Marking the One-Year Anniversary of Executive Order 14028 “Improving the Nation’s Cybersecurity”

May 2022 marked one year since President Biden signed Executive Order (EO) 14028 – “Improving the Nation’s Cybersecurity.” It directs sweeping changes to cybersecurity requirements and calls on federal agencies to address key issues critical to building a more resilient cybersecurity posture. The EO also requires federal agencies to take steps to implement a Zero Trust Architecture (ZTA) model to modernize and strengthen cybersecurity standards and detection.

Since May 12, 2021, the Office of Management and Budget (OMB) issued additional guidance to support the mission of “Improving the Nation’s Cybersecurity.”

Timeline of Key Policy and Guidance Associated with the EO beginning on May 12, 2021 when the EO was signed through January 26, 2022.
Figure 1: Timeline of Key Policy and Guidance Associated with the EO

The associated OMB memos outline the steps required for agencies to better protect federal information systems, making them more secure and resilient. The requirements include implementation of:

  • Strict security controls on critical software,
  • Mature event detection and analysis capabilities, and
  • Endpoint data collection within networks to detect and hunt cyber threats.

Federal agencies also have new ways to obtain funding for the cybersecurity products and services needed to implement the EO’s requirements. Bolstering cybersecurity defenses is one of the Technology Modernization Fund (TMF)’s focus areas, and it’s funded three projects to support ZTA implementation. The President’s FY23 Budget request includes increased funding for federal agencies as they implement the EO’s priorities and a ZTA strategy. The request is the largest such increase in over 12 years.

Resources to help meet the EO requirements

There is no single technology, product, or service that can achieve the goals of implementing ZTA. Each agency’s journey and solution will be unique, and GSA’s Federal Acquisition Service (FAS) is here to help.

The FAS Office of IT Category (ITC) has resources to help agencies, vendors, and acquisition professionals continue to work towards a mature ZTA and meet the Administration’s requirements.

Over the past year, GSA’s ITC has:

  • Participated in governmentwide working groups on Cybersecurity Supply Chain Risk Management (C-SCRM) and ZTA. To ensure GSA’s offerings are capable of delivering the products and services that support implementation of the EO’s requirements, subject matter experts (SMEs) participated in working groups led by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST).
  • Educated the acquisition workforce on EO 14028. GSA SMEs conducted multiple trainings and speaking engagements for IT and acquisition professionals on ZTA, C-SCRM, and the EO requirements. If your agency would like to schedule a session with GSA SMEs, reach out to the GSA National Account Manager dedicated to your agency.
  • Incorporated C-SCRM practices into GSA contract vehicles. To assist agencies with EO requirements to mitigate cyber risks in the Government’s IT supply chain, GSA continues to pursue efforts to ensure alignment with EO guidance.
  • Developed informational webpages and Buyer’s Guides to aid agencies navigating the EO requirements.

Other ways GSA can help

Whether your agency is small or large, GSA has solutions that can be tailored to your cybersecurity needs. In addition to the Buyer’s Guides, GSA offers multiple online tools to assist in planning a cybersecurity acquisition. 

  • IT Security Acquisition Planning Package (APP) provides common resources agencies can use to plan a cybersecurity acquisition, including:
    • Overviews of GSA IT Security offerings,
    • IT Security Statement of Work (SOW) and Request for Quote (RFQ) templates, and
    • GSA’s Market Research As a Service (MRAS) tool to identify potential vendor pools and suggested contract vehicles. 
  • GSA developed Buy.GSA.gov, which can help you:
    • Plan – Determine the documents you need, and find vendors and contracts. 
    • Develop Documents – Find sample documents and templates.
    • Research – Find products, services, and pricing data.
    • Purchase – Review buying methods and request submissions for quotations.
  • GSA, in partnership with the Federal Chief Information Officers Council, is developing a series of ZTA Playbooks to help agencies move from the conceptual planning phase to actual implementation of a zero trust security model. Agencies can expect a “base playbook,” followed by playbooks dedicated to the pillars of a mature ZTA.
  • GSA has Customer Service Directors specifically assigned to your agency by location. You can also find the National Account Manager dedicated to your agency. 
  • For cybersecurity SME support, contact the IT Security Subcategory at ITSecurityCM@gsa.gov.

What’s next

As the Federal government improves its efforts to better protect Federal information systems, expect additional OMB guidance and updates to the Federal Acquisition Regulation (FAR), driving the need for modification of contract language. GSA will keep you informed, communicating with you the major developments.

Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.

Improving Polaris with Small Business Feedback

Polaris — GSA’s future small business Governmentwide Acquisition Contract (GWAC) of record — is meant to provide agencies with a trusted and innovative contract vehicle designed to deliver complex IT services from the most highly skilled, experienced, and capable small businesses across multiple socioeconomic pools.

