come with less and less vulnerabilities,” Easterly said, pointing to President Biden’s cybersecurity executive order 14028 from 2021, which similarly calls on the government to lead the market shift with its purchasing power.

That EO, she said, “talks a lot about how you can use the government’s purchasing power to drive vendors to create safer products and to ensure that you have standards built-in.”

“We’re going through the Federal Acquisition Regulation process, which is very Byzantine and very bureaucratic, but hopefully we’ll get there,” Easterly said of creating rules that could require federal agencies to buy from vendors that have software that’s secure-by-design and -default.

CISA, in partnership with the White House, is currently in the process of accepting comments on an Office of Management and Budget rule that will require software firms to provide self-attestation forms stating that they have complied “with Federal Government-specified secure software development practices” as laid out in the National Institute of Standards and Technology’s Secure Software Development Framework.

As FedScoop first reported last week, the final version of the form that will be used for that process has not yet been approved, with the deadline for CISA’s comment period coming June 26. A senior official told FedScoop that OMB would “work fast” to approve the final version of the form once the industry comment period closes.

It’s not an easy transformation to shift the software industry toward being more transparent about risks, Easterly explained, as “we are dealing with decades of misaligned incentives.”

“It’s really been decades and decades of companies putting speed to market and features over safety and security,” she said. “And so what we want to do is essentially, be able to send market signals, because that’s what’s been missing: A clear signal so that consumers know what to ask for. And that’s the conversation that we’re starting. Consumers need to know.”

Along those lines, CISA is calling on vendors to be radically transparent and to “actually put out information about how secure their products are,” Easterly said.

“So all these things that consumers typically sort of think are kind of magic … and then they sign their agreement to accept liability, which essentially is what you do when you turn on a device — we’re really trying to make sure” consumers are educated about what they’re using, the CISA director said.

The post CISA’s Easterly points to government’s ‘purchasing power’ as a tool to force secure software development appeared first on FedScoop.

Borkowski, in a Friday interview with FedScoop, said he believes change in leadership is important for bringing about new ideas and felt it was the right time to leave after the volatility of the pandemic has settled.

“I’ve been here too long, so it’s time to go,” Borkowski said.

His decision caps a roughly 17-year career at CBP and more than 40 years in government service. He will officially depart the office on June 30. CBP didn’t immediately have details on a successor.

Among the fresh ideas that Borkowski said people are looking into at CBP is a digital process for acquisition management and system engineering. He also pointed to an initial phase of a “futures lab” that aims to help people think like futurists to identify signals and trends and project what consequences those could have, particularly when comes to evolving threats that could affect CBP.

“​​That’s pretty advanced, modern, open-minded thinking that I’d like to think I could do, but I’m not so sure I’d be any good at it,” Borkowski said.

Prior to his roles at the U.S. Department of Homeland Security, Borkowski served more than 23 years in the U.S. Air Force, retiring in 2004 as a colonel, and worked for NASA as the program executive for the Lunar Robotic Exploration Program, according to his biography on CBP’s website.

Speaking with FedScoop, Borkowski said that when he started at CBP in 2006, the agency was growing and realized that it couldn’t pull an agent out of the field to work on administrative functions. He said leadership brought him in to help fill that role as executive director of mission support, and he became the first person in the senior executive service at U.S. Border Patrol that wasn’t uniform.

He went on to lead the Secure Border Initiative at the agency and later became the assistant commissioner of the Office of Technology Innovation and Acquisition. In June 2016, he became the leader of the Office of Acquisition, a newly established office. 

Borkowski said he returned to acquisition somewhat reluctantly when leadership at CBP approached him about the opportunity. He said he was enjoying working on border security at the time but eventually agreed to take on an acquisition role.

“The effect of that was that the leadership of Customs and Border Protection started to recognize that when you are doing what we call Big ‘A’ acquisition of complex programs, there’s actually a whole set of skills and competencies that are built by training and experience,” Borkowski said.

Among the things Borkowski said he’s proud of are the “world-class” people at CBP and having strengthened core competencies like system engineering. He also said he’s proud of a course he helped develop to train people in program management at CBP. That course is currently being instructed by the Federal Aviation Administration Academy.

“I’m really enjoying watching a lot of the rest of the organization say, woah, this program management thing is really important, and it helps us do our jobs better and we need to do more of it,” he said.

The post Top border protection acquisition official hopes retirement will bring ‘fresh’ ideas appeared first on FedScoop.