GSA IT Regulations Management IT Support Services Industry Day
>> Good afternoon, and thank you for joining us today. My name is Corey Wilson, and I am the division director for GSA's Office of Internal Acquisitions. Before we get started, I wanted to remind everyone that today's meeting will be monitored, recorded, and/or transcribed. So now is the opportunity to remove yourself from this meeting at this point if you do not agree or consent. Today we are here to talk about the GSA IT Regulations Management IT Support Services RFI. We hope to share a couple of things, and in overview of the Office of Regulation Management and their programs, a technical overview of the eRulemaking and RISC IT systems, and, lastly, answer some of your questions today.
Today's event builds on GSA's commitment to engage with our industry partners to receive best practices and trends to aid in the development of future procurement planning. For today's meeting, closed-captioning services are provided, and please retrieve the link provided in the chat section. Today specifically you will hear from Jennifer Hanna, director of Financial Management and Office of Government-wide Policy IT Services Division in GSA IT; Virginia Huth, deputy associate administrator for the Office of Regulation Management; Tobias Schroeder, director, eRulemaking program; Boris Arratia, director of the Regulatory Information Service Center -- Information Service Center. I'm sorry. Linel Soto, branch chief, OGP IT Services Division, GSA IT; Kathryn Palmer, IT program manager, OGP IT Services Division as well, GSA IT; Nick Pierre-Louis IT project manager, OGP IT Services Division, GSA IT; and of course the contracting officer, Vivian Fields, with the Office of Internal Acquisition.
While we do want to hear from you, we do ask that you remain on mute throughout the duration of this presentation. You will get the opportunity during the Q and A section to submit your questions via the chat window in your Zoom application. We will respond to as many questions as we can in the time allotted. I now will hand it off to Jennifer Hanna, director of Financial Management and Office of Government-wide Policy IT Services Division in GSA IT. >> Good afternoon, everyone. Before we do a technical overview and go into the details of the RFI, we would like to first give you a brief overview of the eRulemaking and Regulatory Information Service Center programs, as well as the IT systems that currently support them.
The General Services Administration oversees the program management functions and systems development in support of the federal government regulatory process. The GSA IT organization manages technical support for all of the IT systems, while the Office of Regulation Management within the Office of Government-wide Policy provides the program support through the eRulemaking Program Management Office and the Regulatory Information Service Center. The purpose of this RFI is to get input from our industry partners on our proposed approach to not only maintaining these systems but also providing functional enhancements and potential modernization efforts to enhance service delivery to our customer agencies and the public. Before we get into the technical requirements around the eRulemaking and RISC systems, I'm going to hand it over to Virginia Huth, deputy associated -- deputy associate administrator for the Office of Regulation Management. >> Hi, everyone.
Thank you, Jen. The Office of Regulation Management has a fantastic partnership with GSA IT. The Office of Regulation Management at GSA was [inaudible] up October 1, 2019, and comprised as the eRulemaking PMO, which was moved over from the Environmental Protection Agency, and the Regulatory Information Service Center, which has been at GSA for some time.
The priority for the Office of Regulation Management is to maintain continuity of service for its existing systems. OMB's Office of Information and Regulatory Affairs, or OIRA, the federal agencies, and the public rely on these systems to fulfill requirements for transparency and accountability throughout the federal rulemaking process. As our colleagues in GSA IT will be covering, there are challenges for maintaining these systems while simultaneously addressing an ageing technical architecture. However, there is also significant potential to improve the existing portfolio of services and seek out new opportunities for federal-wide efficiencies in rulemaking should resources become available.
These opportunities for efficiencies exist across eRulemaking and RISC with the Office of the Federal Register and the Government Printing Office and across the federal government. In addition, GSA's in the early stations of developing a new federal integrated business framework model for rulemaking management to support potential modernization and improve delivery of regulatory shared services. I will now hand it off to Boris Arratia, the RISC director, for more information. >> Thank you, Virginia. And good afternoon, everybody.
