Interoperable Cloud, Innovative Competition

Advancing Artificial Intelligence and Emerging Technologies via Public Sector Procurement

• Downloadable PDF at SSRN: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=5272590

Omid Ghaffari-Tabrizi^*

^* Originally submitted to the faculty of the George Washington University Law School in partial satisfaction of the requirements for the degree of Master of Laws in Government Procurement Law

Abstract

Mandating interoperability in federal IT by using standards instead of brand names will be critical if the United States Government is to make the most of its public sector procurement power. This is especially true in the context of artificial intelligence and emerging technologies. An analysis of certain IT systems identified as high-risk shows that they have been characterized by vendor lock-in resulting from limited and sole source competitions based on proprietary solutions. This results in a reliance on specific vendors instead of specific technologies.

Historically, when the U.S. Government has sought innovative solutions, the solicitations referenced standards and where standards did not exist, the solicitations referenced objectives. The resulting solutions have cemented, and in some instances developed into, standards that are credited with massive and significant advances in human history. It is this standards-based approach to procuring new and innovative solutions that needs to be adopted again to ensure the approach to developing and deploying artificial intelligence is rooted in the ideals of openness and innovation through competition.

This is critical as the velocity of developing emerging technologies will only continue to increase exponentially over the coming years. Advances in quantum computing, electrical power generation, and autonomous vehicles, among other areas of research, are only going to amplify the need to ensure major systems are designed with components that can be replaced as they become obsolete, or in the worst cases, breached or vulnerable. This paper offers recommendations for implementing the concept of mandated interoperability, which range from better solicitation practices, to agency-wide or government-wide policy, and to appropriations language intended to provide relevant agencies with a map to transition to an interoperable IT environment – and to do so today.

Introduction

“Uniformity in the Currency, Weights and Measures of the United States is an object of great importance.” President George Washington recognized this in his first annual message to Congress, delivered on January 8, 1790. With artificial intelligence (“AI”) promising to change the very way in which we live and prosper, we would do well to remember this statement and ensure it is, as President Washington suggested then, “duly attended to” (Washington, 1970) lest we risk losing our position as “the world’s most robust AI ecosystem” (Stanford HAI staff, 2024)

The legal foundation is in place to establish sound standards. The Federal Acquisition Streamlining Act of 1994 (FASA) and the commercial preference it established marked one of the strongest attempts by the U.S. Government to stop using “government-unique specifications and standards” that resulted in the creation of a “longstanding habit of demanding that firms create government-unique versions of goods and services available in the commercial marketplace.” Modern IT has generated open standards that themselves represent the “broad need descriptions that enable vendors to offer a wide variety of commercial solutions” rather than strict specifications that would often result in the procurement of obsolete or unnecessarily unique products and services (Schooner, 2003, 103). This is partly because of the U.S. standardization system, which led to the development of technology that ensures modern IT “is open, market-driven, voluntary, and private-sector-led” (ANSI, 2024, 11).

Today, we run the risk of losing the global competition for achieving AI leadership to the People’s Republic of China (“China”), which is are operating under the policy of Eastern Data and Western Computing (Jun, 2022), or the European Union (“EU”), which is proceeding under the recommendations provided by Mario Draghi (Draghi, 2024) by launching seven “AI factories” spread across the EU (EuroHPC, 2024).

In the United States, as part of an effort to seek information from the public on what should be among the top policy priorities for the Administration’s AI Action Plan, the Office of Science and Technology Policy (“OSTP”) emphasized the importance of removing “burdensome government requirements [that] restrict[] private sector AI development and deployment” (NITRD NCO, 2025). Some of those restrictions are self-imposed, such as those associated with procurement (M-15-14, 2015) or cybersecurity compliance (M-24-15, 2024). Others are artificial, such as those imposed by vendors via restrictive licensing (GAO, 2024). Regardless of the reason, interoperability has been recognized as a key way to cut through these issues from the first national cloud policy (OFCIO, 2011), Executive Order (“EO”) 13800 (2017), EO 14144 (2025), and EO 14158 (2025). As was true in the first Trump Administration and has proven to be true again in the Software Modernization Initiative from EO 14158, “interoperability [is] a top priority for the Federal [G]overnment” and a big part of that is the because of the innovation through competition that it will incentivize (White House Staff, 2018).

In exploring how procurement will play a role in determining whether the move towards an interoperable environment will be a successful effort or not, this paper will cover the following: U.S. Government participation in standards development, the current federal IT landscape, an analysis of select IT procurements, findings worth addressing, and recommendations for implementation. Ultimately, this paper will show that an interoperable cloud is key: mandating that solicitations look to standards and not brand names will ensure that U.S. Government IT systems are set up for the future, have competitiveness built into the system, and encourage and incentivize innovation without compromising security.

Government Participation in Standards Development

Standardization Generally and Historically

Even before the Constitution was ratified, our Founding Fathers recognized the U.S. Government’s role in “fixing the standards of weights and measures” was as important as regulating currency – these were among the exclusive powers the Articles of Confederation provided to the U.S. Congress (U.S. Congress, 1952, 942). While the U.S. Government has not shied from setting standards, it has not done so in a consistent manner (Lemley, 1999, 746). In fact, between the Revolution and the June 14, 1836 passage of a resolution focused on capacity standards, the effort to create commercial standards had arguably moved forward with sporadic success and, while there was congressional attention, there was little congressional action until the turn of the twentieth century (Fischer, 1905, 369-71).

The Foundation

The year 1900 saw U.S. foreign commerce pass the $1 billion mark and the commercialization of electricity, both critical milestones in the U.S. technological revolution (Cochrane, 1966, 1). When the National Institute of Standards and Technology (“NIST”) was founded as the National Bureau of Standards (“NBS”) on March 3, 1901, the initial set of standards the agency developed were related to “electricity, length and mass, temperature, light, and time.” In order to effectuate adoption, the NBS also “created a system to transfer those values to the public” via their work and their research (NIST, 2023). Ultimately, the guiding reason for the creation of the NBS was to ensure those aiming to “accomplish together anything useful would be able to understand one another” (Cochrane, 1966, iii).

Whole-of-Nation Approach

In 1902, with an eye to benefiting the public and the nation’s economy as a whole, Louis A. Fischer, the Chief of the Division of Weights and Measures from the NBS, “directed scattered inspections of weighing and measuring devices and transactions involving quantities” across New York with a goal of “determin[ing] what amount of protection the buying public was receiving against short weight and short measure in purchase” (Judson, 1976, 20) Taking those findings, the NBS called upon a number of participants from across the country to “discuss the lack of uniform standards,” resulting in what turned out to be the first meeting of the National Conference on Weights and Measures (NCWM, 2025). As the mission of the NBS both expanded and showed dividends, it led to then-Commerce Secretary Herbert Hoover championing “standardization as a method for preventing ‘waste in industry’” shortly after World War I (Russell, 2005, 263).

Modern Computing

The focus of the NBS on standardization and the research necessary to develop those standards produced real results, including the first proximity fuze, introduced in 1941, and “credited by some with shortening the course of World War II” (Haseltine, 1953, 299). NBS wasn’t alone in creating real advances in computing based on a pursuit of standardized approaches to training – the electronic numerical integrator and computer, or ENIAC, is considered the first general purpose computer (Brockmeier, 2021). The U.S. Army Ordnance Department purchased the ENIAC after a proposal submitted by John Mauchly and J. Presper Eckert dated June 5, 1943 (Weik, 1961, 571). This assistive tool in calculating artillery firing tables provided two important developments: (1) a procurement that focused on outcomes while proposing techniques to achieve them such as the example outlined in 1(b) on Vacuum Tube Trigger Circuit with the ENIAC team’s proposed way out of the three, then-known “ways of obtaining a circuit action similar to that of a thyratron;” and (2) the use of certain standards when necessary, such as manufacturer’s data for the 6J6 vacuum tubes that outlines the plate voltage, amplification factor, transconductance, and other metrics the system will meet (Knuth, 1942).

Standardization in IT Specifically

The importance of standards to IT, like those developed by ENIAC and beyond, “is difficult to overstate” especially as it relates to modern, complex, and “sophisticated digital systems and devices” (Blind et al., 2023, 2). In particular, standards developed via public research in a fashion that makes them available to anyone “provides the opportunity for the implementation of research results … in innovative technologies, products, and services.” Open standards developed for and through public procurement have been shown to “create critical masses and [to] allow the exploitation of economies of scale in the emerging phases of a new market” with notable examples including “[s]uccessful platforms such as the Internet and the cellular telephone” (Hawkins et al., 2017, 48, 53).

Publicly-Funded Research

The first working transistor, demonstrated at Bell Laboratories on December 23, 1947 by William Shockley, John Bardeen, and Walter Brattain, was the result of war-time work to improve radar that started with a research grant awarded to the University of Purdue from the Office of Scientific Research and Development in March 1942 (Bray, 2016). From then onwards, the microelectronics industry in particular benefited from the U.S. Government’s “direct and indirect procurement policies” by allowing an otherwise “price-insensitive market” to lower prices as members of industry improved and innovated their approaches. While most “analysts credit the existence of the potential public sector market with inducing private investment in [research and development (“R\&D”)],” others point out that innovation could have been primarily due to the involvement of government agencies “as information clearinghouses” that resulted in the “disseminating [of] diverse approaches” instead (Holbrook, 1995, 134-35). Regardless of the reason, the sector benefited from the promise of a buyer the size of the U.S. Government would create the necessary demand to create new technologies (Lécuyer, 2006, 130).

Digital Revolution

Advances in research were not limited to those taking place outside of the Federal Government – in May 1950, NBS deployed the Standards Electronic Automatic Computer, or SEAC, which served as the first stored-program computer built by the U.S. Government and improved the reliability of components and the ability to optimize the storage of data (Kirsch, 2001, 86). Funded by the U.S. Air Force, experiments run on SEAC are “still cited as a model of how computational experiments should be made and reported” (Todd, 1987, 50). In fact, many of the decisions made in developing SEAC are relevant today, including the use of square binary pixels (Kirsch, 1998, 10).

Personal Computing

ERA 1101, later called the UNIVAC 1101, was the first stored-program computer that, unlike SEAC, could be transferred from the site of manufacture to the site of deployment and could be run at an “unheard-of performance level for the time” via advances such as its own air conditioning, built-in marginal checking for maintenance, and fault isolation through a centralized maintenance panel (Tomash & Cohen, 1979, 90). The very first customer was the U.S. Navy, which took delivery in the late 1950s (ONR, 1951). This advance allowed for a scalable commercialization of computers and ultimately the personal computer itself (ERA, 1951) after a great deal of systematic learning and R\&D funded through those Navy contracts (Norberg, 1993, 192).

The Information Revolution

On December 9, 1968, Douglas Engelbart gave the “Mother of all Demos,” a demonstration of technology that he developed with his colleagues at the Stanford Research Institute (SRI) that was funded by the Advanced Research Projects Agency (“ARPA”) and the Air Force (DARPA, 2025). The demonstration included innovations collectively called the oN-Line System (NLS) and it introduced features that were focused on improving the capabilities of the user (i.e., “augment intellectual capability”) rather than on making the system easier to use (Doug Engelbart Institute, 2023). Among those innovations, many of them such as the computer mouse, document version control, and email not only exist today but were provided to users at scale via ARPANET, which itself was the result of a 1968 contract to BBN Technologies for the very first routers and developed using the same principles behind the development of NLS. Arguably, much of the internet itself is feasible only because of DARPA’s advances in wireless communications, among other things (DARPA, 2025). From that point on, federal research funding for computer science, electrical engineering, and other related fields has played a critical role in advancing work in computer architecture, artificial intelligence, and other direct contributions to today’s technology, accounting for “roughly 70 percent of total university research funding in computer science and electrical engineering since 1976” (Committee on Innovations in Computing and Communications: Lessons from History et al., 1999, 56). That trend has only become stronger over time, going from $20.8 billion in 2025 dollars obligated for R\&D in 1976 to an estimated $195.7 billion in 2024 (NCSES, 2025).

The Current Federal IT Landscape

In much the same way university-funded research is heavily reliant on U.S. Government funding, much of the tech industry is reliant on open source technologies (Ackermann, 2023). The ability to develop open standards is relatively natural – where standards do not exist and where industry is reluctant to coalesce around one or a set of standards, encouragement from the public sector has been shown to work (Blind, 2013, 26). However, for a variety of reasons, that forcing-function sometimes needs a catalyst of its own. As such, it is important to understand how and why the U.S. Government has ended up with an IT environment built on brand-names instead of standards and what it may mean to use policy levers based on competition, policy, and cybersecurity considerations to effectuate the sought after move towards interoperability to support AI and other technologies.

Competition Considerations

The current era of technology is marked by a significant transition, driven by the public availability of Generative AI (Huang, 2023). The amount of computational power necessary to run AI solutions arguably means the foundations of modern IT began with the advent of cloud computing as the most significant AI-related developments were only feasible due to the availability of massive cloud-based computing infrastructure (Sastry et al., 2024). The 17 “Major IT Investments Rated as High Risk for Four Consecutive Quarters” as identified by the U.S. Government Accountability Office (“GAO”) in a recent report to Congress are the types of systems that would benefit from such modernization not only because of the amount and type of data they process, store, and transmit to the public or other agencies, but also because of the scale, cost, and complexity associated with these systems (GAO, 2024, 56). In fact, some of these systems operate the workflows or possess data from the earliest days of the U.S. Government’s use of computing, attributable to “a rapid decrease in costs [and] real competition among vendors” (Johnson et al., 1993, 18).

