Post-Quantum Cryptography — What is it and where to start?

We all know cybersecurity is a dynamic field that is constantly evolving to protect people from the malicious use of technology. As we’ll explore in this post, cybersecurity professionals may soon be called to defend against technologies that blur the limits of classical physics.

What we know

Think back to high school physics, old episodes of the TV show “Nova,” or even the latest superhero movies, and you’ll recall the term “quantum” or “quantum mechanics.” Quantum, simply speaking, refers to what goes on at the subatomic level.

For decades, our friends at the National Institute of Standards and Technology (NIST) marshaled the resources of the federal government in applying the principles of quantum mechanics to information processing. They helped shape the field of quantum information science and birth an entirely new class of devices: quantum computers.

Right now, when a computer tries to solve a complex problem it has to check every possible solution one by one. That takes an enormous amount of time and computational power. Here’s where quantum computers shine. Because they operate at the subatomic level, they can actually explore and check multiple solutions simultaneously, drastically reducing the time needed to find the right answer. This means that tasks that would take classical computers years or even centuries to complete could be done by quantum computers in a matter of minutes or hours. It’s mind-boggling!

The problem

Here’s the catch: quantum computers could also break many of the encryption algorithms we currently rely on to protect sensitive data. We rely on encryption to keep information and data transfers safe both in our government work and everyday life – everything from logging into networks and websites to paying with credit cards. Quantum computers put all of that encryption at risk.

In 2022, the National Security Council issued a warning that certain quantum computers could “jeopardize civilian and military communications, undermine supervisory and control systems for critical infrastructure, and defeat security protocols for most Internet-based financial transactions.”

The Office of Management Budget then issued M-23-02 advising agencies how to take the threat seriously. Importantly, OMB said agencies should prepare to protect their data from quantum computers trying to break their encryption. Such stronger data protections became known as Post-Quantum Cryptography (PQC).

So what technologies and services will agencies need to transition to PQC?

Where to start

The first step, per M-23-02, is for agencies to inventory their active cryptographic systems and re-inventory them annually through 2035. That includes looking at all deployed cryptographic systems used for creating and exchanging encryption keys, providing encrypted connections, or creating and validating digital signatures. GSA has multiple acquisition vehicles ready to help you find the right resources to do that.

  • The Highly Adaptive Cybersecurity Services (HACS) Special Item Number (SIN) also offers quick access to vendors who have been technically evaluated to do such inventories.
  • If an agency has Enterprise Infrastructure Solutions (EIS) Managed Services awarded, it can tap into those suppliers to conduct these assessments.

The way forward

The experts at NIST are leading the effort to develop algorithms designed to withstand quantum computer attacks. NIST has begun the process of standardizing these algorithms — named CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+, and FALCON. This is the final step before making these mathematical tools available so that organizations can integrate them into their encryption infrastructure. NIST also notes that there will be more post-quantum encryption standards to follow.

Some agencies may wish to start testing the PQC algorithms before they are standardized by NIST. Hardware, web browsers, content delivery networks, cloud service providers, devices and endpoints, and enterprise devices that initiate or terminate encrypted traffic all rely on encryption and might be areas to test pre-standardized PQC algorithms.

If your agency is ready to test or explore quantum computing further, GSA has contracts for that too:

Together, we’re on it

Quantum computers are advancing quickly, increasing the need for reliable PQC solutions. GSA works in close collaboration with NIST and the Cybersecurity and Infrastructure Security Agency (CISA) to keep our contracts aligned with the latest technical and security requirements including emerging PQC standards.

Agencies will need to protect their information systems and data from growing threats. The right suppliers can complement an agencies’ IT and information security staff and resources with relevant products, services and solutions to assess cryptographic risks, test safeguards and identify needed investments.

We look forward to working with more agencies to help them prepare for this imminent post-quantum future. We’re planning to host an in-person Quantum Summit at GSA headquarters on April 16, 2024 from 9-12 EST where you can learn more about quantum resilience from Federal practitioners, so save the date! And while we probably won’t be able to help you traverse time and multiverses like a movie superhero, we are ready to help you get your systems prepared for what comes next. Contact us with your needs and we will help guide you to a solution.

Follow ITC on LinkedIn and subscribe for blog updates.

Fed tech for emergency preparedness: The GSA schedule and public safety

Preparing your agency to respond to an emergency is not limited to hurricane or wildfire season. From ensuring continuity of operations to how citizens and employees receive critical communications; emergency preparedness is a continuous effort and an integral part of being agile, disaster-ready, and capable of carrying out essential duties in various emergency situations.