The RISC team assists with the forecast of proposed regulations for publication in the fall and spring unified agendas as well as the annual regulatory plan as required by Executive Order 12866 13771 and other executive order requirements. The Regulatory Information Service Center/Office of Information on Regulatory Affairs Consolidated Information Systems, otherwise known as ROCIS, enables federal agencies to collaborate with the Office of Information and Regulatory Affairs, OIRA, at OMB in developing the unified agenda and the regulatory plan. Agencies use ROCIS to request new regulation identifier numbers, or RINs, enter regulatory information, and electronically submit unified agenda and regulatory plan entries to OIRA for review, approval, and eventual publication. Additionally, ROCIS enables OIRA to review and approve regulatory information submitted by agencies such as information collection requests under the authority of the Paperwork Reduction Act.
So talking about ROCIS a little more, it consists of four primary modules that support regulatory actions. It has the Agenda and Regulations Module, the Privacy Module, the Paperwork Reduction Act Module, and then it has the Executive Orders 13771 Module, which is also known as the Two-For-One Order, in which agencies are to take down two regulations for every new regulation that is proposed. The public-facing component of ROCIS is reginfo.gov, and you're welcome to go to that site and browse through to get an idea of what it includes. Reginfo.gov provides information to citizens about the regulatory process.
The public is also able to provide feedback and request information from OIRA about specific regulatory actions through reginfo.gov. So I would now like to hand it off to my colleague Tobias Schroeder, who's the director of the eRulemaking Program Management Office. Tobias. >> Thanks, Boris. Good afternoon, everyone, and thank you for [inaudible]. The eRulemaking program is a federal shared line of business, comprising 43 partner agencies and their components.
GSA serves as the managing partner. The eRulemaking Program Management Office, or PMO, facilitates governance for the partnership and maintains shared IT services. The eRulemaking system's comprised of regulations.gov
and the Federal Docket Management System, or FDMS. As depicted by graphic at the bottom of the slide, these IT services primarily support the public notice and comment process as required by the Administrative Procedure Act of 1946 and the E-Government Act of 2002. The public notice of a regulatory action is published through the Federal Register and managed by the National Archives and Records Administration. In the FR notice, the public is directed to a specific docket on regulations.gov for public comment. In FDMS the rulemaking agency builds the docket, which links to the FR document and includes a collection of other supporting documents related to the regulatory action. The agencies post selected portions of this docket to the publicly accessible regulations.gov site.
The public then reads the docket and can comment directly on any of the supporting documents, including the FR notice itself. The agency receives and reviews the comments in FDMS and can post the comments back out to regulations.gov for the public to view. For many of the FR notices, a comment form is available directly from federalregister.gov.
Comments submitted there are sent to the eRulemaking systems through the regulations.gov application programming interface. Collectively, partner agencies process over seven million comments per year using the eRulemaking system. Individual rulemaking actions can exceed one million comments. Since 2003 these shared IT services have created enterprise efficiencies for federal agencies by avoiding duplicate -- I'm sorry -- duplicative IT spending. More importantly, regulations.gov provides one-stop access
to multiple federal rulemaking dockets from a single website. The problem is that the technology for the application layer hasn't changed very much since the original system was deployed in 2003. At the center of the diagram you'll see that the current process is primarily focused on pushing documents for mock manual access and review.
While fundamental aspects of the notice and comment process have remained the same however, the business needs and risks have evolved. This includes increasing need to shift from a document-centric model to a model that centers on the content within the documents. There are also evolving needs related to bot detection, fraud detection, network traffic monitoring, and advanced analytics. A series of executive orders over multiple presidential administrations have focused on developing and retrospectively reviewing regulations across federal agencies for redundancy in consistency and cumulative burden. More recently, concerns focused in on how information technology can be abused to impede or influence policy decisions. These risks are laid out in more detail in the background section of the statement of objectives.
