0

Think IT Modernization? Think GSA

Our mission in the Office of Information Technology Category (ITC) is to “maximize customer value and mission productivity through IT acquisition.” As the largest provider of IT acquisition solutions for government, it is absolutely critical that we ride the bleeding edge of IT innovation. As a service to agencies and taxpayers, we adopt innovative solutions early on and apply them to our own processes — we learn about new technologies by using them. Efforts like this position us to even more effectively help agencies face their future mission needs.

In a blog post last December, we announced our experimentation with distributed ledger technology (DLT) — commonly referred to as “blockchain.” At the time we had just completed a proof of concept to further enhance our Making it Easier FASt Lane proposal review process. We found that DLT can automate many of the manual business processes and steps required to award a new IT Schedule 70 contract. This includes time-intensive tasks such as financial reviews and development of pre-negotiation memoranda, freeing up our workforce to focus on more meaningful responsibilities. DLT also modernizes the award process making it easier, more efficient, and faster for those new contract holders.

IT modernization is a major focus of this administration. Our work with DLT is an excellent example of leveraging emerging technologies to enhance existing systems — to reimagine how we build using an agile methodology to effectively modernize over time. The crawl/walk/run method that we’re using to implement DLT highlights one best-practice path to modernization.

First, We Crawled – What We Did

In July 2017, we kicked off the proof of concept (POC) as an award under the simplified acquisition threshold. This acquisition strategy used an agile acquisition and development approach and had a short, six-week delivery schedule. The entire POC only cost $150,000.

Now We Walk – Development

The POC demonstrated how we could use DLT to help automate our acquisition workforce, specifically touching and entering data only once into a single solution.

To expand the project’s scope, this May we awarded a contract for a pilot. Where the POC tested the waters limited to IT Schedule 70, the pilot has a wider scope: the Multiple Award Schedules (MAS) program (aka the Schedules). We plan to look across the entire enterprise to find out where we’ll gain the most benefits within the Schedules program.

The pilot will create a DLT-based software layer over GSA’s existing infrastructure which creates transparency and documents activities between industry partners (contractors/vendors) and GSA.

This layer will make the proposal review process accountable and allow for a controlled reduction in fixed costs. Also, the pilot automates financial reviews and other GSA Schedules business processes.

For example, we can identify offerors with substandard financial ratios based on the average (as reported by the IRS) of their respective NAICs code. Offerors with poor financial ratios will be flagged for further review; if the ratios look good they will move to the next step.

This first pilot will break down and modularize the workstream and build out a micro-service for the financial responsibility process. Implementing a manageable business process, this will enable us to more simply capture information and to build analytics.

Next, We’ll Run – Production/Sustainment

If the pilot is successful, we’ll continue its development and our efforts to make this a reality by awarding another contract for a full-scale production.

Think IT Modernization? Think GSA

Our team has the expertise and agility to try new things and test new IT solutions. We launch, test, learn, and then use those lessons learned to support our customers.

So, when you think about modernizing your IT systems, think GSA! We have the experts and acquisition solutions in place to make IT modernization a reality for the federal government.

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

The five steps to accelerate the process to award contracts and make life better for the workforce and vendors.

Tags:
0

5 Considerations for Using the CDM Tools SIN

While threats to our most critical systems increase, agencies face ongoing challenges to keep IT assets safe from adversaries. On August 11, 2018, the continuous diagnostics & mitigation tools continuous monitoring as a services (CDM/CMaaS) blanket purchase agreements (BPAs)expired and were replaced by a new special item number (SIN) on IT Schedule 70: The CDM Tools SIN (132-44).

The CDM Tools SIN on IT Schedule 70 provides agencies with easier access to a governmentwide set of information security continuous monitoring (ISCM) tools.

The CDM Tools SIN also:

  • Allows for added flexibility and speed to market for emerging technologies related to the CDM Program
  • Supports an expanded pool of industry partners offering CDM tools

Here are five considerations for choosing the CDM Tools SIN, when implementing your system security plans and IT security solutions:

1. We’ve made it easier to strengthen your network

Our CDM Tools SIN provides agencies with products and associated services that monitor and report into their CDM agency dashboard. It also allows them to manage:

  • What is on the network
  • Who is on the network
  • What is happening on the network
  • How data is protected

2. The Department of Homeland Security (DHS) has vetted all products on the CDM Tools SIN

GSA’s partnership with DHS ensures that the products available on the CDM Tools SIN have gone through a sophisticated vetting process. They are added to DHS’s CDM approved products list (APL) before being added to the CDM Tools SIN. Products on the APL are consolidated and categorized for ease of discovery.

The APL is the authoritative approved product catalog for products that meet the department’s CDM requirements. DHS reviews new products every month, allowing for new and emerging products to become part of the CDM marketplace. Once approved and placed on the APL, vendors can apply to IT Schedule 70 to sell their new product on the SIN.

3. The CDM Tools SIN is open to all GSA IT Schedule 70 users

Federal agencies can use the CDM Tools SIN; state, local, tribal, and territorial government entities can also access the CDM Tools SIN through GSA’s Cooperative Purchasing Program.

The SIN is also available to Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) awardees purchasing CDM tools, the Department of Defense, and other organizations that can use IT Schedule 70.