Promoting competition requires a focus on meaningful competition rather than formalistic competition (Schooner & Berteau, 2023) and the Competition in Contracting Act of 1984 (“CICA”) (1984) (became law as part of the Deficit Reduction Act of 1984 (1984)), while noble in its intent, has seemingly not been enough on its own. An example of what CICA partly aimed to achieve can be shown in the procurement of typewriters: a procurement team could have chosen to go with the IBM Selectric II but instead decided to focus on the salient characteristic that made it so superior: the typeball (Schooner, 2020, 146). A more modern example for demonstrating what it could achieve, can be shown in the procurement of software for PDF files: a procurement team could choose to go with Adobe Acrobat or instead focus on the salient characteristic of software that can handle ISO 32000-based PDF files (ISO, 2008). A search of USASpending.gov covering FY 2008 to FY 2025 shows 2,300+ contracts for “Adobe Acrobat,” accounting for more than $237 million in spending (GSA, 2025). There are zero contracts involving “ISO 32000” (GSA, 2025).

The Federal Procurement Data System shows very similar results, with nearly 3,500 matches for the brand name and none for the standard (GSA, 2025). As it relates to cloud-based technology, while not dispositive, there are five contracts that reference “ISO 27001” meaning that at least the Department of State (“DOS”), Department of Treasury (“Treasury”), and Department of Health and Human Services (“HHS”) have explored the idea of citing standards instead of brand names (GSA, 2025). While seemingly limited in nature, the use of this open standard, in fact, generates far more robust competition than simply naming a provider or program. It allows for the agencies to “support multiple products that operate on multiple platforms” with that competition able to help the U.S. Government “open the enterprise” not simply the environment itself (Johnson et al., 1993, 19). This is important to note because it signifies the potential for broadening the pool of potential vendors, a critical factor identified as being necessary to increase meaningful and impactful competition in public procurement (Kang & Miller, 2021, 1495). Data collected over several years in Finland (Pitkänen, 2022), Slovenia (OECD, 2025), the United Kingdom (NAO, 2023), and the United States (Atkinson, 2019) shows a larger vendor pool can drive competition as well as exposure to a greater number of market-driven solutions simply by virtue of the diversity of options.

Policy Considerations

Obtaining those benefits requires a modern policy foundation as well. Within IT procurement, there are a number of specific issue areas that are not only significant in procurement generally, but are particularly impactful on the idea of using interoperability to increase the total number of participants in public sector procurements. These include: prioritizing commercially-available solutions over government-specific ones, supporting modern pricing models, addressing legal restrictions associated with switching solutions, and ensuring data can move across systems seamlessly.

COTS over GOTS

Palantir USG, Inc. v. United States, No. 2017-1465 (Fed. Cir. Sept. 13, 2018) (Palantir USG v. U.S., 2018) provides an important data point in the discussion around whether those solutions should be commercially available (commercial-off-the- shelf solutions, or COTS) or custom-made (government-off-the-shelf, or GOTS) (Schooner, 2018). With Palantir as well as Executive Order 14271 (2025) establishing a COTS-first procurement policy, this could result in the exposure of government IT systems to components not yet reviewed or otherwise exposed to the unique stresses of government IT – for example, in 2024, there were “approximately 9,100 software-as-a- service (SaaS) companies in the United States” (Vailshery, 2024) but only 384 total cloud services (software, platforms, and infrastructure) were both approved and on the FedRAMP Marketplace before the program began a major rework (FedRAMP PMO, 2025). This presents issues associated with shadow IT and also limits the choices, keeping staff from using solutions that represent better return on investment, greater functionality, or new technologies (Garland, 2023, 2).

Consumption-Based Pricing

Much of the tech industry delivers and prices cloud services on a consumption basis, meaning that users incur “charges on a predetermined periodic basis … and [are] billed based on actual usage” (AL MV-21-06, 2022, 2-3). To access many of these services often requires an upfront payment to allow for consumption to begin, meaning policies that allow for these advanced payments without violating the Anti-Deficiency Act had to be developed by establishing certain criteria that, when met, would provide for the specific authorization necessary to make such a purchase (AL MV-2024-01, 2024). While the color of money and budgeting issues will remain, once that funding is available, the ability to pay for commercial services using commercial methods will incentivize greater participation in the contractor ecosystem and the impending Federal Acquisition Regulation (“FAR”) rewrite could be a major step towards addressing this issue (Exec. Order No. 14275, 2025).

Impacts of Restrictive Licensing

The use of restrictive licensing terms to stifle competition is well documented but arguably not well enough known as they are allowed to continue in public sector contracts (Garland, 2023, 2). Beyond leaving government agencies unable to achieve accurate data around usage (GAO, 2024), these restrictive licenses have left agencies paying more while limiting their ability to use the best and latest tools (GAO, 2024). Specifically, as the United Kingdom’s Competition and Markets Authority found, one tech provider charged public and private sector customers who attempted to use their services or software alongside components from “its main rivals” higher prices, sometimes 400% “higher than the retail price it charges its own customers,” which made it economically unviable to continue down the path of creating a multi-cloud environment or to outright switch to another vendor (CMA, 2025, 5). With a Federal Trade Commission (“FTC”) antitrust probe looking into the impact of that same vendor’s licensing practices on the public and private sectors of the United States, the legal mechanisms that stifle interoperability could become quantifiable in the context of the Federal Government’s spending (Satija et al., 2025). Running in parallel to the FTC investigation, the Strengthening Agency Management and Oversight of Software Assets (“SAMOSA”) Act is intended to create a federal software and cloud services license inventory, allowing every agency to determine the quantifiable impact of restrictive licensing agreements (among other factors, including artificial technical barriers to interoperability) and the associated cost for the Federal Government (SAMOSA Act, 2025). Addressing licensing issues in public sector procurement could finally allow the U.S. Government to achieve the “significant savings” GAO recognized would be possible over a decade ago (GAO, 2014).

Data Portability and Machine Readability

Just like telephone number portability before it, data portability represents the ability of the U.S. Government to move its data from one Cloud Service Provider (“CSP”) to another (Gulati-Gilbert & Seamans, 2023). While important for allowing a government agency to move to a better or cheaper rival, it is also important to better effectuate the use of AI solutions to generate insights from the variety of different data silos that exist across governments, industry, and academia (Sena et al., 2023). As a corollary, besides being required by the OPEN Government Data Act (2017) (became law as part of the Foundations for Evidence-Based Policymaking Act of 2018 (2019)), making data machine-readable where and whenever feasible will allow for an easier transition to new, different, and better solutions that make use of existing data, something GAO has been advocating for since as early as April 11, 1983 (GAO, 1983).

Cybersecurity Considerations

Where interoperability accommodates for swapping vendors from the perspective of competition, it also allows for the same from the perspective of a technology stack. The technical benefits of interoperability are relatively practical in nature: where a component is compromised, it can be swapped out; where hardening of the IT infrastructure is required, zero trust architecture can be supported; and, where software and hardware are connected, it can provide for more effective data transfer capabilities, among other benefits.

Removing Bad Actors

The U.S. Cyberspace Solarium Commission cited data standardization and interoperability as critical components for obtaining “improved combined situational awareness of cyber threats” and allowing “for the sharing and fusing of threat information, insight, and other relevant data across the Federal Government and between the public and private sectors” (CSC, 2020, 101-02). The importance of interoperability was most apparent on September 13, 2017, when the U.S. Government issued a mandate to remove all “Kaspersky-branded Products” from Federal Government IT infrastructure (BOD 17-01, 2017) and from the United States entirely on June 20, 2024 (BIS, 2024). After Israeli intelligence discovered Russian intelligence used a backdoor in Kaspersky’s antivirus software “as a kind of worldwide search engine” to look for data containing the codenames of American intelligence programs (Uren, 2024), the U.S. Government required all agencies to rip and replace the software from their IT infrastructure, regardless of the cost. From a hardware perspective, and on a national scale, we saw something similar with the Secure and Trusted Communications Network Reimbursement Program aimed at removing communications equipment and services produced or provided by Huawei or ZTE (FCC, 2025) with funding approvals sent on July 18, 2022 (DA-24-839, 2024) and deadlines for removal “ranging from May 29, 2024 to February 4, 2025” (Rosenworcel, 2024). A Congressional investigation into the risks associated with Chinese intelligence using the vulnerabilities found in the hardware from these companies discovered there is no feasible way to be confident that such intrusions can be blocked or otherwise stopped (Mike & Ruppersberger, 2012). With that finding, the U.S. Government estimates it will have to spend “nearly $5 billion” to free American telecommunications networks from the proprietary hardware provided by those two vendors (FCC, 2024). Both instances are useful examples of the need for “best practices for providing interoperability between free and open” systems (Bu, 2024, 296), both technically and programmatically (i.e., through governance), including via the procurement process, as they demonstrate the extreme cost and significant non-financial impacts that vendor lock-in can cause.

Improving Internal Systems

The Secure by Design initiative (CISA, 2025) and the recommendations provided by the Cyber Safety Review Board report on the Microsoft Online Exchange Incident from 2023 (CSRB, 2024) are among the ways the U.S. Government is reacting to cybersecurity weaknesses exploited by China, Russia, Iran, and others (DOJ, 2024). The Department of Defense (“DoD”), in particular, issued updated guidance on software acquisition, requiring the adoption of the Software Acquisition Pathway (“SWP”) (DOD, 2025) and focusing on security as non-negotiable. However, the guidance still recognizes the need for “nontraditional and commercial software developers” to join the Defense Industrial Base (“DIB”) and add the kind of increased supplier base that results in increased competition and allows for delivering advantages to the warfighter and nation as a whole (Lopez & Shinego, 2025). As the SWP outlines on numerous occasions, a DoD component’s interoperability strategy and requirements are among the top responsibilities outlined in the SWP (DoDI 5000.87, 2020, 5-7, 9, 14, 21). This is especially critical for zero-trust architecture (“ZTA”) and other cybersecurity-related efforts considering GAO and the U.S. Government recognize “there is no single ZTA solution [and] ZTA implementation requires integrating existing technologies with each other and with newer technologies” (GAO, 2022, 2). Fundamentally, zero trust is “a collection of concepts and ideas designed to minimize uncertainty in enforcing” access related policies, and not a product or technology you can simply plug into a system – it is the actual policies and underlying choices behind the design of the system architecture, or “the network infrastructure (physical and virtual)” (NIST SP 800-207, 2020, 4).

Remembering Hardware

The CHIPS and Science Act (2022) and related efforts helped fund “domestically-located semiconductor fab[ricator]s [which have been recognized] as a requirement to maintain the nation’s leadership in AI” with a heavy focus on interoperability throughout the legislation, including a $1.5 billion Public Wireless Supply Chain Innovation Fund (Blevins et al., 2023). The National Strategy on Microelectronics Research went further, citing the efforts of the U.S. Government’s preferences to develop semiconductor technology as part of why U.S. students were able to create “ENIAC on a chip” (SML & NSTC, 2024). In developing the standards for these critical hardware components, the Federal Government recognized “[i]nteroperability across systems and devices” is vital and they need to provide “[e]fficient and effective acquisition processes” to make this work (NIST IR 8501, 2023, 2).

An Analysis of Select IT Procurements

The maps in Appendix B were created using the 17 high-risk systems identified by GAO and by reviewing their Privacy Impact Assessments (“PIA”). The maps demonstrate the number of systems connected to the high-risk system, the agencies and organizations reliant on the high-risk system, and, where applicable, the individuals who are ultimately impacted by the safety, security, and stability of any of the systems intrinsically connected to the high-risk system. Where publicly available, the awards made to develop, deploy, operate, and maintain those systems of those systems, were then analyzed, allowing at least a high-level overview into whether the underlying procurements promoted interoperability via standards-based approaches or if they incentivized vendor lock-in by limiting competition, through a variety of means, to only solutions provided by or serviced by specific vendors.

Department of Homeland Security

Biometric Exit Mobile Program

The Biometric Exit Mobile Program (“BEMP”) involves six systems maintained by components within U.S. Department of Homeland Security (“DHS”) with the purpose being “to capture biometric and biographic information in support of [the DHS] border security mission” with every American who enters or exits the United States likely to come across this system (DHS/CBP/PIA-026, 2018). Within the PIAs, one industry solution is referenced by type. Among the relevant awards, two brand names were mentioned with no standards mentioned. The ultimate end users are the members of the American public who will not connect to the system but will have their data stored and used within the BEMP. Were the BEMP to enforce interoperability, the American public, U.S. Customs and Border Patrol, and the DHS as a whole would likely benefit if only because this system is so interconnected with other critical systems within the DHS ecosystem. Additionally, if interoperability became the standard, the DHS Office of Biometric and Identity Management would eventually be converted to support such an approach by virtue of those connections (Ghaffari-Tabrizi, 2025), resulting in any biometric system used within the DHS mission likely to benefit as well.

