Our recently discovered favorite website, FierceGovernmentIT, carried a couple of recent stories that indicate some significant changes are in the works for DOD acquisition folks.

First, the site reported that the reintroduced 2011 Defense authorization bill, H.R. 6523, contained in its Section 806, a very interesting provision. The Bill, which was passed by the House and delivered to the Senate on December 17, 2010, provides that for acquisitions of certain “covered” (national security) systems, the Department of Defense may—

1. Exclude sources that fail “to meet qualification standards established in accordance with Section 2319 of Title 10 of the United States Code [10 U.S.C. 2319] for the purpose of reducing supply chain risk in the acquisition of covered systems.”

2. Exclude sources that fail “to achieve an acceptable rating with regard to an evaluation factor providing for the consideration of supply chain risk in the evaluation of proposals for the award of a contract or the issuance of a task or delivery order.”

3. Withhold consent for contractor to subcontract with “a particular source or to direct a contractor for a covered system to exclude a particular source from consideration for a subcontract under the contract.”

Moreover, the legislation would prohibit the action(s) taken above from a bid protest review by the GAO “or in any Federal court”. And the determinations regarding supply chain risk that lead to those actions could be provided to other DOD components “or other Federal agencies”.

What is “supply chain risk”? The legislation defines the term thusly—

The term ‘supply chain risk' means the risk that an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of a covered system so as to surveil, deny, disrupt, or otherwise degrade the function, use, or operation of such system.

As the FierceGovernmentIT story reported—

The bill also would require establishment of four cybersecurity pilot programs, including one for ‘processes for securing the global supply chain.’ Such a pilot program would establish a framework and taxonomy for evaluating the supply chain and ‘an assessment of the viability of applying commercial practices for securely operating in an uncertain or compromised supply chain.’

Those who’ve read our rants reasoned, yet passionate, calls for managing supply chain risk will see this as yet another compelling reason to focus on such issues. For those who are new to this site, please see this article, or this one, which provide a good starting point for more research.

In a second story, FierceGovernmentIT reported that the DOD is planning to change “how it funds, buys and manages IT projects”. In a recently published report, DOD listed many reform efforts it plans to make. FierceGovernmentIT published a list of those reforms here.

As the FierceGovernmentIT article stated—

New reforms will be implemented incrementally and could require Congress to change elements of U.S. code. The report identifies five guiding principles: Deliver fast and often; incremental and iterative development and testing; rationalized requirements; and flexible/tailored processes.

The reforms involve significant changes to IT project funding, which are outlined in the article. We were interested to see that one of the reforms would be to exempt IT projects from the DOD 5000 approach to program management, “in favor of more frequent decisions”. The article also reports that the report calls for reforms to the traditional systems engineering approach. It states—

The department will shift away from the waterfall engineering process in favor of newer practices such as test-driven development, model-driven development and feature-driven developments, the report adds. Creation of a common IT infrastructure with non-proprietary interfaces will enable agile development. …

The FierceGovernmentIT article (link above) provides a link to the original DOD report, for those interested in further research.