What’s in your emergency preparedness toolkit?

Wireless technology is an important part of the federal government’s emergency preparedness strategy. Knowing what technology is available, how and when to integrate it into your telecommunications plan, and how to best leverage the capabilities of the vendor community is a key responsibility of every telecommunications program manager. GSA can help.

GSA’s Best-in-Class Wireless Mobility Solutions Program gives agencies an integral piece for their emergency preparedness toolkits.

Federal, state, local and tribal agencies can access wireless mobility solutions like cell phone services, Wireless Priority Service, special capabilities for first responders, enterprise mobility and satellite communications (SATCOM), and deployable cell towers and infrastructure.

Buying through GSA helps you connect with the best provider for your agency, and incorporate the capabilities to best serve your agency and citizens.

Along with Best-in-Class solutions and competitive vendor offerings, outstanding technical support is available from GSA through sdintake@gsa.gov.

Don’t fly the COOP; GSA has a Wireless Mobility Solution

Continuity of Operations planning (COOP) is another aspect of emergency preparedness and a fundamental responsibility of public and private entities. COOP is a federal initiative to ensure agencies are able to continue the performance of essential functions under a broad range of circumstances. Today’s changing threat environment increases the need for continuity capabilities and plans at all levels of government.

GSA’s Wireless Mobility Solutions team is focused on readiness for communications and information systems, and they can help agencies shape and improve their COOP strategy with cost-effective and secure offerings.

Whether you’re looking for new solutions or updating your existing emergency preparedness plans, GSA’s Wireless Mobility Solutions team is ready to assist.

Ready to learn more?

Attend GSA’s Wireless Mobility Solutions webinar “Wireless Solutions for Emergency Preparedness,” Nov. 6, 2-3 p.m. ET.

This webinar is for government staff who manage IT, agency mobility programs, purchase or manage mobility, or have a role in emergency preparedness or public safety. Learn more about trustworthy wireless solutions that support emergency preparedness and public safety, and can help your agency build mission resilience.

Topics will include:

  • Solutions to help ensure your agency is better prepared for an emergency;
  • How 5G will impact emergency preparedness and how you can plan for it; and,
  • Agency considerations for wireless technology for public safety and mission resilience.

Speakers from AT&T, T-Mobile and Verizon will discuss some of the important issues facing public safety today, what technologies can better enable emergency preparedness, and what agencies should be doing right now to be better prepared.

Sign up today!

Also, visit our website to learn more about Wireless Mobility Solutions for your agency, or use our IT Solutions Navigator to find the vehicle that’s right for you.

Follow ITC on LinkedIn and subscribe for blog updates.

2023 EIS Transition Update

Last December I blogged about GSA’s decision to pursue extensions of the Networx, Washington Interagency Telecommunications System (WITS) 3 and Local Service contracts on behalf of a few agencies who needed more time to complete their transition to Enterprise Infrastructure Solutions (EIS). Much has transpired since that last blog post, and I wanted to give an update.

As of April 2023, 123 of 222 agencies had successfully transitioned off of the legacy telecommunications contracts. Transitioned agencies have realized some truly great benefits such as:

  • Divested from legacy services no longer supported by contractors
  • Adopted Trusted Internet Connection 3.0 architectures
  • Achieved lower overall cost
  • Increased cyber resilience.

Agencies that require an extension beyond May 31, 2024 must sign a Memorandum of Understanding (MOU) with GSA, provide GSA with details supporting further contract extensions, and start comprehensive quarterly executive transition updates with GSA. As of June 26, 2023, eight agencies have requested extensions to May 31, 2026. Some need additional weeks and some need additional months to complete their transition.

New Executive Leadership for Enterprise Technology Solutions

On February 16, 2023, Jake Marcellus became the Executive Director for Enterprise Technology Solutions (ETS). Jake leads a subcategory that includes Enterprise Telecommunications, Mobility and Satellite Communications (SATCOM) services. Jake came to us from GSA IT and has extensive experience leading telecommunications efforts within the Department of Defense.

I have asked Jake, as lead executive for EIS, to place his initial focus on improving the customer agency EIS transition experience and outcomes. His team developed a system to use disconnect data to identify the most significant transition risks and make the appropriate executive engagements with agencies.

