Category: IT Security & Solutions

Posted on

FAR Rule Change Makes Buying IT Quicker

Recent changes to the Federal Acquisition Regulation (FAR) now make it easier for federal agencies to use GSA contract vehicles or assisted acquisition solutions to fulfill their IT needs.

Effective June 5, 2019, GSA, with the Department of Defense (DOD) and the National Aeronautics and Space Administration (NASA), issued a final FAR rule amendment, previously implemented in FAR 17.502-1(a). It uses section 875 of the John S. McCain National Defense Authorization Act (NDAA) to amend section 865 of the Duncan Hunter NDAA for fiscal year 2019.

In the past, the FAR required agencies to go through an extra step to justify the use of GSA’s IT Schedule 70, Government-wide Acquisition Contracts (GWACs), or assisted acquisition solutions as the best procurement approach to fulfill IT acquisition needs.

Rule Change Benefits

This FAR rule change removes this step in the acquisition process. Federal customers now face reduced administrative burdens, making it quicker and easier to buy IT solutions through GSA.

Specific impacts of this rule change include:

  1. removing the requirement to justify the best procurement approach if issuing orders against contracts under the GSA Schedules Program such as IT Schedule 70, or through GWACs such as 8(a) STARS 2 and Alliant 2; and
  2. removing the requirement to justify the best procurement approach if using GSA for assisted acquisitions.

End-of-FY Spending

As a result, this rule change removes burdens from federal customers. They can now identify and quickly use GSA IT Category (ITC) contracts and acquisition solutions, especially as they embark on their end-of-year IT spending and acquisition efforts.

What We Offer

Our contracts and acquisition solutions are dedicated to providing federal agencies with a full range of IT and telecommunications products, services, and solutions. We maximize customer value and mission productivity.

We support 98% of federal agencies, facilitating more than $24 billion in IT purchases annually. Our customers have saved nearly $2 billion from using our solutions.

Best-in-Class Fair

We currently offer 10 acquisition vehicles that the Office of Management and Budget (OMB) has labeled as Best in Class (BIC). Our BIC acquisition solutions include hardware, software, telecommunications, and professional services.

Come meet our BIC representatives at OMB’s Best in Class Fair on July 11, 2019, in Washington, D.C. Sign up now!

To find the contract solution that’s right for you, use our IT Solutions Navigator.

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

Posted on

Think IT Modernization? Think GSA

Our mission in the Office of Information Technology Category (ITC) is to “maximize customer value and mission productivity through IT acquisition.” As the largest provider of IT acquisition solutions for government, it is absolutely critical that we ride the bleeding edge of IT innovation. As a service to agencies and taxpayers, we adopt innovative solutions early on and apply them to our own processes — we learn about new technologies by using them. Efforts like this position us to even more effectively help agencies face their future mission needs.

In a blog post last December, we announced our experimentation with distributed ledger technology (DLT) — commonly referred to as “blockchain.” At the time we had just completed a proof of concept to further enhance our Making it Easier FASt Lane proposal review process. We found that DLT can automate many of the manual business processes and steps required to award a new IT Schedule 70 contract. This includes time-intensive tasks such as financial reviews and development of pre-negotiation memoranda, freeing up our workforce to focus on more meaningful responsibilities. DLT also modernizes the award process making it easier, more efficient, and faster for those new contract holders.

IT modernization is a major focus of this administration. Our work with DLT is an excellent example of leveraging emerging technologies to enhance existing systems — to reimagine how we build using an agile methodology to effectively modernize over time. The crawl/walk/run method that we’re using to implement DLT highlights one best-practice path to modernization.

First, We Crawled – What We Did

In July 2017, we kicked off the proof of concept (POC) as an award under the simplified acquisition threshold. This acquisition strategy used an agile acquisition and development approach and had a short, six-week delivery schedule. The entire POC only cost $150,000.

Now We Walk – Development

The POC demonstrated how we could use DLT to help automate our acquisition workforce, specifically touching and entering data only once into a single solution.

To expand the project’s scope, this May we awarded a contract for a pilot. Where the POC tested the waters limited to IT Schedule 70, the pilot has a wider scope: the Multiple Award Schedules (MAS) program (aka the Schedules). We plan to look across the entire enterprise to find out where we’ll gain the most benefits within the Schedules program.

The pilot will create a DLT-based software layer over GSA’s existing infrastructure which creates transparency and documents activities between industry partners (contractors/vendors) and GSA.

