PUBLIC SECTOR INNOVATIONS
ability to operate. To make it easier for entrepreneurs to present great ideas directly to DOD and earn new business, the department built a shared technol- ogy platform called the Defense SBIR/ STTR Innovation Portal (DSIP).
The cloud-based portal, which was designed to be user-centric and acces- sible for people with disabilities, com- bines requirements for 15 DOD compo- nents, including the Army, U.S. Special Operations Command and Defense Logistics Agency.
Additionally, DSIP helps applicants verify the completeness of their pro- posals and includes business process automation and plug-and-play modules for microservices so the Office of the Secretary of Defense (OSD) can eas- ily incorporate changes to law, policy and context.
So far, the project has helped OSD process applications faster, yielding a 10% increase in volume and garnering 20% more first-time submissions to DOD’s SBIR/STTR programs. More- over, the portal makes it easier for OSD to track funding expenditures and program results and comply with reporting requirements from the Small Business Administration, DOD leaders,
the Office of Management and Budget, and Congress.
Incorporating Automation into the FedRAMP Authorization Life Cycle General Services Administration
Recognized for its thoroughness but not necessarily its speed, the Federal Risk and Authorization Management Program (FedRAMP) is applying auto- mation to facilitate its approval pro- cesses to support agencies’ adoption of secure cloud environments and tools.
FedRAMP officials partnered with the National Institute of Standards and Technology and the General Services Administration’s 10x innovation-fund- ing program to develop the Open Secu- rity Controls Assessment Language. FedRAMP applies OSCAL to its own security baselines and to the security packages that cloud service providers (CSPs) submit.
FedRAMP developed validation rules that analyze OSCAL-formatted data to enable automated reviews for completeness, consistency, adher- ence to formatting and other low-level checks that CSPs can perform before
submitting their plans. It also allows for automated markups to facilitate review teams’ assessments.
“Security authorizations are just very time-consuming for all people involved,” said Zachary Baldwin, FedRAMP program manager for strat- egy, innovation and technology at GSA. OSCAL “is the foundation to make automation possible.”
OSCAL could streamline and improve the accuracy of all three FedRAMP authorization steps. CSPs can create system security plans fast- er, reuse control language and pre- validate much of their content before submission. Third-party assessment organizations can automate the plan- ning, execution and reporting of cloud assessment activities, and agencies can accelerate their reviews of security authorization packages.
“We collected all checks that our review teams do, and we think we can automate about 60% of those checks,” Baldwin said. “Even something as simple as just checking if the documentation is complete takes a decent amount of time, and [with OSCAL] that can be done with- out my review team doing it. It lets them focus on more important, more strategic
rising star
Tanya Mathur
Manager, Enterprise Analytics
Tennessee Valley Authority
Fostering a data-driven culture requires a daunting variety of skills, yetTanya Mathur seems to have them all. She created the Tennessee Valley Author-
ity’s Enterprise Analytics group, which now supports virtually everyTVA business function — including power generation and transmission, financial services, human resources, and envi- ronmental compliance.
She recruited and trained employees, created operating and engagement models, identified and acquired the appropri-
atetechnology,developedanalyticsproductsandself-service strategies, and cultivated partnerships internally and externally to move the effort forward.
In addition, she established the Data and Analytics Center of Excellence, which offers employees a chance to develop analytical skills and promotes interdepartmental collaboration and innovation.To demonstrate the center’s business value, Mathur used her technical background in energy forecasting to quickly deliver analytics products that reduced operating costs, increased power reliability and brought other process efficien- cies. Her success helped build stakeholder support and set the stage for bigger initiatives now in the works.
Mather has aggressively communicatedTVA’s vision
to local universities, data and technology companies, and government agencies.Those partnerships are helping provide the talent, expertise and technology necessary to powerTVA’s transformation.
42 November/December 2021 FCW.COM