CYBERSECURITY
Businesswire | May 30, 2023
Tidelift, a provider of solutions for improving the security and resilience of the open source software powering modern applications, today announced that it has been awarded three U.S. government contracts worth over $3.5 million, and is expanding its public sector organization in response to increased demand for innovative solutions that help the U.S. government improve its cybersecurity supply chain risk management (C-SCRM) capabilities.
High-profile software supply chain vulnerabilities including Log4Shell and SolarWinds have dramatically increased attention on the need for improved software security, both in the public sector and beyond. In the U.S., this effort began in May, 2021 with White House Executive Order 14028: Improving the Nation’s Cybersecurity, and since then a variety of policy and legislative initiatives around cybersecurity have gained traction.
In September, 2022, the U.S. government’s Office of Management and Budget released memorandum M-22-18 on Enhancing the Security of the Software Supply Chain through Secure Software Development Practices. M-22-18 formalizes the guidance provided in the NIST Secure Software Development Framework and NIST Software Supply Chain Security Guidance documents as the government requirements for developing secure software, and mandates federal government agencies comply with these guidelines.
This memorandum sets aggressive deadlines for compliance with specific dates for both government agencies and organizations selling software to the government to comply with NIST guidelines. Among other stipulations, it requires that any organization selling software to the government must self-attest that their software is compliant with the NIST SSDF by June 2023 for critical software or by September 2023 for all other software.
More recently, the National Cybersecurity Strategy sets a new precedent for software security liability, with the government intending to hold software producers liable for damages caused by preventable security vulnerabilities and offer liability protections to organizations that can show they follow secure software development practices.
Tidelift awarded three U.S. government contracts worth over $3.5 million
In addition to efforts like those mentioned above, the U.S. government is increasingly investing directly in improving open source software security. Tidelift was recently awarded three separate innovation research awards as part of the U.S. government SBIR program. The SBIR program is designed to help U.S.-based businesses invest in their technical potential, while stimulating technology innovation and meeting specific research and development needs.
Through these SBIR Phase II awards, Tidelift is working with the Department of the Air Force and the Defense Advanced Research Projects Agency (DARPA) to help spur innovation in the systems and processes the U.S. government uses to improve open source software security and cybersecurity supply chain risk management. This investment will help Tidelift expand its industry-leading open source software management solution, including increasing its ability to partner with even more open source maintainers to validate their components meet important security, maintenance, and licensing standards required by government and industry users, and pay these maintainers for this critical work.
It will also help the U.S. government better address the requirements and deadlines emerging from Executive Order 14028, memorandum M-22-18, and the NIST Secure Software Development Framework, especially when it comes to the open source components in use in government applications. Tidelift is also helping address new requirements around software bills of materials (SBOMs) that U.S. government agencies are beginning to understand, interpret, plan for, and deploy. Along with Tidelift producing an SBOM from every application build, the company is actively working upstream with open source maintainers to validate and improve security, maintenance, and licensing metadata for their projects and capture this data using the TACOS (Trusted Attestation and Compliance for Open Source) attestation framework.
"The United States Air Force, and the Government as a whole, are among the largest consumers of open source software. With the increasing requirements around Software Supply Chain Risk Management (SCRM) and Software Bills of Materials (SBOM) initiatives, we are excited to partner with Tidelift to enhance cybersecurity resilience outcomes for open source software dependencies that support our most critical work," said Robert "Devo" DeVincent, Chief Software Officer, Air Force 309th Software Engineering Group.
Tidelift expands public sector organization to meet growing demand
Tidelift has named Matthew Arnow, a long-time veteran of Tidelift, to lead the newly expanded public sector team. Matthew heads up the team with extensive experience working with government and public sector clients.
“Tidelift looks forward to working more closely with our government and public sector customers and prospects to improve the resilience of our mission-critical open source infrastructure,” said Matthew Arnow, head of public sector for Tidelift. “Our unique approach of working directly with the maintainers behind thousands of important open source projects will help public sector customers comply with U.S. government security directives and meet necessary government and industry standards.”
Tidelift partners with Carahsoft to support public sector expansion
Tidelift has also partnered with Carahsoft, the leading government reseller partner, to help more quickly and effectively address the number of large public sector opportunities.
“Over the past year, we’ve seen increased demand from our customers for solutions that help improve open source software security and supply chain resilience,” said Natalie Gregory, vice president, Carahsoft. “We look forward to working with Tidelift and our reseller partners to deliver open source software supply chain risk management solutions to our government customers.”
