Post-Quantum Cryptography — What is it and where to start?

We all know cybersecurity is a dynamic field that is constantly evolving to protect people from the malicious use of technology. As we’ll explore in this post, cybersecurity professionals may soon be called to defend against technologies that blur the limits of classical physics.

What we know

Think back to high school physics, old episodes of the TV show “Nova,” or even the latest superhero movies, and you’ll recall the term “quantum” or “quantum mechanics.” Quantum, simply speaking, refers to what goes on at the subatomic level.

For decades, our friends at the National Institute of Standards and Technology (NIST) marshaled the resources of the federal government in applying the principles of quantum mechanics to information processing. They helped shape the field of quantum information science and birth an entirely new class of devices: quantum computers.

Right now, when a computer tries to solve a complex problem it has to check every possible solution one by one. That takes an enormous amount of time and computational power. Here’s where quantum computers shine. Because they operate at the subatomic level, they can actually explore and check multiple solutions simultaneously, drastically reducing the time needed to find the right answer. This means that tasks that would take classical computers years or even centuries to complete could be done by quantum computers in a matter of minutes or hours. It’s mind-boggling!

The problem

Here’s the catch: quantum computers could also break many of the encryption algorithms we currently rely on to protect sensitive data. We rely on encryption to keep information and data transfers safe both in our government work and everyday life – everything from logging into networks and websites to paying with credit cards. Quantum computers put all of that encryption at risk.

In 2022, the National Security Council issued a warning that certain quantum computers could “jeopardize civilian and military communications, undermine supervisory and control systems for critical infrastructure, and defeat security protocols for most Internet-based financial transactions.”

The Office of Management Budget then issued M-23-02 advising agencies how to take the threat seriously. Importantly, OMB said agencies should prepare to protect their data from quantum computers trying to break their encryption. Such stronger data protections became known as Post-Quantum Cryptography (PQC).

So what technologies and services will agencies need to transition to PQC?

Where to start

The first step, per M-23-02, is for agencies to inventory their active cryptographic systems and re-inventory them annually through 2035. That includes looking at all deployed cryptographic systems used for creating and exchanging encryption keys, providing encrypted connections, or creating and validating digital signatures. GSA has multiple acquisition vehicles ready to help you find the right resources to do that.

  • The Highly Adaptive Cybersecurity Services (HACS) Special Item Number (SIN) also offers quick access to vendors who have been technically evaluated to do such inventories.
  • If an agency has Enterprise Infrastructure Solutions (EIS) Managed Services awarded, it can tap into those suppliers to conduct these assessments.

The way forward

The experts at NIST are leading the effort to develop algorithms designed to withstand quantum computer attacks. NIST has begun the process of standardizing these algorithms — named CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+, and FALCON. This is the final step before making these mathematical tools available so that organizations can integrate them into their encryption infrastructure. NIST also notes that there will be more post-quantum encryption standards to follow.

Some agencies may wish to start testing the PQC algorithms before they are standardized by NIST. Hardware, web browsers, content delivery networks, cloud service providers, devices and endpoints, and enterprise devices that initiate or terminate encrypted traffic all rely on encryption and might be areas to test pre-standardized PQC algorithms.

If your agency is ready to test or explore quantum computing further, GSA has contracts for that too:

Together, we’re on it

Quantum computers are advancing quickly, increasing the need for reliable PQC solutions. GSA works in close collaboration with NIST and the Cybersecurity and Infrastructure Security Agency (CISA) to keep our contracts aligned with the latest technical and security requirements including emerging PQC standards.

Agencies will need to protect their information systems and data from growing threats. The right suppliers can complement an agencies’ IT and information security staff and resources with relevant products, services and solutions to assess cryptographic risks, test safeguards and identify needed investments.

We look forward to working with more agencies to help them prepare for this imminent post-quantum future. We’re planning to host an in-person Quantum Summit at GSA headquarters on April 16, 2024 from 9-12 EST where you can learn more about quantum resilience from Federal practitioners, so save the date! And while we probably won’t be able to help you traverse time and multiverses like a movie superhero, we are ready to help you get your systems prepared for what comes next. Contact us with your needs and we will help guide you to a solution.

Follow ITC on LinkedIn and subscribe for blog updates.

Procurement and the AI EO — Helping federal CAIOs navigate the path ahead

Recently, the White House issued Executive Order 14110 – Safe, Secure, and Trustworthy Artificial Intelligence. It’s the first governmentwide directive encouraging the responsible use of artificial intelligence.

Welcome CAIOs!

For many agencies, implementing EO 14110 means formalizing a new position: the Chief Artificial Intelligence Officer, who will drive the creation of each agency’s AI strategy and establish new governance. CAIOs will be tasked with implementing sophisticated risk management requirements so the projects they oversee comply with all applicable laws, regulations, and policies, including those addressing privacy, confidentiality, copyright, human and civil rights, and civil liberties.

In industry, companies of all shapes and sizes have brought on CAIOs to manage their workflows and augment their organizations’ skill sets. I’m encouraged to see their counterparts arrive in government, including our own at GSA, Zach Whitman.

So, to the AI specialists and leaders joining federal agency C-Suites, welcome! We at GSA’s Federal Acquisition Service are excited to help you get the tools you’ll need to accomplish your missions.

The work ahead

The promise of AI is incredible. The latest advancements in Large Language Models and Generative AI take a field that has been building up for more than 50 years to a new level. We can see agencies using AI to speed up workflows, improve how the public interacts with federal information, reveal new insights in our data, and improve how we design and deliver programs.

Over the next few months, CAIOs will work on strategies to drive innovation and manage the risks of AI. According to EO 14110, CAIOs will serve as the senior AI advisors to agency leadership and start weighing in on strategic decisions. You’ll work closely with Chief Information Officers and Chief Information Security Officers to set up the right safeguards for how the AI tools your teams and others within your agencies use will meet cybersecurity standards and best practices. Working together with leaders and staff throughout the organization, you may even prototype solutions that can illustrate the capabilities and risks of AI when delivering on your agency’s mission.

But wait, there’s more! You’ll also compile inventories, evaluate products, influence workforce development, prioritize projects, remove barriers, document use cases, assess performance, implement internal controls, and ensure your agency’s AI efforts comply with a host of existing laws and policies.

Time to prioritize

That is a big to-do list! To succeed, you may need outside resources like AI-centric development environments and hardware; SaaS providers who can provide access to AI modules; and early assistance from AI experts who can create custom AI solutions for specific purposes in your agency. You will also need to implement training for agency staff on how to use AI systems.

Several different GSA acquisition solutions can help CAIOs procure the AI products, services and solutions they need to achieve their missions. Here are a few:

  • GSA offers easy access to AI development tools from Federal Risk and Authorization Management Program (FedRAMP) – approved cloud service providers on the Multiple Award Schedule – IT Category.
  • Our Governmentwide Acquisition Contracts — Alliant 2, 8(a) STARS III, and VETS 2 — help agencies quickly and efficiently bring on IT service providers, some of whom can provide targeted AI services.
  • GSA’s Rapid Review report service scans the Multiple Award Schedule and provides a list of approved vendors that meet particular criteria, including common AI services from coding to training, typically in as little as one day. To get started, visit our Market Research as a Service page and order a Rapid Review.

Above all, remember that we’re here to facilitate the business of connecting you with the right technology solution. Contact us with your needs and we will guide you there.

Know the risks

EO 14110 provides the most comprehensive guidance to date on the necessity for agencies to fully consider the risks from their use of AI.

AI tools will be subject to rigorous assessment, testing, and evaluation before they may be used. After that, according to EO 14110, CAIOs must ensure that their AI systems undergo ongoing monitoring and human review, that emerging risks are identified quickly, that its operators are sufficiently trained, and that the AI functionality is documented in plain language for public awareness.

Importantly, EO 14110 charges CAIOs with ensuring their agency’s AI will advance equity, dignity, and fairness. This will require a mix of thoughtful stakeholder engagement and the sophisticated use of data and analytics to anticipate, assess, and mitigate disparate impacts. That includes being alert to factors that contribute to algorithmic discrimination or bias and proactively removing them.

We’re constantly calibrating the balance between convenience and compliance, which is particularly important when preparing to acquire technologies like AI that are new and evolving. Our contracts require vendors to comply with rules, policies, and regulations — including EO 14110 and the NIST AI Risk Management Framework — to ensure you have a safe, secure, sustainable IT infrastructure.

More to come

In 2020, GSA launched the AI Community of Practice to get practitioners from across government talking and sharing best practices, then set up an AI Center of Excellence to put their knowledge into action. Much of their work helped lay the intellectual infrastructure needed to carry out the governmentwide objectives of EO 14110. GSA itself is named in three:

  1. Develop and issue a framework for prioritizing critical and emerging technologies offerings in the FedRAMP authorization process, starting with generative AI.
  2. Facilitate access to governmentwide acquisition solutions for specified types of AI services and products, such as through the creation of a resource guide or other tools to assist the acquisition workforce.
  3. Support the National AI Talent Surge by accelerating and tracking the hiring of AI and AI-enabling talent across the Federal Government through programs including the Presidential Innovation Fellows and the U.S. Digital Corps.

As you can see, there will be much more to come as the government’s AI strategy goes into action. To quote GSA Administrator Robin Carnahan, “GSA is proud to play key roles in supporting this Executive Order to help ensure the federal government leads the way in the responsible, effective use of AI.”

Follow ITC on LinkedIn and subscribe for blog updates.

Acknowledging our Veterans, their contributions to the IT Category

In celebration of Veterans Day, I want to thank our Veterans for their service and dedication. I’m grateful for the sacrifices they have made for us. Our Veterans exemplify the qualities that enable our country to overcome the greatest obstacles.

GSA partnering with Veterans

GSA is dedicated to supporting Service-Disabled Veteran-Owned Small Businesses (SDVOSBs) in the federal IT market. ITC currently has hundreds of highly skilled SDVOSBs between our Multiple Award Schedule – IT (MAS-IT) and the Veterans Technology Services 2 (VETS 2) and 8(a) STARS III IT services Governmentwide Acquisition Contracts (GWAC).

While SDVOSBs have many opportunities to participate in the IT marketplace, VETS 2 is currently the government’s only GWAC set aside exclusively for SDVOSBs.

I’m happy to say that the VETS 2 option was exercised earlier this year in February 2023. In total, 45 industry partners received their option. This will provide federal agencies with continued use of this best-in-class solution for their long-term IT service project needs, with the performance of task orders extending out through 2033. As of August 2023, VETS 2 has had more than 200 task order awards with over $1.4 billion in Obligated Sales and a Total Estimated Sales of over $3B.

The VETS 2 team has been hard at work training government agencies on the use of VETS 2, with more than 3,000 customers trained so far. If you’re interested, visit www.gsa.gov/events for a list of upcoming training opportunities.

SDVOSBs bringing real mission impact

Last year at this time, I shared several examples of the great work of our Veteran partners and I’m happy to bring fresh ones this year:

  • One of the DoD agencies recently awarded a $404 million order through VETS 2 to provide Enterprise IT Support Service for their Combat Capabilities Development Command Aviation and Missile Center (AvMC). Through these IT support services, the SDVOSB will fill the agency’s need to provide the personnel, services, and supplies necessary to enable the full lifecycle of IT support requirements across AvMC.
  • Another DoD agency also awarded a $24M task order award for extensive cybersecurity services. Our VETS 2 industry partners provided the defense agency with a service that is essential to protecting our nation’s security. Cybersecurity has become a fundamental IT service needed to keep our country safe and secure and VETS 2 can deliver these mission-critical national security services.

Veterans, looking to the future

Our commitment doesn’t stop with our existing contracts. Our next small business GWAC, Polaris, will have an SDVOSB pool as well. Polaris is being designed to assist agencies in acquiring customized IT services and IT services-based solutions while expanding opportunities for SDVOSB firms. Stay tuned to our Small Business Community of Practice Interact page for updates.

I’m grateful for the meaningful partnership we have with our SDVOSBs and for their continued hard work and dedication to helping agencies achieve their missions every day. I’m really excited for what the future holds.

Visit our website to learn more about VETS 2, MAS-IT, and Polaris or use our IT Solutions Navigator to find the vehicle that’s right for you.

Follow ITC on LinkedIn and subscribe for blog updates.

Fed tech for emergency preparedness: The GSA schedule and public safety

Preparing your agency to respond to an emergency is not limited to hurricane or wildfire season. From ensuring continuity of operations to how citizens and employees receive critical communications; emergency preparedness is a continuous effort and an integral part of being agile, disaster-ready, and capable of carrying out essential duties in various emergency situations.

What’s in your emergency preparedness toolkit?

Wireless technology is an important part of the federal government’s emergency preparedness strategy. Knowing what technology is available, how and when to integrate it into your telecommunications plan, and how to best leverage the capabilities of the vendor community is a key responsibility of every telecommunications program manager. GSA can help.

GSA’s Best-in-Class Wireless Mobility Solutions Program gives agencies an integral piece for their emergency preparedness toolkits.

Federal, state, local and tribal agencies can access wireless mobility solutions like cell phone services, Wireless Priority Service, special capabilities for first responders, enterprise mobility and satellite communications (SATCOM), and deployable cell towers and infrastructure.

Buying through GSA helps you connect with the best provider for your agency, and incorporate the capabilities to best serve your agency and citizens.

Along with Best-in-Class solutions and competitive vendor offerings, outstanding technical support is available from GSA through sdintake@gsa.gov.

Don’t fly the COOP; GSA has a Wireless Mobility Solution

Continuity of Operations planning (COOP) is another aspect of emergency preparedness and a fundamental responsibility of public and private entities. COOP is a federal initiative to ensure agencies are able to continue the performance of essential functions under a broad range of circumstances. Today’s changing threat environment increases the need for continuity capabilities and plans at all levels of government.

GSA’s Wireless Mobility Solutions team is focused on readiness for communications and information systems, and they can help agencies shape and improve their COOP strategy with cost-effective and secure offerings.

Whether you’re looking for new solutions or updating your existing emergency preparedness plans, GSA’s Wireless Mobility Solutions team is ready to assist.

Ready to learn more?

Attend GSA’s Wireless Mobility Solutions webinar “Wireless Solutions for Emergency Preparedness,” Nov. 6, 2-3 p.m. ET.

This webinar is for government staff who manage IT, agency mobility programs, purchase or manage mobility, or have a role in emergency preparedness or public safety. Learn more about trustworthy wireless solutions that support emergency preparedness and public safety, and can help your agency build mission resilience.

Topics will include:

  • Solutions to help ensure your agency is better prepared for an emergency;
  • How 5G will impact emergency preparedness and how you can plan for it; and,
  • Agency considerations for wireless technology for public safety and mission resilience.

Speakers from AT&T, T-Mobile and Verizon will discuss some of the important issues facing public safety today, what technologies can better enable emergency preparedness, and what agencies should be doing right now to be better prepared.

Sign up today!

Also, visit our website to learn more about Wireless Mobility Solutions for your agency, or use our IT Solutions Navigator to find the vehicle that’s right for you.

Follow ITC on LinkedIn and subscribe for blog updates.

What does the future of cybersecurity look like?

As we look ahead, there are several key areas of focus that will undoubtedly shape the virtual battleground. Government agencies who proactively embrace and implement current high priorities in these key areas will be better prepared to navigate the evolving digital threatscape and safeguard their sensitive information and assets. Here are some top drivers we anticipate will impact agencies’ cybersecurity strategy and spending plans.

Zero Trust Architecture (ZTA)

ZTA has been at the forefront of government guidance in recent years. Now that agencies have had time to plan for their ZTA requirements, implementing strategies should commence. ZTA provides agencies with the foundation to build a strong security posture that evolves with the ever-changing technological environment of dynamic and accelerating threats.

Cybersecurity Supply Chain Risk Management (C-SCRM)

The growing interconnectedness of systems, services, and products makes management and mitigation of supply chain risks even more important. Effective C-SCRM should be a fundamental component in cybersecurity strategy. Having C-SCRM as an essential element in procurement helps to ensure the resilience, security, and continuity of operations for organizations, government agencies, and critical infrastructure.

Post-Quantum Cryptography (PQC)

PQC is an emerging field within the cyber realm that is gaining increased relevance due to the potential threat quantum computers pose to traditional encryption methods. PQC involves the development of new cryptographic algorithms resistant to quantum computer attacks to ensure the security of digital communications and sensitive information. Agencies should begin to plan for future quantum resistant methods by inventorying their systems and engaging with vendors on how they are addressing quantum-readiness.

Some challenges agencies may face include:

  • The ability to identify PQ-vulnerable systems.
  • The ability to identify and implement appropriate PQC algorithms.
  • The high cost and complexity of implementation.
  • A gap in a trained and certified workforce to implement and maintain PCQ algorithms.

Artificial Intelligence (AI)

The rapid emergence and adoption of generative AI tools has created new challenges, especially for data security. As AI becomes more prevalent in our modern technology, agencies will need to assess the associated risks and develop strategies to mitigate vulnerabilities.

GSA and other agencies are working to support the new Executive Order to help ensure that AI systems are safe, secure, and trustworthy.

Follow ITC on LinkedIn and subscribe for blog updates.

Find cybersecurity solutions in IT Services GWACs

In a post earlier this month, I talked about the Cybersecurity Battle Ground with various Administration strategies, executive orders, and some of the resources that we’ve developed to help you navigate this guidance. If you haven’t read that post yet, I suggest you check it out.

Today, I thought I’d talk about some of the acquisition contracts that we’ve developed to help you get on-the-ground support with your cybersecurity efforts.

MAS and beyond

When you think cybersecurity, and you think GSA, the Multiple Award Schedule (MAS) for Information Technology (IT) probably comes to mind. We have a lot of great cybersecurity solutions there, including the Highly Adaptive Cybersecurity Solutions (HACS) Special Item Number (SIN), a variety of Continuous Diagnostics and Mitigation (CDM) tools, and Zero Trust Architecture (ZTA) solutions.

True, MAS-IT is a great place to cover your cybersecurity needs, but it’s not the only place. Depending on your overall acquisition goals, GSA’s Governmentwide Acquisition Contracts (GWACs) are a great path as well. These IT Services-first contracts are considered by the Office of Management and Budget to be Best-in-Class and have a host of capabilities to meet cybersecurity needs; from ZTA to IPv6, to insider threat detection and mitigation services.

I thought it would be interesting to analyze the data in our GWAC Dashboard to see what I could find by simply pulling the data by contract and searching for ‘Cyber’*. This is definitely not a comprehensive review of our cybersecurity offerings on the GWACs, but this gives a great sense of the work that’s happening.

* This can be done by going to the “DATA Feed” tab, clicking on the “Choose a format to download” icon at the bottom right, and selecting “Crosstab.” This will result in an Excel file with more information than can be easily displayed in the web dashboard.

8(a) STARS III

Federal agencies have leveraged the 8(a) STARS III GWAC, for example, to protect against cyber threats. 8(a) STARS III industry partners have supported America’s government by creating cyber risk assessments, performing enterprise penetration testing, and establishing security assessment reports. 8(a) STARS III has 23 task orders with an estimated value of more than $141.8 million for cyber-related activities. The Department of Treasury and the Department of Homeland Security are among the biggest users of 8(a) STARS III for cybersecurity services.

VETS 2

The VETS 2 GWAC is another great example. This Service-Disabled Veteran-Owned Small Business GWAC currently has more than $118 million in estimated value from 10 task orders ranging from IT Security Risk Management Framework (RMF) and Assessment and Authorization (A&A) Services to cybersecurity architecture and engineering services. Some of VETS 2’s biggest cybersecurity customers are the Department of Treasury, the Department of Homeland Security, and the Army.

Alliant 2

Alliant 2 data shows a similar story. There, we find 25 task orders for a total estimated value of $2.2 billion. These task orders relate to Federal Public Key Infrastructure (FPKI) support services to cybersecurity – supply chain risk management (C-SCRM) support services and beyond.

Again, these are just task orders with the term ‘cyber’ in the description field. Even more come through when we add the term ‘IT security’.

The right cybersecurity solutions

As we continue to observe Cybersecurity Awareness Month, I wanted to bring attention to the ‘where’ of conveniently getting the cybersecurity solutions agencies need to protect their systems as agencies move to create a safer and more secure digital future.

Visit our website to learn more about cybersecurity or use our IT Solutions Navigator to find the vehicle that’s right for you.

Follow ITC on LinkedIn and subscribe for blog updates.

The Cybersecurity Battleground

Reflecting on the past, envisioning the future

This month marks the 20th anniversary of Cybersecurity Awareness Month, as well as the beginning of a new government fiscal year. I’d like to take this milestone opportunity to delve into some recent notable cybersecurity events, the broader implications for government agencies, and my vision as GSA continues to play a pivotal role in positioning agencies to create a safer and more secure digital future.

The 2023 Verizon Data Breach Investigations Report shows external actors were responsible for 83% of breaches. Continued cyber breaches, such as Volt Typhoon and the MOVEit application exploit not only cause disruption and pose a serious threat to our national security, but lay the groundwork for more sophisticated cyber attacks. Hackers will leverage any flaw in the cyber environment to gain access to sensitive information. Our adversaries are not resting, and neither can we.

In March 2023, the White House released an updated National Cybersecurity Strategy with ongoing initiatives aimed at enhancing the nation’s cybersecurity capabilities and comprehensive approach. It aligns numerous strategic objectives under five pillars:

  1. Defend Critical Infrastructure
  2. Disrupt and Dismantle Threat Actors
  3. Shape Market Forces to Drive Security and Resilience
  4. Invest in a Resilient Future
  5. Forge International Partnerships to Pursue Shared Goals

The White House later published its National Cybersecurity Strategy Implementation Plan which includes specific guidance for agencies as they implement the strategy’s requirements and key objectives.

The Department of Defense completed its Cyber Strategy in May 2023. The strategy underscores the ongoing advancement of Zero Trust Architecture (ZTA) and the technological solutions and services to fortify critical infrastructure, ensuring vital systems and assets are safeguarded. In August 2023, the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Strategic Plan that aligns with the National Cybersecurity Strategy and lays out how agencies can fulfill their cybersecurity mission over the next three years. As plans are implemented, GSA is prepared to incorporate updated frameworks and standards into our solutions to meet agencies’ needs and requirements.

As we move forward into the new fiscal year, the Office of Management and Budget (OMB) continues to emphasize cybersecurity priorities for civilian agencies to consider when developing FY24 and FY25 budget requests. These include continued implementation of ZTA, investment in Cybersecurity Supply Chain Risk Management (C-SCRM) practices, and most recently Post-Quantum Cryptography (PQC). Details can be found in the OMB Memorandum M-22-16, M-23-18, and the Quantum-Readiness: Migration to Post-Quantum Cryptography fact sheet. Additionally, OMB outlined Research and Development Priorities for the FY25 budget which include addressing cybersecurity risks through resilient architectures. As the cybersecurity landscape is in a constant state of evolution, adapting to new guidance is imperative to Improving the Nation’s Cybersecurity.

How GSA supports agencies

GSA recognizes that every agency has unique needs, but the overarching goals remain. That is why GSA works diligently to support the modernization of security to enhance cyber resilience, protect important information, and maintain systems access and function.

To help agencies meet their goals, GSA developed a suite of resources on cybersecurity topics, such as ZTA and C-SCRM. Buyer’s guides and informational videos are available to help identify which solutions best fit agency IT security needs. In addition, our acquisition templates make procuring the products and services that modernize security and strengthen cyber resilience easy and efficient. Find the guides and more at www.gsa.gov/itsecurity.

Our commitment

At GSA we understand collaboration with other agencies, and our industry partners, is crucial for addressing the evolving and global nature of cybersecurity threats. We are committed to continue our efforts to provide comprehensive and impactful government-centric cybersecurity solutions that address the need for modernization today and protect assets from the cyber threats of tomorrow.

Stay up to date

We are available to agencies throughout the entire acquisition lifecycle. The GSA IT Category team offers subject matter expertise and is available to answer questions related to purchasing a full range of IT products and services. Please contact the IT Customer Service Center at 855-ITaid4U/855-482-4348 or itcsc@gsa.gov.

Follow ITC on LinkedIn and subscribe for blog updates.

2023 EIS Transition Update

Last December I blogged about GSA’s decision to pursue extensions of the Networx, Washington Interagency Telecommunications System (WITS) 3 and Local Service contracts on behalf of a few agencies who needed more time to complete their transition to Enterprise Infrastructure Solutions (EIS). Much has transpired since that last blog post, and I wanted to give an update.

As of April 2023, 123 of 222 agencies had successfully transitioned off of the legacy telecommunications contracts. Transitioned agencies have realized some truly great benefits such as:

  • Divested from legacy services no longer supported by contractors
  • Adopted Trusted Internet Connection 3.0 architectures
  • Achieved lower overall cost
  • Increased cyber resilience.

Agencies that require an extension beyond May 31, 2024 must sign a Memorandum of Understanding (MOU) with GSA, provide GSA with details supporting further contract extensions, and start comprehensive quarterly executive transition updates with GSA. As of June 26, 2023, eight agencies have requested extensions to May 31, 2026. Some need additional weeks and some need additional months to complete their transition.

New Executive Leadership for Enterprise Technology Solutions

On February 16, 2023, Jake Marcellus became the Executive Director for Enterprise Technology Solutions (ETS). Jake leads a subcategory that includes Enterprise Telecommunications, Mobility and Satellite Communications (SATCOM) services. Jake came to us from GSA IT and has extensive experience leading telecommunications efforts within the Department of Defense.

I have asked Jake, as lead executive for EIS, to place his initial focus on improving the customer agency EIS transition experience and outcomes. His team developed a system to use disconnect data to identify the most significant transition risks and make the appropriate executive engagements with agencies.

They’re engaging agencies, assisting with problem identification, consulting on technical solutions and facilitating requests for 2026 extensions. In addition to meeting with agency Chief Information Office (CIO) staff, Jake is also meeting with executives of our EIS contractors.

The Continuity of Service Period and beyond

GSA continues to manage the EIS transition by supporting agency requirements and the contractors’ performance toward meeting the key completion dates.

  • May 31st 2024 – Continuity of Service (CoS) ends for those agencies that signed MOUs with GSA for the June 1, 2023 through May 31, 2024 CoS periods.
  • May 31st 2026 – The end of service for those agencies authorized to use extended CoS beyond May 31, 2024.

The terms and conditions of the legacy telecommunications contracts allow only those organizations specified in the Networks Authorized User List (NAUL) to obtain services under these contracts. GSA continues to update the NAUL to remove those agencies which are no longer authorized to use the contracts and will order contractors to disconnect services to such agencies. Unless an agency is working with GSA to use the extended CoS to May 31, 2026, the NAUL will be updated to remove the agency and its services will be disconnected on or before May 31, 2024. Agencies should continue to work aggressively with their contractors to transition prior to May 31, 2024. If an agency requires days, weeks or months beyond May 2024, it should contact their Solutions Broker on the GSA team to explore options.

Working together to achieve successful outcomes

Successful EIS transitions are a team effort. While GSA manages the transition as a governmentwide program, the agencies and their contractors–for both the legacy contracts and EIS–must work very closely to ensure the agencies’ requirements and those of their task orders are successfully met. This requires close oversight by the Ordering Contracting Officers for those task orders and the project managers, in collaboration with experts in networking, security, finance and operations that form the agencies’ transition teams. These teams monitor the contractors’ activities, identify risks and issues, and develop solutions with the contractors in compliance with the task orders and with an eye toward completing transition by the deadline.

Below are some of the lessons learned that enabled the successful completion of agency transitions.

  1. Know your existing inventory and requirements
    It is foundational that a transition is properly scoped in regards to physical locations and required telecom services. This step will ensure full accountability on what needs to be transitioned, what will not be transitioned and account for new requirements.
  2. Create a transition strategy
    A transition strategy includes what will be transitioned and the discrete considerations for unique mission needs and environment. Transitions in urban and rural areas have distinct challenges.
  3. Develop a plan and schedule
    Provide an overview of required actions and a detailed schedule of activities.
  4. Get stakeholder buy-in
    A successful transition requires acute coordination between engineering, program management, government contracting staff and the associated contractors.
  5. Monitor and Control
    This phase requires the agency work with both their EIS and legacy contractors to ensure that services are both transitioned and disconnected. Transition progress should be actively monitored to spot potential obstacles and implement corrective actions.
  6. Leverage the GSA team
    GSA has assigned solutions brokers for all agencies. Solutions brokers are a single point of contact for assistance with EIS, Networx, WITS3 and all transition activities. GSA’s ETS Executive Director is available for the agency executive engagement.

Visit our website to learn more about EIS or use our IT Solutions Navigator to find the vehicle that’s right for you.

Follow ITC on LinkedIn and Twitter, and subscribe for blog updates.

Working on a critical acquisition? Start with GSA’s Market Research as a Service

Before making a mission-critical acquisition, agencies can save time and resources in finding compliant suppliers, capabilities, competition levels and more to understand the market landscape. GSA’s Market Research as a Service (MRAS) conveniently delivers meaningful market data at no cost to federal, state, and local agencies.

How does MRAS work with agencies?

Through FAR Part 10-compliant Requests for Information (RFIs), sources sought, industry days, and advanced product research, MRAS collects data to help customers understand where their need fits within the GSA governmentwide marketplace.

MRAS experts partner with federal, state, and local agencies to create customized RFIs and help agencies shape their overall acquisition strategy with a thorough, tailored market research report. These services are available at no cost and can be completed typically in two weeks or less.