They’re engaging agencies, assisting with problem identification, consulting on technical solutions and facilitating requests for 2026 extensions. In addition to meeting with agency Chief Information Office (CIO) staff, Jake is also meeting with executives of our EIS contractors.

The Continuity of Service Period and beyond

GSA continues to manage the EIS transition by supporting agency requirements and the contractors’ performance toward meeting the key completion dates.

  • May 31st 2024 – Continuity of Service (CoS) ends for those agencies that signed MOUs with GSA for the June 1, 2023 through May 31, 2024 CoS periods.
  • May 31st 2026 – The end of service for those agencies authorized to use extended CoS beyond May 31, 2024.

The terms and conditions of the legacy telecommunications contracts allow only those organizations specified in the Networks Authorized User List (NAUL) to obtain services under these contracts. GSA continues to update the NAUL to remove those agencies which are no longer authorized to use the contracts and will order contractors to disconnect services to such agencies. Unless an agency is working with GSA to use the extended CoS to May 31, 2026, the NAUL will be updated to remove the agency and its services will be disconnected on or before May 31, 2024. Agencies should continue to work aggressively with their contractors to transition prior to May 31, 2024. If an agency requires days, weeks or months beyond May 2024, it should contact their Solutions Broker on the GSA team to explore options.

Working together to achieve successful outcomes

Successful EIS transitions are a team effort. While GSA manages the transition as a governmentwide program, the agencies and their contractors–for both the legacy contracts and EIS–must work very closely to ensure the agencies’ requirements and those of their task orders are successfully met. This requires close oversight by the Ordering Contracting Officers for those task orders and the project managers, in collaboration with experts in networking, security, finance and operations that form the agencies’ transition teams. These teams monitor the contractors’ activities, identify risks and issues, and develop solutions with the contractors in compliance with the task orders and with an eye toward completing transition by the deadline.

Below are some of the lessons learned that enabled the successful completion of agency transitions.

  1. Know your existing inventory and requirements
    It is foundational that a transition is properly scoped in regards to physical locations and required telecom services. This step will ensure full accountability on what needs to be transitioned, what will not be transitioned and account for new requirements.
  2. Create a transition strategy
    A transition strategy includes what will be transitioned and the discrete considerations for unique mission needs and environment. Transitions in urban and rural areas have distinct challenges.
  3. Develop a plan and schedule
    Provide an overview of required actions and a detailed schedule of activities.
  4. Get stakeholder buy-in
    A successful transition requires acute coordination between engineering, program management, government contracting staff and the associated contractors.
  5. Monitor and Control
    This phase requires the agency work with both their EIS and legacy contractors to ensure that services are both transitioned and disconnected. Transition progress should be actively monitored to spot potential obstacles and implement corrective actions.
  6. Leverage the GSA team
    GSA has assigned solutions brokers for all agencies. Solutions brokers are a single point of contact for assistance with EIS, Networx, WITS3 and all transition activities. GSA’s ETS Executive Director is available for the agency executive engagement.

Visit our website to learn more about EIS or use our IT Solutions Navigator to find the vehicle that’s right for you.

Follow ITC on LinkedIn and Twitter, and subscribe for blog updates.

GSA supports National Strategy to Secure 5G with new acquisition guidance

GSA’s Acquisition Guidance for Procuring 5G Technology supports an ongoing, multi-agency effort to document and share best practices for optimal 5G deployments.

National Strategy

As discussed in past posts, the Federal Government views 5th generation (5G) wireless technology as a future driver of the global economy. It also views the security of 5G information and communications technology and services infrastructure, and the data transmitted and stored on it, as a key national security interest. In addition to protecting data on the network, a trusted, secure supply chain is also paramount. We cannot ensure the security of 5G networks if untrusted equipment or software is allowed to control any part of them.

The National Strategy to Secure 5G is our country’s game plan to manage the risks associated with next generation wireless technologies and the new use cases they open up. GSA’s role is to establish acquisition processes and facilitate federal agency adoption of 5G infrastructure with appropriate security safeguards and adherence to national policies. The desired outcome is a resource that helps agencies identify their standards, specify security controls, and catalog other relevant requirements to provide a secure 5G infrastructure.

GSA guidance

Screenshot of the front page of the "GSA Acquisition Guidance for Procuring 5G Technology" with a white and navy background. There is a colorful technology graphic at the bottom right of the screen.
Download the PDF at buy.gsa.gov or order physical copies at cmls.gsa.gov.

The subject matter experts behind our Wireless Mobility Solutions contracts applied this directive to the early 5G use cases they were observing at various agencies. We coordinated extensively with the interagency Federal Mobility Group, and we incorporated valuable input from experts in other agencies and industry. The result is our Acquisition Guidance for Procuring 5G Technology, a plain-language white paper that charts the progression of 5G in the public sector, outlines its core standards, explores government use cases, and delves into acquisition strategies that balance flexibility with security requirements. In particular, the Guidance features:

  • Tools and strategies for contracting 5G – A model acquisition process that details how technical staff should go about defining requirements and how contracting staff should use them to structure a solicitation.
  • 5G use cases in government – A living list of 5G use cases and pilot programs applicable to the public sector;
  • Standards for 5G – A detailed accounting of the international and U.S. standards that are used to determine requirements for 5G;
  • General background – A plain language narrative describing the evolution of cellular technology, the capabilities 5G offers, its relevance to the public sector, efforts underway to secure it, and its potential to shape future telecommunications products and services.

The wheel keeps turning

A six-sided "5G Wheel" in shades of purple depicting what the GSA Acquisition Guidance for Procuring 5G Technology features: Technology, Standard, Security, Policy, Acquisition, and Use Case.
The “5G Wheel” is one model of visualizing the components that enable resilient deployments.

We’ve previously described our “5G for Government” strategy as the understanding of six core concepts: Technology, Standards, Security, Policy, Acquisition, and Use Cases. Use cases are the real-world applications that agencies are pursuing, or want to achieve. Acquisition is the nuts and bolts of getting the solution in place in the most efficient and effective way. Once you understand the technology, know the standards, consider the security aspects, and are up-to-date on governmentwide policies, then it’s time to plan and execute. If you think of this strategy as a circle or wheel, the Use Case is the end of one cycle and the beginning of another. Each rotation strengthens our collective understanding of what makes a 5G deployment secure and successful. The Acquisition Guidance for Procuring 5G Technology is GSA’s first effort to distill this collective knowledge into a usable format to help government technology managers, their contracting offices, and trusted industry partners buy, build, and use secure 5G systems. As a living document, the Guidance will be frequently reviewed to keep pace with changing technology, ensure governmentwide cybersecurity requirements are accurate, and incorporate feedback from stakeholders. Send feedback, questions, and suggestions to wireless@gsa.gov.

Follow ITC on LinkedIn and Twitter, and subscribe for blog updates.

GSA plans to grant DOJ, DHS extended period to complete EIS transition

Recently, we made a decision that will enable GSA to give the Department of Justice (DOJ) and Department of Homeland Security (DHS) until May 31, 2026 to complete their transitions to EIS. DOJ and DHS asked for more time to complete their transition, citing multiple factors, including global supply chain disruptions and pandemic challenges. GSA agreed to create the requested extensions so that DOJ and DHS can carry out their transition plans without the risk of serious disruptions to critical services.

A significant decision

Executing these extensions will be a major undertaking for GSA and the contract holders. GSA anticipates there are more than sixty contracts that will need extensions after May 31, 2024. GSA will execute modifications to extend each contract. The justification for these modifications will detail the current status, the delays and obstacles agencies have faced in their transitions, and the timeline in which they expect to have their transitions completed.

GSA is proceeding according to FAR 6.3, which prescribes policies and procedures, and identifies the statutory authorities, for contracting without providing for full and open competition. The specific authority is under FAR 6.302-1, “Only one responsible source and no other supplies or services will satisfy agency requirements.”

No guarantees

The approach we are taking is not without risks. For instance, contractors may not agree to an extension. They can refuse to sign on to extend further and GSA cannot force them to continue providing these services. Further prolonging transition generates risks for agencies, too. The EIS contracts offer benefits to agencies such as cost savings opportunities, avenues for technology modernization, and access to modern cybersecurity capabilities.

GSA supports your transition

GSA remains committed to the successful completion of the EIS Transition program. We conduct weekly updates to the transition inventory to ensure agencies and contractors have the most accurate data at their fingertips. In addition to frequent meetings with individual agencies, we hold monthly EIS Transition Office Hours and Interagency EIS Transition Meetings, both of which serve as forums for agencies to share their knowledge and ask transition-related questions. GSA also meets monthly with the contractors for an all-agency progress check and conducts comprehensive quarterly reviews.

GSA is and will continue to actively monitor agency progress toward stated EIS deadlines. If you need assistance, have additional data to share on the speed of your transition to EIS, or would like to meet with us, please contact your assigned GSA Solutions Broker.

For more information, visit gsa.gov/eistransition.

Follow ITC on LinkedIn and Twitter, and subscribe for blog updates.

20 years of E-Government

This year marks the 20th anniversary of the enactment of the eGov Act, and I was recently asked in an interview what I felt had changed the most in the federal technology market and what had stayed the same. It was an interesting conversation, and so I’d like to share my thoughts with you.

Changing times, evolving technology

In 2002 your work revolved around your office building and your desk. Most everyone in government was tied to their office because of the technology at the time — desktop computers and desk phones.

Now think back to when you got your first Blackberry. I think it was 2004/5 for me. All of a sudden you could access your email on the go and connect to your headset wirelessly through Bluetooth.

Then of course the iPhone came in 2007 and has since changed everything. So, while I still have a desk at GSA’s central office, I haven’t had a desk phone in almost a decade or a desktop computer in two decades — today, I work from a laptop and a mobile phone.

In terms of the federal technology market, we are once again seeing two big technological trends that are radically transforming how we all operate: the shift to telework and cloud adoption.

Cloud adoption and telework

The pandemic hammered home the value of flexibility and collaboration. GSA invested in an efficient mobile workforce long before COVID hit, and that investment paid off. Our teams adapted quickly to full-time telework, enabling us to rapidly turn around and help other agencies do the same.

Part of the reason we were able to move so quickly was because we had embraced cloud computing early by investing in modern network architecture using GSA’s Networx contract.

That’s the second driver of modern government, the flexibilities afforded by the wide-scale adoption of commercial cloud services, which link the physical world to our virtual environments.

Think about the interview that inspired this blog post and how that content reaches its government audience. Twenty years ago, we’d record the interview, and the audio would play on a regional radio station. That’s the only way the audience would experience it.

Now, you can use a desktop, laptop, tablet, or mobile phone, (or a landline) not just to listen, but to participate. You can chat or post a question, and get a response in real-time. We have captioners (or AI/bots) who listen, transcribe, and produce a running transcript, and even video interpreters who can translate the conversation into American Sign Language.

The cloud-based software-as-a-service we use takes all these inputs and outputs raw data, which is stored and accessed securely within a FedRAMP-authorized environment. All that data is logged and analyzed in real-time while a host of systems operate in the background to defend against malicious actors.

Finally, it all gets encrypted and exits the platform, travels through the open Internet, and crosses the threshold back into a given federal network through Trusted Internet Connections. There are many types of “federal networks” ranging from a wired wide area network at an agency’s headquarters to someone’s home Wi-Fi, accessed through a Virtual Private Network and managed by a trusted vendor.

You may still catch that interview on the radio, but you can also experience it anytime from any device.

Every one of these services must be procured correctly, and that’s what GSA’s contracts ultimately provide.

Shared services — effective and efficient

When done right, a complex resource like what I described above isn’t limited to one department, rather it’s a service that becomes easily available to every employee of the agency — a shared service.

The benefits of such an acquisition are enjoyed across the entire enterprise, and that might be the most exciting change — that government agencies are starting to plan and buy IT more as a single enterprise than a loose collection of disparate parts.

This is federal category management in action. Internally, we’ve restructured our program units to better support enterprise offerings like managed services.

What once was called our office of Telecommunications Services is now Enterprise Technology Solutions because customers increasingly want secure, simple, and flexible capabilities that run on top of traditional networks.

Shared services have both stayed the same and evolved. I have two of the original e-Gov services in my portfolio with USAccess and the Federal Public Key Infrastructure program. Agencies still rely on these offerings every day, and they go a long way to reducing duplication of effort.

GSA, here to help

Of course that’s only the first part of the question. What hasn’t changed is the hard work and dedication of public servants and industry partners working hand in hand to ensure each agency fulfills its mission.

Visit our website to learn more or use our IT Solutions Navigator to find the vehicle that’s right for you.

Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.

ICYMI: ITC Activating Continuity of Service for Telecom Contracts

In case you missed it, we are invoking the continuity of service (CoS) clause for these expiring enterprise network and telecommunications contracts: 

  • Networx
  • Local Service Contracts
  • Washington Interagency Telecommunications System (WITS) 3

This gives agencies the opportunity to sign on for an additional 12 months of service. During this time, agencies must either complete their transition to Enterprise Infrastructure Solutions or find another solution to prevent interruption of services. 

Invoking the CoS clause helps reduce the risks associated with not completing transition by the original May 31, 2023 deadline. It also provides more time for agencies to address challenges resulting from delayed task order awards, supply chain disruptions caused by the pandemic, and other important priorities.

The transition to EIS has significant governmentwide cybersecurity, mission, operational, and financial implications. Agencies that don’t move their services before the CoS period ends could face: 

  • Interruption of critical public services.
  • Increased cyber vulnerabilities.
  • Failure to carry out their missions.

More time to complete transition

GSA awarded EIS in 2017 to replace these expiring contracts, beginning a period of transition. Many federal agencies aren’t on track to complete their transition to EIS before the May 2023 expiration.

As of February 28, 2022, only 89% of the planned task orders for transition have been awarded. Also, 45% of the nine million services governmentwide (like telephone lines and high bandwidth secure internet access) are still in use. 

What this means for agencies

Agencies that want to take advantage of the CoS period can do so only if:

  • The agency signs a Memorandum of Understanding (MOU) with GSA by September 30, 2022
  • The MOU is signed by the agency head, or follows agency delegation of authority.
  • The designee is accountable for Chief Information Officer (CIO), Chief Acquisition Officer (CAO), and Chief Financial Officer (CFO) functions. 

At the end of the 12-month CoS period (May 31, 2024), any services remaining active on the expiring contracts will be disconnected according to the terms and conditions of their respective contracts. They cannot be reinstated on those contracts. This will occur at the contract level, not on the agencies’ task orders.

If an agency doesn’t transition before the exercised option or CoS period ends, the agency must:

  • Identify the services that will be cut off when the CoS period ends.
  • Develop a contingency plan to maintain operation of those services on another contractual arrangement. 
  • Implement the contingency plan to ensure mission isn’t disrupted when the contracts expire and services are disconnected.

If an agency does not sign the MOU, GSA will remove the agency from the Networks Authorized User List (NAUL) for the expiring contracts in October 2022. Contractors will then begin the disconnect process as early as November 2022 and complete it no later than May 2023.

What this means for our industry partners

As agency transition rates increase, so will the demand on industry partners to implement task orders and execute disconnects quickly. 

We value our industry partners and will work closely together as we execute contractual actions over the next year. We’ll also look to our partners to continue supporting our agency customers as they

  • Expedite EIS orders.
  • Explore other options for maintaining service on another contractual arrangement.
  • Reconcile records for services that are being disconnected.

Next steps

If your agency is mid-transition, weigh the pros and cons of signing the MOU and make a risk-based decision appropriate for your agency. We’re here to help you assess your transition risk and understand your acquisition options.

Agencies with services on the expiring contracts should expect a message from GSA in May 2022 including the MOU. If you need more information or would like to meet, please contact your assigned GSA Solutions Broker.

Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.

GSA’s Enterprise Infrastructure Solutions Instills Cybersecurity Confidence

On May 12, the White House issued the Executive Order on Improving the Nation’s Cybersecurity. This EO underlines the fundamental problem of how cybersecurity weaknesses leave critical infrastructure open to debilitating attacks. It also outlines what government agencies must do to improve their collective defensive posture, reduce risk, improve visibility and secure their infrastructure.

GSA’s Information Technology Category (ITC) tracks cybersecurity trends and is involved in conversations with industry experts on this topic. We incorporate the EO’s technological goals in our contract solutions, like Enterprise Infrastructure Solutions Contract, or EIS.

When it comes to network security, Zero-Trust Architecture (ZTA) is the gold standard. We even published a Zero Trust Architecture Buyer’s Guide to help agencies build toward it. EIS is featured prominently in the guide, because it offers baked-in security “building blocks” to create customizable solutions.

Managed Security Services

The EIS Managed Security Service (MSS) is a comprehensive service that protects an agency’s information technology assets—hardware devices, network, software, and information—from malicious attacks. It includes capabilities such as authentication, anti-virus, anti-malware/spyware, intrusion detection, and security event management. MSS comprises the following sub-services: Trusted Internet Connections Service (TICS), Managed Prevention Service (MPS), Vulnerability Scanning Service (VSS), and Incident Response Service (INRS).

Managed Network Services

The EIS Managed Network Service (MNS) enables an agency to outsource a portion or all of its network planning, design, implementation, maintenance, operations and customer service as a strategic move to improve IT services and lower costs.

Software Defined – Wide Area Network (SD-WAN) Services

SD-WAN services provide significant benefits by giving agencies central security management and visibility, the ability to segment networks where security policies can be tailored per application and data type, and identity-based user access.

Managed Trusted Internet Protocol Services (MTIPS)

MTIPS version 2.2 provides security for all external connections to public Internet, Extranet, and Cloud Service Providers. As agencies look to implement the Cybersecurity and Infrastructure Security Agency (CISA) TIC 3.0 guidance, MTIPS may be complemented with additional EIS services to achieve the updated security capabilities of a TIC 3.0 Traditional TIC solution.

FedRAMP Authorized Software-as-a-Service (SaaS) Tools

SaaS gives an agency access to applications hosted in the cloud. The provider manages the security, availability, and performance of the applications as part of their service. Using SaaS allows an agency to reduce the time, expense, and risk associated with the installation and maintenance of software on agency computers. EIS SaaS meets all federally required security standards for Cloud services.

EIS delivers solutions to agencies that will meet CISA’s latest Trusted Internet Connections (TIC) 3.0 guidance and ZTA requirements which include the Core Zero Trust Logical Components described in the National Institute of Standards and Technology (NIST) Special Publication 800-207. GSA continues to collaborate with CISA to provide guidance to agencies advancing legacy networks towards a zero trust architecture.


In the past decade, the typical federal agency network has evolved from being static with a known perimeter to mobile-friendly with nodes across the country. We are now regularly reminded that security solutions must correspondingly evolve to secure agency data and be able to ensure the safe transport of information to and from cloud applications, data centers, and remote users. If they don’t, the U.S. will continue to be vulnerable to malicious actors all over the world.

The Cybersecurity EO prioritizes “accelerated movement to secure cloud services; centralized and streamlined access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks; and investment in both technology and personnel to match these modernization goals.” EIS already supports these by supplying SD-WAN services, 5th Generation (5G) telecommunications technology, Internet of Things (IoT) offerings, and Cloud-based security solutions.

Using EIS to buy IT infrastructure ensures a greater degree of consistency in the government’s telecommunications and network infrastructure services. It also consolidates the government’s purchasing power, driving lower prices on products and services that to satisfy complex security, flexibility, and visibility needs. EIS solutions offer the foundation needed to adapt to evolving threats and continue accomplishing your mission. The sooner agencies transition, the sooner they can take advantage of the secure solutions available on EIS. Accelerate your transition progress by Taking A.I.M. at EIS.

Taking A.I.M. at EIS

Enterprise Infrastructure Solutions (EIS) transition

The transition to Enterprise Infrastructure Solutions (EIS) is one critical path for agencies to evolve to more modernized and secure IT infrastructures and away from legacy technologies that are vulnerable to security risks — a high priority for this Administration. With the President’s Executive Order on Improving the Nation’s Cybersecurity, it’s important to remember that the transition to EIS is not about shutting down expiring contracts; it’s ultimately about the safety, security, and sustainability of the federal government’s IT infrastructure.

The most recent EIS transition milestone came and went on March 31, when agencies were expected to have disconnected at least 50 percent of their services from the expiring Networx, Washington Interagency Telecommunications System (WITS) 3, and Local Service contracts.

While the data illustrates agencies are making progress, with 55% of the federal government’s inventory remaining to be disconnected, there is still much work to be done. Therefore, we urge our agency partners to take A.I.M. at EIS:

  • Assess their status and accelerate their progress
  • Disconnect & transition their Inventory
  • Mitigate risk to ensure mission operations continue

Assessing status and accelerating progress

Less than two years remain before the Networx, WITS 3, and Local Service contracts expire on May 31, 2023. Though the September 30, 2022 deadline for 100% disconnect from expiring contracts is a little over 15 months away, we want to remind agencies that a lack of transition progress could result in service disconnection much sooner. Please assess your progress against several important dates that are outlined in the revised Project Plan for Closeout of Transition and accelerate actions accordingly:

  • June 30, 2021 – Agencies that are not transitioning to EIS will have services disconnected. On this date, agencies for whom GSA has provided a report for a price-only fair opportunity decision, but have yet to award the task order, will also be disconnected.
  • August 31, 2021 – Agencies that have not awarded any EIS task orders for their solicitations will be disconnected.
  • September 30, 2021 – Agencies that have not awarded EIS task orders for all their solicitations will be disconnected.
  • October 1, 2021 – GSA will no longer accept or process any exception requests for the expiring contracts (Networx, WITS 3, and Local Service Agreements). All new services should be ordered from the EIS contracts or other viable contracts.
Enterprise Infrastructure Solutions Transition Timeline with remaining milestone dates and upcoming Closeout Phases for 2021 June 30, 2021. Agencies that are not transitioning to EIS will have services disconnected. On this date, agencies for whom GSA has provided a report for a price-only fair opportunity decision, but have yet to award the task order, will also be disconnected .  August 31, 2021. Agencies that have not awarded any EIS task orders for their solicitations will be disconnected. September 30, 2021. Agencies that have not awarded EIS task orders for all their solicitations will be disconnected. October 1, 2021. GSA will no longer accept or process any exception requests for the expiring contracts (Networx, WITS 3, and Local Service Agreements). All new services should be ordered from the EIS contracts or other viable contracts.
Enterprise Infrastructure Solutions Transition Timeline with remaining milestone dates and upcoming closeout phases for 2021

The next major milestone for EIS transition is on March 31, 2022, which calls for 90% of services disconnected from expiring contracts. With less than 12 months to go, we urge agencies to accelerate progress, so as not to fall further behind.

Inventory: enhanced focus on disconnecting and transitioning inventory to EIS

Government-wide, we are behind the EIS curve. 11 of 17 large agencies and 15 of 25 medium-size agencies have yet to disconnect even 50 percent of their services as of March 31, 2021. Ultimately, missing transition milestones and continued reliance on expiring contracts risks disruption of critical services delivered to the public.

Mitigating risk to ensure mission operations continue

The more agencies fall behind the established milestones, the greater the risk to their mission. This not only leaves less time for transition-related activities ahead of the September 2022 milestone, but it will also increase the potential that agencies may be “stuck” waiting for disconnect and transition services to be rendered. In particular, agencies that delay their EIS contractor selection for replacement services may find themselves “in line” behind those that have already chosen a contractor and made transition progress. This further slows progress for disconnecting services from the expiring contracts and connecting new services.

The extended contracts expire on May 31, 2023 and there will be no extensions. We invite our agency partners to ask themselves “Will we complete transition on time?”. If your agency will not complete transition on time, contingency planning must start now.

The time for EIS transition action is now. Regardless if your agency is in the acquisition or implementation phase, know that GSA wants to actively support agency transitions. If your agency is struggling, GSA can provide services such as:

  • An inventory of complete services that need to be transitioned, including custom reports for your agency
  • Technical, acquisition, and ordering assistance, plus automated tools to directly assist agencies with expediting EIS task orders
  • GSA in-scope reviews of agency solicitations
  • Regular outreach to agencies’ Integrated Transition Teams to monitor transition progress and provide guidance

If your agency needs help with transition, please contact the IT Customer Service Center at 855-482-4348, or send an email to ITCSC@gsa.gov. We encourage you to reach out to your agency leadership. Include Chief Information, Acquisition, and Financial Officers in conversations on EIS transition, financials, and risk.

The FedRelay Transition will Preserve Services and Improve Accessibility

To ensure FedRelay customers experience improved access, enhanced service and no loss of coverage, GSA is working with the Federal Communications Commission (FCC) to transition users to the FCC-administered Telecommunications Relay Service (TRS) and GSA’s Multiple Award Schedule (MAS).

Like FedRelay, TRS offers a suite of telecommunications relay services that help individuals with hearing or speech disabilities communicate with government agencies and conduct official business.

GSA initiated the required market research to prepare for the next generation of FedRelay and determined that for the majority of relay services, TRS would deliver the greatest value while enhancing services provided.

TRS comes with the additional benefit of no cost to agencies. The FedRelay services that are not offered by TRS, Relay Conference Captioning and Video Remote Interpreting, are already available at lower pricing on the GSA MAS, Language Services SIN 541930.

The current FedRelay contract ends on May 15, 2021. Agencies who have current task orders can extend them an additional six months until November 15, 2021. To prepare for transition, agencies should ensure that their FedRelay accounts are current and address any outstanding invoices. Transition updates will be posted on the GSA FedRelay webpage.

Customers with questions and those who are ready to begin the transition process should contact the GSA FedRelay Program Office at federalrelayservices@gsa.gov.

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.