This layer will make the proposal review process accountable and allow for a controlled reduction in fixed costs. Also, the pilot automates financial reviews and other GSA Schedules business processes.

For example, we can identify offerors with substandard financial ratios based on the average (as reported by the IRS) of their respective NAICs code. Offerors with poor financial ratios will be flagged for further review; if the ratios look good they will move to the next step.

This first pilot will break down and modularize the workstream and build out a micro-service for the financial responsibility process. Implementing a manageable business process, this will enable us to more simply capture information and to build analytics.

Next, We’ll Run – Production/Sustainment

If the pilot is successful, we’ll continue its development and our efforts to make this a reality by awarding another contract for a full-scale production.

Think IT Modernization? Think GSA

Our team has the expertise and agility to try new things and test new IT solutions. We launch, test, learn, and then use those lessons learned to support our customers.

So, when you think about modernizing your IT systems, think GSA! We have the experts and acquisition solutions in place to make IT modernization a reality for the federal government.

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

The five steps to accelerate the process to award contracts and make life better for the workforce and vendors.
Posted on

5 Considerations for Using the CDM Tools SIN

While threats to our most critical systems increase, agencies face ongoing challenges to keep IT assets safe from adversaries. On August 11, 2018, the continuous diagnostics & mitigation tools continuous monitoring as a services (CDM/CMaaS) blanket purchase agreements (BPAs)expired and were replaced by a new special item number (SIN) on IT Schedule 70: The CDM Tools SIN (132-44).

The CDM Tools SIN on IT Schedule 70 provides agencies with easier access to a governmentwide set of information security continuous monitoring (ISCM) tools.

The CDM Tools SIN also:

  • Allows for added flexibility and speed to market for emerging technologies related to the CDM Program
  • Supports an expanded pool of industry partners offering CDM tools

Here are five considerations for choosing the CDM Tools SIN, when implementing your system security plans and IT security solutions:

1. We’ve made it easier to strengthen your network

Our CDM Tools SIN provides agencies with products and associated services that monitor and report into their CDM agency dashboard. It also allows them to manage:

  • What is on the network
  • Who is on the network
  • What is happening on the network
  • How data is protected

2. The Department of Homeland Security (DHS) has vetted all products on the CDM Tools SIN

GSA’s partnership with DHS ensures that the products available on the CDM Tools SIN have gone through a sophisticated vetting process. They are added to DHS’s CDM approved products list (APL) before being added to the CDM Tools SIN. Products on the APL are consolidated and categorized for ease of discovery.

The APL is the authoritative approved product catalog for products that meet the department’s CDM requirements. DHS reviews new products every month, allowing for new and emerging products to become part of the CDM marketplace. Once approved and placed on the APL, vendors can apply to IT Schedule 70 to sell their new product on the SIN.

3. The CDM Tools SIN is open to all GSA IT Schedule 70 users

Federal agencies can use the CDM Tools SIN; state, local, tribal, and territorial government entities can also access the CDM Tools SIN through GSA’s Cooperative Purchasing Program.

The SIN is also available to Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) awardees purchasing CDM tools, the Department of Defense, and other organizations that can use IT Schedule 70.

4. Chief Information Security Officer (CISO) Handbook calls out the CDM Tools SIN

The CIO Council recently published the CISO Handbook to give chief information security officers (CISOs) important information they need to implement federal cybersecurity at their agencies. The CDM tools SIN is called out as a resource for CISOs to address federal cybersecurity requirements.

Agencies use CDM Tools to comply with various federal mandates and to strengthen their network defenses through sustained monitoring of network activity and automatic identification and prevention of any activity determined to be unauthorized.

5. We make it easy for you to order CDM Tools SIN

GSA makes it easy to access these tools through the www.gsa.gov/cdm webpages, featuring an ordering guide and links to GSA eLibrary’s CDM Tools page. We update the site every month with the new DHS Approved Products List. We also feature a guide for industry vendors interested in applying to sell products on the CDM Tools SIN.

For more information on the CDM Tools SIN, visit www.gsa.gov/cdm, or contact the IT Security Subcategory Team at itsecuritycm@gsa.gov.

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

Posted on

Protecting State and Local Election Systems and Strengthening Cyber Defenses

By Kay Ely, Assistant Commissioner, Office of Information Technology Category

Preventing infiltration and tampering of elections systems and fortifying cyber defenses continue to be important topics.