Record of success with MRAS

In three years, MRAS has conducted over 3,000 RFIs for customers, including more than 25% specifically for IT Category Special Item Numbers (SIN) on the GSA Multiple Award Schedule (MAS).

Top customers served:

  • U.S. Air Force
  • U.S. Army
  • U.S. Navy

Better techniques, better results, Best in Class

The MRAS team uses extensive technology tools and the latest research techniques to generate the best information for customers, and generates a list of vetted, Best in Class GSA industry partners who can fulfill a customer’s unique requirements. The team also works closely with GSA’s talented Customer Service Directors (CSD) to research and review the category, SIN, or contract that best meets the customer’s requirements while following applicable compliance guidelines and maximizing resources.

Customers can review the results of their MRAS request with a member of GSA’s CSD team to answer questions and consider next steps.

Recently, the MRAS team produced a market research report for a multimillion-dollar Department of Defense (DOD) project at Nellis Air Force Base, Nev. and Fort Irwin, Calif. In less than two weeks, the team identified more than 40 potential sources. DOD ultimately found a winning match on the MAS IT professional services SIN.

GSA’s MRAS – Your free resource to start your agency’s successful acquisition journey

GSA’s MRAS offers customers invaluable help through a key component of the acquisition process. MRAS helps agencies make informed acquisition decisions precisely and efficiently. Contact MRAS to learn more and get started today.

Follow ITC on LinkedIn and Twitter, and subscribe for blog updates.

Celebrating two years of 8(a) STARS III

8(a) STARS III officially launched two years ago this month, and it’s worth celebrating this important anniversary milestone. This governmentwide contract has really hit the ground running, and I couldn’t be more proud of its success in helping agencies achieve their missions. I’d like to share why we are so happy with this program.

Supporting the mission of government

8(a) STARS III is a competitively awarded, multiple-award, indefinite-delivery/indefinite-quantity governmentwide acquisition contract (GWAC) set aside for participants in the Small Business Administration’s 8(a) program. 8(a) STARS III is GSA’s fourth-generation 8(a) GWAC and continues the legacy of creating opportunities for small disadvantaged businesses while helping federal agencies meet their socioeconomic goals and mission-critical IT requirements. 

STARS III delivers opportunities to more than a thousand 8(a) businesses and drives progress on important public policy objectives, including the President’s Executive Order on Advancing Racial Equity and Support for Underserved Communities Through the Federal Government as we work to improve diversity, equity, inclusion, and accessibility.

Phased award approach

We awarded cohort one of 8(a) STARS III in June 2021 to 448 industry partners. Then awards for cohort two were announced in February 2022 to nearly 600 additional awardees. The third and final cohort award happened in June 2022 for an additional 65 awardees – just one year ago.

Traditionally, we made awards in one batch, but with 8(a) STARS III, we reinvented the award process. Using an innovative cohort approach, we gave 8(a) firms additional opportunities by allowing initially unsuccessful offerors a second and third chance. 145 of these cohort two and three industry partners have received task order awards proving that they can be successful if given an opportunity.

Major success

In just two years, 8(a) STARS III secured $1 billion in obligations through 600 task order awards to 309 small disadvantaged businesses. Notability, 177 of them have never had a task order award through GSA before. That’s incredible and really shows how 8(a) STARS III is building opportunities for the community. 

Agencies adopting 8(a) STARS III

37 federal agencies have already put their faith in the contract with an award, and more than 2,656 acquisition professionals from 54 agencies have signed up and received their delegation of procurement authority training. 

Those agencies are leveraging the contract for a variety of IT Services to meet their mission, including help desk support, database administration, emerging technologies, custom software and applications development, systems integration, and cybersecurity solutions to secure the enterprise.

Hand-in-hand with industry

This doesn’t happen all by itself. We’ve worked hard to build meaningful relationships with these small businesses through one-on-one engagement, monthly snapshot newsletters for awardees, video tutorials, and even through our new GSA Does That podcast. We’ve also created an 8(a) STARS III Resource Center where our industry partners can find just about everything that they need to be successful.

Empowering small businesses

Again, I couldn’t be more proud of 8(a) STARS III as we empower disadvantaged small businesses to deliver mission-critical IT services to the government. Visit our website to learn more about www.gsa.gov/stars3.

Follow ITC on LinkedIn and Twitter, and subscribe for blog updates.