The votes are in for the 2025 FedScoop.

See the winners!

Army planning open-architecture guidelines for contracts

The Army is working with industry to unify the technology it will buy for future platforms and vehicles by creating a modular and open-architecture approach.

Called the Common Modular Open Architecture (CMOA) initiative, the modernization push is in a feedback-seeking phase where the Army still hopes to hear more from industry. A team within the Office of the Chief Systems Engineer (OCSE) is developing the future contracting language and reference guides.

The service recently completed its first industry day event on how best to balance the military’s desires for interoperability and industry’s push to keep intellectual property rights for competitive advantage. Open-architecture technology has grown in popularity recently for the ease of upgrading and swapping out pieces of software in a system, but commercial companies are often reluctant to break away from building proprietary products.

“We want to have the flexibility to allow for modernization,” Jeannette Evans-Morgis, chief systems engineer and head of the CMOA initiative, said on a call with reporters Monday.

Evans-Morgis said her office is looking to make changes on areas considered “low-hanging fruit.” In that basket are data standards for programs like the Optionally Manned Fighting Vehicle (OMFV), the Army’s replacement for the Bradley Fighting Vehicle that has been a staple of Army operations for decades.

Starting with data interoperability and software reference guides will be a jumping-off point for the broad push to make it easier for the Army to “plug and play” new tech, Evans-Morgis said.

One of the outcomes the Army wants to see through this initiative is machine-to-machine data sharing. The OMFV is being designed with data and software as central elements so that it will operate like an iPhone that can constantly upgrade and download new applications through a common architecture, like the Apple App Store. But, using that analogy, many of the Army’s platforms would be the devices that need to be completely replaced to allow for upgrades.

The team behind the CMOA will be producing multiple kinds of documents to guide industry’s future work with the Army, including reference guides, contracting language and standards. Evans-Morgis committed to giving industry plenty of time to adjust its practices and tools to what the Army needs once those new documents are finalized and put into contract solicitations.

“That’s what really critical: We have to get it before we start writing those RFPs,” Evans-Morgis said.

The Army is encouraging more feedback on its plans from both industry and offices across the service that run programs like the OMFV.

“Obviously, this is always going to be a work in progress,” Evans-Morgis said.

Administration introduces ‘more flexible’ TMF repayment model

Agencies that take money from the federal Technology Modernization Fund will now have more flexibility in how they repay those investments, the Biden administration announced Tuesday.

The Office of Management and Budget and General Services Administration, which lead the administration of the fund with the TMF Board, introduced “an updated and more flexible model” for distributing the $1 billion recently appropriated to the TMF.

Under that, there will now be three categories of repayment for TMF projects:

The original TMF repayment model, which required the repayment of all funds within five years, had been a major source of contention and a reason many agencies didn’t want to participate in the program, despite the opportunity for additional funding. The changes also come after lawmakers have urged administrators to update the fund to be more flexible for agencies to use.

“The TMF enables multi-year transformational projects by ensuring Federal agencies have resources that exist throughout the lifecycle of modernization,” said Federal CIO Clare Martorana in a statement. “We plan to use these resources to enable the Federal Government to better respond to SolarWinds and the COVID-19 crisis, and to support the economic recovery.”

On top of this, the board will also now prioritize selecting and funding projects “that cut across agencies, address immediate security gaps, and improve the public’s ability to access government services,” said a release from OMB and GSA. The board will give top priority to projects focused on modernizing high-priority systems, cybersecurity, public-facing digital services and cross-government services and infrastructure.

“The updated TMF model provides the clarity and flexibility necessary to encourage Federal agencies to prioritize technology modernization while transforming the relationship between the Federal Government and the public we serve,” Acting GSA Administrator Katy Kale said in a statement. “It is more aggressive – to meet the urgent technology needs of the Federal Government today, as well as more ambitious – to anticipate the demands of tomorrow.”

The board “encourages” agencies to submit proposals that might fit these prioritized categories by June 2.

Former GSA CIO: It’s time for a federal ‘Agile First’ strategy

Government should prioritize agile methodologies not only in software development but in IT procurement, finance, budgeting and hiring as well, according to a former CIO of the General Services Administration.

Tasks should be done in parallel rather than sequentially when possible, and paper-based processes should not only be digitalized but done in real-time, Casey Coleman told FedScoop.