Through our established IT contract vehicles, GSA can provide government agencies with access to cybersecurity products and services to improve resilience, protect important information, and bring election systems into compliance with leading-edge practices for enhancing security in today’s tech-savvy environment.

Cooperative Purchasing Program

GSA’s Cooperative Purchasing Program allows state, local, and tribal governments to benefit from access to solutions, products, and services from pre-vetted industry partners through IT Schedule 70 — the same as those offered to federal agencies.

That means these government agencies can buy the newest cybersecurity offerings under the Highly Adaptive Cybersecurity Services (HACS) and Continuous Diagnostics and Mitigation (CDM) Special Item Numbers (SINs) which can help with risk assessments and management of election systems.

Cyber Products and Services

Services offered by our HACS partners:

  • Risk and Vulnerability Assessment (RVA) services that adhere to the Department of Homeland Security’s (DHS) methodology for assessing High Value Assets
  • Penetration Testing to proactively identify and detect cyber vulnerabilities
  • Cyber Hunt to mitigate immediate and potential threats
  • Incident Response to expand government’s ability to recover from cyber attacks

Government agencies can also buy cybersecurity tools that are on DHS’s CDM Approved Product List through the CDM Tools SIN. These offer hardware and software tools designed to:

  • Identify enterprise cybersecurity risks on an ongoing basis
  • Prioritize these risks based upon potential impacts
  • Enable cyber security personnel to mitigate the most significant problems first

Here at GSA, we are committed to providing the best quality products and services to our state, local, and tribal government customers and we’re ready to help you secure our nation’s systems.

For more information on the HACS and CDM Tools SINs, visit https://gsa.gov/itsecurity, or contact the IT Security Subcategory Team at itsecuritycm@gsa.gov.

Posted on

The Next Phase for HACS (Cyber) — Modernization

By Kay Ely, Assistant Commissioner, Office of Information Technology Category

Cybersecurity incidents and on-going emerging threats to our data, networks, and systems over the last few years have significantly changed how we approach cybersecurity. GSA remains committed to ensuring the government’s long-term security, responsiveness, and efficiency when it comes to monitoring and protecting our valuable digital assets and IT systems.

We’re always proactively focusing on the products, services, and vehicles needed to help carry out agency missions. We’re also sharpening our focus on cyber acquisition solutions, so security is integrated into the system acquisition process. This means that we’re constantly evaluating and improving our solutions.

With this in mind, our Highly Adaptive Cybersecurity Services (HACS) program is entering its next phase: HACS Modernization.

Today’s HACS Portfolio on IT Schedule 70 consists of four Special Item Numbers (SINs):

  • Cyber Hunt
  • Incident Response
  • Penetration Testing
  • Risk and Vulnerability Assessment

Feedback from the expert providers in the cybersecurity services market can help us further enhance our current array of HACS offerings. Enhancements to GSA’s cybersecurity acquisition solutions will not only help us drive more use by agencies, it will also lead to improved outcomes and safer IT systems for federal, state, local, tribal, and territorial governments.

To that end, our team is working to make it easier for industry to provide feedback through two RFIs and a stakeholder event in June.

HACS Modernization Requests for Information (RFI)

To determine the best course of action, we released two HACS Modernization Requests for Information (RFI) on May 22, 2018, one for agencies and the other for industry partners. We encourage our current HACS suppliers and agency partners to participate in those RFIs. We particularly want feedback from those agencies that have not yet used the HACS SINs.

The RFIs are open until June 23, 2018 at 5 p.m. EDT

June 18 Stakeholder Event

We’re also hosting a HACS Stakeholder Event on Monday, June 18, 2018, from 9 a.m. to 1 p.m. EDT at GSA headquarters to discuss the HACS program’s past, present, and future.

We welcome both in-person and virtual attendees. We’ll be featuring guest speakers from Department of Homeland Security (DHS), Office of Management and Budget (OMB), and GSA’s Office of IT Category and GSA’s Office of Small Business Utilization (OSBU).

Let’s Work Together

We want to hear what you think about the cybersecurity landscape and how effective you think GSA’s current services are now, where we can improve them for the future, and the best ways to enhance our delivery to agencies.

Please respond to the relevant RFIs and attend our Stakeholder Event. Together we can enhance our HACS program and deliver a total package that helps agencies securely accomplish their mission.

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government I

Posted on

GSA’s VETS 2 GWAC Open for Business

By Kay Ely, Assistant Commissioner, Office of Information Technology Category

Veterans Technology Services 2 (VETS 2) Governmentwide Acquisition Contract (GWAC) is now open for business and ready to accept task orders.

VETS 2 is the only GWAC in the federal government set aside exclusively for Service-Disabled, Veteran-Owned Small Businesses (SDVOSB).  It’s designed to meet diverse agency IT services requirements, including new and emerging technologies. SDVOSBs are foundational to helping the government make important changes to modernize aging and legacy IT systems.  GSA is committed to ensuring we tap into their expertise through contracts like VETS 2.

Like its successful predecessor, VETS 2 provides agencies with access to customized IT solutions from a highly qualified pool of industry partners.  The original VETS contract helped participating SDVOSB businesses deliver $2.1 billion in services and solutions to the federal government. We’d like to match or exceed that on VETS 2.

In developing the new VETS 2, we performed an unprecedented amount of market research that centered around customer and industry feedback.  In addition to issuing a request for information (RFI) and draft request for proposal (RFP), we also surveyed hundreds of past and current GWAC ordering contracting officers, created a government customer working group, and used the feedback to enhance the offering.

VETS 2 GWAC highlights include:

  • Best-in-Class – VETS 2 is a Best-in-Class (BIC) contract designated by the Office of Management and Budget as a preferred governmentwide solution
  • Comprehensive Scope – VETS 2 meets a variety of diverse agency IT requirements, including new and emerging technologies
  • Flexible Contract Types – fixed price, cost reimbursement, time & materials, and labor hour orders are all allowed
  • Allows for Long-Term Planning – VETS 2 has a five-year base period and one five-year option period
  • Robust Contractor Pool – VETS 2 provides access to 70 highly qualified SDVOSB firms
  • Socioeconomic Impact – VETS 2 helps federal agencies support our veteran community while achieving their prime contract goals using SDVOSBs

IT Services Scope

In addition to common IT services that the federal government regularly purchases, VETS 2 also fulfills projects that require new or emerging IT services.

Scope includes, but is not limited to:

  • Data management
  • Information and communications technology
  • IT operations and maintenance
  • IT security
  • Software development
  • Systems design

We look forward to working with you through the VETS 2 GWAC as we continue our commitment to providing IT solutions with the ongoing help of the veteran community.

For more information, including how to order, please visit www.gsa.gov/VETS2 or contact us at VETS2@gsa.gov.

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

Posted on

Veterans Technology Services 2 (VETS 2) GWAC Awarded

If small businesses are the backbone to our economy, then veterans of the armed forces are the backbone of our country. Even after their sacrifices through military service, many veterans continue to serve our great nation by providing innovative information technology (IT) solutions to government.

GSA prides itself on delivering mission critical IT solutions that make a meaningful difference to the agencies we support and the citizens that count on them. This philosophy is at the center of our development of new IT contract vehicles and I’m proud that it played a vital role as GSA created our new Veterans Technology Services 2 (VETS 2) Governmentwide Acquisition Contract (GWAC).

VETS 2 – a unique acquisition vehicle

The new VETS 2 GWAC is a unique contribution to the federal acquisition community — the only GWAC set-aside exclusively for Service-Disabled, Veteran-Owned Small Businesses (SDVOSB). VETS 2 is designed to be flexible enough to meet diverse agency IT requirements, including new and emerging technologies. VETS 2 also enables GSA to continue its support of the SDVOSB Procurement Program, while helping federal agencies achieve their socio-economic goals.

Contract development at its best

Lessons learned from our original VETS contract played a big role in building VETS 2, as did extensive market research. In conjunction with issuing a request for information (RFI) and draft request for proposal (RFP), we also surveyed hundreds of past and current GWAC ordering contracting officers, created a government customer working group, and utilized a GSA Interact page to collaborate with more than 1,000 members from industry and government to design VETS 2. The result is a multiple award indefinite delivery, indefinite quantity (IDIQ) contract with a best-in-class designation and 70 of the world’s premier SDVOSB IT service providers.

What’s new with VETS 2

All of the team’s research and due diligence, coupled with VETS success resulted in a VETS 2 contract that is even better than its predecessor. New key features include:

  • The ability for cost-type contracts
  • An expanded scope for virtually any IT services-based solution – including cybersecurity and new, emerging technologies
  • An overall simplified contract through the elimination of functional areas – a simplified scope covering all IT services
  • A larger pool of suppliers — an even greater proportion of which now hold International Organization for Standardization (ISO)/Capability Maturity Model Integration (CMMI) certifications, facility clearances levels, audited/approved cost accounting systems, and experience working with multiple agencies.