Financial Management Systems

The Financial Management Systems (“FMS”) are 12 systems maintained by components within DHS that perform the “core financial management functions” for the entirety of the department (DHS/ALL/PIA-053, 2020). There are additional connections to other agencies to execute on this function – the Office of Management and Budget (“OMB”), Treasury, the U.S. Department of Agriculture (“USDA”), General Services Administration (“GSA”), and the Financial Crimes Enforcement Network (“FinCEN”). Within the PIAs, two industry solutions are referenced by name. Among the relevant awards, three brand names are referenced six times, including via a limited sources justification, with no standards mentioned. The ultimate end user is DHS staff who will have to both connect to and rely on these various systems. While that means everyone at DHS must engage with this system in some fashion, whether that is as an actual user or to have their data included among these systems, interoperability via FMS would be particularly impactful because of those connected. Anything involving finances tends to have the ability to influence everything else within an agency because financial data is so critical to their operations (e.g., payroll, contract awards, grants, etc.) and where those systems go, others tend to follow, and in this case, it would be broad swathes of inter-connected agencies (Ghaffari-Tabrizi, 2025).

Homeland Advanced Recognition Technology System

The Homeland Advanced Recognition Technology System (“HART”) is a modernization effort intended to replace the Automated Biometric Identification System (“IDENT”), a “system for storage and processing of biometric and associated biographic information” collected and maintained by multiple components across DHS (DHS/OBIM/PIA-004, 2024). There are no industry solutions referenced by name in the PIAs. Among the relevant awards, one brand name is referenced with no standards mentioned. The ultimate end users are DHS, DOS, DoD, the U.S. Office of Personnel Management (“OPM”), the Intelligence Community, the U.S. Department of Justice (“DOJ”) as well as state and international law enforcement partners. The importance of this system, beyond its centralized and consolidated role involving biometric data of every American and visitor to the United States, is the connections it has to other agencies within the Federal Government, State and Local governments, and international law enforcement agencies. Beyond the opportunity to influence and create harmonization between American public sector organizations, the ability to influence those overseas provides real strength to the argument that American-made solutions are market-leading ones (Ghaffari-Tabrizi, 2025). It also should allow for the entirety of the global public and private sector that believes in and agrees with the ideals such standards would promote to have a real opportunity to coalesce around and support such an approach towards developing technology without having to compromise or give up their own history or culture (Morishima, 1982).

Department of Housing and Urban Development

Single Family Housing Enterprise Data Warehouse

The Single Family Housing Enterprise Data Warehouse (“SFHEDW”) is a collection of 13 systems maintained by the Single Family Housing Programs within the U.S. Department of Housing and Urban Development (“HUD”), serving “as a consolidated source of single-family mortgage and insuring data” (HUD D64A SFHEDW PIA, 2020). Within the PIAs, one industry solution is referenced by name. Among the relevant awards, five brand names are referenced, including via limited source justifications, with no standards mentioned. The ultimate end users are HUD, the Federal Housing Finance Agency, and the Federal Reserve Banks. Regardless of how HUD’s mission changes, the interconnected nature of the SFHEDW and its responsibility to store and provide for use any and all single family housing-related data within HUD means the ability to influence other systems is broad by default (Ghaffari-Tabrizi, 2025). The current reliance on a single vendor, unfortunately, does not incentivize the other system owners, the Federal Reserve Banks, or other users to change their architecture to be anything other than proprietary as nothing indicates the vendor or the SFHEDW system owner is pushing in that direction.

Department of Interior

Accounting Reconciliation Tool

The Accounting Reconciliation Tool (“ART”) is one system maintained by the Bureau of Indian Affairs (“BIA”) within the Department of Interior (“DOI”) and the DOJ, serving as a method “to query transactions from legacy data sources” (DOI OST-ART PIA, 2017). Within the PIAs, there are no industry solutions referenced. Among the relevant awards, there are no brand names or standards referenced. The ultimate end users are involved with Tribal nations that have trust accounts with BIA. While there is only a single system, the fact that every single Tribal nation is reliant on this for critical financial functions and the necessity for the data and actions taking place on the system to be used, at times, by DOJ attorneys who need to be able to rely on it for evidence, gives this solitary system a significant degree of potential impact (Ghaffari-Tabrizi, 2025). In fact, for some Tribal nations, the operations of this system can be a necessity for survival as it disburses nearly $1 billion annually and has $9 billion under active management on any day (DOI, 2025), meaning the system owners have major leverage.

Incident Management Analysis and Reporting System

The Incident Management Analysis and Reporting System (“IMARS”) is one system maintained by the Office of Law Enforcement and Security (“OLES”) within DOI (DOI IMARS PIA, 2022), which should be a COTS product that is intended to serve as “an enterprise-wide incident management and reporting” system. Within the PIAs, there are no industry solutions referenced. Among the relevant awards, there are two brand names mentioned. Among the relevant awards, there are two brand names of service providers mentioned and no standards referenced. The ultimate end users are law enforcement agencies across the country. While IMARS is a single system run by a single office, it reaches every law enforcement agency at any level that has to interact with DOI’s OLES team (Ghaffari-Tabrizi, 2025). This reach means all levels of law enforcement could be pushed to adopt some level of interoperability within their infrastructure if only because of the ability of IMARS to support them should they make such a switch but there is currently no incentive for those named providers to make any change.

Law Enforcement Management Information System

The Law Enforcement Management Information System (“LEMIS”) is one system maintained by the U.S. Fish and Wildlife Service within DOI “to help carry out operations and enforcement actions” (DOI LEMIS PIA, 2020). Within the PIA, there are no industry solutions referenced. Among the relevant awards, like IMARS, there are no brand names or standards referenced. The ultimate end users are segments of the U.S. public who are involved with or obtain data on incidents in national lands. Much like IMARS, this is a single system with a broad reach – while IMARS focused on providing information to law enforcement, LEMIS provides the American public an opportunity to manage and review their cases and other publicly available information via the system (Ghaffari-Tabrizi, 2025). With this system, the vast number of combinations available due to public accessibility makes interoperability a two-way benefit – it will provide users a seamless experience regardless of their particular tech stack and system owners the ability to keep this widely-used system modernized over time.

Trust Asset and Accounting Management System

The Trust Asset and Accounting Management System (“TAAMS”) are four systems maintained by components within BIA and DOI that serve as an “integrated land management system” for “48.7 million acres of tribally owned land, 6 million acres of Federally-owned land, and approximately 181,000 acres of Federally-owned land held in Trust status” (DOI TAAMS PIA, 2021). Within the PIAs, there is one industry solution referenced. Among the relevant awards, there are two brand names and no standards referenced. The ultimate end users are Tribal nations who obtain funding and other financial services from the U.S. Government (Ghaffari-Tabrizi, 2025). Of note is that many Tribal nations view data sovereignty as part of their Tribal sovereignty (Mohr, 2024), and as experiences in setting up a data sharing agreement with the EU has shown, especially where those sovereignty priorities align, dealing with the technical impact of such circumstances is not trivial (Barczentewicz, 2023). Interoperability, where feasible, can address some of these concerns as data portability is ultimately a benefit of an interoperable system, and the ability to move data from one system to another is critical in a data sovereignty scenario (Google Cloud, 2023).

Department of Labor

Unemployment Insurance Reporting System

The Unemployment Insurance Reporting System (“UIRS”) is one system maintained by the U.S. Department of Labor (“DOL”) with the intention of moving data currently on “physical servers … to the cloud [in order to] enhance data validation at the point of input to avoid errors” (DOL UIRS PIA, 2024). Within the PIAs, there is one industry solution referenced. Among the relevant awards, there are no brand names or standards referenced. The ultimate end users are segments of the American public who obtain unemployment insurance and the state governments who manage relevant programs (Ghaffari-Tabrizi, 2025). This is especially important as this system’s ability to fully adopt interoperability will mean the state and local governments that connect to it will also benefit from the change and potentially be influenced by it as well if only because they’ll witness the improvements first-hand.

Department of State

Foreign Assistance Coordination and Tracking System

This system, “a database used to collect foreign assistance planning,” had a critical reliance on a parallel system with the same name and same purpose within the U.S. Agency for International Development (“USAID”) (GAO, 2008) and, due to the change in how foreign assistance is being implemented and the likelihood this system and its associated procurements are going to undergo significant change, we will not analyze it (McCabe, 2025).

Global Foreign Affairs Compensation System

The Global Foreign Affairs Compensation System (“GFACS”) is one system maintained by DOS and designed as the “global pay system” for the salaries and compensation of every single DOS employee (DOS 5441 GFACS PIA, 2022). Within the PIAs, there are no industry solutions referenced. Among the relevant awards, there is one brand name and no standards referenced. The ultimate end users are DOS staff who use or otherwise rely on GFACS to get paid. While the influence of this system seems limited by virtue of the sparse inter-connections represented via the PIA (Ghaffari-Tabrizi, 2025), the fact it touches every DOS employee means it is required to interact with staff in our Embassies and Consulates, potentially spreading the influence from DOS to the contractors and other government agencies overseas that interact with those facilities.

Office of Personnel Management

Retirement Benefits Services

The Retirement Benefits Services (“RBS”) is a collection of 13 systems maintained by OPM and DOI, Social Security Administration (“SSA”), Centers for Medicare & Medicaid Services (“CMS”) within HHS, and the Office of Workers’ Compensation Programs within DOL, reliant mainly on seven core systems, which include the: (1) Acceptance of Scanned Retirement Documents Project (2020); (2) Annuity Roll System (2021); (3) CXone Retirement Services Contact Center as a Service (2021); (4) Federal Annuity Claims Export System (FACES) (2020); (5) Interim Closeout Data Capture (ICDC) (2019); (6) Online Retirement Application (ORA) (Pilot) (2022); and, (7) Services Online (SOL) (2021). Within the PIAs, three industry solutions are referenced with two by name. Among the relevant awards, five brand names are referenced six times, including via limited source justifications, with no standards mentioned. The ultimate end users are Federal staff and employees who rely on the systems to process retirement benefits. While many of the systems reviewed have great potential, the RBS is particularly important due to the fact that every agency’s human resources department, every employee, and key agencies like DOI, SSA, HHS, and DOL (Ghaffari-Tabrizi, 2025) would benefit from and be influenced by a shift to interoperability because of the interconnected nature of these systems and the criticality of the data they contain.

Chief Information Officer – myPay

This system allows users “to retrieve, review, and update payroll information” (DD 2930, 2023) and is primarily run for the Defense Finance Accounting Service (“DFAS”) (OPM, 2025, 3). While it is managed by OPM, the end of OPM’s procurement function means the approach to the system is likely to undergo a significant change, thus we will skip this analysis due to this paper’s focus on systems that do not connect to defense or national security systems.

Combined Federal Campaign Online Application and Donation System

The Combined Federal Campaign (“CFC”) Online Application and Donation System, which “centralizes all aspects of CFC administration to a single point of entry for charities, donors, and payee systems” is one system maintained by OPM (OPM CFC PIA, 2019). Within the PIA, there are no industry solutions referenced. Among the relevant awards, there is one brand name with a limited source justification and no standards referenced. The ultimate end users are Federal employees who donate to CFC (Ghaffari-Tabrizi, 2025). The potential benefits of turning this system into an interoperable one go beyond the employees and agencies who use CFC to streamline their charitable giving – it can also benefit the very non-profit organizations, most of whom are resource-starved, as they would be able to use whatever technology stack they could support or afford rather than being forced to fit into decisions made by OPM or others.

Small Business Administration

Certify.SBA.gov

Certify.sba.gov, which allows “small businesses to manage their applications for various contracting support programs,” is one system maintained by the Small Business Administration (“SBA”) (SBA Certify PIA, 2023). Within the PIA, there is one industry solution referenced. Among the relevant awards, there is one brand name with no standards referenced. The ultimate end users are contracting officers at GSA and small businesses who want to work with the Federal Government (Ghaffari-Tabrizi, 2025). As the U.S. Government moves to bring more small businesses – especially those startups with innovative and new technologies – into the federal contractor ecosystem, the system’s interoperability (or lack thereof) will send a stark and explicit message to Main Street and Wall Street about what Administrations will support going forward. Failing to remove the reference to a CSP in this system will be especially important, as not every CSP is created equal in the very tight race among American CSPs to achieve AI leadership for years, meaning both SBA and the U.S. Government are failing to incentivize usage or even interoperability among the other American CSPs (Gokturk, 2024). Making sure anything SBA presents to the small business community, not just Certify.SBA.gov, is interoperable will be the best and fastest way to convert what is currently a five-way race between China, the EU, Amazon AWS, Microsoft Azure, and Google Cloud Platform into a three-way one between China, the EU, and the United States.

U.S. Agency for International Development

Development Information Solution

Due to the change in the remit of USAID and the likelihood this system, intended to be “a unified portfolio management system used by every Mission, Bureau and Independent Office in USAID” (GSA, 2024), and its associated procurements are going to undergo significant change, it is being skipped (McCabe, 2025).

Findings Worth Addressing

Brands or Bust; Nothing is Equal

Only three systems did not name a brand in their relevant awards and one of those referenced a brand name in their PIAs. The three without a brand name in their awards were the DOI Accounting Reconciliation Tool (ART), the DOI Law Enforcement Management Information System, and the DOL Unemployment Insurance Reporting System, with the DOL system including a reference to a third-party cloud solution in its PIA. Where brands are referenced, the vast majority involve some form of limited competition, including sole source justifications. Where service providers are given sole source or otherwise limited source justification-based awards, they are often selected specifically for their expertise with one of the brand name solutions or otherwise proprietary technologies baked into the infrastructure of these systems. Similarly, many of these limited source justifications indicate the agency relying on that justification is locked in to that particular brand or partner to some extent.

