FY22 in review, informing the future

At the beginning of every fiscal year, we sit down to develop our targets, and as I look back on the last year I’m very proud to see what we’ve been able to deliver for agencies.

Employee, customer, and industry input is key

Results of the Federal Employee Viewpoint Survey (FEVS), Customer Loyalty Satisfaction Survey (CLS), and the Industry Satisfaction Survey (ISS) are all part of a broader feedback ecosystem that drives our decisions. These three surveys collectively show a top-line level of ITC health and our progress in improving engagement and experience across ITC’s employees, customers, and suppliers.

This feedback is driving many of the decisions we make. At the end of the day, we’re here to serve, and so we look very closely at those survey results. I’m pleased that year over year, ITC customer loyalty and industry satisfaction remained steady, but I’m even more interested in what these surveys tell us about areas where we can improve.

Customers are telling us that ease of acquiring is the strongest driver of your loyalty and that you’d like to see us further improve internal processes, customer service, and communications generally.

Industry, on the other hand, said procurement process and industry expertise were your strongest drivers of satisfaction. You, too, would like to see improved processes and communications.

We hear you both and are working on ways to improve these concerns. There’s clearly some overlap here, and this gives us some clear direction.

If you’re a small business that’s new to the government market, it can be daunting. We’re working on solutions to make this all easier. One great example that we’re seeing is from the 8(a) STARS III GWAC where of the 258 industry partners who have task order awards, 149 of them received their first GSA contract vehicle task order award through 8(a) STARS III. Brand new to GSA contracting, and they’re already out the gate with orders.

This is great news, and we’re learning what we can from these results.

By the numbers

In every IT subcategory (Hardware, Software, IT Services, Telecom, and IT Security), we exceeded our FY22 targets.

IT Services on the Multiple Award Schedule had a particularly strong year surpassing our target by nearly 29 percent, with a year-over-year positive variance of more than 16 percent.

Mission spend through our IT contracts reached just shy of $34 billion for the first time and surpassed the previous year by nearly 5 percent. Volume over the last 4 years has increased by about $8.5 billion, which is truly remarkable. And most importantly, ITC helped agencies save nearly $2 billion through cost avoidance in the last year alone.

While we celebrate these successes, we’re also looking to the future for what’s next.

Table depicting the FY22 Final dollar spend on each IT Category (IT Hardware, IT Software, IT Services, Telecom Services, IT Security/Shared Services, GWACs, ETS, and HSPD-12, PKI). The total for ITC in FY22 was $33,735,217.

Trends, informing the future

Diversity, equity, inclusion, and accessibility initiatives are particularly important to the Biden-Harris Administration, and a big part of that is helping small businesses succeed in government contracting. I’m happy to report that ITC handily exceeded our small business utilization goals last year for small businesses generally, women-owned, services-disabled, and HUBZone small businesses. Small Disadvantaged Business performance was also very strong. Small businesses have won approximately $8.45 billion in FY22 (up 9.4 percent from $7.7 billion in FY21) through their work on ITC contracts.

We’ve been working hard on ways to make it easier for small businesses to support the government. We’re setting up Polaris, our next small business contract, and so I expect to see this trend of small business utilization continue.

In terms of the market, IT services are in high demand, and I would expect that to continue too. Automated Contact Center Solutions, Health IT, Cloud adoption, Earth Observation, and Highly Adaptive Cybersecurity Services were all particularly strong year over year.

Speaking of cybersecurity, that’s another important topic to watch this year. We’re tracking trends and technologies that can help our customers improve their cybersecurity hygiene and strengthen their cybersecurity posture.

Looking forward, together

As we wrap up FY22 and kick off FY23, I want to thank our customers, industry partners, and ITC staff. It’s because of our close collaboration that we have these successes to celebrate.

Visit our website to learn more about our solutions, or use our IT Solutions Navigator to find the vehicle that’s right for you.

Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.

Celebrating our Veterans

In thinking about Veterans Day this year, I want to pay special tribute to America’s Veterans for their service and dedication to this great nation. I’m grateful for the sacrifices they have made to defend our nation. Our Veterans are an example of the strength, courage, and resolve that allows our country to overcome so many of the challenges we face.

I have spent time with Veterans and Service Disabled Veteran Owned Small Business (SDVOSB) owners and know their desire to serve continues after they leave active service. I am proud that GSA is committed to working with this community.

GSA working with Veterans

GSA is dedicated to tapping into that strength, courage, and resolve by bringing the SDVOSB community to the federal IT market.

There were more than 800 SDVOSBs across the entire government-wide IT category last year that reported sales. ITC is represented by 357 of those industry partners through our Multiple Award Schedule – IT (MAS-IT) contract and the Veterans Technology Services 2 (VETS 2) and 8(a) STARS III IT services Governmentwide Acquisition Contracts (GWAC). Through these acquisition vehicles, SDVOSBs won more than $1.46 billion of the IT market last year.

Through GSA contract vehicles like VETS 2, service-disabled veterans continue to serve our nation by providing innovative IT solutions in support of agency missions and the military. VETS 2 is currently the government’s only GWAC set aside exclusively for SDVOSBs.