We couldn’t be more thrilled about the launch of VETS 2 as we continue our commitment to providing IT solutions with the ongoing help of the veteran community.

For more information, please visit www.gsa.gov/VETS2 or contact VETS2@gsa.gov.

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

Posted on

Reducing Cybersecurity Risks in Supply Chain Risk Management

Shon Lyublanovits, IT Security Subcategory Manager and Director of the Security Services Division

[Editorial note: This blog is the last of a three part series by Shon Lyublanovits, GSA’s IT Security Subcategory Manager and Director of the Office of IT Security Services for Office of Information Technology Category (ITC). Designed to help build awareness of the Department of Homeland Security’s (DHS) annual October National Cyber Security Awareness Month, this blog series describes a suite of cybersecurity products, services and solutions provided by GSA, outlining the unique benefits each provides to government].

Federal Information and Communications Technology (ICT) systems rely on a complex, globally distributed, and interconnected supply chain ecosystem encompassing geographically diverse routes and multiple tiers of outsourcing. Managing ICT systems is a difficult and complex task for government agencies — especially when these system are affected by various laws, trust models, interests, and national/international supply chains. It becomes even more difficult when criminals constantly introduce proprietary counterfeits and malware, conduct data tampering, and access sensitive information.

To protect ICT systems from criminals, we are working with government agencies to reduce cybersecurity risks through the acquisition of IT hardware and software. We’re also helping government leaders, chief information officers, and IT experts develop and implement sound policy guidance to deploy Supply Chain Risk Management (SCRM) activities throughout the entire acquisition lifecycle.

Challenges for government and industry

The federal government is facing significant cybersecurity challenges when procuring IT products or services resulting from inadequate in-built cybersecurity controls in the supply chain. An increase in the use of ready made, off-the shelf products, plus a rise in outsourced computer and communications operations make it more difficult to manage the supply chain.

Our industry partners are facing challenges as well. Companies require agile, elastic business models to remain competitive and keep pace with emerging technologies, but they also need to protect themselves against volatile cybersecurity threats, especially in the supply chain. From a national security perspective, when large components of these business models become vulnerable to cyber threats, the private sector becomes a target of nation states.

Enhancement of IT procurement through sound policy drives

Within the global marketplace, particularly the supply networks, criminals have more opportunities to penetrate and potentially manipulate information and technology. In order to mitigate these threats, GSA supports various statutory, regulatory, and policy requirements that address the current challenges of the global marketplace.

We are currently developing a Business Due Diligence Information Service that will give agencies a common government-wide capability for identifying, assessing, and managing cyber and supply chain risk throughout the acquisition process.

GSA is also leading the implementation of an IT policy that enhances IT acquisition vehicles, resulting in increased security of customers systems and networks. We are working with federal agencies to address supply chain risks by:

  • Reviewing base ITC acquisition vehicle contract language
  • Developing an acquisition assurance baseline by identifying provisions and clauses that are related to IT security and SCRM to use in IT product and service solicitations
  • Creating a repeatable, scalable SCRM response process for ICT to effectively respond to SCRM incidents and issues of public interest. This includes a description of various roles, responsibilities, and definitions for six phases of the ICT Supply Chain Threat Event (SCTE) Incident
  • Using Response Life Cycle — i.e., notification, escalation, evaluation and validation, reporting, response, and closure activities
  • Establishing a Vendor Risk Assessment Program to provide a well-defined process and robust capability to evaluate known or potential risks related to suppliers of products and services using open source information

Comprehensive SCRM cybersecurity regulations and requirements

ICT systems need the best IT solutions to protect against proprietary counterfeits and malware, data tampering, and unauthorized access to sensitive information. We ensure that our IT products and services in the supply chain are deemed cyber low-risk by complying with cybersecurity regulations and requirements specific to SCRM. This will establish sound policy safeguards, so that when government agencies purchase IT products and develop systems, they do so knowing that we worked with suppliers to determine if SCRM capabilities have been applied to acquired products and services.

