Governance & Pedigree

The Editorial Board

The CFA is led by a collective of career federal auditors, former agency CISOs, and administrative law experts. We do not just read the regulations; we spent decades enforcing them.

The "Yellow Book" Standard

In the federal government, truth is defined by the Generally Accepted Government Auditing Standards (GAGAS), commonly known as the "Yellow Book."

Our leadership team applies these same rigorous standards to our independent reporting. We do not deal in speculation. We require "Sufficient and Appropriate Evidence" (GAGAS 3.69) before we issue a finding. If we cannot prove a violation against the text of the statute, we do not publish it.

Fiscal & Acquisition Law

We audit the "Power of the Purse" against the Anti-Deficiency Act (31 U.S.C. § 1341) and the Purpose Statute.

Our experts scrutinize contract vehicles for violations of FAR Part 6 (Competition Requirements) and identify "Personal Services Contracts" that illegally bypass civil service laws.

Cybersecurity Governance

Led by former Authorizing Officials (AOs). We audit beyond the dashboard, checking compliance with FISMA 2014 and OMB Circular A-130.

We validate if systems meet the specific controls of NIST SP 800-53 Rev 5 and if they have undergone the mandatory FIPS 199 security categorization before launch.

Privacy & Admin Law

We enforce the "Fair Information Practice Principles" codified in the Privacy Act of 1974 (5 U.S.C. § 552a).

Our researchers are experts in the E-Government Act of 2002 (requiring PIAs) and the Administrative Procedure Act (APA), ensuring agencies do not engage in "Rulemaking by Guidance" without public notice.

Our Verification Protocol

To maintain our credibility as a "News Media" entity under 5 U.S.C. § 552(a)(4)(A)(ii), we adhere to a strict editorial process:

  • Primary Source Mandate: We do not rely on press reports. We rely on signed artifacts (e.g., SF-30 Contract Mods, ATO Decision Letters).
  • Adversarial "Red Teaming": Before publication, a specialized "Devil's Advocate" reviews the finding to ensure we haven't missed a valid exception (e.g., a "National Security Waiver" under FAR 6.302-6).
  • Retraction Policy: If an agency can produce a verifiable record that contradicts our finding, we correct the record immediately.