The Wrap: FedRAMP Staff-Up Plans; Cyber Harmony Choir; HHS Tech Office Shuffle

The Wrap: FedRAMP Staff-Up Plans; Cyber Harmony Choir; HHS Tech Office Shuffle

Welcome to The Wrap for Thursday, July 25!

From the newsroom at MeriTalk, it’s the quickest read in Federal tech news. Here’s what you need to know today:

FedRAMP Staff-Up Plans

Eric Mill , executive director for cloud security at the General Services Administration ( GSA ), dropped some strong hints today about future staffing additions to the FedRAMP (Federal Risk and Authorization Management Program) program office that GSA runs. Speaking at an Alliance for Digital Innovation event, Mill talked about changes coming to the program as a result of 2022 legislation and subsequent draft guidance from the Office of Management and Budget to modernize how FedRAMP operates. Mill cautioned that he wanted to be a “little careful here about talking about hiring until everything is done on the dotted line,” but then said, “I’m pretty comfortable saying that by the end of this year, we will actually have a real technical team inside FedRAMP in the program office – that’s full-time Feds – with a diverse set of engineering skillsets in natural language processing and artificial intelligence and data science.” He added, “it’s going to make us capable of really executing on the automation vision that folks were pushing forward for a number of years now.” Please do click through for all the details.

Harmony in the Cyber Key

Achieving better regulatory “harmony” across the growing web of current and future cybersecurity regulations impacting the government and critical infrastructure sectors is one of the tasks as the heart of the Biden administration’s National Cybersecurity Strategy Implementation Plan released last year, but getting all the parties to sing off the same page will be no easy feat. That’s according to witnesses and lawmakers at a House Oversight subcommittee hearing today, where witnesses told lawmakers that Congress should designate a single entity to lead cybersecurity regulation harmonization – like the Office of the National Cyber Director, The White House , the Cybersecurity and Infrastructure Security Agency (CISA), or the National Institute of Standards and Technology (NIST) . Maggie O'Connell , director of security, reliability and resilience at the Interstate Natural Gas Association of America , pushed strongly for CISA to serve in this leadership role, while John Miller , the VP for policy, trust, data, and technology at Information Technology Industry Council (ITI) , noted that Congress will now need to provide “precise cyber authorities and clear directions to the Federal agencies to implement and enforce future rules” due to the Supreme Court’s recent decision to overturn the “Chevron” deference provided for decades to Federal agencies. Rep. Nancy Mace, R-S.C., chairwoman of the House Oversight and Accountability Cybersecurity, IT, and Government Innovation Subcommittee, offered little hope for a quick solution from Congress. Speaking to the desire by industry for consistent cyber incident reporting rules, she said, “because [Congress is] so big, we are so bureaucratic, comprehensive policy, it just ain’t gonna happen.” She predicted: “It’s not going to happen in the next decade because we’re not nimble anymore. We don’t move that fast, unfortunately.”

HHS Tech Office Shuffle

The U.S. Department of Health and Human Services (HHS) said today it’s launching a tech-shop reorganization that aims to streamline and bolster technology, cybersecurity, data, and AI strategy and policy functions. As part of that effort, job seekers can dust off their resumes as HHS is soliciting to fill the permanent positions of chief technology officer (CTO), chief data officer (CDO), and chief AI officer (CAIO). The agency explained that responsibility for policy and operations historically has been distributed across the Assistant Secretary for Technology Policy , the HHS Assistant Secretary for Administration (ASA), and the HHS Administration for Strategic Preparedness and Response (ASPR), and said the reorg announced today will clarify and consolidate these critical functions, HHS said. Key details: ONC will be renamed the Assistant Secretary for Technology Policy and ONC (ASTP/ONC); oversight over technology, data, and AI policy and strategy will move from ASA to ASTP/ONC, including the roles of CTO, CDO, and CAI; and ASTP/ONC will establish an Office of the CTO and reinstitute the role of CTO, which will oversee department-level and cross-agency technology, data, and AI strategy and policy, including the Office of the CAIO, Office of the CDO, and a new Office of Digital Services.

GAO Flags VA FMBT Program

The U.S. Department of Veterans Affairs (VA) is working on a third iteration of plans to replace its aging financial management system, but a new report from the US Government Accountability Office (GAO) says that the agency needs to develop more comprehensive risk response plans to help mitigate risks that would affect the system’s integration with other VA IT modernization projects. “While FMBT has taken steps to address identified integration risks, we found that the program has not fully documented its risk response plans,” the report says. Specifically, GAO found that FBMT’s risk response plans “did not include specific, detailed actions for 11 of the 13 risks and issues related to iFAMS integration” with the agency’s three other major IT modernization projects. VA signed onto a GAO recommendation that the agency take steps to ensure that “responsible risk owners develop integration risk response plans that contain detailed and specific mitigation actions.”

Once again, let’s “call IT a day,” but we'll bring you more tomorrow. Until then please check the MeriTalk breaking news website throughout the day for the latest on government IT people, process, and policy. And finally, please hit the news tip jar [with leads, breaking news, or simply your two cents] at newsstaff@meritalk.com.

To view or add a comment, sign in

More articles by MeriTalk

Insights from the community

Others also viewed

Explore topics