April 2022
Volume 22, Number 4
From the desk of the Chief Information Security Officer
Chief Information Security Officer Michael Watson
The numbers tell the story: the Commonwealth of Virginia continues to be a target for cyberattacks. During 2020 alone, the Commonwealth experienced over 66 million attack attempts on the network and blocked 50,099 pieces of malware.
This is why cybersecurity is such a high priority. As a result, we want to share some timely reminders about how to strengthen your own cybersecurity infrastructure:
Use a different password for each online account;
Enable multifactor authentication whenever possible; and
Employers – protect your organization from a potential data breach by educating your employees and limit the number of users to your systems who have administrative privileges.
These simple steps can help protect you and your business from bad actors and hackers.
Speaking of cybersecurity tips, we want to give a shout out to all our Virginia students who entered our 2022 Kids Safe Online poster contest and shared a few of their own. Our program is growing – we received many entries this year, and 35 students from all over the Commonwealth were selected as state finalists.
You can read more about the contest below. It’s a great opportunity to educate our young people about the dangers of cyber threats, and also potentially spark their interest in a cybersecurity career.
Congratulations to all our finalists – we look forward to the announcement of national winners!
Michael Watson
SWaM Spotlight: maconit
In 2021, Commonwealth agencies using VITA state contracts spent $230 million with small, women, minority and veteran-owned (SWaM) businesses, solidifying their role in making Virginia one of the best states for business. VITA’s commitment to supporting SWaM businesses through increased access to IT business, statewide contracts and mentoring has led to even more opportunities for providers of IT contingent labor services to do business in our state. This year, we’re spotlighting these SWaMs who are working to provide services for Virginians every day, telling their stories and sharing their advice on how to work with the Commonwealth.
SWaM vendor, information technology (IT) staffing and consulting firm maconit has been providing IT staffing services for over 20 years in Virginia, successfully building and maintaining business with agencies through the vendor manager, “by hiring exceptional employees, developing local connections and being flexible in the ever-evolving world of IT staffing. Our success is a direct result of the quality people we hire,” credits President Brock Barnett. In a competitive market for IT talent and experience, understanding local staffing needs and exploring references gives agencies the peace of mind that Barnett and his team have delivered candidates who fit the IT needs of each agency.
By getting to know the agencies’ technical and cultural environment and building out a local candidate network over time, maconit has found “you get to understand the process and learn what agency needs you can support, and get a feel over time of personalities and skills that align with a culture at an agency …Doing business with the Commonwealth of Virginia has been a great partnership because of the number of agencies who provide steady and ample opportunity to grow your business. Working with Virginia agencies has been a great experience and we hope to continue the relationship for years to come.”
Barnett’s advice for SWaMs, “Focus on the thing you’re best at: Doing work with the state is a great opportunity but it can be very competitive. You have to work hard and find your niche. It can take some time but learning about each agency and their technology needs has great benefits. Doing business ethically and treating your employees well is a great recipe for success.”
To learn more about the IT contingent labor contract in Virginia, visit the VITA's IT Contingent Labor page.
ICYMI: Virginia names 35 students as finalists in the 2022 MS-ISAC Kids Safe Online poster contest
ICYMI: 35 students from all across the Commonwealth were named as Virginia finalists in the MS-ISAC 2022 Kids Safe Online poster contest, and now have been entered into the national competition.
The goal of the annual contest is to engage young people in creating posters to encourage their peers to use the internet safely and securely. The competition also offers an opportunity for teachers in classrooms across Virginia to address and reinforce cybersecurity and online safety issues.
Themes reflected in this year’s submissions include creating strong passwords, protecting personal information, backing up critical data and avoiding cyberbullying. See the finalists on Kids Safe Online Poster Contest on the VITA website.
Did you know VITA enterprise services can integrate?
VITA enterprise services provides scalable, cost effective, on-demand software as a service (SaaS) applications to executive branch agencies. These value-add capabilities, such as increased productivity, speed and efficiency, as well as high performance and security, allow our customers to better connect when serving the citizens of the Commonwealth of Virginia.
The enterprise services webpage contains announcements and service updates that allows customers to quickly learn about new products and services along with new features added to our current stable of listings. The page provides a complete listing of the SaaS applications and solutioning services with an integration chart for fast potential integration options right at your fingertips!
Check out the enterprise services webpage today!
Win2012 to Win2019 remediation effort
VITA and its service supplier, Unisys, are beginning remediation efforts for the Windows 2012 (Win2012) server operating system as it is approaching end of support. In accordance with the Commonwealth of Virginia’s Information Security Standard (SEC501), VITA’s enterprise architecture (EA) standard (EA225) and the Server OS and Hypervisor Technologies Roadmap, Win2012 is prohibited due to age.