After releasing the final RFPs for the small business and women-owned small business pools in March 2022, we received thoughtful feedback from our industry partners in the small business community. We truly appreciate it.

We’re listening

As a result of the feedback we received, we’re assessing whether any changes to those RFPs are necessary. While we assess, we announced that we’re temporarily pausing the RFPs until further notice and will issue a new extended proposal due date along with any amendments. 

Offerors are encouraged to pause proposal activities until this assessment is completed. During this pause, the Polaris Submission Portal will not be open.

I want to emphasize that we very much appreciate industry’s feedback during this time. 

Built for an inclusive future

Polaris is designed to meet the needs of agencies buying complex IT services by

  • establishing pools that represent the broad ecosystem of small businesses.
  • including diverse providers that are proven capable of delivering exceptional results.

Our job is to take a thoughtful and managed approach to having a range of small businesses available to federal agencies through Polaris.

While we consider feedback and questions received from the RFPs, please continue to monitor SAM.gov for the latest Polaris news and information.

Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.

Wireless Mobility Solutions Training: Bringing the Experts to You

Today, industry and government alike are supporting flexible work models like remote work, in-office work, and hybrid environments. Government leaders are embracing this trend, steadily moving their workforces toward mobility solutions.

As wireless networks expand and speeds increase with 4G LTE and 5G, we expect this “work from anywhere” trend to continue. GSA was an early adopter of the hybrid work model and understands the foundational importance of wireless solutions in serving the American public. Through experience, we learned to work through the hows and whys of integrating 5G into our IT portfolio. We stand ready to support fellow hybrid agencies to ensure their workforces have the devices, plans, and security to do the same. 

To help you find your agency’s next cost-effective, modern wireless solution on GSA’s Multiple Award Schedule, our mobility acquisition experts created a new Wireless Mobility Webinar.  

Wireless Mobility Solutions on GSA Schedule

We’ve enhanced our Wireless Mobility Solutions to showcase 11 different subcategories of mobility solutions that benefit both industry and government purchasers. This update is not just about wireless devices and accompanying phone plans but also includes:

  • Mobile security: Mobile Threat Protection and Mobile App Vetting services give you baseline security with real time threat detection and scanning software. 
  • Mobile administration and management solutions: Telecom Expense Management Services (TEMS) and Mobility-as-a-Service solutions can help with inventory management, cost control, reporting, trouble ticketing and the distribution of wireless devices.
  • Mobility-related Internet of Things (IoT) component infrastructure: This technology allows you to design and operate a system of devices.

ITC’s wireless solutions portfolio also includes our Best-In-Class Enterprise Infrastructure Solutions. Through EIS, you can integrate your mobility requirements with your enterprise network in one unified order.

We strive to offer the breadth and variety of modern solutions you expect from the commercial mobility market, and add new service providers and solutions regularly. If you can’t find the service or industry partner you’re looking for or need additional support, let us know at wireless@gsa.gov.

Don’t forget! If you’re a Federal Strategic Sourcing Initiative Wireless BPA user, your task orders will expire between now and November of 2023. If you need help with your transition, check out this FSSI Wireless transition training on our IT Acquisition University. ITAU offers lots of great government-only content, including webinars like “How to Equip the Federal Workforce in Today’s Telework Environment” and “How to Use TEMS and Mobility-as-a-Service.”

Get involved

Join the more than 250 program and contract personnel across government who make up the Federal Mobility Group. The FMG meets biweekly to discuss research, innovation, industry engagement, and events. Recent meetings showcased how government agencies are leveraging 4G/5G technologies to further their mobility missions, including the development of autonomous vehicles and smart warehouses. There’s even a working group specifically focused on 5G. Government employees with a .gov or .mil email address can contact fmg@gsa.gov to join.

Coming up

We’re hosting a virtual event on March 16, 2022 that will feature GSA expert discussions on Zero-Trust, cloud computing, and the use of emerging technology in today’s hybrid workplace. Register now for Securing Next-Generation Hybrid Work Environments.

Finally, we’d like to welcome back our Mobility program manager Christian Williams, who has been serving on active duty for the last year. We’re proud to have many veterans working at GSA and greatly appreciate their service to our country. Welcome back, Christian!

Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.

Improving Acquisition Governmentwide: IT and Professional Services

It’s not often that you hear from both the Information Technology Category and Professional Services and Human Capital Categories on this blog, but we’re excited to share some updates about how our portfolios are collaborating to improve governmentwide services acquisition. For this post we’re joined by Sheri Meadema, acting assistant commissioner of GSA’s Office of Professional Services and Human Capital Categories.