4. Chief Information Security Officer (CISO) Handbook calls out the CDM Tools SIN

The CIO Council recently published the CISO Handbook to give chief information security officers (CISOs) important information they need to implement federal cybersecurity at their agencies. The CDM tools SIN is called out as a resource for CISOs to address federal cybersecurity requirements.

Agencies use CDM Tools to comply with various federal mandates and to strengthen their network defenses through sustained monitoring of network activity and automatic identification and prevention of any activity determined to be unauthorized.

5. We make it easy for you to order CDM Tools SIN

GSA makes it easy to access these tools through the www.gsa.gov/cdm webpages, featuring an ordering guide and links to GSA eLibrary’s CDM Tools page. We update the site every month with the new DHS Approved Products List. We also feature a guide for industry vendors interested in applying to sell products on the CDM Tools SIN.

For more information on the CDM Tools SIN, visit www.gsa.gov/cdm, or contact the IT Security Subcategory Team at itsecuritycm@gsa.gov.

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

Tags:
0

Saying Goodbye to a Career of Federal Service

I recently announced I’m winding down my career with the federal government.  Retirement is a great time for reflection as I approach the end of one chapter and the beginning of the next.

After 32 years of service in the government and private sectors, I have been fortunate to work beside people whose passion is to serve in the best interests of our customers. I leave my position as Assistant Commissioner of the Office of Information Technology Category (ITC) filled with pride from what we have accomplished and confidence in the excellent ITC staff.

But none of ITC’s projects and programs would be successful without the partnership, support, perspective, and engagement of our federal agency and industry partners.

I have talked often about ITC’s many successes to illustrate that the work ITC does has significant, real-world impacts — we manage more than 5,000 contracts, representing nearly $25 billion in mission-critical IT spending annually.

Our goal is to meet all agencies’ IT needs by giving them access to the best commercial products and services available, from laptop configurations to massive IT network overhauls and everything in between.

We’re always focused on how the market is changing, and which emerging technologies are becoming critical in the modern IT landscape.

This year, ITC launched initiatives aimed at modernizing and simplifying current solutions, eliminating duplicative processes, and deploying emerging technologies such as artificial intelligence (AI) and distributed ledger technology (DLT), to enhance efficiencies and drive savings into the acquisition process for GSA and government.

During my tenure as Director of IT Schedule 70, we focused on cross-government and cross-industry collaboration, realigning ITC to better support industry partners and help customer agencies meet their mission objectives.

One such example is the FASt Lane program, which focused on getting new technologies into the hands of customers faster. It has two parts: a quick 48 hour e-Modification (eMod) process for current Schedule 70 contract holders wishing to add or update their current IT product offerings, and a program helps get new vendors on schedule in approximately 45 days, down from the average time of 110 days.

We also implemented an initiative to renegotiate Schedule 70 base prices for many of the largest contracts. As a result, the government is achieving discounts of up to 46 percent off original pricing.

The solutions that we have put in place are truly critical to enabling the government to do its ultimate job — serving the American taxpayers.

I look forward to following GSA’s and ITC’s future endeavors and celebrating their successes from a new vantage point.
Many thanks to this entire community for your tremendous partnership over the years.

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

0

Protecting State and Local Election Systems and Strengthening Cyber Defenses

By Kay Ely, Assistant Commissioner, Office of Information Technology Category

Preventing infiltration and tampering of elections systems and fortifying cyber defenses continue to be important topics.

Through our established IT contract vehicles, GSA can provide government agencies with access to cybersecurity products and services to improve resilience, protect important information, and bring election systems into compliance with leading-edge practices for enhancing security in today’s tech-savvy environment.

Cooperative Purchasing Program

GSA’s Cooperative Purchasing Program allows state, local, and tribal governments to benefit from access to solutions, products, and services from pre-vetted industry partners through IT Schedule 70 — the same as those offered to federal agencies.

That means these government agencies can buy the newest cybersecurity offerings under the Highly Adaptive Cybersecurity Services (HACS) and Continuous Diagnostics and Mitigation (CDM) Special Item Numbers (SINs) which can help with risk assessments and management of election systems.

Cyber Products and Services

Services offered by our HACS partners:

  • Risk and Vulnerability Assessment (RVA) services that adhere to the Department of Homeland Security’s (DHS) methodology for assessing High Value Assets
  • Penetration Testing to proactively identify and detect cyber vulnerabilities
  • Cyber Hunt to mitigate immediate and potential threats
  • Incident Response to expand government’s ability to recover from cyber attacks

Government agencies can also buy cybersecurity tools that are on DHS’s CDM Approved Product List through the CDM Tools SIN. These offer hardware and software tools designed to:

  • Identify enterprise cybersecurity risks on an ongoing basis
  • Prioritize these risks based upon potential impacts
  • Enable cyber security personnel to mitigate the most significant problems first

Here at GSA, we are committed to providing the best quality products and services to our state, local, and tribal government customers and we’re ready to help you secure our nation’s systems.

For more information on the HACS and CDM Tools SINs, visit https://gsa.gov/itsecurity, or contact the IT Security Subcategory Team at itsecuritycm@gsa.gov.