The federal Cloud First strategy prioritized cloud migration, while the Cloud Smart strategy directed agencies to take advantage of as-a-service offerings. Ensuring adoption of the agile method is a logical next step and a recommendation ACT-IAC made to the Biden administration during the presidential transition.

“If you think about how work gets done on the ground in departments and agencies, we still have old waterfall processes,” said Coleman, now senior vice president with Salesforce. “There’s an opportunity now to think about what we’ve learned in the pandemic and to change the way we operate to Agile First.”

The COVID-19 pandemic proved out everything from digital signatures to telehealth, she added.

Coleman’s comments come days after she testified before the Senate Emerging Threats and Spending Oversight Subcommittee, which held the first in a series of hearings on the need to modernize legacy IT systems in government. Subsequent hearings will explore innovative solutions to the problem.

The government will spend more than $100 billion on IT this fiscal year, when last fiscal year about $29 billion of that went toward maintaining legacy systems. And that number doesn’t take into account those systems’ negative fiscal impact on security, service delivery and customer experience, said Sen. Maggie Hassan, D-N.H., who chairs the subcommittee.

Hassan noted the IRS’s delays in processing tax returns and economic impact payments was due, in part, to its aging system that relies on paper and not digital records.

“The American people pay the price of failing to modernize legacy IT systems,” Hassan said. “Over the past year in particular, my office has received hundreds of messages from constituents struggling to access passports and visas, unemployment benefits, economic stimulus payments, benefits information from the Department of Veterans Affairs, and information on filing taxes.”

The 10 most critical legacy IT systems in government as of June 2019 ranged from eight to 51 years in age and cost $337 million to maintain. Several systems operated with known security vulnerabilities, and the departments of Education, Health and Human Services, and Transportation had no plans for modernization, according to a Government Accountability Office report released in late April.

Only the departments of Defense and the Interior had modernization plans that included milestones, a description of the work needed and the intended disposition of the system in question. The rest — the departments of Homeland Security and the Treasury, Office of Personnel Management, Small Business Administration, and Social Security Administration — only had partial plans.

“[T]he agencies’ modernization initiatives will have an increased likelihood of cost overruns, schedule delays, and overall project failure,” reads the report. “Project failure would be particularly detrimental in these 10 cases, not only because of wasted resources, but also because it would prolong the lifespan of increasingly vulnerable and obsolete systems, exposing the agency and system clients to security threats and potentially significant performance
issues.”

And yet Coleman has never been more optimistic about the “generational opportunity” for agencies to migrate to the cloud thanks to the emergency of commercially operated, always-on, hardened and upgraded platforms.

For instance, COVID-19 contact tracing began as a paper-based process before migrating to cloud-based platforms. “The COVID pandemic has forced and pushed all of us into modernizing in weeks or months what otherwise would have taken years,” Coleman said. “And from the innovation that has emerged from the tragedy of the pandemic, we’ve seen that governments are able to move quickly and be able to respond in no time to pressing needs of their communities.”

Outside of the $1 billion injected into the Technology Modernization Fund in March, Coleman said she’d like to see agencies use working capital funds “more advantageously.” The funds created by the Modernizing Government Technology Act roll over money not used the previous fiscal year and give agencies more control over IT project timelines and continuity.

Government IT legislation is also in need of an update, even if technology does naturally evolve at a faster pace.

“If you look at the legislation that is in place,” Coleman said. “Some of it is generations behind where we are with technology.”

Army looking for modernized enterprise data platform

The Army is on the hunt for an enterprise data platform and managed services, according to a recently released request for information.

The document, published by the Enterprise Cloud Management Agency, outlines the need for services to help enable the type of information collection and processing it needs to win in the future and modernize business practices. The current state of data management is scattered and doesn’t allow the Army to gain insights across different mission areas from cybersecurity to logistics, according to the document.

“[T]he Army must fundamentally transform its approach to data governance and data management, which requires a standardized, secure, trusted, agile and resilient set of data management services and a data platform to serve all common data governance needs across all data domains,” the RFI states.

The scope of what the Army wants is broad, with the desired platform being able to reach across different security classifications of networks and even coalition networks that allied militaries use to work with the U.S. The point of having one platform with standard services is to allow users to view wide arrays of datasets and glean deeper insights into Army operations from business analytics to warfighting.

Some examples of how the Army expects to use its new platform include ingesting a wide array of data and standardizing it on demand, working with the Army’s native cloud environment cARMY and supporting advanced analytics like artificial intelligence and machine learning.