ITC and PSHC have always focused on developing and delivering contractual approaches that meet the expressed, current, and future needs of our customer agencies. We set up flexible solutions so industry has a low-friction experience when working with the government. Our job is to help our customers by: 

  • Reaching the most qualified and experienced suppliers in various socioeconomic categories. 
  • Accessing an acquisition channel that is designed to deliver exactly what agencies need and how they need to buy it.
  • Complying with evolving federal regulations.
  • Reducing the complexity and risk associated with services acquisition to the maximum extent possible.

What’s new

This year we are taking our partnership a step further through a new focus area called the Services Marketplace. ITC and PSHC are working together to align how we roll out new contracts and tools to support buyers and suppliers of services. 

Along with the leaders of GSA’s services contracts, we are working together to find enterprise-level solutions. We have three primary goals:

  • Rationalize, align and expand GSA’s contract offerings.
  • Improve FAS’s market research and buying tools. 
  • Improve the data and reporting systems used in support of our acquisition programs

What will this look like for our customers and industry partners? For industry, we envision a future with standardized engagement and solicitation processes regardless of the type of services you’re providing. We will focus on using a consistent set of best practices and tools when possible for both IT and professional services for solicitations, evaluation, negotiations, award, and contract management.

For our customers, we want to deliver a consistent, exceptional customer experience that makes it easier to get successful outcomes when compared to open market procurements. A customer agency buying services from GSA should be able to access familiar processes and have access to the right industry base, best-in-class contracts, effective and efficient tools, and support resources.

What we’re working on

Under the umbrella of the Services Marketplace, we are building the next generation of contracts, including the Services MAC, Polaris, and the follow-on to Alliant 2. 

  • ITC recently awarded the 8(a) STARS III Governmentwide Acquisition Contract, a small business set-aside, Best-in-Class GWAC. Through 8(a) STARS III, agencies can access award-winning 8(a) firms for emerging technologies and Outside Continental United States support via an established contract vehicle, saving time and taxpayer money over open-market methods.
  • Development of the next generation small business IT GWAC Polaris is well underway. The request for proposal for the new Polaris small business IT contract is expected in February 2022. Once fully awarded, Polaris will complete GSA’s GWAC contract portfolio by enabling federal agencies to set-aside IT task orders to small business, women-owned small business, service-disabled veteran-owned small businesses, and businesses located in HUBZones. 
  • With the OASIS ordering period ending in 2024, PSHC is making significant progress on a new Services Multi-Agency Contract to support federal agencies’ procurement requirements for services, making essential improvements and building on the program’s success. 
  • Work also continues on improving our Multiple Award Schedule service offerings in Phase 3 of the consolidation. Contractors with multiple contracts will consolidate down to one, which translates into fewer overall contracts for the acquisition workforce — and industry partners — to manage. It will also make it easier for agencies to find the vendors to meet their mission requirements.

We’ve also started standardizing the scope review process and created a digital tool/portal so customers can submit their scope review requests. This will allow for better tracking, management, and coordination across portfolios, as well as create a single customer experience. PSHC has already created a pilot single intake form and we are working to integrate that across other portfolios. 

In the coming months, we’ll launch a single Delegation of Procurement Authority training for OASIS and Human Capital and Training Solutions and a single on-demand ITC DPA, which combines 8(a) STARS III, VETS 2, and Alliant 2 to simplify the customer experience. We’ve also started the discovery phase for an order management tool for all services task orders. This will allow for better solicitation development, tracking, and task order management on GSA contracts. 

We look forward to continued input from customers and industry partners to create consistency as we build the next generation of contracts, improve market research and buying tools, and enhance data and reports systems for governmentwide services acquisition.

Contact us

If you’re interested in learning more about any of our contracts, send us a note!

Join the Small Business GWAC Community of Interest here to follow 8(a) STARS III and Polaris updates: https://interact.gsa.gov/group/small-business-gwac-community-interest.

Join the Professional Services Community here to follow news on the Services MAC: https://interact.gsa.gov/groups/professionalservicescategory.

Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.

Listening, Learning, Acting: Customer Needs Are Front and Center in FY21

The recent White House customer experience Executive Order holds government agencies accountable for “designing and delivering services with a focus on the actual experience of the people whom it is meant to serve.”

This philosophy of centering service around an individual customer’s experience is easy to comprehend but tough to execute. Our goal is to help agencies deliver on their missions to the public. To do that, we connect them with businesses offering approved, secure technology solutions that are customer-centric, cost effective, and compliant.

ITC was able to perform well in FY21 by listening closely to customers and taking action based on their needs. Whether working with agencies federal, state, local, or tribal, big or small, we consistently get asked the same questions:

  • Can you guide me through finding the solution I need and help me acquire it efficiently?
  • How can you save me money on the solution I need?
  • Can you ensure that the solutions I purchase are compliant with regulations and security directives?