References to Standards are Nonexistent

Unsurprisingly, not a single standard was referenced in a single award or otherwise publicly available connected document. This may be as much an issue with the quality of data in FPDS, but the fact the few limited source justifications did not provide for a standards based way to move off a cloud service is not a data issue but a requirements development issue. Relatedly, there may be references to standards in the actual solicitations themselves, but beyond the fact they are not publicly available to check (e.g., awards issued against Alliant 2), all available documentation suggests the reality would be even more references to brand names instead of standards.

Network Effect Opportunities Abound

Even among those systems that are not connected to any other system, the end user tends to be a massive population – every Tribal nation, every national law enforcement agency with even a few international ones included, every Federal employee, etc. Beyond the external reach, internally, they tend to also have massive reach within the agency itself, interacting with a broad swath rather than an office or two within the agency. Similarly, for those systems that involve a collection of connected systems, they tend to touch on large and significant populations within their agencies or externally. Should one of these systems require those who work or connect with it to support interoperability, the ability for that concept to spread would be magnified, especially as many of these systems interface with broad swathes of society, not just entire agencies.

Recommendations for Implementation

Avoiding a situation where a “1970s-era Air Force Strategic Automated Command and Control System [remains] in use in 2016” and beyond (GAO, 2025), there are a number of steps to take, ideally in conjunction with one another, detailed below. Each recommendation begins with existing work that can be built on and then moves into a proactive, forward-looking idea that, if implemented, would institute a shift towards interoperability at the associated level. The levels analyzed include the solicitation level, covering individual contracts, agency level, outlining how an entire agency could make the shift, and government-wide, with two specific recommendations focused on the Legislative and Executive branches respectively.

Solicitation Level

When it comes to cloud-based solutions, there are a few agencies that have cited standards in their procurements (GSA, 2025) as well as agencies that have changed their procurement rules (ASTP, 2024) recently. Considering how many IT contracts end up templatized (GSA, 2025), where these templates choose to guide users towards citing standards instead of brands, a greater number of solicitations are likely to incorporate best practices that achieve interoperability as the rules disseminate (CMS, 2024). Where these examples have shown success in achieving interoperability has not always been necessarily due to citing standards, but rather, mechanisms by which an application programming interface (“API”) can be used to communicate with one or more systems, with APIs ultimately being translators between one standard or protocol to another (NIST, 2025).

Certain procurement teams, especially those who work with or are embedded with technology teams (e.g. USDS in EOP or Centers of Excellence in the Technology Transformation Services) should be able to identify and spread solicitation best practices that result in interoperable IT environments. This would create a baseline for other agencies to adopt those interoperable solutions used to develop those best practices. It would also create an opportunity to identify the next set of solutions or standards that would be beneficial to address, whether they exist or not, and how to best do so such that it fits within those existing practices to pre-address any potential change management challenges.

Agency Level

A number of the High Impact Service Providers (“HISP”), while not necessarily espousing interoperability as a top priority, end up having to address it to some extent simply because of the number of other systems with which they interact ( alt="" target="_blank" rel="noopener noreferrer"GSA, 2025). Similarly, the 17 high-risk systems identified by GAO interact with a number of other internal, external, and public systems (GAO, 2024). Multiple administrations, including the current one, have recognized the importance of “centralized mission support capabilities” in a variety of ways, with most of those efforts revolving around the use of shared services, requiring interoperability by their very nature (M-19-16, 2019; Exec. Order No. 14058, 2021; Exec. Order No. 14240, 2025).

Certain agencies, especially those that require multiple systems to share data with other systems, should be able to identify the areas where the use of open standards would provide the greatest benefit to them, their mission, and the aim to create an interoperable IT environment. Where success is found, the Office of the Federal Chief Information Officer (“OFCIO”) could identify particular efforts that are worth scaling across the Federal Government, providing for bottom-up development of standards that can then be adopted via solicitations across individual agencies.

Government-wide

Executive Branch

While there have been previous attempts to achieve a Federal Enterprise Architecture (OFCIO, 2013), which is essentially a map of the entire Federal Government’s information systems, including how they are configured, integrated, interfaced, operated, and secured (NIST, 2025), those attempts did not achieve the desired success with the problem blamed on, among other things, “no common and shared understanding” among practitioners about what constitutes enterprise architecture, a series of “compliance activities [that] were futile time wasters,” as well as so many meetings that “it impedes normal IT activities” (Gaver, 2010). However, the U.S. Government has not (GAO, 2011) – and should not – give up on attempting to address these identified issues: companies as large as JPMorgan Chase modernized their legacy systems (Dimon, 2024) while others like Google have undergone a “rip-and-replace” to address a Chinese hack (leading to the development of zero-trust architecture along the way) (Walker, 2022).

Certain agencies, led by OFCIO, should be able to identify the areas where using open standards provides the greatest benefit to the Federal Government with the aim to create an interoperable IT environment. First, start with a few sets of specific standards that allow a phased approach for implementing standards across the public sector. Next, utilize GSA’s centralized procurement authority and, with the requisite input from the most relevant members of industry, adopt a top-down approach towards developing government-wide IT interoperability. GSA should be in charge of the effort, responsible for using centralized procurement data to ensure contracts use standards instead of brands. The Cybersecurity and Infrastructure Security Agency (“CISA”) should work with OFCIO to determine what guidance is required, both for private and public sector, and develop that guidance along with the National Cybersecurity Center of Excellence (“NCCoE”) in NIST. Where standards are missing, CISA and NIST should work together to develop or point to those under development.

Legislative Branch

The FY 2025 National Defense Authorization Act (“NDAA”) saw references to interoperability in the codification of the SWP and in creating efforts to implement AI focused on defense with our allies and partners (NDAA for FY2025, 2024), among other references to the concept. The FY 2024 NDAA recognized the importance of the “inherent interoperability, commonality, and interchangeability of platforms and information systems operated by the United States and one or more covered nations [in order] to enable effective” operations in contested environments (NDAA for FY2024, 2023).

Civilian agencies, led by OMB, should be able to identify the obstacles they are facing to implement the same overarching philosophy of achieving an interoperable IT environment. Using appropriations report language for OMB through the Financial Services and General Government (“FSGG”) subcommittees, agencies could identify their particular issues towards achieving this state, allowing those that are government-wide or agency-specific to be addressed accordingly.

Conclusion

This Administration – and future ones to an increasing degree – will rely heavily on Federal IT systems to advance their key priorities, including greater efficiencies, increased transparency, and better value for agency users and the citizens they support (White House Staff, 2025). Meeting these demands will require an interoperable IT environment that is vendor-agnostic, allows for data portability, and is based on open standards (Lewis, 2012). In the current landscape, standards are ignored while brand names are often mentioned or referenced as a reason for limiting competition in numerous federal IT contracts, including for critical systems (GAO, 2024). The result is some federal agencies spent tens of millions more than they would have if they switched vendors (B-420119.1, 2021). While OMB and the FAR Council have attempted to issue guidance on multiple occasions, it is clear that something is missing to bring this practice to an end (Garland, 2023).

The systems analyzed are only a sample – they were chosen by GAO because they have “serious weaknesses in areas that involve substantial resources and provide critical services to the public” (GAO, 2025). A cursory review of other PIAs shows additional systems with similar scope and scale but without weaknesses. There are also systems that provide critical services with serious weaknesses but without resources. When analyzed, both of these combinations of circumstances are still likely to result in similar findings. If these procurements, throughout any subset, referenced standards instead of brands, and where the recommendations made are implemented, the cost-savings, innovation- inducing, and competition-based IT systems would arguably perform better than those that are not interoperable. The private sector proved interoperability works with one of the world’s biggest banks and one of the world’s biggest tech companies, showing an enterprise with the scale and resources of the public sector could do the same.

Ultimately, if the Federal Government wants to match the best practices adopted by the best of industry, it can break vendor lock-in by incentivizing interoperability in all IT contracts through a mandate to use standards before brand names and educating the acquisition workforce about techniques that will ensure they do so effectively.

Appendix

Each Privacy Impact Assessment (“PIA”) connected to a High-Risk IT Investment as identified in Table 10 of GAO-25-107041 (2024) was reviewed with connections to other systems and key contract details pulled out for the analysis utilized in this paper. Additionally, relevant reports issued by the Government Accountability Office (“GAO”) and the relevant Office of the Inspector General (“OIG”) are included.

General Information

• Agencies are represented by their logo in a circle with a size of 75.
• Agency’s major offices are represented by their logo in an octagon with a size of 65.
• Offices within an agency are represented by a pentagon with a size of 60 and in red using hex code #b31942.
• Teams within an office are represented by a diamond with a size of 50 and in blue using hex code #0a3161.
• Programs within a team are represented by a pill with a size of 60 and in brown using hex code #623C21.
• Systems are represented by a triangle with a size of 40 in gold using hex code #fdb81e.
• Systems of Records Notices are represented by a hexagon with a size of 50 in purple using hex code #4c2c92.
• Industry solutions are represented by a square with a size of 80x80 and in green using hex code #2e8540.
• Industry organizations are represented by their logo in a circle with a size of 75.

Specific Systems

Department of Homeland Security

Biometric Exit Mobile Program

This system’s latest PIA was issued on June 29, 2018 (DHS/CBP/PIA-026, 2018).

A map of the system based on the PIA shows a total of six different systems involved, across three DHS components, and one third-party solution identified in the PIA (Ghaffari-Tabrizi, 2025).

Key awards associated with the system, and the ones that list standards or brands, include:

Recent and relevant GAO reports related to the systems and focused on IT or acquisitions that are worth noting include:

• U.S. Gov’t Accountability Off., “DHS Annual Assessment: Improved Guidance on Revised Acquisition Goals Would Enhance Transparency,” GAO-25-107317 (Feb. 25, 2025) https://www.gao.gov/products/gao-25-107317
• U.S. Gov’t Accountability Off., “IT Portfolio Management: OMB and Agencies Are Not Fully Addressing Selected Statutory Requirements,” GAO-25-107041 (Nov. 14, 2024) https://www.gao.gov/products/gao-25-107041
• U.S. Gov’t Accountability Off., “Biometric Identification Technologies: Considerations to Address Information Gaps and Other Stakeholder Concerns,” GAO-24-106293 (Apr. 22, 2024) https://www.gao.gov/products/gao-24-106293
• U.S. Gov’t Accountability Off., “DHS Annual Assessment: Most Programs Are Meeting Current Goals, but Some Continue to Face Cost and Schedule Challenges,” GAO-24-106573 (Feb. 22, 2024 with revisions on Mar. 7, 2024) https://www.gao.gov/products/gao-24-106573
• U.S. Gov’t Accountability Off., “DHS Acquisitions: Opportunities Exist to Enhance Risk Management,” GAO-23-106249 (Aug. 24, 2023) https://www.gao.gov/products/gao-23-106249
• U.S. Gov’t Accountability Off., “Customs and Border Protection: Actions Needed to Enhance Acquisition Management and Knowledge Sharing,” GAO-23-105472 (Apr. 25, 2023) https://www.gao.gov/products/gao-23-105472
• U.S. Gov’t Accountability Off., “DHS Annual Assessment: Major Acquisition Programs Are Generally Meeting Goals, but Cybersecurity Policy Needs Clarification,” GAO-23-106701 (Apr. 20, 2023) https://www.gao.gov/products/gao-23-106701
• U.S. Gov’t Accountability Off., “Facial Recognition Technology: Federal Agencies' Use and Related Privacy Protections,” GAO-22-106100 (Jun. 29, 2022) https://www.gao.gov/products/gao-22-106100
• U.S. Gov’t Accountability Off., “DHS Annual Assessment: Most Acquisition Programs Are Meeting Goals Even with Some Management Issues and COVID-19 Delays,” GAO-22-104684 (Mar 08, 2022) https://www.gao.gov/products/gao-22-104684
• U.S. Gov’t Accountability Off., “Facial Recognition: CBP and TSA are Taking Steps to Implement Programs, but CBP Should Address Privacy and System Performance Issues,” GAO-20-568 (Sep. 20, 2020) https://www.gao.gov/products/gao-20-568
• U.S. Gov’t Accountability Off., “DHS Annual Assessment: Most Acquisition Programs Are Meeting Goals but Data Provided to Congress Lacks Context Needed For Effective Oversight,” GAO-22-106154 (Jul. 27, 2022) https://www.gao.gov/products/gao-22-106154
• U.S. Gov’t Accountability Off., “Facial Recognition Technology: CBP Traveler Identity Verification and Efforts to Address Privacy Issues,” GAO-21-175 (Jan. 19, 2021) https://www.gao.gov/products/gao-22-106154
• U.S. Gov’t Accountability Off., “DHS Annual Assessment: Most Acquisition Programs Are Meeting Goals Even with Some Management Issues and COVID-19 Delays,” GAO-20-213 (Jun. 1, 2020) https://www.gao.gov/products/gao-20-213

Recent and relevant OIG reports related to the systems and focused on IT or acquisitions that are worth noting include:

• Dep’t. of Homeland Sec. Off. of Inspector Gen., “Progress Made, but CBP Faces Challenges Implementing a Biometric Capability to Track Air Passengers Departures Nationwide,” OIG-18-80 (Sep. 19, 2018) https://www.oig.dhs.gov/reports/2018/progress-made-cbp-faces-challenges-implementing-biometric-capability-track-air-passengers-departures-nationwide/oig-18-80-sep18
• Dep’t. Of Homeland Sec. Off. of Inspector Gen., “DHS Tracking of Visa Overstays is Hindered by Insufficient Technology,” OIG-17-56 (May 1, 2017) https://www.oig.dhs.gov/reports/2017/dhs-tracking-visa-overstays-hindered-insufficient-technology/oig-17-56-may17

Financial Management Systems

This system’s latest PIA was issued on November 12, 2020 (DHS/ALL/PIA-053, 2020).

