President Donald Trump’s executive orders issued on Tuesday directing the government to simplify the existing Federal Acquisition Regulation (FAR) and to prioritize buying “commercially available” products and services – rather than “non-commercial, custom products or services” – received positive initial reviews today from government technology experts, who also said they are eager to see how well the orders play out going forward.
The White House order on commercial acquisitions directs the government to “prioritize the procurement of commercially available products and services, as required by the Federal Acquisition Streamlining Act of 1994 (FASA), rather than non-commercial, custom products or services.”
The order applies generally to the nearly $1 trillion per year that the government spends on acquisitions of all kinds each year, but it also calls out substantial savings that the implementation of the order could generate through changes in IT-related purchases.
“On balance, the idea behind the executive order is good,” one former executive branch official who has worked extensively on IT modernization and acquisition issues told MeriTalk today.
Possible Shortfalls
However, the official also said the order may fall short of its goals in a couple of areas depending on how it is implemented in the coming months.
One of those areas, the official said, hinges on encouraging Federal government organizations to align their internal business processes – which are sometimes dictated by congressional statutes that don’t apply to private companies – to technologies that are sold commercially.
Absent those underlying changes in business processes, agencies “can still end up with a lot of bad outcomes,” the official said.
As an example, the official said, “If you want the best commercial payroll solution, then you need to start treating Federal payroll in a much more commercial way. It needs to follow much more commercial business rules and commercial processes. Just trying to put a commercial item into something that is as obscure and convoluted and sclerotic as the Federal payroll system – you’re not really going to get the best bang for your buck.”
“It’s one thing to simplify the FAR regulations … but if you’re not changing the actual underlying business rules and business operations at Federal agencies, you’re not really going to get the outcomes that I think the executive order aspires to,” the official said.
The official also called out one key aspect of the executive order for simplifying the FAR rules – its call to pare back those rules to just what is required by congressional statute. “It looks good on paper,” the official said, who warned that some of the statutory obligations that need to be followed may come from laws that have been on the books for many years and thus may be outdated from a technology perspective.
Cloud Impact
One former Federal agency CIO explained to MeriTalk that the order is likely to be well received by some of the larger technology providers to the government. Those may include cloud service providers who now invest in separate government-directed services, in addition to their general-purpose services sold commercially.
Having more government users opt for their commercial products – which offer similar security profiles at least for unclassified information – might save the providers some of the money they invest in maintaining government-directed services, the source said.
“The Feds can get 90 percent of what they want by buying commercial cloud services, and spend less” doing so, said the source, who was quick to add that the calculus for Federal agency buyers might change in the case of services that involve classified and secret data.
The former CIO was also quick to add that agency CIOs and chief information security officers (CISO) are focused on wanting cloud services that feature hard-and-fast security features that meet their agencies’ particular needs – often as dictated by rules approved by Congress.
But, he said, if those officials are “truly doing risk management … I think they’ll find that commercial is the better way to go.”
With caveats for unclassified vs. classified data, the source suggested that a commercial-first outlook is a “great thing,” adding, “Think commercially first, prove why that is not secure enough, and understand what the risks are … if the commercial service is FedRAMP high, what’s the difference.”
In a similar vein, the source pointed to legislation approved by Congress that overhauled the General Services Administration’s FedRAMP program which certifies the security of commercial cloud services, and the legislation’s language around a “presumption of adequacy” on security.
“Presume commercial is adequate,” the source said, adding that if an agency has a particular use case that would fall outside the direction of the White House order, “then you can think of a custom requirement to do something different.”
The executive order calls for Federal agency contracting officers to undertake a 60-day review of “all pending contracts for non-commercial products or services,” and to submit proposed waivers that “justify their necessity.” It adds, “Waivers for non-commercial procurements must be reviewed and approved or denied in writing.”
In a public statement today, Gordon Bitko, executive vice president of policy at the Information Technology Industry Council (ITI) called the new executive orders “a step in the right direction.”
“By collaborating with procurement experts across government and industry, this effort will help elevate public-private partnerships, reduce waste, and ensure continuous progress by the government towards modern, commercial off-the-shelf solutions that represent the best of private sector innovation,” Bitko said.
“Federal agencies increasingly rely on the innovative capabilities that the tech industry offers to serve the American public effectively,” the ITI official said. “By leveraging secure commercially available products and services, the U.S. government can benefit from faster implementation, continuous security updates amid constant cyber threats and rapid technological change, and improved cost efficiency.”
“ADI has called for modernization of our acquisition practices to facilitate government procurement of existing commercial products where possible and to reflect the way that modern cloud-based commercial technology is consumed,” said Ross Nodurft, executive director of the Alliance for Digital Innovation.
“The recent executive orders focused on the Department of Defense Acquisition and the re-write of the Federal Acquisition Regulation provide a critical pathway for innovative cloud-based commercial technology providers to provide the public sector with the same solutions that cutting edge commercial companies leverage to drive efficiencies, provide security, and save money in their enterprises,” he said.
“It also starts the process to cut the red tape that has slowed down rapid acquisition of commercial technology,” Nodurft continued. “This is the beginning of the process and ADI remains committed and focused on working with the administration to drive implementation across the DOD and the federal civilian government agencies.”