In FY21, ITC provided a model for how government employees can thrive in remote work environments. We conducted a great deal of government business despite supply chain and other pandemic-related challenges, recording over $32 Billion of business volume. We improved CX in buying and selling technology and saved our customers time and money, modernized their networks, and secured their systems. We welcomed 315 new small and disadvantaged businesses onto the Multiple Award Schedule (MAS) in FY21. These efforts are ongoing, but have underpinned much federal government success during the pandemic.

Back to basics – meeting customer needs

Customers come to ITC to enlist the help of our acquisition specialists and subject matter experts. We want to provide a convenient, consolidated acquisition experience that is time-efficient and provides the best value to our customers. We currently manage 23 contract programs and more than 4,700 vendors on the Multiple Award Schedule, of which 52% are small businesses. Small and disadvantaged businesses saw a 23% increase in business volume from FY20 to FY21!

Creating taxpayer value – ITC sees record revenue in FY21

Customers buy through GSA to leverage the full buying power of the government. In FY21, we recorded more than $32.3B in business volume through our contracts. For context, this accounts for 35% of the $92.9B total that was appropriated for IT across all federal agencies during the fiscal year. ITC accounted for more than $2.3B in savings to our government customers, a 7.7% increase from FY20.

There is a good reason agencies are using our Office of Management and Budget (OMB) recommended Best-In-Class (BIC) solutions during this pandemic spending period. Our price analysis tools, upfront market research, transactional data, and the great value of offerings on Schedule can’t be found elsewhere. Our success exemplifies the trust that our customer agencies have placed in our ability to help them meet their missions.

Securing the stack – keeping our industry partners accountable

Security mandates such as Supply Chain Risk Management (SCRM), Cybersecurity-Supply Chain Risk Management (C-SCRM), The National Defense Authorization Act (NDAA) 889, and The Executive Order on Improving the Nation’s Cybersecurity are crucial to the nation’s digital and physical safety.

The line between physical and virtual security has blurred as threats have become more complex, and complying with these security mandates is crucial to agency customers. That’s why ITC adds these mandates and others into our master contracts — to streamline proof of compliance for industry and allow agencies to focus on mission delivery.

ITC helps ensure that the products and services our customers buy will comply with federal law and safeguard their network’s security. Large contracts like our 2nd Generation Information Technology (2GIT) hardware/software blanket purchase agreement have SCRM built in as a key operational component.

GSA tools like the new Verified Products Portal (VPP) help identify authorized resellers to enhance SCRM capabilities. Security and cybersecurity approaches and policy are ever-evolving, and GSA recognizes both as core acquisition tenets. We understand the considerable responsibility we have for agencies’ IT health.

Looking ahead

We’re looking forward to finalizing several exciting efforts in 2022. We are bolstering our Cloud marketplace with a one-stop shop BPA, which will be awarded in phases. Polaris (our contract replacement for Alliant 2 Small Business) will release its Request For Proposal in Q2, with awards to be made later in the year. As the September 2022 Enterprise Infrastructure Solutions (EIS) transition deadline quickly approaches, we are in the process of assisting agencies as they award remaining task orders and ultimately disconnect from old telecommunications contracts.

We’ll continue to view things through the lens of our customers, facilitating direct conversations with stakeholders and providing the products, services, and attention needed to achieve agency missions. Our goal is a customer experience that prioritizes cost-efficiency, expediency, and security. You can buy with confidence when you work with the Information Technology Category.

Follow us on Twitter @GSA_ITC and LinkedIn, and subscribe for blog updates.

IT GWAC Roundup

We’ve had so much news about our small business Governmentwide Acquisition Contracts (GWACs) over the last few months. I continue to get questions and requests for status updates from our friends in industry, so I thought it would be helpful to pull the latest updates together in one place. 

I’ll start by reminding everyone why we stand these contracts up. GSA’s small business GWACs enable the important missions of agencies across the federal government and drive progress on vital public policy objectives including the President’s Executive Order 13985 On Advancing Racial Equity and Support for Underserved Communities Through the Federal Government and the President’s Management Agenda (PMA) released by the Biden-Harris Administration in November.  

GSAs GWACs support the PMA in some key ways, including delivering mission-enabling technologies across government. They support deep relationships with the supplier community, helping industry understand how the PMA drives new and emerging government IT requirements to support key initiatives such as improving citizen interactions with the government and equipping the federal workforce to effectively deliver for the public. GWACs also make it easier for new suppliers, especially small and disadvantaged businesses, to gain valuable growth opportunities through the federal IT marketplace.

As we close out the year, there’s a flurry of activity in ITC around our GWACs and I am very proud and excited about the work my team is doing.

Polaris

Polaris will bring innovation to the small business community, federal agencies, and the acquisition workforce leading to substantial benefits to small businesses, improved technology for federal agencies, and greater flexibility for acquisition professionals across government.

Initial priorities on Polaris will be the creation of 4 pools to accommodate set-asides for:

  • small businesses; 
  • women-owned small businesses (WOSB); 
  • service-disabled, veteran-owned small businesses (SDVOSB), and 
  • businesses located in HUBZones.