About Tidelift
Tidelift, a 2022 Gartner Cool Vendor, helps organizations effectively manage the open source behind modern applications. Through the Tidelift Subscription, the company delivers the tools, data, and strategies powering an inclusive and organization-wide approach to improving the health and security of the open source software supply chain. Tidelift enables organizations to move fast and stay safe when building applications with open source, so they can create more incredible software, even faster. https://tidelift.com/
Read More
EMERGING TECHNOLOGY, GOVERNMENT BUSINESS
Businesswire | May 29, 2023
Maximus, a leading provider of health, employment, and digital customer services globally, has been selected as the largest provider of the new Functional Assessment Services (FAS) contract, due to launch in 2024.
The award maintains Maximus’ position as a leading provider of health assessments to the UK government. Since 2015 Maximus has been the only national provider of the Health Assessment Advisory Service on behalf of the Department for Work and Pensions.
Maximus transformed the assessment service, with waiting times significantly reduced and record customer satisfaction. From 2024, assessments will be delivered on a regional basis. Maximus will deliver across Scotland and Northern England, and as a delivery partner to Capita across the Midlands and Wales.
The combined estimated value of the contracts, including subcontracting, is £800m/$1bn over five years, with the option to extend for a further two years.
Dr Paul Williams, Division President of Maximus UK, said: “We are delighted to continue our partnership with DWP to deliver the next generation of health and disability assessments. We remain committed to working with stakeholders, including disabled people and their representative groups, to improve customer experience in the assessment process, delivering a sensitive, respectful and expert service to the millions of people who rely on these services to access financial support”.
Bruce Caswell, President and Chief Executive Officer of Maximus, said: “This award continues our expansion in the UK market. With our strong track record of transforming services on behalf of government, and our strategic focus on the future of health services globally, we are proud to be working with DWP on the delivery of this important new service”.
About Maximus in the UK
Maximus delivers services that help more than 2 million people each year in the UK move forward with their lives. Operating from more than 285 locations, Maximus is one of the largest providers of employment, health, and digital customer services in the country.
Maximus employs over 5,000 specialists, including more than 1,000 employment advisors and 1,400 doctors, nurses, occupational therapists and other Healthcare Professionals. We are proud to be a Disability Confident Leader and Living Wage Employer.
Read More
EMERGING TECHNOLOGY, GOVERNMENT BUSINESS
PR Newswire | May 26, 2023
For Memorial Day 2023, GovCIO partnered with the Department of Veterans Affairs National Cemetery Administration (NCA) to add to its Veterans Legacy Memorial (VLM) website more than 300,000 service members and Veterans interred in 27 Department of Defense-managed military cemeteries, including Arlington National Cemetery.
VLM, a publicly available interactive online memorialization platform, honors the service and sacrifice of millions interred at these military cemeteries; at VA National and VA funded state, tribal, and territory Veteran cemeteries; and two U.S. Park Service National Cemeteries. The digital platform allows family and friends to upload written tributes, photos, biographies, documents, and other information to Veterans' memorial pages.
Since the program launched in 2019, over 4.8 million profiles have been created with nearly 60,000 memories added by family members, friends, researchers, and other users. The newly added 27 cemeteries include 18 operated by the Army, five operated by the Navy; and four by the Air Force.
"We are honored to be part of this meaningful program that pays tribute to our nation's heroes in such a personal way," said Karen Durham-Aguilera, Executive Director of the Office of Army Cemeteries and Army National Military Cemeteries. "We look forward to this continued partnership so that more people can discover the extraordinary stories of service and sacrifice that make up the fabric of our country."
From its inception, GovCIO has led the building, implementation and maintenance of the VLM site for the NCA, ensuring survivors and family members have access to the platform to memorialize their Veterans.
"This is a big leap forward for VLM," National Cemetery Administration Digital Services Officer James LaPaglia said. "For us, to be connecting to an interment database outside of the VA is a first. And Arlington National Cemetery is something that our customers have been asking for from the beginning when VLM started in 2019."
Additional newly launched VLM features GovCIO helped implement include a simpler and faster search for users to find their Veterans and a new Personal Achievements milestone to celebrate those non-military special occasions in a Veteran's life.
"Having a number of my relatives interred at VA national cemeteries, including my father-in-law at Arlington National Cemetery, I am extremely proud that the VA has entrusted GovCIO with this important mission," said Jim Brabston, GovCIO CEO. "Improving the VLM customer experience was our top priority, and we hope these new features will continue to allow families and friends to honor their Veterans."
About GovCIO
GovCIO is a rapidly growing provider of advanced technology solutions and digital services for the federal government. Combining our extensive federal experience with the latest innovations in IT and disruptive approaches, our experts develop comprehensive solutions to meet the most pressing demands of today's government agencies. From the U.S. military to Health and Human Services, we have an impressive track record of helping our customers optimize how they operate.
GovCIO is transforming government IT, empowering our federal customers to meet the challenges of today while building the government of tomorrow.
Read More