As Virginia Huth mentioned in her opening comments, the Office of Regulation Management not only seeks to maintain and improve its existing services but explore other opportunities for improving government-wide efficiency in regulatory management. This includes a recognition that eRulemaking and RISC are only two stakeholders in the overall regulatory process. GSA will seek opportunities to collaborate with other stakeholders, such as the Office of Federal Register, or OFR, the Government Publishing Office, and the National Institute for Standards and Technology. Two longstanding points of collaboration between eRulemaking and OFR are depicted with the dotted lines on this image. FDMS incorporates FR notices into dockets through a data feed, and the public can directly submit comments on FR notices from their federalregister.gov using the regulations.gov API. Additional opportunities for collaboration include the ability to cross-reference and access all of the documents from these silos when they're related to the same regulatory action, and conforming to common data standards that can improve the ability for computers to search, access, and interpret the content within regulatory documents.
Within the Office of Regulation Management, the eRulemaking and RISC programs can make near-term improvements in data quality and data governance in master data management for existing data structures: for example, cross-referencing data sets through improved management of common regulatory identifier numbers, depicted as RINs on this diagram. OFR and GPO already structure documents to improve search and publication. This includes a thesaurus of indexing terms and efforts to extend the U.S. legislative markup standard from legislation to regulations. USLM is the acronym for that, and that's depicted on this diagram as well. For interoperability, GSA seeks to conform to these standards, which are designed to apply widely across all codified regulations and to complement them with additional standards that are designed to provide machine-readable context for specific regulatory domain. So the priorities.
In spite of the Office of Regulation Management's strategic vision for improving existing services and achieving government-wide efficiencies, GSA must operate within existing constraints to maintain continuity of service, comply with business security standards, and seek progress on risks from fake comments. Due to obsolescence of current IT platforms, however, some degree of technology refresh will be necessary. Any near-term capital investment decisions should be made with future modernization and full lifecycle costs in mind. Item 7 of the RFI questions is intended to seek information on approaches for striking this balance.
When we get to the Q and A session, please take the opportunity during this Industry Day to clarify any questions you may have regarding the background section and attachments A and B of the statement of objectives, including references to legal knowledge representation. I'll now hand it off to Vivian Fields to talk about the RFI. Thank you.
>> Thank you, Tobias. Good afternoon, everyone. This request for information, RFI, is issued solely for information and planning purposes. It does not constitute a request for proposal, RFP, request for quote, RFQ, solicitation, or a promise to issue an RFP, RFQ, or solicitation in the future. This RFI does not commit the government to a contract or any supply or service whatsoever. The purpose of the RFI is to obtain information to support the future technical direction of GSA IT Regulations Management IT Support Services, promote an acquisition environment that mitigates supply chain risk, and is complying with statutes/policies.
The RFI is available on three sites. It's available on beta.sam. The ID number is RFI12172020 GSA IT Support Services. EBuy.gsa.gov, the RFI number is RFQ1470527.
And our NASA SEWP is on sewp.nasa.gov, ID 178589. The RFI closes on January 29th, 2021, at 12:00 p.m. Eastern Standard Time. The RFI is not mandatory that you respond to. Information and research purposes only. No formal responses will be issued to questions on RFI; however, they will be addressed during today's meeting. The link to the Google form submission is located in Section 13 of the RFI SOO.
I will now hand this over to Nick Pierre-Louis to provide a technical overview. >> Thank you, Vivian. And good afternoon, everyone. This is going to be a high-level overview and does not delve deep into the specifics of the system architecture, such as configurations and connection details. I'll begin with the eRulemaking infrastructure, which is segmented into three operating environments.
That is the National Computer Center environment hosting, which hosts the existing back end services to include the classic sites, the AWS environment for the modernized sites, and the disaster recovery backup site, not depicted in this graphic here. The EPA NCC is the primary on-premises site for regulations.gov and fdms.gov. The environment contains physical equipment such as networking, database appliances, and the physical servers for our virtual machines. The AWS architecture features a virtual private network and a virtual private cloud that restricts all public access and is hosted in a vendor-managed cloud environment. ROCIS and reginfo, on the other hand, are web applications with all of their components residing at GSA facilities. Moving on to the software and applications.