We will solicit and award Polaris in phases to help our customers deliver on their missions and meet their socio-economic goals.

Our first priority is to release the request for proposals (RFP) for the small business and WOSB pools in late January/February 2022. The small business pool will be awarded first, in 2022. The WOSB pool will be awarded second. The HUBZone and SDVOSB RFPs and awards will follow.

Keep an eye on our Small Business GWAC Community of Interest for updates.

8(a) STARS III

8(a) STARS III successfully launched this summer with a 5-year base period, 3-year option, and a $50 billion ceiling to give agencies plenty of runway to plan for the future. The 2021 award was an important first step with an initial cohort of more than 400 8(a) industry partners gaining new access to the federal IT marketplace. 

This is a big deal for the Small Disadvantaged Businesses (SDB) community and we’re excited to see how they turn these opportunities into great outcomes.

We are working closely with our partners on a second 8(a) STARS III cohort for award in Q2 FY22 — stay tuned!

VETS 2

The VETS 2 GWAC is humming right along. In just 3.5 years, VETS 2 has an estimated $1.94 billion value from 148 task orders.

VETS 2 gives agencies access to a wide variety of customized IT services and solutions. It also helps agencies receive SDVOSB credit toward their Small Business Procurement Scorecard and Best-in-Class (BIC) Tier 3 credit toward Spend Under Management goals.

We’re committed to the SDVOSB community. VETS 2 will have a strong future as part of GSA’s suite of IT contract solutions for many years to come. We’re taking the necessary steps to execute the option period and doing all that we can to cement VETS 2’s future.

Together, VETS 2 and Polaris will deliver on our commitment to SDVOSBs. They’ll continue to provide value for our customers well into the future and help ensure there will be no gap in access to SDVOSB contract offerings from GSA.

Looking to the Future

The highly qualified companies on our GWACs (and those to come) can complete almost any IT service requirement including agile software development, artificial intelligence (AI), cloud computing, and other emerging technologies.

As we look toward 2022, GSA will remain focused on providing important solutions for our industry partners and customer agencies. It will remain a top priority for us in the new year.

Follow us on Twitter @GSA_ITC and LinkedIn, and subscribe for blog updates.

GSA Celebrates American Veterans

This Veterans Day, I’m contemplating GSA’s long history of working with service-disabled, veteran-owned small businesses (SDVOSB). I’m proud of the work they do every day to help agencies across the federal government achieve their mission.

Our Governmentwide Acquisition Contracts (GWACs) like VETS 2 demonstrate our ongoing commitment to our Veteran community – and I want to make sure I communicate clearly that we believe VETS 2 will continue its success and have a strong future as part of GSA’s suite of IT contract solutions for many years to come. We’re taking the necessary steps to execute the option period and doing all that we can to cement VETS 2’s future.

VETS 2: the right IT solutions, right now

In just 3 ½ years, VETS 2 has an estimated $1.87 billion value from 145 task order awards.

VETS 2 gives agency customers access to a wide variety of customized IT services and solutions. It also helps agencies receive SDVOSB credit toward their Small Business Procurement Scorecard and Best-in-Class (BIC) Tier 3 credit toward Spend Under Management goals.

The highly qualified companies on VETS 2 can complete almost any IT service requirement including agile software development, artificial intelligence (AI), cloud computing, and other emerging technologies.

SDVOSB pool on Polaris

In addition to our ongoing support for VETS 2, GSA is broadening opportunities for Veterans to work with the federal government. We recently announced a new contract pool for SDVOSB firms on Polaris, a new next-generation GWAC.

Polaris will bring more innovation to the small business community, federal agencies, and the acquisition workforce. This innovation will lead to substantial benefits for small businesses, improved technology for federal agencies, and greater flexibility for acquisition professionals across government.

Polaris will have 4 pools: small business, women-owned small business (WOSB), SDVOSB and businesses located in HUBZones. These pools will be awarded in phases to help our customers deliver on their missions and meet their socio-economic goals.

Our first priority is to release the request for proposals (RFP) for the small business and WOSB pools January 2022. The small business pool will be awarded first, later in the year. The HUBZone and SDVOSB RFPs and awards will follow.

Subscribe to our Small Business Community of Interest on GSA Interact to keep up to date.

Veterans help government through two GSA GWACs

We’re committed to the SDVOSB community. Together, VETS 2 and Polaris will deliver on our commitment to SDVOSBs. They’ll continue to deliver value for our customers well into the future and help ensure there will be no gap in access to SDVOSB contract offerings.

Find out more about VETS 2 and discover customer training opportunities at www.gsa.gov/vets2. Please send any questions to vets2@gsa.gov.

