recommended reading

Security must be a consideration as acquisition databases are combined

This article was updated at 1:52 pm, Feb. 23.

The federal government is forging ahead with plans to consolidate contract-monitoring databases, but officials do not yet have a detailed plan for protecting proprietary information across the single platform.

IBM U.S. Federal announced on Thursday that it has won a fixed-price contract worth $74.4 million over eight years, including option periods, to design and develop a standard architecture for nine General Services Administration systems. The reconfigured, single system will offer a one-stop shop for contractors to register their credentials, agencies to retrieve and enter information on contractors' past performance, and citizens to monitor procurement transactions. GSA officials said the move is part of the Obama administration's effort to replicate innovations that have increased efficiency and enhanced transparency in the private sector.

"The exact approach to dealing with the disparate databases has not been established yet," said Charles L. Prow, managing partner for IBM Global Business Services, Public Sector. "Security and privacy with regard to the data is obviously going to be of a fair amount of concern."

Some industry officials said the consolidation was primarily intended as a way to provide federal agencies and vendors with ready access to information they use on a regular basis, not as a cost-saver or a transparency tool.

"This contract was designed to provide an easy way for government officials to go back and forth between the various databases that capture unique information about procurement activity," said Alan Chvotkin, executive vice president and counsel at the Professional Services Council, a contractor trade association. "Each of them have their own business rules and access elements to them" at present.

"I would hope there is no goal to have a single database," Chvotkin added. "I think there is value to having segmentation." Currently, the Web site FedBizOpps permits citizens and vendors to search solicitations, while the Past Performance Information Retrieval System, which rates the work of contractors, is restricted to vendors and federal officials.

Chvotkin said he is not worried about the system releasing confidential business information as long as the aim is not to alter the system's underlying controls.

When asked how the conversion would disclose more information to the public, GSA officials declined to elaborate beyond saying they were committed to making government data more open and transparent, while also properly protecting procurement-sensitive information.

Speaking as a vendor himself, Prow said the long-term benefits for the contractor community will be substantial. Multiple systems are more costly, he said. The project should lower the barrier of entry to the federal marketplace by reducing the complexity of doing business with the government, he added.

Consolidation of the acquisition databases began under the George W. Bush administration, as an e-government initiative intended to streamline federal operations through the use of Web-based information technology. Today, the systems are available on one Web site, but are maintained by different vendors.

During the past few years, federal auditors have found weaknesses in the systems, including inaccurate and incomplete data. The Government Accountability Office in April 2009 estimated that agencies submitted performance assessments for less than one third of relevant contracts. In addition, the systems have had technical problems. Some searches through a database listing contractors barred from doing business with the government overlooked the names of ineligible companies. As a result, agencies awarded contracts to excluded vendors.

A GSA spokesman said the single database will "eliminate synchronization issues and improve data quality."

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.