The existing eRulemaking system of FDMS and regulations.gov consists of Documentum and Oracle databases database service components on the back end. Other major components include Endeca for search and content text analytic tools that integrate with database and content repository -- integrate with the database and the content repository. The majority of the data is imported and exported directly from the system, with the exception of some automated scripts and data exports through the application program interface.
The API is our web service for accessing and posting data to and from regulations.gov, where users can request document search results or metadata for a specific document or docket. There are several services, tools, and features utilized through the web -- there are also several services and tools utilized through Amazon web services. The ROCIS and reginfo.gov web applications utilize Oracle Solaris and Windows Operating Systems on the back end. Additional software components include Java and Apache products.
As for the infrastructure, the eRulemaking system network architecture consists of two tiers. Tier one is the external perimeter or the system boundary that protects the DMZ, the demilitarized zone system which -- such as web content servers and content switches. Next we have tier two, which is the internal enclave or back end network that protects the internal system resource, such as database servers, backup systems, and the storage area network. Next slide, please.
These resources connect via high-speed local area network consisting of Ethernet fiber and other media that connects the servers and their related storage and support equipment. To give you a sense of the resource environment the system consists of over 75 small to large virtual machines using Linux- and Microsoft-based operating systems. Next regulations.gov and FDMS application services are hosted in AWS.
All traffic to AWS environments -- to the AWS environment is filtered through the NCC via a trusted internet connection 2.0, multiple firewalls, and a VPN tunnel as well. There are no public-facing subnets within the virtual private cloud. As a result, connectivity is restricted based on ports and/or protocols via routing and security groups.
Lastly, ROCIS and reginfo have their own web servers that host the front end applications. Each of these applications maintain their own database servers. The concept of modernization is defined by the executive office of the president's digital government strategy, or the digital gov strategy, and formed by the United States Digital Services Playbook and guided by GSA IT's strategic vision and enterprise policies. There are five key objectives for modernization. That is to make the regulatory process more user friendly, integrate federal regulatory data across programs, provide new data standards tools and context for regulatory analytics, inspire innovative uses of rulemaking data, and to provide modernized and shared technology platforms. We do not want to define tactical and operational plans for modernization at this stage, which is why this area is nonspecific.
If and when we -- when required, we will present our IT strategy and will look to you as the subject matter experts to evaluate our environment and present detailed roadmaps and analysis based on GSA's strategic plans as it pertains to modernization. To ensure Regulations Management Systems follow GSA ISO standards in an efficient manner, we must integrate security into every aspect of development, operations, and maintenance, following secure-by-design practices for any changes in the system. The primary reference to ensure that we maintain a resilient security posture will be the GSA IT's security policy standards, procedures, and guidelines. At this point we are going to transition into the Q and A portion of the agenda.
If you have any questions, please include them in the chat portion of your screen. I'll now hand it over to Kathryn Palmer to review the questions that came in or are in the chat. Thank you.
>> Thank you, Nick. As Nick mentioned, we have already received some questions which we will address before going through your questions submitted via the Zoom chat feature. The first question is, is GSA looking for the vendor to also host these websites with a FedRAMP certified cloud as part of the scope of support? The answer to this question is GSA is planning an eventual move to a GSA-managed-and-hosted cloud environment for these websites. Currently the sites are hosted in a vendor-managed AWS environment. The next question, the attachment titled RFI Questions 1608233251628 focuses on Agile development and its advantages, yet the statement of work titled RFI eRulemaking ROCIS Requirements SOO Version 1.2.1608233251839 only mentions Agile once in task five.
Please confirm that the attachment questions regarding the use of Agile are intended to be addressed/answered to in regards to this Regulations IT Support Services effort or RFI response. Perhaps the GSA OAS is considering a move to adopting the use of Agile for its future development efforts. The answer to this question is the current environment is an Agile environment.
The questions regarding the use of Agile are in relation to the RFI response. Future inquiries, if any, will include specific details surrounding the use of Agile methodology. The next question, is it mandatory to respond to this RFI in order to participate in the RFP/RFQ that will be released in the future? I'll turn this over to Vivian to respond. Vivian, you're on mute. >> No, it is not mandatory to respond to this RFI. Not responding to this RFI does not preclude participation in any future solicitation, if issued.
>> Thanks, Vivian. The next question, do we only need to answer the RFI questions, or do you also require us to submit our capability statement? What other documentation do we need to provide? I'm going to turn this over again to Vivian to respond. >> No, it is not mandatory to respond to these RFI questions or submit a capability statement. There are no required documents requested at this time.
Documentation and responses provided by companies are for research information gathering purposes only. >> Thank you. The next question is, who is the incumbent? I will again turn this over to Vivian to respond. >> The incumbents are Booz Allen Hamilton and CyberData Technologies. >> The next question is, what are the software products/tools being used? The answer to that question is primary software products and tools consist of Microsoft, Linux, VMware, Red Hat, Oracle, Documentum, Tenable Nessus, Prisma, Twistlock, and Elasticsearch. Additionally, common AWS services are utilized, such as S3, EKS, SQS, SNS, EC2, ALB, CodePipeline, CloudFront, and CloudWatch.
A comprehensive list will follow should an RFP be released. The next question is, is there currently an incumbent contract that is fulfilling these services? If so, would you be able to provide me with the contract ID number and vendor name, or would this be considered a new requirement? I am going to again hand this off to Vivian to respond. >> Booz Allen Hamilton contract number is 478AA020F0155, and CyberData Technologies' contract number is GSH1417AA0182. >> Thank you. I do see some questions coming in. At this point I'm going to turn it over to Latosha Frink to go through your live questions.
Thank you. >> Good afternoon, everyone. Thank you for joining us.
I want to answer some preliminary questions that are general in nature. The first question is, will the PowerPoint slides be e-mailed out? The answer to that is yes. If you are a registered participant, you will receive a copy of the PowerPoint slides at the conclusion of this meeting. The second question is directed towards Vivian Fields, and the question states, in the RFI the government asks about the advantages or disadvantages of doing a contract teaming arrangement versus a prime subcontractor agreement. We are submitting a response as a subcontractor and wondering if we need to speak to whether or not we could do a CTA or a prime subcontractor arrangement, or is it for the prime contractor to decide and respond? Please advise, Vivian. >> I think that you should submit as much information that you would like to have for that question on the Excel spreadsheet if that's something that you would be interesting in doing, a team arrangement.
But also, the prime can also respond to that question as well. >> Thank you, Vivian. Our next question is for Nick Pierre-Louis. The question states, the contractor shall provide personnel capable of performing all activities to manage a need on a firm-fixed-price contract to model maintain system availability at 99.5 percent of time. Operations O and M include maintenance projects system releases needed to sustain the IT assets at the current capability and performance levels.
Question, would the government please confirm whether the current capability and performance levels are both 99.5 percent uptime? Nick? >> Could you repeat the last portion of the -- >> On the last portion of the question states, would the government please confirm whether the current capability and performance levels are both 99.5 percent uptime? >> Yes, that is. Because the current capability is tied directly to the performance level of the contract, which means that we need to ensure that regulations.gov is up and running for public -- the public to comment on in accordance with those service levels.
So as that is the case, it is naturally tied in to the performance of the contract. Hopefully that answered the question. >> Thank you. The second part to that question is also asking, please confirm this is the only SLA for this task.
>> That is not the only SLA for this task. As we move further, if we do decide to move further, the quality assurance requirement will detail the performance level and the KPIs specific to each of the tasks that are called out on the RFI. So initially it's not as detailed as it needs to be at this stage in the process, but if we do decide to move forward, then those additional KPIs will be laid out and expressed in detail.
>> Thank you, Nick. This question is for Kathryn Palmer. Will the government be providing additional information to enable apples-to-apples evaluation of level of effort? Example: current number of users, number of transactions, size of environment, sprint cycle length, team size, types of enhancements, small, medium, and large? >> Thank you for that question. I think what we are trying to do particularly as it pertains to Agile development is implementing sprints to meet our customers' needs.
This is a very dynamic environment, and we're looking to make sure that as it pertains to scoping out the requirements that, you know, things will need to be adaptable as necessary. When it pertains to scoping out, like, T-shirt sizes or whatever Agile terminology is commonly used, we'll certainly work with the contractor to make those definitions. But apples to apples, if we're talking about comparing between programs, you know, we certainly hope if there's more information that has not been or is not clear in the RFI, we look to you to help us understand where we can be more clear should there be, you know, future acquisition.
Thank you. >> Thank you, Kathryn. This question is a combination for Nick as well as Tobias and the question states, the SOO states to maintain continuity the contractor would ensure 100 percent of federal rulemaking from partner agencies are posted in regulations.gov/FDMS
for public access, downloading, printing, bookmarking, and commenting. Would the government please provide historical data on the number of rulemakings posted annually? >> Tobias, do you want to take that, or do you want me? I don't think we have that metric right now. Or at least I don't.
>> No. You know, it's [inaudible], but right now I think in the RFI phase I don't have a specific answer to that question. >> Okay. Thank you. >> Can you provide that -- I think we can look it up and send some information out when we send out the slides.
>> Thank you, Virginia. The next question is for Nick Pierre-Louis. The question states, Section 522 states the beta version is hosted in a containerized cloud environment.
This system will be required to move to a future GSA target cloud environment. Please clarify whether migration of regulations.gov to the future GSA target cloud environment is a requirement for this contract. >> That is the requirement for this contract, and we are in the evaluation phase and planning phase at the moment. So in the future, that is where we're migrating this system.
>> Thank you, Nick. To accompany that question -- this may be a suggestion, but I will ask a question. It states, if migrating regulations.gov is part of the scope of this contract, please provide additional details to enable bidders to appropriately scope and price in the migration. Example: process flow information, interfaces, architecture, build process, technical specification of beta site, number of transactions, database size, and size of the environment. Would you like to comment on that, Nick? >> Sure. So that information, as I mentioned in the modernization section,
is coming -- is potentially coming later. I am not guaranteeing that an RFP will be put out, and I'm not saying that it won't. But if we do, the architecture system diagrams, all of the information required to properly develop a solutions roadmap for modernization, risk assessment, and any of the modernization plans required to move a system will be provided. >> Thank you.
The next question is for Kathryn Palmer. Kathryn, does GSA provide the tools for scanning, security monitoring, and analysis required for FedRAMP ISS -- sorry, IAAS. >> Thank you, Latosha. Yes, GSA provides tools for scanning, security monitoring, and analysis. The vendor, though, is responsible for the implementation of these tools in the execution of GSA scanning and monitoring procedures. >> Thank you.
Kathryn, this question is redirected back to you. The next question, it's actually a three-part question. Is penetration testing required? >> Yes, penetration testing is required.
>> If penetration testing is required, at what frequency? >> So the scope and frequency of penetration testing varies based on the level of change to the system, and of course we want to be compliant with GSA IT security policy. >> The last question to that three-part question, if penetration testing is required, does GSA provide the tool? >> GSA does provide the tool and conducts the penetration test. >> Okay. Thank you.
There were some questions in the comments regarding the RFI links. I did post that in the questions, as well as there was a request for to post a Google form link, which is also in the comments as well posted to everyone. The next question is for Vivian Fields. This question is, is there one incumbent for this procurement, or is there a consolidation of multiple? Can you please give the incumbent contractor names and their contract numbers and their contract expiration dates? >> There are two incumbents. Booz Allen, their contract number is 47HAA020F0155.
And CyberData Technologies, and their contract number is GSH1417AA0182. I will provide those expiration dates when we send out the slides. >> Thank you, Vivian. This next question is for Mr. Pierre-Louis.
The question states, what is the FISMA system categorization? >> Nick, you're on mute. But -- >> Sorry about that. I said moderate. Did you catch that? >> I'm sorry. Can you repeat the answer again? >> It's FISMA moderate. >> Thank you for that answer.
>> You're welcome. Sorry about that. >> This question is for Vivian Fields. Is GSA looking to make this a full and open, or are they considering a small business set-aside? >> As for now we're in the planning stage. So once the RFI closes and all the information is evaluated, that will be a decision that will be made. But right now we're in the planning stage.