Additional information about Polaris can be found at www.gsa.gov/polaris. Please send any questions to polaris@gsa.gov.

Bringing GSA’s Polaris GWAC to Life

We’re proud of the work we do to support agency missions at GSA, and we recognize the very important role small businesses play in making that a reality.

GSA’s GWAC heritage

We’ve promoted the growth of the small business community in the US for decades. Through GSA’s Governmentwide Acquisition Contract (GWAC) program, we have built a solid foundation that connects the small business community to the federal IT market, promoting access to innovation, and supporting job creation nationwide. For decades, the GSA GWACs have served as a springboard for companies to grow and create jobs and opportunities.

Since the late 1990s, GSA’s GWACs have served as a gateway for federal agencies to access highly qualified information technology (IT) vendors. And, since their inception, customers have relied upon our small business GWACs to fulfill over $27 billion in IT requirements for agencies across government.

Small Business GWACs serving your mission

We want to keep improving on these important solutions to ensure they remain the contracts of choice for our industry partners and customer agencies. We’ve been hard at work on our current and next generation of contracts.

8(a) STARS III successfully launched (with more awards to come) this summer with a 5-year base period, 3-year option, and a $50 billion ceiling to give agencies plenty of runway into the future. This is a big deal for the Small Disadvantaged Businesses (SDB) community and we’re excited to see how they turn these opportunities into great outcomes! Even though 8(a) STARS II has officially sunset, existing task orders will continue being worked for several more years.

VETS 2 is humming along. With a little over three years of performance so far the contract already has $1.68B in total estimated value from 122 task orders. Agencies depend on VETS 2 every day to meet their missions.

With the creation of Polaris, our next small business GWAC, we’ll build on the success of these programs and become the first GSA GWAC to feature multiple socioeconomic groups through a single offering.

Polaris, a bright future

Polaris will bring innovation to the small business community, federal agencies, and the acquisition workforce leading to substantial benefits to small businesses, improved technology for federal agencies, and greater flexibility for acquisition professionals across government.

Polaris will also drive progress on important public policy objectives including the President’s Executive Order 13985 On Advancing Racial Equity and Support for Underserved Communities Through the Federal Government. Initial priorities on Polaris will be the creation of pools to accommodate set-asides for small businesses; women-owned small businesses (WOSB); service-disabled, veteran-owned small businesses (SDVOSB), and businesses located in HUBZones to help deliver on their mission and meet their socio-economic goals.

We are developing a dynamic contracting program that provides flexibility to establish additional industry partner pools on Polaris in the future as we continue to assess technology trends and changing customer needs.

The resulting approach incorporates feedback from agencies and industry, and includes ways to ensure that the technology remains relevant and the latest acquisition policies are used.

Through Polaris, we will:

  • Establish a pre-qualified industrial base that government agencies can tap into with confidence and ease
  • Bring multiple socioeconomic categories onto one vehicle to provide agencies with convenient access to small disadvantaged IT service providers
  • Enable agencies to acquire state-of-the-art IT services in a compliant and cost-effective manner

The overarching strategy shaping our approach to Polaris includes:

  • Providing greater opportunities to small businesses by removing barriers to entry and providing additional training and engagement with industry
  • Supporting greater equity in government contracting
  • Connecting agencies with highly qualified technology providers
  • Improving ease of use for agencies, industry partners, and GSA employees

Key Polaris features that we’re aiming for:

  • Periodic refreshment of the industrial base through on-ramps
  • Access to emerging technologies
  • No-price awards with pricing negotiated at the task order level — to promote competition.
  • Inclusion of a technical refresh clause that can be triggered as needed to adapt to customer needs.
  • Support for IT modernization and emerging technologies capabilities by offering the latest in cloud offerings from storage services to quantum computing services
  • Catalog of service offerings
  • A maximum 10-year ordering period
  • No contract ceiling
  • Leverage the cloud business model for service offerings

Polaris will also include supply chain risk management (SCRM) and cybersecurity requirements similar to those that were included in the 8(a) STARS III GWAC.

Polaris will support GSA’s goals to help agencies reach their sustainability goals, reduce the environmental impact of the federal government, make the work environment more sustainable and environmentally friendly, and protect the environment by fostering markets for sustainable IT technologies and services.

Many of you have had questions about how teaming arrangements and joint ventures will work on Polaris. In a soon-to-be-released update to our draft solicitation, we’ll be including guidance on how joint ventures will be scored.

Navigating the Future

As we work to bring Polaris to market we have a very busy fall season lined up.

We’re working to release an updated draft of the Polaris solicitation for sections L and M and the scorecard, and we’ll welcome your feedback on those. Keep an eye on our Small Business GWAC Community of Interest page for that.

We met with our VETS 2 Industry Partners about the inclusion of an SDVOSB pool on Polaris and we’re actively gathering their input.

