Greg Elin

GovReady wins $1.1M DHS contract to make security more open

GovReadyThe U.S. Department of Homeland Security announced it has awarded startup GovReady a $1.1M certification and accreditation contract that will be critical to bringing an open source approach to security.

“GovReady will develop tools to help developers through the C&A process and in doing so open the door for more secure, compliant and quality software systems,” said DHS announcing the award.

“The C&A process is essential, but, in its current state, unnecessarily difficult for small businesses to navigate,” said Homeland Open Security Technology Program Manager Dr. Dan Massey. “This project will help to even the playing field between large and small business by giving everyone an opportunity to provide software to the government.”

Full release

Why Cloud.gov is a big deal

Source: Cloud.gov

Source: Cloud.gov

Enabling internal government tech shops to quickly stand up applications in a secure testing environment is fundamental to quick prototyping, and 18F’s new Cloud.gov is a major step in realizing ultimate IT flexibility.

I reached out to GovReady founder Greg Elin who is working on “making FISMA a platform instead of paperwork,” and he replied with the following comments that are better than anything I could say on the subject:

18F’s Cloud.gov is a tectonic shift in government IT because it replaces policy with platform. Cloud.gov components accelerate the much needed replacement of PDF-based guidance with running code. It’s the difference between a book about Javascript and just using jQuery.

For most of the past 20 years, the CIO Council, NIST, and most agency IT shops have focused on policies and procedures to provide contractual requirements for vendors doing the work. That’s not criticizing anyone, it’s how the system was set up. The CIO Council’s authority is to provide recommendations–not write code. NIST’s mission is to advance measurement science and standards development–not build platforms.

Take the CIO Council’s enterprise architecture efforts or NIST’s Risk Management Framework as examples. They provide incredibly rich, comprehensive expert guidance distributed in documents. Unfortunately, contracts, contractors and projects implement the guidance differently enough that interoperability and reusability rarely occurs between bureaus or across agencies. In contrast, over the past decade in the private sector and on the Internet, knowledge has become immediately actionable via open source, APIs and GitHub repos. It’s a golden era of shared solutions powered by StackOverflows and code snippets, package managers and Docker containers.

If 18F’s Cloud.gov succeeds at encompassing official policies and regulations into loosely coupled running code, then contracts are easier to write, vendors aren’t constantly reinventing things, and projects happen faster.

Learn more about Cloud.gov.

Top 7 ‘Minds in the Cloud’ cloud computing videos

FedScoop recently wrapped up its Minds in the Cloud video series. MITC featured interviews with 23 government and industry leaders discussing the benefits, challenges and future of cloud computing. Here’s my seven favorite (#1 being US Navy SCSC CIO Susan Hess).

US Navy SCSC CIO Susan Hess:

U.S. CTO Aneesh Chopra:

Linda Cureton, NASA CIO

U.S. CIO Vivek Kundra:

Interior Department CIO Sonny Bhagowalia:

FCC, Chief Data Officer, Greg Elin:

NASA Ames Research Center CIO Chris Kemp: