FY20: Exceptional Work in an Exceptional Year

Posted by Laura Stanton
on March 30, 2021

The Numbers Are In – Biggest Year on Record for GSA ITC!

In Fiscal Year 2020, the Information Technology Category (ITC) recorded more than $30 billion in business volume across its portfolio. For context, this accounts for nearly a third (33%) of the $89 billion total that was spent on IT across all federal agencies in FY20.

Accordingly, this past fiscal year proved to be a record year in other categories as well:

  • IT spending through the Multiple Award Schedule accounted for an impressive $18.1 billion of the $30 Billion total, bolstered by its $12.7 Billion in new obligations. In FY20, MAS IT impressively posted 18% annual growth in new obligations.
  • On the Small Business front, ITC accounted for $7.1 Billion in utilization from Government Wide Acquisition Contracts (GWACs), Schedules, and Telecommunications
  • ITC issued a single award via its telecommunications branch to the tune of $2.5 Billion, using the Enterprise Infrastructure Service (EIS) Contract. The award was made on behalf of the Department of Health and Human Services, and over the lifetime of the contract, the agency estimates it will save more than $700 million.
  • ITC accounted for more than $2 billion in savings and cost avoidance to their customers

FY20 Efforts in Review

The 2020 Fiscal Year drove change through every part of our lives. COVID-19 spurred dramatic change in government work culture and led to rapid technological adaptation across all agencies. A good deal of ITC’s increased business volume can be attributed to agencies transitioning to mobile-friendly technology. However, this unprecedented spending is also due to agencies acknowledging that GSA is a solid partner as they make big IT changes and choices about how to invest. We’re out front and focused when it comes to customer service, agile response to emergency needs, and delivery of mission-enabling and emerging technologies.

In 2020, customer agencies turned to GSA’s schedules program, assisted acquisition services and governmentwide acquisition contracts (GWAC) to fulfill pandemic-driven requirements as well as regular demand for products and services. Our success embodies the trust that federal agencies have put in us and our ability to address elements that our customers most care about:

  • Speed of acquisition
  • Assistance with mobile-friendly technology adoption
  • Technical and market expertise
  • Data transparency
  • General customer service

Agencies have turned to and relied on us to ensure their mission continuity and transition to a more untethered workforce.

In FY20, ITC launched the Information Technology Acquisition University (ITAU) to make it easier to learn about GSA’s products, IT solutions available through GWACs, MAS, and more. ITAU is a digital training platform for emerging technologies, their acquisition, GSA-specific contract training and more.

Additionally, ITC enhanced the Cloud Information Center, the GSA-curated federal resource hub for all things cloud, continuing to place valuable cloud computing resources in the hands of agencies.

These resources are ways that GSA is meeting the rise in demand for virtual access to our subject matter experts and more online learning platforms.

Looking Forward

In FY21, GSA is doubling down on emerging technologies as the way of the future. The 8(a) STARS III and Polaris government-wide acquisition vehicles will have Artificial Intelligence offerings (Machine Learning, Robotic Process Automation, Natural Language Processing), edge computing and more. As the Cybersecurity Maturity Model Certification (CMMC) effort ramps up and Supply Chain Risk Management (SCRM) principles are emphasized, GSA will continue to prioritize security as a core tenet of acquisitions.

As my Deputy Assistant Commissioner Keith Nakasone likes to remind me, agencies are coming to GSA to leverage our IT expertise and the buying power of the government. They want to know that the products they’re adding to their IT footprint aren’t jeopardizing their networks. To that end, the CMMC level can be designated as needed at the task order requirement level. Large contracts such as the 2nd Generation Information Technology (2GIT) hardware/software Blanket Purchase Agreements, have SCRM built in as a key operational component. Ultimately, GSA understands it plays a crucial role and has a considerable responsibility for an agency’s IT health.

Going into FY22, ITC will continue to provide the tools needed to successfully modernize while prioritizing cost-efficiency, expediency, and security. Leveraging Best In Class (BIC) contracts is one way. Taking advantage of online resources like ITAU and the CIC is another. Give your agency a reason to acquire with confidence — work with GSA for your next IT acquisition.

As always, follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.
To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.

Continue Reading...

Continuous Monitoring: Keeping Your System Up to Date and Prepared for Cyberattacks

Posted by Laura Stanton
on March 10, 2021

Continuous monitoring of IT systems is an evolving process. It adapts as new technologies and capabilities become available and as organizations are faced with advanced and persistent threats. However, the core strategies of continuous monitoring lay the foundation for safe and secured federal IT systems.

Continuous monitoring helps agencies identify, resolve, and understand key insights regarding certain risks to their information systems. The Risk Management Framework (RMF) process consists of several steps that include preparing a system for authorization, authorizing the system, and continuously monitoring the system until the next authorization process begins. The monitoring step is essential for agencies that want to minimize risks to their security systems.

As mentioned in previous posts, the Highly Adaptive Cybersecurity Services (HACS) Special Item Number (SIN) solution is available for agencies in need of cybersecurity services, including RMF. GSA’s HACS solution connects agencies with vendors who have passed an oral technical evaluation for cybersecurity services, making it easier for agencies to find quality vendors to assist with continuous monitoring strategies and Security Operations Centers (SOCs) activities.

After agencies obtain Authorization to Operate (ATO), they move into the continuous monitoring step of the RMF process. Though continuous monitoring strategies can vary by agency, usual tasks include near real-time risk management and ongoing authorization based on the system environment of operation. This step’s dynamic processes determine if a system’s security controls continue to be effective over time.

Risk Management Framework (RMF) image
Disclaimer: RMF steps can vary based on an organization’s cybersecurity needs.

RMF services are available through GSA’s HACS SIN. A Statement of Work (SOW) for the RMF process can be found on the HACS website and includes example language for procuring services for the Monitor Step. The SOW outlines several subtasks that make up the continuous monitoring phase of RMF.

Roles and Responsibilities within the Continuous Monitoring Strategy

As part of the continuous monitoring process, the agency will oversee information system and environment changes. This process involves determining the security impact of proposed or actual changes to the information system and its environment of operation.

Security Control Assessments

An Information Owner (IO), Security Control Assessor (SCA), Information System Security Officer (ISSO), and Information System Security Engineer (ISSE) will be responsible for ongoing security control assessments. The IO is an inherently governmental position; however, contractors can provide support for the other roles in most situations. In these assessments, personnel examine the technical, management, and operational security controls within an information system. This practice ensures that a system is in accordance with the agency’s monitoring strategy.

Risk Determination

The Chief Information Security Officer (CISO) performs ongoing risk determination and acceptance as a part of continuous monitoring. This task consists of reviewing the reported security status of the information system (including the effectiveness of security controls employed within, and inherited by, the system) on an ongoing basis. The CISO aims to determine whether the risk to the agency’s system remains acceptable. If a risk is not acceptable, remediation will take place. This CISO is in an inherently governmental position; however, contractors can provide subject matter expertise and recommendations for risk determinations.

Ongoing Remediation

The IO and ISSO take part in ongoing remediation actions throughout the continuous monitoring process. Along with the Information System Owner (ISO) and the Common Control Provider (CCP), these personnel conduct remediation actions based on the results of ongoing monitoring activities, the assessment of risk, and outstanding items in the Plan of Action and Milestones.

For more information on HACS RMF services and how using the HACS SIN can make it easier for your agency to monitor its systems, visit the HACS homepage or download the customizable RMF Statement of Work (SOW).

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.

Continue Reading...

Polaris: Women Owned Small Businesses, Get SBA Certified

Posted by Keith Nakasone
on January 11, 2021

On December 31, 2020, GSA released the Draft Request For Proposal (RFP) for comment for our next generation small business GWAC, Polaris. With the creation of Polaris, GSA will build on the success of the now-expired Alliant Small Business GWAC by providing additional opportunities for small businesses, including but not limited to, HUBZone and woman-owned small business (WOSB) firms. We couldn’t be more proud of our team for putting this together, and we’re looking forward to your feedback.

