The National Institute of Standards and Technology (NIST) has issued a draft document outlining procedures that federal agencies and nonfederal organizations can use to assess enhanced security requirements for controlled unclassified information (CUI). 

The draft NIST Special Publication 800-172A seeks to help organizations develop evaluation plans and conduct assessments and includes procedures that can be used in self-assessments, government-sponsored assessments and independent third-party assessments, NIST said Tuesday.

“The findings and evidence produced during the assessments can be used to facilitate risk-based decisions by organizations related to the CUI enhanced security requirements,” the document reads.

The assessment procedures are arranged into 10 families: access control; awareness and training; configuration management; identification and authentication; incident response; personnel security; risk assessment; security assessment; system and communications protection; and system and information integrity.

NIST is seeking input on the procedures, including the determination statements and assessment objectives, and the approach used to integrate organization-defined parameters into determination statements for assessment objectives.

Public comments are due June 11th.

The General Services Administration (GSA) announced that its Transactional Data Reporting (TDR) pilot program exceeded targets in three of nine evaluation metrics for the fiscal year 2020.

Those metrics are contract-level pricing, data completeness and small business performance, Jeff Koses, senior procurement executive at GSA’s Office of government-wide policy, wrote in a blog post published Tuesday.

Koses said transactional data is now 98 percent complete and that usage of transactional data by contracting officers has improved.

The 2016 TDR rule seeks to promote transparency and reduce burden by requiring contractors to report transactional sales data from Multiple Award Schedules and other governmentwide contracts on a monthly basis.

“As GSA considers how to build these practices into a broader strategy to expand transparency and create less burden on our industry partners, we plan to train contracting officers on the benefits of having access to more granular prices paid information and to support these efforts with management guidance, as necessary,” he wrote.

Koses added that the agency will also look at the ability of Federal Supply Schedule contracting officers to use transactional data for price negotiations; training and tools for category managers that are currently not impacted by TDR; communication to industry partners ahead of changes; impacts on current and future contractors under the GSA Schedule and the impact of an expanded data collection on GSA’s capability to use data it currently collates.

The Cybersecurity and Infrastructure Security Agency (CISA) is working with several agencies and departments on pilot programs to determine whether it is feasible to aggregate cloud logs into a system that could help CISA analyze data and identify cyber threats, FCW reported Wednesday.

CISA intends to "see if it's possible to send their logs to our aggregation point and make sense of them as a community together," Brian Gattoni, the agency’s chief technology officer, said at an event Wednesday.

"We've run pilots through the [Continuous Diagnostics and Mitigation] program team, through our capacity building team to look at endpoint visibility capabilities … to see if that closes the visibility gap for us,” he added.

Gattoni said some cloud service providers have an infrastructure in place that could support CISA’s data aggregation efforts, but the agency is exploring ways to come up with its own capabilities to gain visibility into networks.

"There's a lot of slips between the cup and the lip when it comes to data access rights for third party services, so we at CISA have got to explore the use of our programs like [CDM] as way to establish visibility … and also look at possibly building out our own capabilities to close any visibility gaps that may still persist," he said.

To register for this virtual forum, visit the GovConWire Events page.

A bipartisan group of seven House and Senate lawmakers proposed a bill allowing $21 billion for projects to revitalize four U.S. Navy shipyards and another $4 billion for the modernization of private facilities used to build or repair military ships.

The Supplying Help to Infrastructure in Ports, Yards, and America’s Repair Docks Act of 2021 seeks to help the military branch address public shipyard asset improvement, maintenance, and expansion requirements, according to a press release posted Wednesday. 

SHIPYARD Act would also give the Navy secretary more flexibility to award contracts under the Defense Production Act.

Sens. Susan Collins, R-Maine; Roger Wicker, R-Miss., Tim Kaine, D-Va.,; Jeanne Shaheen, D-N.H.; and Angus King, I-Maine, introduced the bill with Reps. Rob Wittman, R-Va,; Mike Gallagher, R-Wis.

Join Potomac Officers Club’s 2021 Navy Forum to hear notable industry and federal leaders discuss the initiatives, efficiencies and solutions that will enable the Navy to become more effective in warfare.  

Check out the Potomac Officers Club's (POC) 2021 Navy Forum coming up on May 12th. Click here to register.