We’re also establishing a comprehensive SCRM capability that will ensure government agencies procure IT hardware and software from original equipment manufacturers, including authorized resellers or other trusted sources. Furthermore, GSA is:

  • Managing incidents within IT contracts
  • Establishing and maintaining contact with both internal GSA stakeholders and external agencies on cyber incidents
  • Maintaining awareness of government-wide supply chain policy/trends

GSA remains committed to helping government leaders, chief information officers, and IT experts improve cybersecurity through SCRM. Read the first and second blogs in this series to learn more about our cybersecurity products, services and solutions and how they can help you focus on your mission, while maintaining quality, reducing costs, and minimizing duplications and redundancies.

Follow us on Twitter @GSA_ITC to join the conversation.

Posted on

Helping Agencies Strengthen Cyber Networks through Strategically Sourced Tools and Services

Shon Lyublanovits, IT Security Subcategory Manager and Director of the Security Services Division

[Editorial note: This blog is the second of a three part series by Shon Lyublanovits, GSA’s IT Security Subcategory Manager and Director of the Office of IT Security Services for Office of Information Technology Category (ITC). Designed to raise awareness of the Department of Homeland Security’s annual October National Cyber Security Awareness Month campaign, this blog series highlights a suite of cybersecurity enhancing products, services and solutions provided by GSA, outlining the unique benefits each provides to government].

In today’s cyber ecosystem many, if not all, government mission requirements depend upon IT systems. Government agencies need to go beyond simply knowing who and what is on their networks. Senior leaders, chief information officers, and IT experts across government must be ready to face all potential cyber threats and it is critical that all information be secure. The latest IT tools and associated services are essential if agencies are to effectively and proactively identify, manage, and respond to new vulnerabilities and evolving threats. Agencies must also be able to keep up with and anticipate constant change in the enterprise architecture and operational environment.

GSA remains committed to helping agencies meet these ever-evolving challenges by offering a suite of pre-vetted cybersecurity products, services, and solutions that help agencies comply with mandates and IT requirements, while also addressing cyberattacks. This includes working with the Department of Homeland Security (DHS) to establish a new Special Item Number (SIN) for IT Schedule 70: Continuous Diagnostics and Mitigation (CDM) Tools. With CDM tools, we’re able to meet the government’s need for stronger cyber networks with strategically sourced tools and associated services.

New SIN offers agencies improved flexibility in IT procurement and cybersecurity

Our IT products on the CDM Tools SIN are prequalified and approved by DHS. And by leveraging the buying power of the government and streamlining the procurement process, we’ve made it easier and less expensive for our government partners to get the flexible solutions they need to effectively mitigate ever-changing cybersecurity threats.

Furthermore, these flexibilities on the CDM Tools SIN give government customers — federal, state, local, regional, tribal and territorial government entities — even easier access to a governmentwide set of information security continuous monitoring (ISCM) tools. The new CDM SIN also:

  • Enhances and automates existing continuous network monitoring capabilities
  • Strengthens the security posture of government networks
  • Improves risk-based decision making at the agency and federal enterprise level

CDM Tools SIN enhances existing continuous network monitoring capabilities

The CDM Tools SIN gives government agencies the ability to identify cybersecurity risks, prioritize them based upon potential impacts, and enable cybersecurity personnel to mitigate the most significant problems first.

We’ve organized the capabilities and tools into five subcategories:

  1. Manage “What is on the network?” — Identifies the existence of hardware, software, configuration characteristics, and known security vulnerabilities.
  2. Manage “Who is on the network?” — Identifies and determines the users or systems with access authorization, authenticated permissions, and granted resource rights.
  3. Manage “How is the network protected?” — Determines the user/system actions and behavior at the network boundaries and within the computing infrastructure.
  4. Manage “What is happening on the network?” — Prepares for events/incidents, gathers data from appropriate sources, and identifies incidents through analysis of data.
  5. Emerging tools and technology — Includes CDM cybersecurity tools and technology not in any other subcategory.

CDM strengthens government networks

We want to help government fight cyberattacks by providing tools to help detect vulnerabilities and protect agencies from threats. These tools enhance government network security through automated control testing and progress tracking. This approach:

  • Provides services to implement sensors and dashboards
  • Delivers near-real time results
  • Prioritizes the worst problems within minutes (not quarterly or annually)
  • Enables defenders to identify and mitigate flaws at network speed
  • Lowers operational risk and exploitation of government IT systems and networks

Easy Ordering

Purchasing officers can buy from the CDM Tools SIN through eBuy and GSA Advantage!®. Issue a request for information (RFI) or request for quotation (RFQ), and let vendors respond to your requirements. Likewise, government agencies can purchase products, services, and solutions through IT Schedule 70’s Cooperative Purchasing Program.