WOSBs are Key Contributors

As we indicated in the draft RFP, GSA is considering socioeconomic pools to include WOSBs to maximize competition within the Information Technology Category. It’s very important to GSA that WOSBs are included in our contracts as they are key contributors to the government marketplace. It’s vital that the government have access to a robust pool of SBA certified WOSBs to ensure access to as broad of an industrial base as possible.

GSA is encouraging WOSBs to respond to the draft RFP to help ensure the following:

  1. there is a sufficient pool of WOSBs that are SBA certified
  2. to meet the annual federal goal of 5 percent of all federal contract dollars spent being awarded to WOSBs
  3. to help increase competition in the IT emerging technologies and innovations space.

You’re a WOSB, Why Get Involved?

In FY20, the federal government invested more than $87 billion in IT, with approximately $47 billion allocated to IT services. Federal agencies awarded $15.6 billion in IT services to small businesses, with more than $5 billion awarded through IT Category contracts. Every day, small businesses are making a huge impact in helping agencies achieve their missions.

SBA WOSB Certification

As of July 15, 2020, The U.S. Small Business Administration (SBA) implemented Congress’ changes to the WOSB Federal Contracting Program, as outlined in the 2015 National Defense Authorization Act (NDAA).

We’re encouraging WOSBs to work with the SBA, which implements and administers the WOSB Federal Contracting Program, in order to understand and navigate the certification process to ensure the right certifications are in place.

  • Before firms can compete for WOSB Federal Contracting Program set-aside (including Polaris) contracts, they must apply for certification through the new process on beta.certify.sba.gov
  • For more information about the new application process, please review the following fact sheet.
  • Additionally, beta.Certify Knowledge Base is a valuable resource for firms to get started learning about this new platform with how-to videos, user guides.

WOSBs, Helping Light the Way

We couldn’t be more excited about the future of our small business GWAC program and Polaris is going to help light the way. To be truly successful, we need your help in getting WOSBs certified.

To follow the Polaris conversation subscribe to the GSA Interact page: Small Business GWAC Community of Interest. Also, please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.

Continue Reading...

Veteran Owned Companies Bring Cybersecurity Expertise to Federal Customers

Posted by Laura Stanton
on November 12, 2020

As we celebrate Veterans Day, we want to take a moment to appreciate all of the men and women who contribute to this great nation through their service in our military. America’s veterans are one of our most valued resources. Veterans bring a unique skill set, knowledge, and experience to everything they do; and GSA has been able to tap into their valuable expertise through our Service-Disabled Veteran-Owned Small Business (SDVOSB) contract for IT Services, VETS 2.

GSA’s VETS 2 Governmentwide Acquisition Contract is available to all federal customers. Agencies purchasing IT services through the VETS 2 contract demonstrate how prevalent veterans are in supporting mission-critical IT services needs across the federal landscape. One of the important core capabilities of VETS 2 is Cybersecurity. The SDVOSB firms on the contract have done the work, and 77 percent of the firms have extensive experience in cybersecurity. More than 60 of the VETS 2 industry partners have a secret or top-secret facilities clearance. These companies are well established in the IT industry. The background they bring with their previous military experience has been key to their success.

The IRS, Treasury, DHS, DoD, Army, and Air Force have all tapped into the expertise of our VETS 2 Industry Partners. They have placed task orders on the contract for IT Security and Cybersecurity requirements. Since the inception of the VETS 2 contract in February of 2018, there have been 21 task orders specifically to support IT Security needs within the government. This shows that veterans can provide the specialized knowledge, skills, and abilities that are needed today.

The single largest task order that has been issued on the VETS 2 contract was completed by GSA’s Federal Systems Integration and Management Center (FEDSIM) on behalf of the United States Army Pacific (USARPAC). This task order will help USARPAC in providing a quality-focused process and capability that enables effective sustainment and modernization of critical Command, Control, Communications, Computers (C4), and IT systems. These services include site surveys, engineering, design, procurement, logistics, implementation, operations and maintenance, knowledge management, cybersecurity, and training of new and existing C4 IT systems. This is an excellent example of the broad capabilities available through VETS 2.

2020 has been hugely successful for the VETS 2 contract, with 97 task orders worth more than $1 billion. This contract is only in its third year and is already surpassing expectations. There are 69 industry partners on the contract with a variety of specialized IT services core capabilities. VETS 2 is also a Best-in-Class contract as designated by the Office of Management and Budget. Federal customers using VETS 2 will receive socioeconomic credit toward small business goals as well as credit toward their
Spend Under Management goals.

On Veteran’s Day each year, we reflect on the hard, mission-enabling work our veterans continue to deliver for our government every day, and I couldn’t be more proud of our VETS 2 team and industry partners.

For more information about the industry partners on the contract, check out our VETS 2 website.

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.

Continue Reading...

Authorization to Operate: Preparing Your Agency’s Information System

Posted by Laura Stanton
on October 30, 2020

To close out National Cybersecurity Awareness Month, here are some steps federal agencies can take to protect their IT systems from cyber attacks and cybersecurity vulnerabilities using the Authorization to Operate (ATO) process.

An ATO demonstrates that a federal agency has gone through a federally approved, detailed process to protect an IT system from incidents such as cyberattacks, security breaches, malware, and phishing attempts. Many federal IT systems are required to obtain an ATO to process government data and federal regulations recommend that agencies follow the Risk Management Framework (RMF) to become authorized.

GSA’s Highly Adaptive Cybersecurity Services (HACS) Special Item Number (SIN) provides solutions for all of an agency’s cybersecurity service needs, including RMF. The HACS SIN connects agencies with vendors who have passed oral technical evaluations for cybersecurity services performed within the RMF, and who are ready to assist agencies with the RMF process for a successful authorization.

RMF Graphic full definitions ATO highlight (3)
Disclaimer: RMF steps can vary based on an organization’s cybersecurity needs.

All of the steps, tasks, and activities that precede the “Authorize” step of the RMF help to prepare the information system for the authorizing official’s appraisal. The authorizing official is not a contractor, but a federal employee of whichever agency is seeking ATO.

The HACS SIN connects federal agencies with contractors who can help in each stage of the RMF. Contractors can assist agencies in producing the deliverables associated with each RMF step listed in the chart below.

Disclaimer: RMF deliverables can vary based on an organization’s cybersecurity needs.

Once an agency has successfully completed the first four steps of the RMF (“Categorize” through “Assess”), an authorizing official will evaluate the system. The authorizing official for the federal agency in question evaluates residual risks identified during the security control assessment, and makes the decision to authorize the system to operate, deny its operation, or ask the agency to address any issues.

When granting an ATO, authorizing officials look for the following checklist of items:

  • Plan of Action and Milestones (POA&M)
  • Authorization Package
  • Final Risk Determination and Risk Acceptance
  • Authorization Decision

The POA&M is one of the most important deliverables produced in the RMF process. It reflects organizational priorities for addressing any remaining weaknesses and deficiencies in an information system and its environment of operation. The Authorization Package includes all key documents including the security plan, security assessment report, and the POA&M. 

Following the RMF steps helps your agency to achieve ATO, but the work does not end after an ATO is issued. Agencies must also continuously monitor their systems to ensure that security controls remain effective over time.

In addition, many federal agencies must reauthorize their information systems every three years by going through the RMF process again. This is where the final step of the RMF, “Monitor Controls,” is important. As part of continuous monitoring, a sample of the applicable security controls are tested annually, periodic vulnerability scanning is performed, and security impact analysis of changes are performed. If an agency continuously monitors its systems over those three years by documenting specific technical changes, environment changes, or changes to the organizational risk management strategy, it may be easier to renew an ATO because any security risks can  be mitigated at the time they occur. 

For more information on HACS RMF services and how using the HACS SIN can make it easier for your agency to achieve an ATO, visit the HACS homepage or download the customizable RMF Statement of Work (SOW).

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.

Continue Reading...

Public Sector 5G Strategy Series – Part 1: Technology

Posted by Laura Stanton
on June 16, 2020

The Wheel Is Turning

If you’ve scrolled through social media or watched live TV lately, you’ve likely seen an ad for 5G. If you find yourself wondering why there is so much conversation about 5G –you are not alone. Is it worth all of this attention?

We think so. 5G is set to revolutionize the world’s telecommunications infrastructure, paving the way for even greater use of autonomous devices and expanding the number of interconnected devices in the Internet of Things (IoT).

In October 2019, GSA held its first public event about 5G, where government and industry experts gave us a compelling look at the rollout of next generation networks, discussed how they’ll support IoT applications, and outlined the steps necessary to secure this new hyperconnected future.

Going forward, we’ll be sharing a series of posts outlining how we expect 5G will drive change across government, and what agencies should do to prepare. 5G means different things to different people, so our “5G for Government” strategy is best visualized as a wheel composed of six core concepts:

  • Technology
  • Standards
  • Security
  • Policy
  • Acquisition
  • Use Cases

This post will look at the evolution of the technology enabling 5G, and more importantly, the types of devices, applications, and services that will soon depend on it.

New Tech, Same Trends

The first cellular telephones hit the market in the mid-1970s and offered wireless voice calling over an analog network. In the early 90s, this first generation cellular technology, using analog telecommunications standards, transitioned to a 2G digital network, allowing both voice and data to travel wirelessly between devices.

3G and 4G gave us mobile internet and streaming video, respectively, leading to the rise of the smartphone and entirely new industries, such as mobile application development and cross-platform analytics.

Remember when you couldn’t open an email attachment on your phone or send a photo—let alone a video—over a wireless network? When did that change?

Most people could not tell you which network generation enabled what feature, only that devices became faster, applications more data dependent, and new services arose as capabilities increased.

The same will be true for 5G, but due to its engineered flexibility and vast capacity for high-speed data transfer, the changes will come sooner and reach far beyond communications.

Why 5G Is Different

Since 5G is still new to the market, what we can say about its current technology is limited. Indeed, many experts will tell you that 5G was designed to support applications and services that are still largely confined to a laboratory setting. For now, when we look at the technology, we can only compare it to what’s currently on the market, but when we do, it becomes apparent that we’re just seeing the tip of the iceberg.

Changing Devices

Take the smartphone, for instance. Right now, a phone on a 4G network downloads data at approximately 12-36 megabits per second (Mbps). A 5G enabled phone clocks in at 50 Mbps at minimum. Phones on the fastest commercial networks can reach 1,000 (1 gigabit) per second, and average speeds are expected to exceed 10 Gbps as the technology matures.

How does it reach these speeds? 5G transmitters use higher frequency radio waves, some in or near the millimeter wave band of the electromagnetic spectrum. Bandwidth is much more plentiful there, which greatly increases the capacity and speed of data transfer. Instead of a single cellular antenna, the 5G phone contains multiple receivers, allowing it to process all this data over multiple streams, in parallel. You could liken it to filling a glass of water from the bottom up, and the top down, at the same time. 

Smaller, More Flexible Networks

Like their predecessors, 5G networks are digital cellular networks, in which the service area covered by providers is divided into a mosaic of small geographical areas called cells. While conventional cell phone towers are hundreds of feet tall, millimeter wave antennas are only a few inches long. Though an individual antenna may only cover a small area, multiple antennas can work together as phased arrays to beam data straight to the user. This technique, known as beamforming, is one of many ways that 5G networks can be optimized to improve performance while it serves huge numbers of devices.

Open To Innovation

Small but mighty, 5G networks could be used to provide general home and office internet connections. A technique called network slicing could be used to segment a larger 5G network into highly customizable “slices,” managed and operated independent of the infrastructure owner, tailored to unique business needs. When used in conjunction with software-defined wide area networking (SD-WAN), 5G could replace outdated cable connections in government offices, campuses, and military bases.

Edge computing is another exciting concept made practical by 5G. This technique involves creating a cloud-based IT service environment at the edge of the cell, leveraging its unique properties and raw power to move computational workloads physically closer to the user. Theoretically, sophisticated edge computing could eliminate the need for physical hard drives and bulky device components, as the actual computing would occur in the cloud and beam compiled data directly to a screen or user interface. Battery sizes would shrink, ushering in new opportunities for wearable and drone technology.

Hypercharged wireless internet and robust cloud computing are just the start. The high data rate and low latency of 5G are envisioned as opening up many new applications in the near future. The use of data-heavy virtual and augmented reality applications in healthcare and research is one promising example. Another is 5G’s facilitation of fast machine-to-machine interactions in the coming Internet of Things . For example, computers in vehicles would continuously communicate with each other, sensors on the road, and real-time, artificial intelligence) generated directions using 5G. This is the kind of “smart grid” cities will have to deploy to support self-driving cars. Over time, communication capabilities and computing power will combine and extend across networks and devices, and information and computing power will be instantaneously available. This will encourage a wave of innovation in applications, services and functions built to run on the new infrastructure. 

Lightning speed, expanded capacity, and massive connectivity are the defining characteristics of current 5G networks and enabled devices. These conditions are ideal for emerging technologies to take root.  

More than that, 5G is widely expected to be a defining stage in the global evolution of IT in general, affecting almost all parts of industry and society. In subsequent posts, we’ll take a look at the standards on which it will all be built and explore the security considerations around its deployment. 

###

Until then, please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.

Continue Reading...

Cybersecurity Best Practices During the COVID-19 Pandemic

Posted by Bill Zielinski
on June 2, 2020

The unprecedented and extraordinary efforts by businesses and Federal agencies to keep employees and customers safe during the COVID-19 pandemic have also inadvertently opened the door to cyberattacks.

Large-scale transitions to work-from-home technologies, heightened activity on many public-facing networks, and greater use of online services have presented new openings for cyber attackers to exploit. As people around the world shelter in place, they turn to online platforms to chat with friends, shop, work, and go to school. That transition to virtual life puts a large strain on cybersecurity controls.

Federal agencies face new daily challenges in assuring the security of networks. In the midst of the current global pandemic that imperative is even greater — they must protect their institutions while ensuring that daily tasks go on uninterrupted. The Office of Management and Budget (OMB) recommends that agencies “make risk-based decisions as appropriate to meet mission needs” during the COVID-19 pandemic.

It is important now for agency leaders to focus on supporting technologies and capabilities that are absolutely essential to their organizations’ operations. Priority actions — and relevant technologies — may include testing already existing security plans, continuously monitoring security systems, and maintaining access security. GSA’s Highly Adaptive Cybersecurity Services (HACS) Special Item Number (SIN) provides Federal agencies with rapid access to cybersecurity vendors who can assist with the following priority actions and more.

Best practices

Testing and having incident response plans in place are helpful for any agency. If an agency has plans such as incident response, disaster recovery, or continuity, it is important to test those plans and assess any risks as soon as possible. GSA’s HACS SIN provides rapid access to vendors evaluated for incident response services.

Chief Information Security Officers (CISOs) should continue to monitor their systems closely in order to identify cybersecurity events and incidents as soon as they may appear. Focus areas include monitoring networks for new strains of malware, monitoring collaboration tools such as Google Drive or Dropbox, and monitoring personnel activity. CISOs can also monitor their systems by using Intrusion Detection Systems or their preferred live network monitoring software. The HACS SIN is an efficient way to access these capabilities.

Access management in a remote work environment is another essential focus area during the COVID-19 pandemic. Though cybersecurity is essential, so is the physical safety of the American people. Agencies are encouraging teleworking whenever possible to adhere to the Government’s social distancing guidelines, and cybersecurity experts are needed to help make telework safe and secure for employees.

With many — if not all — of an agency’s employees working from home, click-through rates for phishing emails may increase when employees no longer work closely enough with coworkers to ask them in person about suspicious activity. Remote work can also require agencies to enable offsite access to critical and/or confidential information, which can increase the risk of a cyber attack. Employees can mitigate this risk by adhering to their agency’s access control policy and utilizing secure connections (such as Two-Factor Authentication (2FA) and/or VPN) when accessing Government networks containing sensitive information.

The COVID-19 pandemic is first and foremost a human challenge, with heads of agencies and employees all juggling professional duties with personal and family responsibilities. The risk of cyberattacks will be elevated, but by focusing now on cyber activities — testing response plans, monitoring security systems, and maintaining personnel security — agencies can successfully maintain their security.

GSA is here to help connect Federal agencies with vendors that provide necessary cybersecurity services during this time through the HACS SIN solution. For more information, visit the HACS Homepage. To learn more about the additional services the HACS SIN provides, watch our HACS Overview Video.

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.

Continue Reading...

Incident Response: Protecting Your Agency Before and After a Cyberattack

Posted by Bill Zielinski
on March 10, 2020

As cyberattacks increase in size and frequency, it is important for every agency to protect its network from incidents that can jeopardize the confidentiality, integrity, or availability of an information system. The Office of Management and Budget and the Department of Homeland Security determined that 74 percent of federal agencies participating in their 2018 assessment had cybersecurity programs that were either at risk or high risk.

While an agency can take proactive measures to prevent cyberattacks, an incident may still occur. When a cyberattack or other damaging incident occurs in an agency’s network, reactive measures such as incident response must be taken to preserve the integrity of the information system.

Incident response is the methodology an organization uses to respond to and manage a cyberattack. A data breach or cyberattack can wreak havoc and potentially affect employee security, intellectual property, and agency time and resources. Incident response protocol aims to reduce this damage and recover as quickly as possible.

Incident response protects organizations against four common types of incidents:

GSA’s Highly Adaptive Cybersecurity Services (HACS) Special Item Number (SIN) offers incident response services to help organizations with compromised systems. These services help to determine the extent of the incident, remove the adversary from systems, and restore networks to a more secure state.

HACS incident response services can also be used to proactively plan for future attacks. The benefits of preparing and maintaining an incident response plan helps agencies handle cybersecurity events and minimizes the impact of potential threats while strengthening an agency’s defenses against any future incidents.

Below is an example of an incident response plan:

Incident Response StepAction Taken
Preparation Create an asset list and system baseline.
Detection and AnalysisAnalyze events to determine whether they constitute an incident.
Containment, Eradication, and RecoveryPrevent further damage from an incident, and determine the cause of an incident so that the system can be returned to the previously known neutral state. Restore compromised system to operational status.
Post-Incident ActivityProvide final report of the incident identifying current procedures for efficacy and whether those procedures were followed properly.

Another benefit of the HACS SIN is that the vendors included under the incident response subcategory have passed a technical evaluation and can provide individualized incident response plans. If an agency already has an incident response plan, vendors can evaluate the plan and provide services that adapt to that individualized plan. Vendors use qualified resources to minimize the impact of cyber-attacks and avoid future incidents. Incident response services can also augment agency resources during a large scale incident.

For more information on incident response and how GSA’s HACS SIN can provide your agency with incident response services, please visit the HACS Homepage.

To learn more about the additional services the HACS SIN provides, watch our HACS Overview Video.

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.

Continue Reading...

GSA’s Federal Acquisition Service Training Conference: Register to Attend or Exhibit

Posted by Bill Zielinski
on January 21, 2020

Attend the most comprehensive federally sponsored training event for acquisition professionals – FAST 2020.

The GSA-hosted Federal Acquisition Service Training (FAST) Conference 2020 is a multi-day, national training conference for the federal acquisition workforce, industry partners, and customer agencies. FAST 2020 will be in Atlanta at the Georgia World Congress Center. GSA is offering comprehensive training led by renowned procurement experts free of charge to all federal acquisition professionals.