A map of the system based on the PIA shows a total of 11 different systems involved, across DHS and sixteen of its components, involving data from five other agencies, and two third-party solutions identified (Ghaffari-Tabrizi, 2025).

Key awards associated with the system, and the ones that list standards or brands, include:

Recent and relevant GAO protests related to the systems and focused on IT or acquisitions that are worth noting include:

• Deloitte Consulting, LLP, B-422094, B-422094.2, U.S. Gov’t Accountability Off. (Jan. 18, 2024) https://www.gao.gov/products/b-422094%2Cb-422094.2

Recent and relevant GAO reports related to the systems and focused on IT or acquisitions that are worth noting include:

• U.S. Gov’t Accountability Off., “Department of Homeland Security: Key Areas for DHS Action and Congressional Oversight,” GAO-25- 108165 (Mar. 11, 2025) https://www.gao.gov/products/gao-25-108165
• U.S. Gov’t Accountability Off., “Priority Open Recommendations: Department of Homeland Security,” GAO-24- 107251 (Aug. 19, 2024) https://www.gao.gov/products/gao-24-107251
• U.S. Gov’t Accountability Off., “Financial Management Systems: DHS Should Improve Plans for Addressing Its High-Risk Area and Guidance for Independent Reviews,” GAO-24- 106895 (Jul. 30, 2024) https://www.gao.gov/products/gao-24-106895
• U.S. Gov’t Accountability Off., “DHS Financial Management: Actions Needed to Improve Systems Modernization and Address Coast Guard Audit Issues,” GAO-23-105194 (May 31, 2023) https://www.gao.gov/products/gao-23-105194
• U.S. Gov’t Accountability Off., “Information Technology: DHS Needs to Continue Addressing Critical Legacy Systems,” GAO-23-106853 (May 31, 2023) https://www.gao.gov/products/gao-23-106853

Recent and relevant OIG reports related to the systems and focused on IT or acquisitions that are worth noting include:

• Dep’t. of Homeland Sec. Off. of Inspector Gen., Multiple Letters from KPMG’s Financial Statement Audit (Apr. 28 to Jun. 30, 2017) https://search.usa.gov/search?affiliate=oigpublicsite_v2\&sort_by=\&query=%22financial+management+systems%22

Homeland Advanced Recognition Technology System (HART)

This system has two PIAs issued in February 2020 with a revision issued on May 1, 2020 and another on August 26, 2024 (DHS/OBIM/PIA-004, 2024).

A map of the system based on the PIA shows a total of 2 different systems involved, across DHS and nine of its components, and involving data sharing with five other agencies, law enforcement agencies, and multiple international partners identified (Ghaffari-Tabrizi, 2025).

Key awards associated with the system, and the ones that list standards or brands, include:

Recent and relevant GAO reports related to the systems and focused on IT or acquisitions that are worth noting include:

• U.S. Gov’t Accountability Off., “High-Risk Series: Critical Actions Needed to Urgently Address IT Acquisition and Management Challenges,” GAO-25-107852 (Jan. 23, 2025) https://www.gao.gov/products/gao-25-107852
• U.S. Gov’t Accountability Off., “High-Risk Series: Urgent Action Needed to Address Critical Cybersecurity Challenges Facing the Nation,” GAO-24-107231 (Jun. 13, 2024) https://www.gao.gov/products/gao-24-107231
• U.S. Gov’t Accountability Off., “Biometric Identity System: DHS Needs to Address Significant Shortcomings in Program Management and Privacy,” GAO-23-105959 (Sep. 12, 2023) https://www.gao.gov/products/gao-23-105959
• U.S. Gov’t Accountability Off., “Facial Recognition Technology: Federal Agencies' Use and Related Privacy Protections,” GAO-22-106100 (Jun. 29, 2022) https://www.gao.gov/products/gao-22-106100
• U.S. Gov’t Accountability Off., “Facial Recognition Technology: Current and Planned Uses by Federal Agencies,” GAO-21-526 (Aug. 24, 2021) https://www.gao.gov/products/gao-21-526
• U.S. Gov’t Accountability Off., “Facial Recognition Technology: Federal Law Enforcement Agencies Should Better Assess Privacy and Other Risks,” GAO-21-518 (Jun. 3, 2021) https://www.gao.gov/products/gao-21-518

Recent and relevant OIG reports related to the systems and focused on IT or acquisitions that are worth noting include:

• Dep’t. Of Homeland Sec. Off. of Inspector Gen., “Homeland Advanced Recognition Technology System Compliance with 28 C.F.R. Part 23,” OIG-23-53 (Sep. 19, 2023) https://www.oig.dhs.gov/reports/2023/homeland-advanced-recognition-technology-system-compliance-28-cfr-part-23/oig-23-53-sep23

Department of Housing and Urban Development

Single Family Housing

This system has a PIA issued in FY2020 (HUD D64A SFHEDW PIA, 2020).

A map of the system based on the PIA shows a total of 13 different systems involved, across HUD and three of its components, involving data sharing with two other agencies, and one third-party solution identified (Ghaffari-Tabrizi, 2025).

Key awards associated with the system, and the ones that list standards or brands, include:

Recent and relevant GAO reports related to the systems and focused on IT or acquisitions that are worth noting include:

• U.S. Gov’t Accountability Off., “Financial Management Systems: HUD Needs to Address Management and Governance Weaknesses That Jeopardize Its Modernization Efforts,” GAO-16-656 (Jul. 28, 2016) https://www.gao.gov/products/gao-16-656

Recent and relevant OIG reports related to the systems and focused on IT or acquisitions that are worth noting include:

• Dep’t. Of Hous. and Urb. Dev. Off. of Inspector Gen., “ Audit of the Federal Housing Administration's Financial Statements for Fiscal Years 2017 and 2016 (Restated),” 2018-FO-0003-002-F (Oct. 31, 2023) https://www.hudoig.gov/open-recommendation/2018-fo-0003-002-f-audit-federal-housing-administrations-financial-statements

Department of Interior

Accounting Reconciliation Tool (ART)

This system has a PIA issued on September 1, 2017 (DOI OST-ART PIA, 2017).

A map of the system based on the PIA shows one system involved, across DOI and two of its components, and involving data sharing with one other agency identified (Ghaffari-Tabrizi, 2025).

Key awards associated with the system, and the ones that list standards or brands, include:

Incident Management Analysis and Reporting System (IMARS)

This system has a PIA issued on March 12, 2021 (DOI IMARS PIA, 2022).

A map of the system based on the PIA shows one system involved, across DOI and one of its components, and involving data sharing with law enforcement agencies identified (Ghaffari-Tabrizi, 2025).

Key awards associated with the system, and the ones that list standards or brands, include:

Recent and relevant GAO reports related to the systems and focused on IT or acquisitions that are worth noting include:

• U.S. Gov’t Accountability Off., “High-Risk Series: Critical Actions Needed to Urgently Address IT Acquisition and Management Challenges,” GAO-25-107852 (Jan. 23, 2025) https://www.gao.gov/products/gao-25-107852

Recent and relevant OIG reports related to the systems and focused on IT or acquisitions that are worth noting include:

• Dep’t. Of Interior Off. of Inspector Gen., “Indian Affairs Still Needs To Improve Management of BIA-Funded and/or -Operated Detention Programs,” 2022–WR–040 (Feb. 25, 2025) https://www.doioig.gov/reports/audit/indian-affairs-still-needs-improve-management-bia-funded-andor-operated-detention
• Dep’t. Of Interior Off. of Inspector Gen., “The U.S. Department of the Interior Can Improve Its Oversight of Tasers,” 2019–WR–026 (Mar. 13, 2023) https://www.doioig.gov/reports/inspection-evaluation/us-department-interior-can-improve-its-oversight-tasers

Law Enforcement Management Information System (LEMIS)

This system has a PIA issued on March 12, 2021 (DOI LEMIS PIA, 2020).

A map of the system based on the PIA shows one system involved, across DOI and one of its components, involving data sharing with law enforcement agencies identified (Ghaffari-Tabrizi, 2025).

Key awards associated with the system, and the ones that list standards or brands, include:

Recent and relevant GAO reports related to the systems and focused on IT or acquisitions that are worth noting include:

• U.S. Gov’t Accountability Off., “Native American Cultural Resources: Improved Information Could Enhance Agencies' Efforts to Analyze and Respond to Risks of Theft and Damage,” GAO-21-110 (Mar. 4, 2021) https://www.gao.gov/products/gao-21-110
• U.S. Gov’t Accountability Off., “Federal Land Management Agencies: Additional Actions Needed to Address Facility Security Assessment Requirements,” GAO-19-643 (Sep. 25, 2019) https://www.gao.gov/products/gao-19-643

Trust Asset and Accounting Management System (TAAMS)

This system has a PIA issued on September 29, 2021 (DOI TAAMS PIA, 2021).

A map of the system based on the PIA shows four systems involved, across DOI and four of its components, involving data sharing on behalf of tribal nations, and at least one contractor system identified (Ghaffari-Tabrizi, 2025).

Key awards associated with the system, and the ones that list standards or brands, include:

Recent and relevant GAO reports related to the systems and focused on IT or acquisitions that are worth noting include:

• U.S. Gov’t Accountability Off., “Oil and Gas: Bureau of Indian Affairs Could Improve Lease Management of Trust and Restricted Land,” GAO-25-106307 (Dec. 19, 2024) https://www.gao.gov/products/gao-25-106307
• U.S. Gov’t Accountability Off., “Priority Open Recommendations: Department of the Interior,” GAO-24-107309 (Jun. 7, 2024) https://www.gao.gov/products/gao-24-107309
• U.S. Gov’t Accountability Off., “Tribal Issues: Bureau of Indian Affairs Should Take Additional Steps to Improve Timely Delivery of Real Estate Services,” GAO-24-105875 (Oct. 26, 2023 reissued with revisions on Nov. 6, 2023) https://www.gao.gov/products/gao-24-105875
• U.S. Gov’t Accountability Off., “Tribal Programs: Actions Needed to Improve Interior's Management of Trust Services,” GAO-23-105356 (Apr. 27, 2024) https://www.gao.gov/products/gao-23-105356

Department of Labor

Unemployment Insurance Reporting System (UIRS)

This system has a PIA issued on November 22, 2024 (DOL UIRS PIA, 2024).

A map of the system based on the PIA shows one system involved, across DOL and two of its components, involving data sharing on behalf of state governments and various members of the American public, and at least one contractor system identified (Ghaffari-Tabrizi, 2025).

Key awards associated with the system, and the ones that list standards or brands, include:

Department of State

Foreign Assistance Coordination and Tracking System

This system had a critical reliance on a parallel system with the same name and same purpose within the U.S. Agency for International Development (“USAID”) (GAO, 2008) and, due to the change in how foreign assistance is being implemented under the Trump Administration, it is being skipped (McCabe, 2025).

Global Foreign Affairs Compensation System

This system has a PIA issued on November 22, 2024 (DOS 5441 GFACS PIA, 2022).

A map of the system based on the PIA shows one system involved, across DOS and two of its components, involving data sharing on behalf of every staff member of the agency (Ghaffari-Tabrizi, 2025).

Key awards associated with the system, and the ones that list standards or brands, include:

Recent and relevant GAO reports related to the systems and focused on IT or acquisitions that are worth noting include:

• U.S. Gov’t Accountability Off., “State Department: Spending on Pay, Benefits, and Allowances for Overseas Employees,” GAO-25-107098 (Dec. 19, 2024) https://www.gao.gov/products/gao-25-107098

Office of Personnel Management

Retirement Benefits Services

This is a multi-system program with multiple PIAs. The ones chosen for this analysis include: (1) Acceptance of Scanned Retirement Documents Project: This system has a PIA issued on June 16, 2020 (OPM ASRDP PIA, 2020); (2) Annuity Roll System: This system has a PIA issued on November 30, 2021 (OPM ARS PIA, 2021); (3) CXone Retirement Services Contact Center as a Service: This system has a PIA issued on December 14, 2021 (OPM CXone PIA, 2021); (4) Federal Annuity Claims Export System (FACES): This system has a PIA issued on March 20, 2020 (OPM FACES PIA, 2020); (5) Interim Closeout Data Capture (ICDC): This system has a PIA issued on December 20, 2019 (OPM ICDC PIA, 2019); (6) Online Retirement Application (ORA) (Pilot): This system has a PIA issued on September 1, 2022 (OPM ORA PIA, 2022); and, (7) Services Online (SOL): This system has a PIA issued on July 23, 2021 (OPM SOL PIA, 2021).