For more information

If you have questions about the CDM Tools SIN, contact the IT Customer Service Center at (855) ITaid4U/(855) 482-4348 or schedule70cdmsin@gsa.gov. Representatives are available Sunday at 8:00 p.m. through Friday at 8:30 p.m.

Learn more about GSA’s CDM Program.

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

Posted on

HACS SIN Helps Agencies Protect High-Value Assets (HVAs)

Shon Lyublanovits, IT Security Subcategory Manager and Director of the Security Services Division

[Editorial note: This blog is the first of a three-part series by Shon Lyublanovits, GSA’s IT Security Subcategory Manager and Director of the Office of IT Security Services for Office of Information Technology Category (ITC). Designed to help build awareness of the Department of Homeland Security’s (DHS) annual October National Cyber Security Awareness Month, this blog series describes a suite of cybersecurity products, services and solutions provided by GSA, outlining the unique benefits each provides to government].

It’s no secret that risk management is critical to the way government protects its information, assets and systems.

Federal agencies use large complex network and data systems to maintain and manage varying types of data and information, including High Value Assets (HVAs) that hold sensitive information critical to national and economic security. Some of this information is so critical that disclosing it could cause significant harm to government operations, law enforcement agents, men and women in uniform, and even private citizens. Knowing that, you may wonder if it’s still possible to provide easily accessible information and data sharing as well as other programs that increase citizen and organizational participation in government.

The answer is yes.

GSA stands ready to support government leaders, chief information officers, and IT experts by providing Highly Adaptive Cybersecurity Services (HACS) SINs to identify, prioritize, and protect HVAs from criminal hackers. GSA’s HACS SINs provide government agencies with comprehensive protection against the ever-increasing threat of cyberattacks by offering access not just more, but better IT cyber services and expertise.

Government agencies have more access to HACS SIN services and expertise

GSA has awarded more than 70 suppliers with HACS SINs to date. These industry partners give government agencies more access to services so they can test high-priority IT systems, rapidly address potential vulnerabilities, and stop adversaries before they impact HVAs. And to ensure that we have top notch expertise in cybersecurity, we’re always looking for more partners and more options to expand, enhance, and integrate these services with the national security community.

In addition, by using our HACS SINs on IT Schedule 70, government agencies can access the expertise needed to shorten procurement cycles, ensure compliance with mandates and IT requirements, and obtain the best value for innovative technology products, services, and solutions.

Improved protection to deter the ever-increasing threat of cyberattacks

Our IT Schedule 70 HACS SINs offer a suite of cybersecurity services that help government agencies face and deter the ever-increasing threat of cyberattacks. Agencies can deter these threats by protecting HVAs and critical enterprise-wide network infrastructures from our adversaries, enhancing data security on smart devices, and fortifying legacy systems by reducing their accessibility risks.

Improved protection of HVAs and critical enterprise-wide network infrastructures from our adversaries

  • Our 132-45D Risk and Vulnerability Assessment (RVA) SIN was developed with the methodology DHS uses to conduct assessments of agency HVAs. All vendors awarded this SIN have been screened through an oral technical evaluation process that follows the DHS methodology.

Enhancement of data security on smart devices

  • Our HACS Penetration Testing, Incident Response, Cyber Hunt and RVA SINs provide customers with access to vendors that are capable of providing these services across the network. Services include, but are not limited to, network mapping, vulnerability scanning, and wireless assessments. Employing the full HACS suite of services will address many of the threats to agencies’ data and improve the security of all devices connected to their networks.

Fortification of legacy systems

  • Our IT procurement specialists are committed to helping federal, state, local, and tribal governments protect their HVAs by enhancing or replacing their legacy systems with advanced emerging technologies.

HACS SINs Information Session for State and Local Government

Cybersecurity implementation can be challenging our customers, especially those unfamiliar with our IT Schedule program. We’re hosting an information session this month for state and local government so that all eligible entities, including tribal governments, can take advantage of the HAC SINs’ benefits.

  • When: Monday, Sept. 18, 2017, 10:00 a.m. to 12:00 p.m. EDT.
  • Where: Join us virtually, in Adobe Meeting Space!

We hope to see you there – register today!

For more information, please contact the following:

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.