FAST 2020 will also offer industry the opportunity to network with large and small businesses within the same industry and develop teaming arrangements to win future business. Agency partners will be able to conduct market research with industry partners on-site!

Attend the FAST 2020 Training Conference to help you better meet your agency mission. Network with fellow acquisition professionals and learn from them. Earn up to 20 CLP credits, collaborate with your peers, and see the latest industry solutions in the exhibit hall. ITC is offering over 30 thought-provoking classes so you can learn IT procurement from every angle.

Upcoming training tracks:

  • Advanced Techniques in Acquisition
  • Being Brilliant at the Basics for Feds
  • Being Brilliant at the Basics for Industry Partners
  • IT Modernization Emerging Technologies and Innovation
  • Leveraging the Power of the Internet eTools
  • What’s Next in Acquisition

Add FAST 2020 to your Individual Development Plans (IDPs) to begin the travel and conference participation approval process within your agency. To help you, we’ve created a sample justification letter [doc] to attend the FAST conference.

Register Now! for the FAST 2020 conference in Atlanta, Ga., April 14-16. I hope to see you there!

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.

Continue Reading...

Attend GSA’s Federal Acquisition Service Training Conference

Posted by Keith Nakasone
on December 3, 2019

We pride ourselves on the close relationships that we’ve built with industry. These partnerships enable us to help agencies across the government achieve mission success.

Industry’s solutions and expertise are critical in helping government fuel IT modernization and transformation.

These close relationships don’t come easily, though. Both GSA and industry have to put in the time and effort to get to know each other. This helps us better understand industry’s latest solutions — enabling us to better represent them to the agencies who need them.

That’s why GSA’s Federal Acquisition Service is holding FAST 2020. FAST 2020 will bring together thousands of experts — both government and industry — in one place, allowing unparalleled collaboration. We encourage our industry partners to register today!

Why You Should Attend

Participating industry partners will be able to:

  • Benefit from accessing the most comprehensive federally sponsored training event for contract management, procurement, and acquisition professionals in the nation.
  • Directly engage with 3,000+ federal contracting professionals as well as senior policy and program leaders under one roof, saving travel and time away.
  • Master the latest government e-tools and processes, and learn from the experts.
  • Meet face-to-face with master contracting officers.
  • Network with large and small businesses in similar industries and develop teaming arrangements to win future business.
  • Showcase company offerings, live, on the show floor.
  • Gather more and better market intelligence to advance your company’s competitive advantage.

Small businesses will benefit in additional ways:

  • Meet multiple contracting officers in one setting.
  • Save money: participating in one large event is more efficient than many smaller events.

Two Ways to Participate

Industry can participate in FAST 2020 in two main ways:

Participant – Industry has an entire dedicated training track. We are planning other activities (such as industry matchmaking sessions) to benefit and strengthen our industry partner relationships. Find detailed information about Industry-focused training sessions under the Training Sessions tab on our conference registration site.

Industry Exhibitor – The FAST 2020 Exhibit Show Floor is 270,000 square feet and will be organized into 10 Category Communities.

As GSA, we’ve set aside two huge spaces (50 ft x 50 ft) for us:

  • We’ll use the first as our main GSA booth, where we’ll host a small training theater, with kiosks dedicated to each of the 10 federal categories.
  • We’ll use the second space to host our GSA e-lab, where conference participants can get hands-on experience with our suite of e-tools!

Industry exhibit space sales will be on a first-come, first-served basis. Sign up now to exhibit at FAST 2020.

Join Us

FAST 2020 is going to be big. It’s our first conference since 2011 in San Diego. I hope that you’ll join me in Atlanta, GA, April 14-16.

I look forward to meeting those of you I haven’t yet met and catching up with old friends.

To learn more about FAST 2020 visit www.gsa.gov/FAST.

Register here today!

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.

Continue Reading...