A map of the system based on the PIAs shows thirteen systems involved, across OPM and six of its components, involving data sharing with four different agencies, and at least three contractor systems identified, including two with their brand names explicitly mentioned (Ghaffari-Tabrizi, 2025).

Key awards associated with the system, and the ones that list standards or brands, include:

Recent and relevant GAO reports related to the systems and focused on IT or acquisitions that are worth noting include:

• U.S. Gov’t Accountability Off., GAO-12-226T, OPM Retirement Modernization: Longstanding Information Technology Management Weaknesses Need to Be Addressed (Nov. 15, 2011) https://www.gao.gov/products/gao-12-226t
• U.S. Gov’t Accountability Off., GAO-12-430T, OPM Retirement Modernization: Progress Has Been Hindered by Longstanding Information Technology Management Weaknesses (Feb. 1, 2012) https://www.gao.gov/products/gao-12-430t
• U.S. Gov’t Accountability Off., GAO-13-580T, Federal Retirement Processing: OPM Is Pursuing Incremental Information Technology Improvements after Canceling a Modernization Plagued by Management Weaknesses (May 19, 2013) https://www.gao.gov/products/gao-13-580t
• U.S. Gov’t Accountability Off., GAO-15-277T, Federal Retirement Processing: Applying Information Technology Acquisition Best Practices Could Help OPM Overcome a Long History of Unsuccessful Modernization Efforts (Dec. 10, 2014) https://www.gao.gov/products/gao-15-277t
• U.S. Gov’t Accountability Off., GAO-19-217, Federal Retirement: OPM Actions Needed to Improve Application Processing Times (May 15, 2019) https://www.gao.gov/products/gao-19-217

Recent and relevant OIG reports related to the systems and focused on IT or acquisitions that are worth noting include:

• Off. of Personnel Mgmt., 4K-RS-00-16- 023, Evaluation of Retirement Services' Customer Service Function (Sep. 28, 2016) https://oig.opm.gov/reports/inspection-evaluation/evaluation-retirement-services-customer-service-function
• Off. of Personnel Mgmt., 4K-RS-00-17- 039, Final Evaluation Report - Evaluation of the U.S. Office of Personnel Management's Retirement Services' Imaging Operations (Mar. 13, 2018) https://oig.opm.gov/reports/inspection-evaluation/final-evaluation-report-evaluation-us-office-personnel-managements
• Off. of Personnel Mgmt., 4K-RS-00-19- 018, Evaluation of the Enhancements Made to the Retirement Services' Customer Service Function (May 4, 2020) https://oig.opm.gov/reports/inspection-evaluation/evaluation-enhancements-made-retirement-services-customer-service

Chief Information Officer – myPay

This system was skipped for the reasons noted in the paper.

Combined Federal Campaign (CFC) Online Application and Donation System

This system has a PIA issued on November 7, 2019 (OPM CFC PIA, 2019).

A map of the system based on the PIAs shows one system involved, across OPM and three of its components, involving data sharing with every individual employee (Ghaffari-Tabrizi, 2025).

Key awards associated with the system, and the ones that list standards or brands, include:

Recent and relevant OIG reports related to the systems and focused on IT or acquisitions that are worth noting include:

• Off. of Personnel Mgmt., 4A-MO-00-18-004, Audit of the Information Technology Security Controls of the U.S. Office of Personnel Management's Combined Federal Campaign System (Mar. 29, 2018) https://oig.opm.gov/reports/audit/audit-information-technology-security-controls-us-office-personnel-managements-15

Small Business Administration

Certify.SBA.gov

This system has a PIA issued on September 28, 2023 (SBA Certify PIA, 2023).

A map of the system based on the PIAs shows two systems involved, across SBA, comprising data sharing with GSA and every small business, and at least one contractor system identified with their brand name explicitly mentioned (Ghaffari-Tabrizi, 2025).

Key awards associated with the system, and the ones that list standards or brands, include:

Recent and relevant GAO reports related to the systems and focused on IT or acquisitions that are worth noting include:

• U.S. Gov’t Accountability Off., “IT Modernization: SBA Urgently Needs to Address Risks on Newly Deployed System,” GAO-25-106963 (Nov. 6, 2024) https://www.gao.gov/products/gao-25-106963
• U.S. Gov’t Accountability Off., “Small Business Administration: Recent Changes to the 8(a) Program's Financial Thresholds Need Evaluation,” GAO-22-104512 (Aug. 30, 2022) https://www.gao.gov/products/gao-22-104512
• U.S. Gov’t Accountability Off., “Small Business Administration: Steps Taken to Verify Tribal Recognition for 8(a) Program,” GAO-22-104146 (Dec. 2, 2021) https://www.gao.gov/products/gao-22-104146
• U.S. Gov’t Accountability Off., “Information Technology: Key Attributes of Essential Federal Mission-Critical Acquisitions,” GAO-20-249SP (Sep. 8, 2020) https://www.gao.gov/products/gao-20-249sp
• U.S. Gov’t Accountability Off., “Cloud Computing: Agencies Have Increased Usage and Realized Benefits, but Cost and Savings Data Need to Be Better Tracked,” GAO-19-58 (Apr. 4, 2019) https://www.gao.gov/products/gao-19-58

Recent and relevant OIG reports related to the systems and focused on IT or acquisitions that are worth noting include:

• Small Bus. Admin. Off. of Inspector Gen., “Homeland Advanced Recognition Technology System Compliance with 28 C.F.R. Part 23,” Rep. No. 20-17 (Jul. 30, 2020) https://www.sba.gov/document/report-20-17-evaluation-certifysbagov

U.S. Agency for International Development

Development Information Solution

Due to the change in the remit of USAID, this system is being skipped (McCabe, 2025).

Dedication

To the memory of Touraj Ghaffari and Parichehr Meshkat.

Acknowledgements

The author wishes to thank: my wife, Bridget Fields; Christopher Yukins; Mathew Blum; Jennifer Kuk; Jeffrey Koses; Michael Garland; Michelle McNellis; Mark Hopson; Alla Seiffert; Joslann Feldpausch; Lee Dunn; Leah Popoff; Dave Standish; Aubrey Milham; Andrew Howell; the Core Four; Ryan Thurlwell; Jonathan Hooper; Amy Shevlin; Peter Huy; BKMM; Samuel Paper and the PM; and my entire family of Leila, Amir, and Piom Ghaffari and Kate, Jimmy, and Jackie Fields.

References

Ackermann, R. (2023, August 17). The future of open source is still very much in flux. MIT Technology Review. https://www.technologyreview.com/2023/08/17/1077498/future-open-source/

AL MV-2024-01. (2024, March 15). Guidance on Payment for Software Licenses Delivered via SaaS. General Services Administration. https://www.gsa.gov/system/files/MV-2024-01.pdf

AL MV-21-06. (2022, March 18). Procurement of Cloud Computing on a Consumption Basis under the Federal Supply Schedule Program - Supplement 1. General Services Administration. https://www.gsa.gov/system/files/MV-21-06%20with%20sup%201_0.pdf

ANSI. (2024, August). Enabling Standards Development Through Public-Private Partnerships. https://www.ansi.org/standards-news/all-news/2024/09/9-9-24-new-ansi-report-enabling-standards-development-through-public-private-partnerships

ASTP. (2024, December 17). Health Data, Technology, and Interoperability: Protecting Care Access. Office of the National Coordinator for Health Information Technology, U.S. Department of Health and Human Services. https://www.federalregister.gov/d/2024-29683

Atkinson, C. L. (2019, September 19). Full and Open Competition in Public Procurement: Values and Ethics in Contracting Opportunity. International Journal of Public Administration, 43(13), 1169-1182. https://doi.org/10.1080/01900692.2019.1666408

B-420119.1. (2021, December 8). Westwind Computer Products, Inc. (12314421Q0078). U.S. Government Accountability Office. https://www.gao.gov/docket/b-420119.1

Barczentewicz, M. (2023, September 25). Schrems III: Gauging the Validity of the GDPR Adequacy Decision for the United States. International Center for Law & Economics, (Brief 2023-09-25). https://ssrn.com/abstract=4585431

BIS. (2024, June 20). Commerce Department Prohibits Russian Kaspersky Software for U.S. Customers. U.S. Department of Commerce. https://www.bis.gov/press-release/commerce-department-prohibits-russian-kaspersky-software-u.s.-customers

Blevins, E. G., Grossman, A. B., & Sutter, K. M. (2023, April 25). Frequently Asked Questions: CHIPS Act of 2022 Provisions and Implementation (R47523). Congressional Research Service. https://www.congress.gov/crs-product/R47523

Blind, K. (2013, November 1). The impact of standardization and standards on innovation (ISSN 2050-9820) [Nesta Working Paper 13/15]. https://www.nesta.org.uk/report/the-impact-of-standardization-and-standards-on-innovation/

Blind, K., Kenney, M., Leiponen, A., & Simcoe, T. (2023, October). Standards and innovation: A review and introduction to the special issue. Research Policy, 52(8). https://doi.org/10.1016/j.respol.2023.104830

BOD 17-01. (2017, September 13). Removal of Kaspersky-branded Products. Cybersecurity & Infrastructure Security Agency. https://www.cisa.gov/news-events/directives/bod-17-01-removal-kaspersky-branded-products

Bray, R. (2016, April 29). The Origin of Semiconductor Research at Purdue. Purdue University Department of Physics and Astronomy. https://www.physics.purdue.edu/about/history/semi_conductor_research.html

Brockmeier, E. K. (2021, February 11). The world’s first general purpose computer turns 75. Penn Today. https://penntoday.upenn.edu/news/worlds-first-general-purpose-computer-turns-75

Bu, Q. (2024, March 4). Behind the Huawei sanction: national security, ideological prejudices or something else? International Cybersecurity Law Review, 5, 263-300. https://doi.org/10.1365/s43439-024-00112-6

CHIPS and Science Act. (2022, August 9). Pub. L. No. 117-167. https://www.congress.gov/bill/117th-congress/house-bill/4346

CISA. (2025). Secure by Design. https://www.cisa.gov/securebydesign

CMA. (2025, January 28). Cloud Services Market Investigation: Summary of provisional decision. Department for Business and Trade. https://assets.publishing.service.gov.uk/media/67989251419bdbc8514fdee4/summary_of_provisional_decision.pdf

CMS. (2024, February 8). Medicare and Medicaid Programs; Patient Protection and Affordable Care Act; Advancing Interoperability and Improving Prior Authorization Processes for Medicare Advantage Organizations, Medicaid Managed Care Plans, State Medicaid Agencies, Children's Health. U.S. Department of Health and Human Services. https://www.federalregister.gov/d/2024-00895

Cochrane, R. C. (1966). Measures for Progress. Department of Commerce. https://nvlpubs.nist.gov/nistpubs/Legacy/MP/nbsmiscellaneouspub275.pdf

Committee on Innovations in Computing and Communications: Lessons from History, Computer Science and Telecommunications Board, & National Research Council. (1999). Funding a Revolution: Government Support for Computing Research. National Academies Press. https://www.google.com/books/edition/Funding_a_Revolution/XuhuAgAAQBAJ

Competition in Contracting Act of 1984. (1984, March 20). H.R.5184, 98th Cong. https://www.congress.gov/bill/98th-congress/house-bill/5184

CSC. (2020, March 11). Final Report. https://www.solarium.gov/report

CSRB. (2024, April 2). Cyber Safety Review Board Report on Summer 2023 Microsoft Online Exchange Incident. U.S. Department of Homeland Security. https://www.cisa.gov/resources-tools/resources/CSRB-Review-Summer-2023-MEO-Intrusion

DA-24-839. (2024, August 20). Wireline Competition Bureau Issues Participant Close-Out User Guide and Updates Frequently Asked Questions (FAQ) for The Secure and Trusted Communications Networks Reimbursement Program. Wireline Competition, Federal Communications Commission. https://www.fcc.gov/document/supply-chain-reimbursement-program-updated-faqs-user-guide-issued

DARPA. (2025, March 21). Innovation Timeline. About DARPA. https://www.darpa.mil/about/innovation-timeline

DD 2930. (2023, January 11). myPay Privacy Impact Assessment (PIA). Defense Finance and Accounting Service, U.S. Department of Defense. https://media.defense.gov/2024/Jan/19/2003378857/-1/-1/0/MYPAY.PDF

Deficit Reduction Act of 1984. (1984, July 18). Pub. L. No. 98-369. https://www.congress.gov/bill/98th-congress/house-bill/4170

DHS/ALL/PIA-053. (2020, November 12). DHS Financial Management Systems (FMS). Office of the Chief Financial Officer, U.S. Department of Homeland Security. https://www.dhs.gov/publication/dhsallpia-053-dhs-financial-management-systems

DHS/CBP/PIA-026. (2018, July). Biometric Exit Mobile Program (BEMP). Office of Field Operations, U.S.Customs and Border Protection, U.S. Department of Homeland Security. https://www.dhs.gov/publication/biometric-exit-mobile-air-test

DHS/OBIM/PIA-004. (2024, August 26). Homeland Advanced Recognition Technology System (HART) Increment 1. Office of Biometric Identity Management, U.S. Department of Homeland Security. https://www.dhs.gov/publication/dhsobimpia-004-homeland-advanced-recognition-technology-system-hart-increment-1

