The Situation Report: Separating the FedRAMP Signal From the Noise

A pile of fake money representing the $150,000 spent on the FedRAMP dashboard was presented as an example of agency spending waste. (Photo: MeriTalk)

A pile of fake money representing the $150,000 spent on the FedRAMP dashboard was presented as an example of agency spending waste. (Photo: MeriTalk)

My mobile listening post parked outside the Newseum in downtown Washington, D.C., picked up some crystal clear signals Tuesday that the storm has not yet passed for some big programs run by the General Services Administration.

During a joint forum hosted by GSA and MeriTalk, GSA’s chief information officer, David Shive, responded honestly and without hesitation to some tough questions on a number of fronts, including the Federal Risk and Authorization Management Program’s (FedRAMP) spending of $150,000 in taxpayer money to duplicate an online dashboard capability that had already been developed in the private sector and made available to the government for free.

Questions were also raised about financial management problems at GSA’s internal tech consulting organization, 18F. Sources tell The Situation Report that the IG wants to know why the agency’s digital services consultants can’t explain how they used about $200,000 worth of seed funding.

“I invite those comments. I invite this dialogue,” said Shive. “Without this conversation we can’t get better.”

Matt Goodrich, the director of the FedRAMP Program Management Office, on Wednesday chose to characterize the legitimate questioning of FedRAMP reform efforts to date as “noise” and “antics.”

goodrich tweet

The Situation Report, however, has picked up strong indicators that what Goodrich wants taxpayers to view as noise and antics will actually be documented in early October in a major GSA inspector general report covering a wide range of business, financial management, and technology issues. Interestingly, SitRep sources reported the presence of four members of the GSA inspector general’s office in the audience Tuesday.

It will be interesting to see how the October IG report influences potential actions on Capitol Hill to ensure the FedRAMP authorization process lives up to its original intent—certify once, use many.

“This process has now become an extra layer and burden for industry,” said Rep. Gerry Connolly, D-Va. “[Congress] will absolutely insist that it be a one-step process, not a two-step. Either JAB [Joint Authorization Board] certifies and that’s good enough for everybody, or you go to a system where you’ve got to go to each individual agency, and I predict Congress will go for the former.”

OverHURD on the Hill

My remote sensors on Capitol Hill have discovered more movement on the IT modernization front by Rep. Will Hurd, R-Texas. The chairman of the House IT Subcommittee has drafted and is prepared to drop a new bill that will combine aspects of his MOVE IT legislation (which calls for working capital funds at the 24 CFO Act agencies) with the IT Modernization Act proposed by Rep. Steny Hoyer, D-Md., which would establish a mega fund at GSA (including an investment review board) into a comprehensive IT modernization package.

One of my agents reports that the new bill will be called the Modernizing Government Technology Act or MGT. But Hurd originally wanted to call it MOVE IT 2.0. Apparently, Congress doesn’t allow software-esque version designations on proposed tech bills.

Sources tell The SitRep that the House Oversight and Government Reform Committee plans to mark up the bill Thursday and is expected to be considered by the full House of Representatives on Sept. 19.

Sources close to the process on the Hill said the bill could be “hotlined” and considered by unanimous consent by the Senate prior to the upcoming recess.

Share your Situation Reports at dverton@meritalk.com or follow me on Twitter

Dan Verton
About Dan Verton
MeriTalk Executive Editor Dan Verton is a veteran journalist and winner of the First Place Jesse H. Neal National Business Journalism Award for Best News Reporting -- the highest award in the nation for business/trade journalism. Dan earned a Master's Degree in Journalism and Public Affairs from American University in Washington, D.C., and has spent the last 20 years in the nation's capital reporting on government, enterprise technology, policy and national cybersecurity. He’s also a former intelligence officer in the United States Marine Corps, has authored three books on cybersecurity, and has testified on critical infrastructure protection before both House and Senate committees.
6 Comments
  1. Anonymous | - Reply
    Anyone who was at the event knows there was nothing legitimate about it. It was yet another Meritalk funded forum for Steve to be completely unprofessional and hurl accusations and lies at GSA and FedRAMP. Instead of having a constructive conversation, filled with actual solutions, Steve orchestrated a verbal assault that was both uncomfortable and unwarranted to watch from the audience. As a participant, it was great to see the GSA team handle it with class and dignity, which sadly can't be said for the Meritalk team and Steve.
  2. Anonymous | - Reply
    For those of you not at the event, MeriTalk Founder Steve O'Keefe kicked off proceedings by grabbing a stack of fake $20s and solemnly placing a bundle at each table. That, as well as several other eyebrow-raising tactics are pure theater masquerading as serious dialogue. Keep up the cheap parlor tricks and we'll keep lol'ing. We'd rather hear about solutions than be treated to another installment of MeriTalk's personal vendetta. Seriously, it's old, it's tired, and you look silly.
  3. Anonymous | - Reply
    I was there...and it didn't seem like Congressman Connolly thought it was very funny. If GSA doesn't get its act together he said the Hill will legislate
  4. Anonymous | - Reply
    What does 'get its act together' mean?
  5. Anonymous | - Reply
    Check out the VA CVE program - investment unknown to update the VCMS program to look like Extra View (COTS product). This is not uncommon with the government to invest in their own software programs without exploring what exists in the commercial world or what already exists within GOTS.
  6. Anonymous | - Reply
    How much does anyone want to bet $150,000 that the anonymous comments saying this is "not serious" and just MeriTalk making noise are really 18Fers at work with too much free time? After all 18F have the time to write a chatbot to replace "hey guys" with alternative language. How hard would it be for 18F to spend its time trolling any forum anti-GSA with bots as well. Now if they could just fix something more serious. Either way, Congress and GAO will ultimately determine whether this is a big deal or not for GSA and CIO David Shive to solve. Either the GAO reports are released showing the issues or not.

Leave a Reply


Archives