Beginning this month, business relationship managers (BRM) will be contacting agencies identified as having Win2012 servers that require remediation. Over the next few months, the team will transition the existing agency servers to Windows 2019 (Win2019) server operating systems.
LiveNX network monitoring tool coming soon
VITA has been working diligently to provide a tool that will give agencies visibility into the entire ecosystem of network infrastructure that is utilized to deliver IT services for each agency.
With over 100 pre-built reports, the new LiveNX agency network visibility and monitoring tool will provide designated agency personnel visibility into how their agency’s network is performing, how much bandwidth is being consumed and how applications are being utilized and performing. LiveNX will allow agencies to:
- Gain visibility into their devices, applications and networks
- Monitor availability and performance virtually
- Analyze the network to predict problems before they occur
This new capability is included in the current service charges.
New VITA contracts awarded
We’re keeping you updated on new contracts that were awarded in February and March.
For content management software (CMS), new contracts were awarded on Feb. 18 to:
- TerminalFour (t4), Contract #VA-220217-TFI
- Forum One (Drupal), Contract #VA-220217-FO (Small business)
- Triad Technology Partners (Adobe Experience Manager), Contract #VA-220217-TTP (Small, woman-owned)
These contracts are a new offering that gives agencies choices of multiple CMS offerings. The contract was written to cater to many agency situations, whether you have a fully capable staff of web developers that just need a CMS option, or if you are a single website administrator who needs full-service options. Pick the software you like best first (agency preference), then choose options to customize the fit to your agency such as design, development and training help. The pricing structure was developed with all three suppliers to work for all agencies, based on the overall size of the website approach.
Review the new CMS contracts.
For IBM reseller software/services, new contracts were awarded on March 2 to:
- CAS Severn, Contract #VA-220218-CASS (Small business)
- Software Productivity Strategists Inc., Contract #VA-220218-SPSI (Minority-owned, small business)
- Triad Technology Partners, Contract #VA-220218-TTP (Small business, woman-owned)
These new contracts provide users the ability to acquire IBM software, IBM software appliances and maintenance on new installations and current IBM systems. Additionally, users can acquire services such as implementation/integration services and design services. These new contracts replace the previous VA-150826 contracts.
Review the IBM reseller software/services contracts.
Android device policy change
Android device users with an operating system below Android 6.0 can no longer connect to their Commonwealth of Virginia (COV) account.
Current users of Google mobile device management (MDM) should have received an update to their mobile device automatically and there is NO ACTION TO TAKE, unless they are using a device below 6.0. However, the update will only work for devices with Android 6.0 operating system (OS) or higher.
If users do not have devices with Android 6.0 OS or higher as of March 19, they will no longer be able to connect to their Commonwealth of Virginia (COV) account on their device. The most current Android version is 12. Ninety percent of all MDM users are on versions 10, 11 or 12.
Updated version of ORCA released on March 25
A new version of the online review and comment application (ORCA), VITA's system for collecting feedback on policies, standards and requirements, was updated on March 25 with a new interface designed to make navigating the site easier.
The new version implements additional security controls, and users will have to change their password the first time they enter the new system.
Updated Project Manager Selection and Training Standard document posted to ORCA for comment: review period ends on April 14
Agencies have until April 14 to review an updated standard that specifies the structure to determine if an individual is qualified to be a Commonwealth of Virginia (COV) project manager (PM) for a COV-level IT project. This updated document has been posted to VITA’s online review comment application (ORCA) for comment.
Overview of document
The project manager selection and training standard - CPM 111-05 - was first published in 2003 and was last updated in January 2018. The purpose of the standard is to:
- Describe the required skills, training and experience Commonwealth project and program managers need to have in order to be considered qualified to manage Commonwealth IT projects.
- Provide a method for identifying project and program managers qualified to manage Commonwealth IT projects and IT programs.
- Identify the steps a project or program sponsor must take in selecting a qualified project or program manager to manage a Commonwealth IT project or program.
Notable changes to the standard include:
- Changed all agency-level PM requirements to preferred. There are no more agency level requirements.
- Rewritten, simplified and consolidated the PM qualifications and requirements
- A new, simplified and easier to read qualification matrix
- Updated reference documents, e.g. project management body of knowledge (PMBOK) sixth edition, etc.
- Moved Community College Workforce Alliance (CCWA) PM qualification testing instructions from the document to the project management division (PMD) website
- Section 5, PM selection: Clarified and emphasized that this entire section is advisory, not required. Of note, the VITA PMD consultant is no longer required to be on the PM interview panel.
Information security tips
This month’s information security tips focus on cybersecurity and betting on sporting events.
Due to the recent popularity of online betting, especially during the pandemic, online gambling sites have become a hot target for bad actors. This is because these sites collect and manage large amounts of financial and personal information.
So, what can you do to protect yourself?