Dimon, J. (2024, April 8). Chairman and CEO Letter to Shareholders, Annual Report 2023. https://www.jpmorganchase.com/ir/annual-report/2023/ar-ceo-letters

DOD. (2025, March 6). Directing Modern Software Acquisition to Maximize Lethality. https://media.defense.gov/2025/Mar/07/2003662943/-1/-1/1/DIRECTING-MODERN-SOFTWARE-ACQUISITION-TO-MAXIMIZE-LETHALITY.PDF

DoDI 5000.87. (2020, October 2). Operation of the Software Acquisition Pathway. Office of the Under Secretary of Defense for Acquisition and Sustainment, Department of Defense. https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/500087p.PDF

DOI. (2025). Bureau of Trust Funds Administration. https://www.doi.gov/ost

DOI IMARS PIA. (2022, March 12). Incident Management Analysis and Reporting System (IMARS). Office of the Secretary, U.S. Department of the Interior. https://www.doi.gov/sites/doi.gov/files/imars-pia-03122022-1.pdf

DOI LEMIS PIA. (2020, May 7). Law Enforcement Management Information System (LEMIS). U.S. Fish and Wildlife Service, U.S. Department of the Interior. https://www.doi.gov/sites/doi.gov/files/pia-lemis-final.pdf

DOI OST-ART PIA. (2017, September 1). Accounting Reconciliation Tool (ART). Office of the Special Trustee for American Indians, Office of Historical Trust Accounting, Bureau of Indian Affairs, U.S. Department of Interior. https://www.doi.gov/sites/doi.gov/files/uploads/ost_art_pia_final_09.01.2017.pdf

DOI TAAMS PIA. (2021, September 29). Trust Asset and Accounting Management System (TAAMS). Bureau of Indian Affairs, Office of Trust Services, U.S. Department of the Interior. https://www.doi.gov/sites/doi.gov/files/taams-pia-09292021.pdf

DOJ. (2024, October 21). Justice Department Issues Comprehensive Proposed Rule Addressing National Security Risks Posed to U.S. Sensitive Data. https://www.justice.gov/archives/opa/pr/justice-department-issues-comprehensive-proposed-rule-addressing-national-security-risks

DOL UIRS PIA. (2024, October). Unemployment Insurance Reporting System (UIRS). Employment and Training Administration, Office of Unemployment Insurance, U.S. Department of Labor. https://www.dol.gov/sites/dolgov/files/general/privacy/UIRS_PIA.pdf

DOS 5441 GFACS PIA. (2022, October). Global Foreign Affairs Compensation System (GFACS) PIA. Bureau of the Comptroller and Global Financial Service, U.S. Department of State. https://www.state.gov/wp-content/uploads/2022/12/Global-Foreign-Affairs-Compensation-System-GFACS-PIA.pdf

Doug Engelbart Institute. (2023). Doug's Great Demo: 1968. https://dougengelbart.org/content/view/209/

Draghi, M. (2024, September 9). The future of European competitiveness. European Commission. https://commission.europa.eu/topics/eu-competitiveness/draghi-report_en

ERA. (1951). Introducing the ERA 1101. https://www.computerhistory.org/brochures/doc-437295703f6f2/

EuroHPC. (2024, December 9). Seven consortia selected to establish AI factories which will boost AI innovation in the EU. European Commission. https://ec.europa.eu/commission/presscorner/detail/en/ip_24_6302

Exec. Order No. 13800. (2017, May 11). Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. 82 FR 22391. https://www.federalregister.gov/d/2017-10004

Exec. Order No. 14058. (2021, December 13). Transforming Federal Customer Experience and Service Delivery To Rebuild Trust in Government. 86 FR 71357. https://www.federalregister.gov/d/2021-27380

Exec. Order No. 14144. (2025, January 16). Strengthening and Promoting Innovation in the Nation's Cybersecurity. 90 FR 6755. https://www.federalregister.gov/d/2025-01470

Exec. Order No. 14158. (2025, January 20). Establishing and Implementing the President's "Department of Government Efficiency". 90 FR 8441. https://www.federalregister.gov/d/2025-02005

Exec. Order No. 14240. (2025, March 25). Eliminating Waste and Saving Taxpayer Dollars by Consolidating Procurement. 90 FR 13671. https://www.federalregister.gov/d/2025-05197

Exec. Order No. 14271. (2025, April 15). Ensuring Commercial, Cost-Effective Solutions in Federal Contracts. 90 FR 16433. https://www.federalregister.gov/d/2025-06835

Exec. Order No. 14275. (2025, April 15). Restoring Common Sense to Federal Procurement. 90 FR 16447. https://www.federalregister.gov/d/2025-06839

FCC. (2024, December 18). Chairwoman Rosenworcel Applauds Passage of NDAA: Bipartisan Defense Bill Includes Full Funding Sought by FCC for ‘Rip and Replace’ Program. https://docs.fcc.gov/public/attachments/DOC-408316A1.pdf

FCC. (2025, February 24). Secure and Trusted Communications Networks Reimbursement Program. https://www.fcc.gov/supplychain/reimbursement

FedRAMP PMO. (2025). FedRAMP Marketplace. https://marketplace.fedramp.gov/

Fischer, L. A. (1905). History of Standard Weights and Measures of United States. U.S. Government Printing Office. https://www.google.com/books/edition/History_of_Standard_Weights_and_Measures/qEfe8aUaSf8C?hl=en\&gbpv=1

Foundations for Evidence-Based Policymaking Act of 2018. (2019, January 14). Pub. L. No. 115-435. https://www.congress.gov/bill/115th-congress/house-bill/4174

GAO. (1983, April 11). Better Use of Information Technology Can Reduce the Burden of Federal Paperwork (GGD-83-39). https://www.gao.gov/products/ggd-83-39

GAO. (2008, November 21). Foreign Assistance: State Department Foreign Aid Information Systems Have Improved Change Management Practices but Do Not Follow Risk Management Best Practices (GAO-09-52R). https://www.gao.gov/products/gao-09-52r

GAO. (2011, March 1). Opportunities to Reduce Potential Duplication in Government Programs, Save Tax Dollars, and Enhance Revenue. GAO-11-318SP. https://www.gao.gov/products/gao-11-318sp

GAO. (2014, May 22). Federal Software Licenses: Better Management Needed to Achieve Significant Savings Government-Wide (GAO-14-413). https://www.gao.gov/products/gao-14-413

GAO. (2022, November 18). Science & Tech Spotlight: Zero Trust Architecture (GAO-23-106065). https://www.gao.gov/products/gao-23-106065

GAO. (2024, January 29). Federal Software Licenses: Agencies Need to Take Action to Achieve Additional Savings (GAO-24-105717). https://www.gao.gov/products/gao-24-105717

GAO. (2024, November 13). Cloud Computing: Selected Agencies Need to Implement Updated Guidance for Managing Restrictive Licenses (GAO-25-107114). https://www.gao.gov/products/gao-25-107114

GAO. (2024, November 13). Cloud Computing: Selected Agencies Need to Implement Updated Guidance for Managing Restrictive Licenses (GAO-25-107114). https://www.gao.gov/products/gao-25-107114

GAO. (2024, November 13). Cloud Computing: Selected Agencies Need to Implement Updated Guidance for Managing Restrictive Licenses (GAO-25-107114). https://www.gao.gov/products/gao-25-107114

GAO. (2024, November 13). IT Portfolio Management: OMB and Agencies Are Not Fully Addressing Selected Statutory Requirements (GAO-25-107041). https://www.gao.gov/products/gao-25-107041

GAO. (2024, November 14). IT Portfolio Management: OMB and Agencies Are Not Fully Addressing Selected Statutory Requirements (GAO-25-107041). https://www.gao.gov/products/gao-25-107041

GAO. (2025). High Risk List. https://www.gao.gov/high-risk-list

GAO. (2025, March 12). Federal Efforts to Update Old IT are Years Behind Schedule—We Looked at the Impacts of Delays. GAO WatchBlog. https://www.gao.gov/blog/federal-efforts-update-old-it-are-years-behind-schedule-we-looked-impacts-delays

Garland, M. (2023, January 30). Vendor-Lock and Lack of Competition in the Government's Software Estate. https://netchoice.org/wp-content/uploads/2023/01/NetChoice_Garland_The-Pernicious-Consequences-of-Vendor-Lock.pdf

Gaver, S. B. (2010, June). Why Doesn’t the Federal Enterprise Architecture Work? An Examination Why the Federal Enterprise Architecture Program Has Not Delivered the Expected Results and What Can be Done About It. https://web.archive.org/web/20160611170127/http://www.ech-bpm.ch/sites/default/files/articles/why_doesnt_the_federal_enterprise_architecture_work.pdf

Ghaffari-Tabrizi, O. (2025, May 1). High Risk IT Investments. PIA Maps. https://kumu.io/oghaffari/high-risk-it-investments

Gokturk, B. (2024, May 1). Google is a Leader in the 2024 Gartner® Magic Quadrant™ for Cloud AI Developer Services. Google Cloud Blog. https://cloud.google.com/blog/products/ai-machine-learning/google-is-a-leader-in-the-2024-gartner-magic-quadrant-for-cloud-ai-developer-services

Google Cloud. (2023, January). Data Portability and Interoperability. https://services.google.com/fh/files/misc/data_portability_and_interoperability_jan23.pdf

GSA. (2024, June 25). Development Information Solution. https://catalog.data.gov/dataset/development-information-solution

GSA. (2025). Federal Procurement Data System - Next Generation. https://www.fpds.gov/

GSA. (2025). High Impact Service Providers. Performance.gov. https://www.performance.gov/cx/hisps/

GSA. (2025). Templates. Cloud Information Center. https://cic.gsa.gov/resources/templates

GSA. (2025). USAspending: Government Spending Open Data. Search for "ISO 32000" across all Fiscal Years. https://www.usaspending.gov/search/?hash=36db9c46e68f9f7a1b27a6bc4c013b23

GSA. (2025). USAspending: Government Spending Open Data. Search for "Adobe Acrobat" across all Fiscal Years. https://www.usaspending.gov/search/?hash=c9fbad11ed241760e100c0acb3fcef36

GSA. (2025). USAspending: Government Spending Open Data. Search for "ISO 27001" across all Fiscal Years. https://www.usaspending.gov/search/?hash=086d98de8bb8de9114ea647568b713c2

Gulati-Gilbert, S., & Seamans, R. (2023, May 9). Data portability and interoperability: A primer on two policy tools for regulation of digitized industries. The Economics and Regulation of Artificial Intelligence and Emerging Technologies. https://www.brookings.edu/articles/data-portability-and-interoperability-a-primer-on-two-policy-tools-for-regulation-of-digitized-industries-2/

Haseltine, N. (1953, December). The National Bureau of Standards. The Scientific Monthly, 77(6), 295-301. https://www.jstor.org/stable/21014

Hawkins, R., Blind, K., & Page, R. (Eds.). (2017). Handbook of Innovation and Standards. Edward Elgar Publishing. https://www.google.com/books/edition/Handbook_of_Innovation_and_Standards/AXkvDwAAQBAJ

Holbrook, D. (1995, Winter). Government Support of the Semiconductor Industry: Diverse Approaches and Information Flows. Business and Economic History, 24(2), 133-165. https://www.jstor.org/stable/23703131

Huang, J. (2023, November 15). Statements at Ignite [Video]. Microsoft. https://www.youtube.com/watch?v=-C-JoyNuQJs\&t=122s

HUD D64A SFHEDW PIA. (2020). Single Family Housing Enterprise Data Warehouse. Single Family Housing Programs, Office of Housing, U.S. Department of Housing and Urban Development. https://www.hud.gov/sites/dfiles/OCHCO/documents/11-D64A-SFHEDW-PIA-Extract.pdf

ISO. (2008, July). Document management — Portable document format (ISO 32000-1:2008). https://www.iso.org/standard/51502.html

Johnson, J. L., Culp, J., Poole, C. T., Theibert, M., & Vidmar, R. E. (1993, December 1). StandardView, 1(2), 17-24. https://doi.org/10.1145/174690.174693

Judson, L. V. (1976, March). Weights and Measures Standards of the United States: A brief history (NBS Special Publication 447). National Bureau of Standards, Department of Commerce. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nbsspecialpublication447.pdf

Jun, L. (2022, Mar). Eastern Data and Western Computing: Building New Computing-first Networks. Huawei Tech, (2). https://www.huawei.com/en/huaweitech/publication/202202/eastern-data-western-computing-network

Kang, K., & Miller, R. A. (2021, August 18). Winning by Default: Why is There So Little Competition in Government Procurement? The Review of Economic Studies, 89(3), 1495-1556. https://doi.org/10.1093/restud/rdab051

Kirsch, R. A. (1998). SEAC and the Start of Image Processing at the National Bureau of Standards. IEEE Annals of the History of Computing, 20(2), 7-13. https://doi.org/10.1109/85.667290

Kirsch, R. A. (2001). Computer Development at the National Bureau of Standards. In A Century of Excellence in Measurements, Standards, and Technology (NIST SP 958) (pp. 86-89). National Institute of Standards and Technology. https://nvlpubs.nist.gov/nistpubs/sp958-lide/086-089.pdf

Knuth, D. E. (1942, August). Description of Units Composing Analyzer, Appendix E. https://archive.computerhistory.org/resources/text/Knuth_Don_X4100/PDF_index/k-8-pdf/k-8-u2614-2-Units-Composing-Analyzer.pdf