“The Platform enables analytical work products, perform advanced data analytics, Artificial Intelligence/Machine Learning (AI/ML) and data visualization at an enterprise level,” the RFI states in its section on foreseen usage scenarios.

The Army is not looking to burn down its current data tools and start from scratch. Instead, it wants whatever platform and services it receives from industry to include the modernization of its current set of data management tools.

The Army will be hosting an industry day event in May to answer questions on the request.

Agencies moving away from VPNs as they implement TIC 3.0

Agencies are moving from virtual private networks (VPNs) to more robust identity management solutions as they implement Trusted Internet Connections 3.0 architectures, said TIC Program Manager Sean Connelly.

VPNs allow inherited trust to be embedded in architectures, but agencies are migrating to a zero-trust security model that takes inherited trust out of the digital system.

For instance primes on the $50 billion Enterprise Infrastructure Solutions network modernization contract all have software-defined wide area network (SD-WAN), multiprotocol label switching (MPLS), and broadband or another form of internet access offerings. And all are leveraging TIC‘s recently finalized Branch Office Use Case.

“When we talk TIC 3.0, [VPNs are] really not even being discussed as a modern solution for a lot of those architectures,” Connelly said during the IT Modernization Summit presented by FedScoop on Thursday. “So you’re scaling away from the VPN, itself.”

Instead TIC 3.0 lets agencies plan remote user access while shrinking trust zones around high-value assets to reduce their attack surface.

Agencies should include Managed Trusted Internet Protocol Services (MTIPS) and TIC Access Provider (TICAP) costs when comparing an existing VPN with a fully secure, remote user solution, said Zain Ahmed, regional vice president of Lumen Technologies.

“Agencies need to be aware because VPN doesn’t inherently provide security,” Ahmed said. “To get apples-to-apples comparison, agencies should look to VPN plus the TIC costs versus remote users as they’re examining what the new solution will look like.”

The TIC program is currently working with the General Services Administration and Office of Management and Budget to adjudicate public comments on the draft version of its Remote User Use Case. A finalized version will “ideally” be released before the end of the year with work begins on Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and email-as-a-service use cases, Connelly said.

Agencies are working with the TIC program to build out pilots in those areas, and there’s interest in zero trust, Internet of Things (IoT) and unified communications use cases as well, Connelly said.

A number of Cybersecurity and Infrastructure Security Agency programs besides TIC are running pilots including the Continuous Diagnostics and Mitigation (CDM) program and the National Cybersecurity Protection System (NCPS) Cloud Log Aggregation Warehouse (CLAW). Telework accelerated such pilots, some of which are now going through the full acquisition life cycle while others merely tested proofs of concept.

Agencies submit pilot proposals to the Federal Chief Information Security Officer Council for approval, with smaller ones tending to see more success.

“We want to have an agency that has a good technical acumen, understanding of what they’re trying to do,” Connelly said. “That’s important.”

DOD’s data initiatives accelerating with new administration, CDO says

The Department of Defense’s efforts to become a more data-centric organization are accelerating under the new administration, the department’s top data officer told FedScoop.

Dave Spirk, who became DOD chief data officer last June, said he’s planning to release documents that will help define the ways the military should use data and implement a strategy around it.

Spirk said he has support from the most senior leaders in the DOD, which is helping to push the department toward having data available for decision-makers in the Pentagon and troops in the field.

“With the direct support of Deputy Secretary of Defense Dr. Kathleen Hicks and her senior support team, not only are we on the path, but the expectation is we will accelerate,” Spirk said Thursday during day two of the IT Modernization Summit presented by FedScoop.

Spirk said new “data decrees” — documents that will help define the ways the department will use its data — are awaiting approval from Hicks. The decrees are a part of implementing the department’s broad strategy to improve data access and “data readiness” across the military, Spirk said.

One of Spirk’s major focuses is eliminating the idea the DOD will have a “common data standard” where there is a one-size-fits-all approach to what type of data the department uses. Instead, he is working to make a federated data ecosystem where data officials can use an “open-data-standard data architecture” that uses technology and practices to enable interoperability between the plethora of data use-cases specific to different mission areas.

Spirk said one of the initial steps he and his team are pushing is to create a “federated data catalog.” Making that a reality will rely on education, training and technology to ensure everyone from military departments to combatant commands have the flexible tools to use data in unique ways but remain interoperable with the rest of the force.