GSA’s Office of Small and Disadvantaged Business Utilization is hosting an event on Wednesday, September 29th: Small Business Works 2021: Level Up & Network Series. Be sure to catch it.

We’re also planning a focused GSA Polaris Industry Forum for Wednesday, October 20th, and we encourage our small business industry partners to attend. Register Here

Finally, we’re aiming for the final Polaris solicitation to be released in short order with a pre-proposal conference to follow shortly thereafter.

I’m so proud of the work that our team has done on our small business GWACs, and we really couldn’t be more excited for what the future holds. Stay tuned to our Small Business GWAC Community of Interest page on GSA Interact for the latest updates.


GSA’s Enterprise Infrastructure Solutions Instills Cybersecurity Confidence

On May 12, the White House issued the Executive Order on Improving the Nation’s Cybersecurity. This EO underlines the fundamental problem of how cybersecurity weaknesses leave critical infrastructure open to debilitating attacks. It also outlines what government agencies must do to improve their collective defensive posture, reduce risk, improve visibility and secure their infrastructure.

GSA’s Information Technology Category (ITC) tracks cybersecurity trends and is involved in conversations with industry experts on this topic. We incorporate the EO’s technological goals in our contract solutions, like Enterprise Infrastructure Solutions Contract, or EIS.

When it comes to network security, Zero-Trust Architecture (ZTA) is the gold standard. We even published a Zero Trust Architecture Buyer’s Guide to help agencies build toward it. EIS is featured prominently in the guide, because it offers baked-in security “building blocks” to create customizable solutions.

Managed Security Services

The EIS Managed Security Service (MSS) is a comprehensive service that protects an agency’s information technology assets—hardware devices, network, software, and information—from malicious attacks. It includes capabilities such as authentication, anti-virus, anti-malware/spyware, intrusion detection, and security event management. MSS comprises the following sub-services: Trusted Internet Connections Service (TICS), Managed Prevention Service (MPS), Vulnerability Scanning Service (VSS), and Incident Response Service (INRS).

Managed Network Services

The EIS Managed Network Service (MNS) enables an agency to outsource a portion or all of its network planning, design, implementation, maintenance, operations and customer service as a strategic move to improve IT services and lower costs.

Software Defined – Wide Area Network (SD-WAN) Services

SD-WAN services provide significant benefits by giving agencies central security management and visibility, the ability to segment networks where security policies can be tailored per application and data type, and identity-based user access.

Managed Trusted Internet Protocol Services (MTIPS)

MTIPS version 2.2 provides security for all external connections to public Internet, Extranet, and Cloud Service Providers. As agencies look to implement the Cybersecurity and Infrastructure Security Agency (CISA) TIC 3.0 guidance, MTIPS may be complemented with additional EIS services to achieve the updated security capabilities of a TIC 3.0 Traditional TIC solution.

FedRAMP Authorized Software-as-a-Service (SaaS) Tools

SaaS gives an agency access to applications hosted in the cloud. The provider manages the security, availability, and performance of the applications as part of their service. Using SaaS allows an agency to reduce the time, expense, and risk associated with the installation and maintenance of software on agency computers. EIS SaaS meets all federally required security standards for Cloud services.

EIS delivers solutions to agencies that will meet CISA’s latest Trusted Internet Connections (TIC) 3.0 guidance and ZTA requirements which include the Core Zero Trust Logical Components described in the National Institute of Standards and Technology (NIST) Special Publication 800-207. GSA continues to collaborate with CISA to provide guidance to agencies advancing legacy networks towards a zero trust architecture.


In the past decade, the typical federal agency network has evolved from being static with a known perimeter to mobile-friendly with nodes across the country. We are now regularly reminded that security solutions must correspondingly evolve to secure agency data and be able to ensure the safe transport of information to and from cloud applications, data centers, and remote users. If they don’t, the U.S. will continue to be vulnerable to malicious actors all over the world.

The Cybersecurity EO prioritizes “accelerated movement to secure cloud services; centralized and streamlined access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks; and investment in both technology and personnel to match these modernization goals.” EIS already supports these by supplying SD-WAN services, 5th Generation (5G) telecommunications technology, Internet of Things (IoT) offerings, and Cloud-based security solutions.

Using EIS to buy IT infrastructure ensures a greater degree of consistency in the government’s telecommunications and network infrastructure services. It also consolidates the government’s purchasing power, driving lower prices on products and services that to satisfy complex security, flexibility, and visibility needs. EIS solutions offer the foundation needed to adapt to evolving threats and continue accomplishing your mission. The sooner agencies transition, the sooner they can take advantage of the secure solutions available on EIS. Accelerate your transition progress by Taking A.I.M. at EIS.

