The PSA Network recently sat down with systems integrator Mala Grover to discuss changing federal guidelines. Grover is president and CEO of Herndon, Va.-based Digitronics, a full-service systems integrator providing engineering, consultative, and maintenance services to wide array of enterprise and corporate clientele. In the following conversation, she addresses increasingly stringent requirements and cybersecurity guidelines that integrators face in the government arena.
PSA: Are there more federal regulations nowadays than you previously experienced?
GROVER: Yes, the regulations are now a lot stricter. The products have gotten a lot more sophisticated with a lot of encryption. Manufacturers are taking a lot of time and effort to create products that meet the requirements of the federal government and provide more features. Technicians must be more educated, more savvy, and have more training to be able to program, to wire, to be able to test and to be able to deliver the product that the government is looking for.
PSA: And cybersecurity is the driving force behind much of this?
GROVER: It’s not only cybersecurity concerns. It’s also protecting the personal information of the people, protecting their certificates, protecting what client information is being exposed. Previously for an access control system, we had proximity cards, which could be easily duplicated. You could go anywhere and everywhere through a federal building.
Now, PIV [personal identity verification] cards are used not only to access computers, but also to access secure areas of the building. The PIV cards carry a lot of personal information. The final goal is for the PIV cards to be accepted at all agencies to gain access to the federal facilities by making it an enterprise system so each agency can be recognized by another agency, rather than carrying multiple cards with you. This is done by making the systems FICAM compliant and having the capability to verify the certificates issued to each individual connecting through the Federal Bridge to the Certificate Verification Authority.
PSA: As an integrator, how are you rising to meet these new requirements?
GROVER: We have to be trained, we have to get certified in the products that the government is looking for. So, one of the prime requirements that GSA has brought up is the CSEIP [Certified System Engineer ICAM] certification. CSEIP is a certified engineer. You have to go through a training to become CSEIP certified.
The government says, “Hey, we don’t want just any company to come and design a system for us. The person needs to be educated in the architecture of the security system.” They want to make sure the person understands the security points, understands why those security points must be protected.
GSA wants every integrator for government entities to have at least one certified engineer in the ICAM [Identity, Credentials and Access Management] products with the ability to design the architecture of the system.
PSA: As a strategic advisor, do you think end users are expecting that you will help them determine what technology to deploy?
GROVER: It is a mix now. Some agencies will have preconceived ideas of what they want because somebody has said that Product A is better than Product B, and we're going to stick to Product A. They may not have any open mindedness. I have agencies that will come to us with a general idea of what they are looking to accomplish but rely on our expertise to design a system and architecture in order to secure the building and be in compliance.
Some of the clients may not have the budgets for the whole project. They’ll say they want to do the perimeter first and then expand on it as their budgets are released. So sometimes we will take the design that is given by the client and create a proposal or amend it a little. Sometimes our clients will say, “I want you to do A to Z, everything.”
PSA: What are some takeaways for other integrators on how best to serve their end users with these changing requirements?
GROVER: I think listening is a critical part. Customer service plays a big hand, where the customer should feel that you’re there to help them — not to take over. You want the customer to feel that you are there to meet their needs. You’re listening to what their concerns are; you’re listening to what their requirements are. And you are creating a design that meets their build rather than forcing a design on them.
So many times, we will go into the federal arena and the customer knows what’s required but doesn’t know what it will take to accomplish that. Providing the assistance in creating the solution is an accomplishment in itself.
PSA: Do you have any other insights you can share with other integrators?
GROVER: The cybersecurity trend that the federal government and DoD is moving toward [is] the Cybersecurity Maturity Model Certification [CMMC]. It basically protects the secure information, the encrypted information of the client. They are requiring a lot of security contractors to be CMMC-certified, just like for setting up software to make sure you’re meeting all the compliance regulations.