“Trying to just have one to rule them all would be a fool’s errand,” he said. Organizations should have the expectation that they all will catalog their data, he added.

On Friday at the Aspen Security Forum, Hicks endorsed much of what Spirk had to say on the importance of data and the need to put resources behind implementing the data strategy.

“It is critical to warfighters seeking advantage on the battlefield and it is critical to decision-makers,” she said.

Hicks said the DOD’s efforts to create an enterprise cloud system, like what it is hoping to do with the Joint Enterprise Defense Infrastructure (JEDI) cloud contract, is “vital” in the ability to use data more effectively.

But how the department will get to that cloud state is still up in the air as the legal battle surrounding JEDI continues. A judge issued a sealed decision Wednesday allowing Amazon’s claims of malfeasance on the $10 billion contract to be heard, further extending the drawn-out court case over Microsoft’s win in 2019.

“We are going to have to assess where we are…and determine what the best path forward is,” she said on the JEDI ruling.

DIU’s Mike Brown pushed ‘unethical’ contracting and hiring, former CFO alleges

The Defense Innovation Unit‘s leadership allegedly created a culture of skirting the ethical limits of Department of Defense contracting, hiring and personnel regulations, its former chief financial officer told FedScoop.

Bob Ingegneri, who was CFO of DIU from May 2019 to June 2020, recently laid out 15 allegations of what he saw as unethical behavior in an official complaint to the DOD inspector general. The IG confirmed receipt of Ingegneri’s complaint, but not its contents or if an investigation has been opened. Ingegneri alleges that during his time with DIU, Director Mike Brown used his position to hire people close to him and increase payments to contractors in his circle.

“The challenge with what DIU did was that I don’t think they did much that was illegal…but I definitely think it was unethical — that’s really my biggest complaint,” Ingegneri told FedScoop in an interview. He specified it was “the hiring, funding, salaries, that were not being executed ethically.”

Ingegneri reported his concerns to Brown directly, as well as Brown’s No. 2, Mike Madsen, and now the DOD IG, he said.

His complaints come at a critical time as President Biden recently nominated Brown to be the next undersecretary for acquisition and sustainment, the top acquisition official in the Pentagon.

Despite the complaints, Ingegneri reiterated his support for DIU’s mission and that he fully supports the people working there. He even complimented many of Brown’s qualities as a leader, calling him charismatic, intelligent and hardworking. His concerns, rather, were specific to the culture of pushing the boundaries of regulations and on contracting, hiring and personnel, he said.

Mike Madsen, DIU’s director of strategic engagement, said that DIU takes “any and all complaints very seriously.”

“DIU leverages a variety of U.S. government and DoD competitive and direct hiring authorities to attract the expertise needed to execute its unique mission, in order to provide the speed and agility not always available to DoD in today’s competitive hiring landscape,” Madsen said in a statement.

Madsen’s statement went on to say that “DIU has always made a concerted effort to validate candidate expertise, and over the last few years we have formalized the process, requiring direct hire candidates to interview with at least three DIU leaders.”

DIU has been a darling of advocates for defense innovation. It was set up in 2015 by then-Defense Secretary Ash Carter to use rapid acquisition authorities to purchase emerging technology. It has leveraged billions of dollars to work with mostly non-traditional defense companies in prototyping technologies in fields like artificial intelligence, cybersecurity and others.

The announcement of Brown’s nomination to be the top buyer in the department was initially seen as a win for injecting commercial tech more quickly into the DOD. The spokesperson for the Senate Armed Services chairman did not respond to a request for comment.

Ingegneri gave examples of what he saw as unethical behavior, including allegations of contractors who had connections to DIU leadership being hired by companies working with the unit. Some contractors also requested compensation at higher levels than normal based on inside information given to them by Brown and others around him, he alleged

Another issue was with hiring and personnel. Job descriptions were written narrowly and with specific people in Brown’s circle in mind, Ingegneri alleges.

“When writing requirements for a government civilian position, DIU would write them so specific that only the person they preselected would be able to qualify,” he alleged.

Assignments with service members were created outside of normal practices, he alleges, like an Air Force major who was trying to achieve an advanced degree at a university in California and later continued working at DIU.

“It just continues today that even the young active-duty captains that are being assigned to the unit are being led astray almost instantly,” he said. While Ingegneri left nearly a year ago, he said he remains connected with many associated with the unit.