NASA expects to soon conduct the Mars helicopter's fourth flight, having demonstrated the spacecraft's ability to fly on the red planet. The Ingenuity helicopter will fly on Thursday from a Mars airfield dubbed the Wright Brothers Field, NASA said Thursday.

“From millions of miles away, Ingenuity checked all the technical boxes we had at NASA about the possibility of powered, controlled flight at the Red Planet,” said Lori Glaze, director of NASA’s Planetary Science Division. 

The team in charge of the Mars helicopter was tasked to demonstrate controlled flight in a simulator chamber six years ago, marking the spacecraft's first flight objective. 

The second flight took place on April 19th when Ingenuity flew on Martian surface for the first time. The helicopter then demonstrated a down-range flight of 164 feet with a top speed of 6.6 feet per second during the third and most recent flight, which occurred on April 25.

The upcoming fourth test will have Ingenuity elevate to a 16-foot altitude, then collect surface imagery as it flies southward. The helicopter will then hover while capturing colored images.

“Future Mars exploration missions can now confidently consider the added capability an aerial exploration may bring to a science mission," Glaze said.

 Air Force Research Laboratory (AFRL) has moved the launch date of an upcoming geosynchronous orbit satellite from 2022 to 2023 due to a rideshare scheduling issue, Space News reported Wednesday. The NTS-3 satellite is designed to provide positioning, navigation and timing for U.S. military operations. 

United Launch Alliance (ULA) will launch the satellite through the National Security Space Launch program's USSF-106 mission, which is a rideshare arrangement with other U.S. Space Force users.

NTS-3's production and evaluation are progressing on schedule, as the delay is not associated with the satellite's development. Brig. Gen. Heather Pringle, AFRL commander, said the laboratory will use the delay as an opportunity to put more work into NTS-3.

Beth Killoran, deputy chief information officer at the General Services Administration (GSA), said the agency wants to use cloud technology in new ways that would require a modular environment. 

She said at the IT Modernization Summit that the plug-and-play approach would help agencies better accommodate work-from-home arrangements, FedScoop reported Wednesday.

Adopting a distributed, flexible cloud approach will help government agencies prevent cloud lock, as not all forms of cloud function the same way, the deputy CIO added.

“And so I think we’re going to start seeing some cloud brokerage and some cloud distribution so that we can utilize the best capabilities of cloud environments," she said.

A hypersonics research proposal from the Naval Research Laboratory has been selected by the Department of Defense to receive a $45 million grant under the DOD”s Applied Research for Advancement of Science and Technology Priorities program.

DOD said Wednesday that the NRL-run Naval Center for Space Technology pitched its “Surface Morphing and Adaptive Structures for Hypersonics” project to the DOD S&T Executive Committee as part of the ARAP competition.

“We appreciate the initiative, originality and collaborative effort that each team displayed in developing a high-quality proposal, especially during the pandemic,” said JihFen Lei, chair of ExCom and acting director of research and engineering for research and technology at DOD.

NCST’s winning proposal, which beat 16 other submissions reviewed by the panel, will explore materials and approaches to boost the performance of hypersonic weapons.

The three-year effort will see NRL lead a group composed of Air Force and Army research laboratories, the Missile Defense Agency and 20 academic entities.

Eighty government scientists and engineers and at least 20 new graduate students will support the initiative to help the department build defensive and offensive hypersonic platforms, DOD noted.

The department holds the ARAP award competition among its components every year to address technology and capability gaps within the defense enterprise.

Vaughn Noga, chief information officer of the Environmental Protection Agency (EPA), has talked about EPA's goals of creating a cybersecurity-aware culture and decreasing hindrances to deployment and operation of new applications and systems. 

Speaking at Federal News Network's Federal Drive with Tom Temin segment, Noga cited the need to prioritize the agency's approach to fielding systems and getting them through the extract, transform and load process.

"[It is] a long way of saying we need to make it easier for our state agency stakeholders… And quite frankly, we need to reduce the barrier and the burden on our stakeholders, so they can be productive much quicker," he added.

To develop a cybersecurity-aware culture, Noga said EPA must educate its workforce on system requirements for defending against malicious cyber attacks.

“And part and parcel of that are working with them to understand what their role is in protecting the IT systems and the data and the assets of the EPA,” he continued.

Noga also discussed his office's efforts to ensure accessibility of data to inform the decision-making process. He cited how EPA moved paperless activities to digital to enable employees to work from anywhere.