Taking A.I.M. at EIS

Enterprise Infrastructure Solutions (EIS) transition

The transition to Enterprise Infrastructure Solutions (EIS) is one critical path for agencies to evolve to more modernized and secure IT infrastructures and away from legacy technologies that are vulnerable to security risks — a high priority for this Administration. With the President’s Executive Order on Improving the Nation’s Cybersecurity, it’s important to remember that the transition to EIS is not about shutting down expiring contracts; it’s ultimately about the safety, security, and sustainability of the federal government’s IT infrastructure.

The most recent EIS transition milestone came and went on March 31, when agencies were expected to have disconnected at least 50 percent of their services from the expiring Networx, Washington Interagency Telecommunications System (WITS) 3, and Local Service contracts.

While the data illustrates agencies are making progress, with 55% of the federal government’s inventory remaining to be disconnected, there is still much work to be done. Therefore, we urge our agency partners to take A.I.M. at EIS:

  • Assess their status and accelerate their progress
  • Disconnect & transition their Inventory
  • Mitigate risk to ensure mission operations continue

Assessing status and accelerating progress

Less than two years remain before the Networx, WITS 3, and Local Service contracts expire on May 31, 2023. Though the September 30, 2022 deadline for 100% disconnect from expiring contracts is a little over 15 months away, we want to remind agencies that a lack of transition progress could result in service disconnection much sooner. Please assess your progress against several important dates that are outlined in the revised Project Plan for Closeout of Transition and accelerate actions accordingly:

  • June 30, 2021 – Agencies that are not transitioning to EIS will have services disconnected. On this date, agencies for whom GSA has provided a report for a price-only fair opportunity decision, but have yet to award the task order, will also be disconnected.
  • August 31, 2021 – Agencies that have not awarded any EIS task orders for their solicitations will be disconnected.
  • September 30, 2021 – Agencies that have not awarded EIS task orders for all their solicitations will be disconnected.
  • October 1, 2021 – GSA will no longer accept or process any exception requests for the expiring contracts (Networx, WITS 3, and Local Service Agreements). All new services should be ordered from the EIS contracts or other viable contracts.
Enterprise Infrastructure Solutions Transition Timeline with remaining milestone dates and upcoming Closeout Phases for 2021 June 30, 2021. Agencies that are not transitioning to EIS will have services disconnected. On this date, agencies for whom GSA has provided a report for a price-only fair opportunity decision, but have yet to award the task order, will also be disconnected .  August 31, 2021. Agencies that have not awarded any EIS task orders for their solicitations will be disconnected. September 30, 2021. Agencies that have not awarded EIS task orders for all their solicitations will be disconnected. October 1, 2021. GSA will no longer accept or process any exception requests for the expiring contracts (Networx, WITS 3, and Local Service Agreements). All new services should be ordered from the EIS contracts or other viable contracts.
Enterprise Infrastructure Solutions Transition Timeline with remaining milestone dates and upcoming closeout phases for 2021

The next major milestone for EIS transition is on March 31, 2022, which calls for 90% of services disconnected from expiring contracts. With less than 12 months to go, we urge agencies to accelerate progress, so as not to fall further behind.

Inventory: enhanced focus on disconnecting and transitioning inventory to EIS

Government-wide, we are behind the EIS curve. 11 of 17 large agencies and 15 of 25 medium-size agencies have yet to disconnect even 50 percent of their services as of March 31, 2021. Ultimately, missing transition milestones and continued reliance on expiring contracts risks disruption of critical services delivered to the public.

Mitigating risk to ensure mission operations continue

The more agencies fall behind the established milestones, the greater the risk to their mission. This not only leaves less time for transition-related activities ahead of the September 2022 milestone, but it will also increase the potential that agencies may be “stuck” waiting for disconnect and transition services to be rendered. In particular, agencies that delay their EIS contractor selection for replacement services may find themselves “in line” behind those that have already chosen a contractor and made transition progress. This further slows progress for disconnecting services from the expiring contracts and connecting new services.

The extended contracts expire on May 31, 2023 and there will be no extensions. We invite our agency partners to ask themselves “Will we complete transition on time?”. If your agency will not complete transition on time, contingency planning must start now.

The time for EIS transition action is now. Regardless if your agency is in the acquisition or implementation phase, know that GSA wants to actively support agency transitions. If your agency is struggling, GSA can provide services such as:

  • An inventory of complete services that need to be transitioned, including custom reports for your agency
  • Technical, acquisition, and ordering assistance, plus automated tools to directly assist agencies with expediting EIS task orders
  • GSA in-scope reviews of agency solicitations
  • Regular outreach to agencies’ Integrated Transition Teams to monitor transition progress and provide guidance

If your agency needs help with transition, please contact the IT Customer Service Center at 855-482-4348, or send an email to ITCSC@gsa.gov. We encourage you to reach out to your agency leadership. Include Chief Information, Acquisition, and Financial Officers in conversations on EIS transition, financials, and risk.