Both contracting and hiring with government money are strictly regulated to prevent nepotism, or taxpayer dollars being directed to people based on personal connections rather than merit. Ingegneri alleges that Defense Federal Acquisition Regulations were not broken, per se, but bent and their intent not followed.

Since Defense One first reported Ingegneri’s allegations, he said that “four to five” colleagues have reached out to express their support and concur with his assessment of the situation.

“Really what I hope the IG does is come in and look at the organization and bring it back within government processes and procedures,” he said of his motivations for speaking publicly. “There are some good people in there.”

DHS launching a CDO office and CMMC-like risk management program

The Department of Homeland Security is standing up an Office of the Chief Data Officer to better integrate data into its operations and those of other agencies, said new CIO Eric Hysen.

Acting CDO Carlene Ileto is organizing work around eight priority data domains that include immigration, law enforcement and cybersecurity.

The office will identify leaders in each domain to further data governance and information sharing, ensuring DHS‘s IT modernization is led by frontline operators.

“Data must be interoperable and easily shareable by default, and the work we’re doing standing up our CDO office will help us get there,” Hysen said during day two of the IT Modernization Summit presented by FedScoop on Thursday. “This will support efforts ranging from internal projects like workforce vaccination to presenting a common operating view across agencies working to process migrants at our Southwest border, to sharing threat and intelligence information across our law enforcement functions.”

The need for a CDO office was underscored when DHS launched a departmentwide COVID-19 vaccination campaign in partnership with Department of Veterans Affairs health centers. DHS needed to identify, contact and manage responses from workers, which required “extensive time and effort to collecting and reconciling many different datasets from across the department,” Hysen said.

DHS is also strengthening cybersecurity through its Zero Trust Action Group, which is working across components to implement a zero-trust security architecture.

“We were one of many agencies that fell victim to the SolarWinds intrusion campaign,” Hysen said. “For too long, we viewed cybersecurity as an all-or-nothing approach based on a perimeter security model that’s decades out of date.”

Now DHS is embedding security into all parts of the IT organization, network architecture and software development life cycle to better mitigate breaches when they occur.

The Zero Trust Action Group is developing reusable security architectures, policy guides, pattern libraries, and reference implementations with a two-year plan to deploy zero trust departmentwide through 90- and 120-day sprints.

Early efforts include using cloud access security broker and cloud security gateway technologies to give employees direct access to certain secure cloud services from home, which reduces the burden on DHS’s virtual private network and internal network. The action group is also implementing software-defined networking to further segment requests for access to specific resources.

The work of the action group doesn’t mean vendors are off the hook securing their software systems by design, which is why DHS is developing a supply chain risk management program, Hysen said. The department wants to implement vendor due diligence assessments and software assurance processes to understand the provenance of commercial off-the-shelf products before they’re purchased and used.

“We’re looking very closely at [the Department of Defense]’s Cybersecurity Maturity Model Certification, or CMMC, and looking to pilot that approach within our vendor base as well,” Hysen said. “And when we do identify issues we are fully implementing our authorities under the SECURE Technology Act to remove companies from the department’s IT supply chains, as well as supporting DHS’s governmentwide responsibilities via the Federal Acquisition Security Council.”

While DHS is asking more from vendors, it will solicit feedback from them along the way so there are no surprises, Hysen added.

DHS also wants to improve the customer service of its public-facing services starting with the most burdensome ones. Department services account for 183 million hours of public burden annually, Hysen said.

“[O]ur immigration system is so complicated that it forces people to master esoteric form numbers and processes, while they’re navigating rush-hour traffic, to access vital services,” Hysen said. “We can do better. Our public-facing services need to be designed around the needs of the people who depend on them, rather than being designed around our org charts.”

The JEDI saga continues: Court denies motion to dismiss AWS protest of political interference

The Court of Federal Claims issued a sealed decision Wednesday denying a motion by the Department of Justice and Microsoft to dismiss Amazon’s protest of the Pentagon’s $10 billion Joint Enterprise Defense Infrastructure (JEDI) cloud contract.

While the decision to dismiss wasn’t made available to the public, Amazon confirmed the court’s denial.

Amazon has two main claims in its larger JEDI protest of Microsoft’s award: That “DOD consistently and repeatedly made prejudicial errors, at every step along the way, that systematically favored Microsoft,” and that this happened because of overt influence from President Trump and other high-level government officials, who wanted to do harm to Amazon.

