Is your agency cyber ready?
October is Cybersecurity Awareness Month and this year’s theme is “See Yourself in Cyber.”
Planning and executing a cybersecurity acquisition is a winding road. It can be daunting without a clear place to start. Federal agencies are challenged with navigating changing threat environments, new policy mandates, and an ever-evolving technology landscape. Acquisition professionals within the federal government have a large role in helping to protect our Nation’s networks and assets but don’t have to take this on alone. GSA offers convenient access to a range of resources to help identify requirements and create a plan, compare contract vehicles, and develop a solicitation to award a contract.
GSA is here to help “See Yourself in Cyber” and get your agency one step closer towards being cyber ready.
Current cybersecurity requirements
Executive Order (EO) 14028: Improving the Nation’s Cybersecurity and associated Office of Management and Budget (OMB) memoranda established critical policy goals federal agencies must follow. These goals include implementation of a Zero Trust Architecture (ZTA) and the adoption of Cybersecurity Supply Chain Risk Management (C-SCRM) practices within Information and Communication Technology (ICT) supply chains. Federal agencies have also been targeted in a number of high-profile cyber attacks resulting in new and evolving program needs to protect their networks from and respond to future attacks.
GSA offers multiple resources to help make sense of these new policies and program drivers and translate them into requirements for a solicitation:
- GSA’s EO 14028 webpage and the Zero Trust webpage connect users with resources related to recent cybersecurity requirements.
- GSA subject matter experts (SMEs) offer focused cybersecurity training that discuss many of the policy and technology drivers impacting the Federal cybersecurity marketplace.
- GSA has multiple videos on cybersecurity on ITC’s YouTube playlist. Topics include use case scenarios for agencies seeking to procure cybersecurity solutions and the journey toward implementing a ZTA.
GSA offers a wide range of cybersecurity services and solutions. We know it can be difficult to select the right fit for your agency’s requirements. To help demystify this process, GSA developed a number of buyer’s guides that identify which solutions meet your agency’s specific cybersecurity needs:
- The Advanced Persistent Threat (APT) Buyer’s Guide explains how federal agencies can leverage GSA solutions to defend IT assets from APTs (i.e., highly-sophisticated adversaries that have perpetrated recent high-profile cyber attacks).
- The Zero Trust Architecture (ZTA) Buyer’s Guide breaks down the components of a ZTA and highlights the different GSA contract vehicles agencies can use to purchase various products and services needed to achieve a mature ZTA.
- The Cybersecurity Supply Chain Risk Management (C-SCRM) Guide highlights the practices associated with a C-SCRM program and how agencies can use GSA contract vehicles to strengthen ICT supply chains.
GSA-offered cybersecurity services and solutions
GSA has several cybersecurity-specific contracting offerings, including:
- The Highly Adaptive Cybersecurity Services (HACS) Special Item Number (SIN) on the Multiple Award Schedule Information Technology (MAS IT), established in collaboration with OMB and the Cybersecurity and Infrastructure Security Agency (CISA), which provides:
- Proactive and reactive cybersecurity services.
- A wide range of vendors capable of meeting your agency’s small business and socioeconomic contracting goals.
- Access to technically evaluated cybersecurity vendors. Vendors must pass an oral-technical evaluation to be able to offer services through the HACS SIN.
If you have questions about whether your requirement fits within the scope of the HACS SIN, GSA SMEs are available to provide free and individualized consultations, and scope reviews.
- The IT Professional Services SIN on MAS IT that offers agencies:
- Access to pre-vetted IT solution providers.
- Pre-negotiated prices that can be further discounted.
- Established terms and conditions at the master contract level that can be customized at the task order level.
- A diverse pool of vendors to help meet socioeconomic and small business contracting goals.
- Two cybersecurity-specific subcategories: IT Backup and Security Services, and Information Assurance.
- The Continuous Diagnostics and Mitigation (CDM) Tools. CISA maintains the CDM Approved Products List (APL), the authoritative catalog for CISA-approved CDM IT products. To purchase products on the APL, agencies can use:
- GSA’s Best-In-Class (BIC) Hardware and Software SINs;
- GSA’s Second Generation IT (2GIT) Blanket Purchase Agreements (BPAs); and
- GSA Advantage!®. Easily identify products that have successfully passed the CDM review with the CDM symbol.
Planning and procurement tools
GSA gives buyers an entire toolbox to guide the process of developing and releasing a solicitation, from market research to procurement.
- GSA’s Market Research as a Service (MRAS) gives buyers access to rapid, targeted market research for their acquisitions at no cost. MRAS can be used to identify GSA contracts that might fit requirements, get information on vendor pools and market data, or compare and search products offered on GSAAdvantage!®.
- Buyers can also use GSA’s IT Solutions Navigator to identify the right contract vehicles to meet cybersecurity needs. Users can select types of products or services to see a list of best-fit contract vehicles and solutions that meet requirements.
- On GSA eLibrary, agencies can view vendor pools offered under different contract vehicles, review vendors’ terms and conditions, and view their socioeconomic designations and geographic locations.
- The IT Security Hallway on the Acquisition Gateway displays multiple resources for government users in one convenient location. Users can access sample statements of work for the HACS SIN and a tool to help calculate Independent Government Cost Estimates (IGCE).
- Agencies can also use GSA eTools, including GSA eBuy and GSA Advantage!® to initiate the procurement process and release documents to industry. On GSA eBuy, Requests for Information, Requests for Quote, and Requests for Proposals can be released to holders of the contract vehicle selected. On GSAAdvantage!® buyers can compare products and pricing to make purchases or view past solicitations released as a resource.
GSA offers continued support
GSA support doesn’t stop once you’ve released your solicitation. We are committed to providing support to agencies throughout the entire acquisition lifecycle. If you have questions related to an offeror’s submission, or need to clarify questions from industry, our experienced cybersecurity and contracting SMEs can assist. For SME support, contact the GSA IT Security Subcategory at ITSecurityCM@gsa.gov.
While cybersecurity acquisitions may seem intimidating at first glance, GSA offers plenty of resources to help demystify the process. If you need additional assistance, you can contact the Customer Service Director (CSD) dedicated to your agency and region, or your agency’s National Account Manager (NAM). CSDs and NAMs are a valuable source of information on GSA programs and can connect you with further support or training. To learn more about CSDs and how they can help, watch this video.
Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.