Letters
IRS’ closed doors
Federal Computer Week’s story “New (fiscal) year resolution: Get your IT budget fit” [Feb. 13] faithfully quoted Internal Revenue Service press releases on why the agency wanted to close 68 walk-in assistance centers for taxpayers. However, issuing a press release does not change the facts.
The proposal to eliminate taxpayers’ ability to obtain personal face-to-face tax help was a serious executive miscalculation that exposed just how out of touch IRS leaders are with the ground zero of tax administration. Taxpayers would have saved no money. Zero. Instead the funds used to assist folks in complying with complex tax
laws would have been redirected to controversial pet projects, such as allowing private firms to collect federal income taxes.
Once the scheme was exposed to public scrutiny, embarrassed IRS executives were
sent back to the drawing board.
Mike Peacher
National Vice President
District 4
National Treasury
Employees Union
Aronie’s bull’s-eye
Jonathan Aronie hit a bull’s-eye on possible solutions for the General Services Administration’s current malady [“Keep GSA schedules humming,” March 20].
He suggests assigning individuals to key leadership and management positions who
have the knowledge of and passion for the schedules program, and who understand the program’s origins and its purpose as a special and unique contracting tool.
As Aronie points out, GSA already has such folks onboard and exhorts: “Let’s put these people in the game.”
Not only should we take those folks off the bench and put them in the game, we should provide them with sage advice from past leaders and heroes of the schedules program.
I suggest that FCW sponsor a blue-ribbon committee to come up with recommendations to invigorate the program. My vote for committee members would
include the legendary four horsemen of the Federal Supply Service: Frank Pugliese, former commissioner; Bill Gormley, former assistant commissioner; Ed O’Hare, former chief information officer; and Roy Chisholm, former procurement director. Those individuals left their mark on GSA and the federal procurement community.
They brought recognition to the phrase Federal Supply Schedules.
Nick Economou
President
FSL Procurement and
Contracts Consulting
More on the Common Criteria
I just read your article “GAO:
Common Criteria is not common
enough” [April 3].
The Government Accountability
Office’s auditors are correct
that the process takes too
long and its effectiveness is not
well-understood, but the article
has some inaccuracies. For one,
small vendors do not need a subsidy.
They do not care what it
costs to do a Common Criteria
evaluation as long as it is a dealmaker
and they will make a profit
on the venture.
Even though the Defense Department
requires a Common
Criteria evaluation, a small vendor
often starts the process and
a competitor wins the award
without an evaluation. DOD
does not enforce DOD 8500.1. I
just received an e-mail from an
officer asking me what I knew
about a vendor claiming to be in
the Common Criteria evaluation
process.My reply was that the
claim is false.
Any vendor can close a deal
before an evaluation begins
as long as they
have a contract
to get into a
c e r t i f i e d
C o m m o n
Criteria Testing
Laboratory,
and that
costs zero dollars.
If customers
require an
evaluation, small vendors will
gladly pay for one if the guaranteed
revenue exceeds the evaluation
cost.
Because the Common Criteria
process evaluates information
assurance, it has been difficult to
identify appropriate metrics.We
compare a vendor’s design specifications
against their security
claims for the product. Then we
test the product against the vendor’s
design specifications at the
end of the evaluation process.
We evaluate whether external
interfaces are tested, and then we
evaluate to see if all errors and
effects are tested by the vendor.
But people want to hear how
many viruses we found.We determine
if the vendor can accurately
build a version of the
product and ship the appropriate
installation and guidance instructions
with it. But people
want to hear if the product can
protect against phishing. I guess
it is good that the information
technology security industry has
entertainment value.
Once a product is evaluated
against the Common Criteria, all
agencies can recognize it. Unfortunately,
many agencies have
their own evaluation processes.
But that is not a failure of the
National Information Assurance
Partnership or the Common
Criteria. A center of excellence
will not solve this problem.
I am tired of meaningless
statements by well-selected
sources that add nothing and,
worse, confuse the reader.
Progress only can be made if we
start with accurate information.
GAO auditors spent time at Science
Applications International
Corp. on two separate occasions
and have communicated with us
several times after the questionand-
answer period. Their questions
were to the point, and they
took copious notes, so I assume
that someone at GAO understands
the Common Criteria
process.
I am disappointed that you
apparently did not question your
sources or seek corroborating
sources, as one might expect an
investigative reporter to do.
Robert Williamson
AVP
Common Criteria Testing
Laboratory
Science Applications
International Corp.