>> Thank you. The next question asks, will this session be recorded? Yes, this session is being recorded, and it will be posted on GSA's YouTube channel. The next question states -- and this question is for Kathryn. Should a GSA schedule small business that provides comment analysis and bot detection tools respond alone or in conjunction with a prime? >> Thank you for that.
I think Vivian has already touched on this, and I want to just reiterate what she had mentioned. But I think vendors should provide as much information as possible. Vivian, do you want to add to that? There's certainly no requirement one way or another, but I'll defer to Vivian as well. >> What was the question again, Latosha? >> Pretty much based on this company's capabilities, they're wondering if they can respond solo or in conjunction with a prime. So Vivian, I think the answer to this is we're in the RFI information gathering stage, and so if you would like to respond solo, there is no requirement for you to respond with a prime during a RFI phase.
So we welcome all interested parties to provide their responses in assisting in the procurement planning purposes. >> Yeah. That's true. Thank you.
>> Okay. So the next question asks, in the RFI there are a set of questions that differs from the Google document. How can we ensure that we provide responses to both? Can we e-mail our responses that's in the Google -- that's in the RFI that differs from the Google forms separately? >> Is that for me? >> Yes.
>> Yeah. I don't have a problem with that. As long as they provide -- answer the questions that are on the Excel spreadsheet, I don't have any issue with them e-mailing their response. >> Okay. Thank you. This question is for the entire GSA IT team, Jennifer Hanna, Nick Pierre-Louis, and Kathryn Palmer. And the question states, can you share some of your biggest challenges you've been experiencing as it relates to your modernization goals? >> I'll chime in first and then hand it over to Kathryn and Nick to jump in. I think one of the things that we're very focused on is making sure that we have a flexible environment and we're able to adapt quickly to changes in priority.
So that's one of the things that we are most concerned about and trying to make sure that we maintain that flexible environment. I'll also hand it over to Kathryn and Nick if you wanted to provide additional information. >> Thanks, Jen.
One of the things that I would also add to that is making sure that, you know, our current systems are based on legacy technology and, you know, managing the technical debt that comes with the legacy technology while making incremental changes is certainly a challenge. We're looking for vendors, as Jen mentioned, you know, providing flexible, adaptable technology solutions that are creative that help address our customers' needs. Nick? >> Well, I agree, Kathryn. The technical debt is probably one of the biggest issues or challenges, at least speaking for myself and then looking at the program as a whole. But managing complexity for an older system in general is always difficult because technology changes very rapidly. So you also have to keep up with the new technology, meanwhile managing the programs and additional -- any additional issues that might come up.
So with modernization it's always a challenge regardless of the system, I think. >> Thank you. The next question is for Vivian.
Vivian, has the government decided where the final solicitation -- what vehicle will be utilized and where the final solicitation will be posted? >> No. As I stated before, we're in the planning stage, so that hasn't been determined. >> And that concludes our questions for this session. I would like to remind all of our participants we will follow up with the PowerPoint presentation, as well as the contract numbers of the incumbent, as well as the names of the incumbent, and we will also provide clarifying questions regarding sending your separate responses that differs from the Google form questions. So that will be followed up via e-mail to all of the participants listed here.
At this time I will turn it over to Mr. Corey Wilson for closing remarks. >> Thank you, Latosha. A couple of quick things to clarify. We aren't going to be evaluating any RFI submissions. We're simply using those for -- excuse me -- planning and research purposes. However, we do anticipate an RFQ.
The timing of that RFQ is still to be determined. So we are utilizing all of this information that we are collecting via the RFI for informational purposes only. But as Latosha said, thank you guys so much for joining today. We appreciate the collaboration and the insight with your questions, again, as our industry partners. As a reminder, our RFI does close at noon on January 29th, 2021, and all submission details are included in Section 13 of the Draft SOO within the RFI.
We do look forward to hearing from you, and thank you so much for your participation in today's GSA IT Regulations Management Industry Day. Thank you and have a great day.