The government’s motion to dismiss focused on the latter complaint and apparently failed to convince the court to drop it.

“The record of improper influence by former President Trump is disturbing, and we are pleased the Court will review the remarkable impact it had on the JEDI contract award,” said a spokesperson from Amazon Web Services. “AWS continues to be the superior technical choice, the less expensive choice, and would provide the best value to the DoD and the American taxpayer. We continue to look forward to the Court’s review of the many material flaws in the DoD’s evaluation, and we remain absolutely committed to ensuring that the Department has access to the best technology at the best price.”

The JEDI protest has been pretty dormant for most of 2021, at least from the public’s perspective. But this motion shows the lawsuit, which began in late 2019, isn’t over yet.

Or maybe it is nearing its end? There’s a very real possibility the Department of Defense could now decide to give up on this program.

The department sent an “information paper” to Congress in January explaining the potential impacts of the Court of Federal Claims’ then-pending decision on the government’s motion to dismiss Amazon‘s allegations of “improper influence at the highest levels of Government.” In that paper, the DOD said that if the judge didn’t side with the DOD in the dismissal (and we’ve now learned it didn’t), it could “elongate the timeline significantly. The prospect of such a lengthy litigation process might bring the future of the JEDI Cloud procurement into question. Under this scenario, the DoD CIO would reassess the strategy going forward.” The DOD has been working to get the JEDI contract awarded and operational for the better part of four years now.

In January, acting DOD CIO John Sherman told FedScoop: “Regardless of the JEDI Cloud litigation outcome, the Department continues to have an urgent, unmet requirement for enterprise-wide, commercial cloud services for all three classification levels that also works at the tactical edge, on scale. We remain fully committed to meeting this requirement—we hope through JEDI—but this requirement transcends any one procurement, and we will be prepared to ensure it is met one way or another.

Asked about the court’s denial Wednesday, the DOD had “nothing to add to what the DoD CIO said about this topic earlier this year.”

Microsoft, though, downplayed the dismissal in a statement. “This procedural ruling changes little,” said Frank X. Shaw, head of Microsoft Communications. “Not once, but twice, professional procurement staff at the DoD chose Microsoft after a thorough review. Many other large and sophisticated customers make the same choice every week. We’ve continued for more than a year to do the internal work necessary to move forward on JEDI quickly, and we continue to work with DoD, as we have for more than 40 years, on mission-critical initiatives like supporting its rapid shift to remote work and the Army’s IVAS.”

GSA moving to more modular cloud environment

The General Services Administration plans to increase cloud brokerage having “stress-tested” cloud technologies during the COVID-19 pandemic, said Deputy CIO Beth Killoran.

GSA had about 50% of its applications in the cloud when the pandemic hit and only needed to surge existing cloud capabilities to help agencies like the Small Business Administration administer COVID-19 relief funds.

Now that people have seen the cloud’s value, GSA wants to expand into areas where the technology hasn’t been used previously, and that requires a more modular or hybrid environment.

“A lot of agencies have found that not all clouds have the same types of capabilities, and I don’t think that we want to have cloud lock — similar to what we’ve had with other kinds of platform locks before,” Killoran said during the IT Modernization Summit presented by FedScoop on Wednesday. “And so I think we’re going to start seeing some cloud brokerage and some cloud distribution so that we can utilize the best capabilities of cloud environments.”

A move to plug-and-play cloud technologies along with app rationalization — where agencies decide what to keep, replace, retire or consolidate — will help cater to government’s increasingly distributed workforce thanks to telework, Killoran added.

In-house, on-premises services with their burdensome hardware requirements and database and systems administration were necessary when the technology came out, said Alexander Romero, director of strategy in the chief technologist office at VMware End User Computing.

Agencies had to build a stack, platform and talent to manage the two, but now capabilities can be purchased straight from the cloud.

“Now they’re being moved out and made available as a service in, thankfully, the [Federal Risk and Authorization Management Program] environment and on the FedRAMP marketplace,” Romero said.

That, in turn, allows the agency’s tech talent to focus on more mission-oriented work.

IT modernization should accelerate now that agencies have playbooks on moving their apps to the cloud, which should also make them more forthcoming about sharing best practices, Killoran said.

“I think agencies will be more willing to share some of their open source libraries, some of those applications that might already be cloud-ready and cloud-enabled,” she said.