Lécuyer, C. (2006). Making Silicon Valley: Innovation and the Growth of High Tech, 1930-1970. MIT Press. https://www.google.com/books/edition/_/VRz9LfC85pYC?hl=en\&gbpv=0

Lemley, M. A. (1999, Spring). Standardizing Government Standard-Setting Policy for Electronic Commerce. Berkeley Technology Law Journal, 14(2), 745-758. https://www.jstor.org/stable/24115664

Lewis, G. (2012, October 1). The Role of Standards in Cloud-Computing Interoperability (Technical Note CMU/SEI-2012-TN-012). Software Engineering Institute. https://doi.org/10.1184/R1/6585272.v1

Lopez, C. T., & Shinego, W. (2025, March 10). Modern Software Acquisition to Speed Delivery, Boost Warfighter Lethality. DOD News. https://www.defense.gov/News/News-Stories/Article/Article/4114775/modern-software-acquisition-to-speed-delivery-boost-warfighter-lethality/

M-15-14. (2015, June 10). Management and Oversight of Federal Information Technology. Office of Management and Budget. https://obamawhitehouse.archives.gov/sites/default/files/omb/memoranda/2015/m-15-14.pdf

M-19-16. (2019, April 26). Centralized Mission Support Capabilities for the Federal Government. Office of Management and Budget. https://www.whitehouse.gov/wp-content/uploads/2019/04/M-19-16.pdf

M-24-15. (2024, July 25). Modernizing the Federal Risk and Authorization Management Program (FedRAMP). Office of Management and Budget. https://www.fedramp.gov/assets/resources/documents/FedRAMP_Policy_Memo.pdf

McCabe, E. M. (2025, February 3). USAID Under the Trump Administration. Congressional Research Services. https://www.congress.gov/crs-product/IN12500

Mike, R., & Ruppersberger, C.A. D. (2012, October 8). Investigative Report on the U.S. National Security Issues Posed by Chinese Telecommunications Companies Huawei and ZTE. House Permanent Select Committee on Intelligence. https://intelligence.house.gov/news/documentsingle.aspx?DocumentID=327

Mohr, C. (2024, December 18). A new era for Indigenous data sovereignty. Federal Reserve Bank of Minneapolis. https://www.minneapolisfed.org/article/2024/a-new-era-for-indigenous-data-sovereignty

Morishima, M. (1982). Why Has Japan 'Succeeded'? Western Technology and the Japanese Ethos. Cambridge University Press. https://www.google.com/books/edition/_/lVrF2lUnalwC?hl=en\&gbpv=0

NAO. (2023, July 19). Competition in public procurement: lessons learned. Insight – Lessons learned. https://www.nao.org.uk/insights/competition-in-public-procurement-lessons-learned/

NCSES. (2025, March 19). Federal R\&D Obligations Declined 2.1% in FY 2023; Estimated to Increase in FY 2024 (NSF 25-329). National Science Foundation. https://ncses.nsf.gov/pubs/nsf25329

NCWM. (2025, April). NCWM History. https://www.ncwm.com/history

NDAA for FY2024. (2023, December 22). Pub. L. No.: 118-31. https://www.congress.gov/bill/118th-congress/house-bill/2670

NDAA for FY2025. (2024, December 23). Pub. L. No.: 118-159. https://www.congress.gov/bill/118th-congress/house-bill/5009

NIST. (2023, March 24). NIST Timeline. https://www.nist.gov/timeline

NIST. (2025). Application Programming Interface (API). https://csrc.nist.gov/glossary/term/application_programming_interface

NIST. (2025). Enterprise Architecture (EA). https://csrc.nist.gov/glossary/term/enterprise_architecture

NIST IR 8501. (2023, December 5). Semiconductors and Microelectronics Standards: Report of the Semiconductors and Microelectronics Working Group. National Institute of Standards and Technology. https://doi.org/10.6028/NIST.IR.8501

NIST SP 800-207. (2020, August 11). Zero Trust Architecture. National Institute of Standards and Technology, U.S. Department of Commerce. https://doi.org/10.6028/NIST.SP.800-207

NITRD NCO. (2025, February 6). Request for Information on the Development of an Artificial Intelligence (AI) Action Plan (90 FR 9088). National Science Foundation. https://www.federalregister.gov/d/2025-02305

Norberg, A. L. (1993, Fall). New Engineering Companies and the Evolution of The United States Computer Industry. Business and Economic History, 22(1), 181-193. https://www.jstor.org/stable/23703182

OECD. (2025, January 29). Maximising the Benefits of Effective Competition in Public Procurement in Slovenia. OECD Public Governance Reviews. https://doi.org/10.1787/c1e5d31f-en

OFCIO. (2011, February 8). Federal Cloud Computing Strategy. Office of Management and Budget. https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/egov_docs/federal-cloud-computing-strategy.pdf

OFCIO. (2013, January 29). Federal Enterprise Architecture Framework Version 2. Office of Management and Budget. https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/egov_docs/fea_v2.pdf

ONR. (1951, April). The ERA 1101 Computer. Digital Computer Newsletter, 3(1), 1-6. https://apps.dtic.mil/sti/citations/AD0694600

OPEN Government Data Act. (2017, March 29). H.R. 1770. https://www.congress.gov/bill/115th-congress/house-bill/1770

OPM. (2025). HR LOB Shared Service Center Catalog: Department of Defense - Defense Finance and Accounting Services (DFAS). https://www.opm.gov/services-for-agencies/hr-line-of-business/multi-agency-policy-advisory-council/department-of-defense-defense-finance-and-accounting-service-dfas/

OPM ARS PIA. (2021, November 30). Privacy Impact Assessment for Annuity Roll System. Retirement Services, U.S. Office of Personnel Management. https://www.opm.gov/information-management/privacy-policy/privacy-policy/ars.pdf

OPM ASRDP PIA. (2020, June 16). Privacy Impact Assessment for Acceptance of Scanned Retirement Documents Project. Retirement Services, Office of Personnel Management. https://www.opm.gov/information-management/privacy-policy/privacy-policy/acceptance-of-scanned-retirement-documents-project-pia.pdf

OPM CFC PIA. (2019, November 7). Privacy Impact Assessment for Combined Federal Campaign (CFC) Online Application and Donation System. Office of Combined Federal Campaign, U.S. Office of Personnel Management. https://www.opm.gov/information-management/privacy-policy/privacy-policy/cfc-pia.pdf

OPM CXone PIA. (2021, November 14). Privacy Impact Assessment for CXone Retirement Services Contact Center as a Service. https://www.opm.gov/information-management/privacy-policy/privacy-policy/CXOne-RS-CCaaS-PIA.pdf

OPM FACES PIA. (2020, March 20). Privacy Impact Assessment for Federal Annuity Claims Expert System (FACES). Retirement Services, U.S. Office of Personnel Management. https://www.opm.gov/information-management/privacy-policy/privacy-policy/faces.pdf

OPM ICDC PIA. (2019, December 20). Privacy Impact Assessment for Interim Closeout Data Capture (ICDC). Retirement Services, U.S. Office of Personnel Management. https://www.opm.gov/information-management/privacy-policy/privacy-policy/icdc-pia.pdf

OPM ORA PIA. (2022, September 1). Privacy Impact Assessment for Online Retirement Application (ORA) (Pilot). Retirement Services, U.S. Office of Personnel Management. https://www.opm.gov/information-management/privacy-policy/privacy-policy/ora-pia.pdf

OPM SOL PIA. (2021, July 23). Privacy Impact Assessment for Services Online (SOL). Retirement Services, U.S. Office of Personnel Management. https://www.opm.gov/information-management/privacy-policy/privacy-policy/pia_sol.pdf

Palantir USG, Inc. v. United States. (Fed. Cir. Sept. 13, 2018). No. 2017-1465. https://www.cafc.uscourts.gov/opinions-orders/palantir_17-1465.opinion.9-13-18.pdf

Pitkänen, V. (2022, May). Competition and efficiency in repeated procurements: Lessons from the Finnish rehabilitation markets. Health Economics, 31(5), 820-835. https://doi.org/10.1002/hec.4485

Rosenworcel, J. (2024, May 2). Letters to the Committee on Commerce, Science, and Transportation. Office of the Chairwoman, Federal Communications Commission. https://docs.fcc.gov/public/attachments/DOC-402312A1.pdf

Russell, A. L. (2005). Standardization in History: A Review Essay with an Eye to the Future. The Standards Edge: Future Generations, 247, 260-277. https://arussell.org/papers/futuregeneration-russell.pdf

SAMOSA Act. (2025, March 27). H.R.2417. https://www.congress.gov/bill/119th-congress/house-bill/2417

Sastry, G., Heim, L., Belfield, H., Anderljung, M., Brundage, M., Hazell, J., O'Keefe, C., Hadfield, G. K., Ngo, R., Pilz, K., Gor, G., Bluemke, E., Shoker, S., Egan, J., Trager, R. F., Avin, S., Weller, A., Bengio, Y., & Coyle, D. (2024, February 13). Computing Power and the Governance of Artificial Intelligence. arXiv, 2402(08797). https://doi.org/10.48550/arXiv.2402.08797

Satija, B., Zahid, T., & Koyyur, A. (2025, March 12). Trump's FTC advances broad antitrust probe of Microsoft, Bloomberg News reports. Reuters. https://www.reuters.com/technology/trumps-ftc-moves-ahead-with-broad-antitrust-probe-microsoft-bloomberg-news-2025-03-12/

SBA Certify PIA. (2023, September 26). Certify.sba.gov Privacy Impact Assessment. Office of Government Contracting and Business Development, U.S. Small Business Administration. https://www.sba.gov/document/report-certifysbagov

Schooner, S. L. (2003). Commercial Purchasing: The Chasm between the United States Government's Evolving Policy and Practice. In Public Procurement:The Continuing Revolution (pp. 103-165). Arrowsmith & Trybus. http://dx.doi.org/10.2139/ssrn.285536

Schooner, S. L. (2018, November 1). Commercial Products and Services: Raising the Market Research Bar or Much Ado about Nothing? 32 Nash & Cibinic Report 52. https://dx.doi.org/10.2139/ssrn.3276365

Schooner, S. L. (2020, October 8). Brand Name or Equal: Without 'Equal,' It's Not Competitive. 34 Nash & Cibinic Report ¶ 52. https://ssrn.com/abstract=3706866

Schooner, S. L., & Berteau, D. J. (2023, February 21). Emerging Policy and Practice Issues (2022) [Conference presentation]. Government Contracts 2022 Year in Review Program, Virtual. https://ssrn.com/abstract=4372044

Sena, M., Buckley, R., Chang, W., Cardona, A., Budish, R., Lange, A., Hodges, G., Swire, P., & Graef, I. (2023). Open access: the future of data portability. Economist Impact. https://impact.economist.com/projects/building-the-future-of-digital-assets/en/article/whitepaper/

SML & NSTC. (2024, March 15). National Strategy on Microelectronics Research. https://bidenwhitehouse.archives.gov/wp-content/uploads/2024/03/National-Strategy-on-Microelectronics-Research-March-2024.pdf

Stanford HAI staff. (2024, November 21). Global AI Power Rankings: Stanford HAI Tool Ranks 36 Countries in AI. Stanford Institute for Human-Centered AI. https://hai.stanford.edu/news/global-ai-power-rankings-stanford-hai-tool-ranks-36-countries-in-ai

Todd, J. (1987). The prehistory and early history of Computation at the U.S. National Bureau of Standards [Paper, California Institute of Technology]. https://dl.acm.org/doi/pdf/10.1145/41579.41582

Tomash, E., & Cohen, A. A. (1979, April-June). The Birth of an ERA: Engineering Associates, Inc. 1946-1955. IEEE Annals of the History of Computing, 1(2). https://doi.org/10.1109/MAHC.1979.10015

Uren, T. (2024, June 28). Kaspersky Finally Evicted From the U.S. Lawfare. https://www.lawfaremedia.org/article/kaspersky-finally-evicted-from-the-us

U.S. Congress. (1952). United States Code: Articles of Confederation -1952 [Periodical]. Retrieved from the Library of Congress. https://www.loc.gov/item/uscode1952-001000005/

Vailshery, L. S. (2024, January 29). Leading SaaS countries worldwide 2024. Statista. https://www.statista.com/statistics/1239046/top-saas-countries-list/

Walker, K. (2022, July 19). Transparency in the shadowy world of cyberattacks. https://blog.google/outreach-initiatives/public-policy/transparency-in-the-shadowy-world-of-cyberattacks/

Washington, G. (1970, January 8). From George Washington to the United States Senate and House of Representatives. National Archives and Records Administration. https://founders.archives.gov/documents/Washington/05-04-02-0361

Weik, M. H. (1961, January-February). The ENIAC Story. Ordnance, 45(244), 571-575. https://www.jstor.org/stable/45363261

White House Staff. (2018, March 9). The Trump Administration’s Plan to Put You in Charge of Your Health Information. Trump (45) White House Archives. https://trumpwhitehouse.archives.gov/articles/trump-administrations-plan-put-charge-health-information/

White House Staff. (2025, March 4). President Trump is Making Government Work for You Again. https://www.whitehouse.gov/articles/2025/03/president-trump-is-making-government-work-for-you-again/