The VETS 2 option period is coming up next year and we have every intention of exercising that option for those SDVOSBs meeting the terms and conditions of the contract. This will provide federal agencies with continued use of this socio-economic small business, best-in-class solution for their long-term IT service project needs, with the performance of task orders extending out through 2033.

SDVOSBs bringing real mission impact

While I can’t call out individual SDVOSBs, I do want to offer a couple of examples of their great work:

  • One of our customer agencies recently awarded a $248 million order through VETS 2 to provide IT Support Services for their digital infrastructure services center. Through these IT support services, the SDVOSB will fill the agency’s need for maintaining legacy operations and to innovate, at an accelerated pace, to meet the customer’s requirements into the future.
  • Another recent innovative task order award for $166 million was for enterprise services integration and modernization. The scope of the task order is to provide a quality-focused process and capability that enables effective sustainment and modernization of command, control, communication, computers, and information technology systems. The task order will modernize military headquarters to include operations centers, planning rooms, and conference rooms, utilizing innovative technologies such as video walls, audio processors, and multi-classification video teleconference systems.

Veterans, key to the future

Our commitment doesn’t stop with VETS 2 and MAS-IT. GSA’s next small business and socio-economic small business GWAC, Polaris, will have an SDVOSB pool. Polaris is designed to assist agencies in acquiring customized IT services and IT services-based solutions while expanding opportunities for SDVOSB firms. Stay tuned to our Small Business Community of Practice Interact page for updates.

These contracts drive progress on important public policy objectives, including the President’s Executive Order 13985 On Advancing Racial Equity and Support for Underserved Communities Through the Federal Government as we work to improve diversity, equity, inclusion, and accessibility.

I’m grateful for the meaningful partnership we have with our Service Disabled Veteran Owned Small Businesses and for their continued hard work and dedication to helping agencies achieve their missions every day. I’m really excited for what the future holds.

Visit our website to learn more about VETS 2, MAS-IT, and Polaris or use our IT Solutions Navigator to find the vehicle that’s right for you.

Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.

20 years of E-Government

This year marks the 20th anniversary of the enactment of the eGov Act, and I was recently asked in an interview what I felt had changed the most in the federal technology market and what had stayed the same. It was an interesting conversation, and so I’d like to share my thoughts with you.

Changing times, evolving technology

In 2002 your work revolved around your office building and your desk. Most everyone in government was tied to their office because of the technology at the time — desktop computers and desk phones.

Now think back to when you got your first Blackberry. I think it was 2004/5 for me. All of a sudden you could access your email on the go and connect to your headset wirelessly through Bluetooth.

Then of course the iPhone came in 2007 and has since changed everything. So, while I still have a desk at GSA’s central office, I haven’t had a desk phone in almost a decade or a desktop computer in two decades — today, I work from a laptop and a mobile phone.

In terms of the federal technology market, we are once again seeing two big technological trends that are radically transforming how we all operate: the shift to telework and cloud adoption.

Cloud adoption and telework

The pandemic hammered home the value of flexibility and collaboration. GSA invested in an efficient mobile workforce long before COVID hit, and that investment paid off. Our teams adapted quickly to full-time telework, enabling us to rapidly turn around and help other agencies do the same.

Part of the reason we were able to move so quickly was because we had embraced cloud computing early by investing in modern network architecture using GSA’s Networx contract.

That’s the second driver of modern government, the flexibilities afforded by the wide-scale adoption of commercial cloud services, which link the physical world to our virtual environments.

Think about the interview that inspired this blog post and how that content reaches its government audience. Twenty years ago, we’d record the interview, and the audio would play on a regional radio station. That’s the only way the audience would experience it.

Now, you can use a desktop, laptop, tablet, or mobile phone, (or a landline) not just to listen, but to participate. You can chat or post a question, and get a response in real-time. We have captioners (or AI/bots) who listen, transcribe, and produce a running transcript, and even video interpreters who can translate the conversation into American Sign Language.

The cloud-based software-as-a-service we use takes all these inputs and outputs raw data, which is stored and accessed securely within a FedRAMP-authorized environment. All that data is logged and analyzed in real-time while a host of systems operate in the background to defend against malicious actors.

Finally, it all gets encrypted and exits the platform, travels through the open Internet, and crosses the threshold back into a given federal network through Trusted Internet Connections. There are many types of “federal networks” ranging from a wired wide area network at an agency’s headquarters to someone’s home Wi-Fi, accessed through a Virtual Private Network and managed by a trusted vendor.

You may still catch that interview on the radio, but you can also experience it anytime from any device.

Every one of these services must be procured correctly, and that’s what GSA’s contracts ultimately provide.

Shared services — effective and efficient

When done right, a complex resource like what I described above isn’t limited to one department, rather it’s a service that becomes easily available to every employee of the agency — a shared service.

The benefits of such an acquisition are enjoyed across the entire enterprise, and that might be the most exciting change — that government agencies are starting to plan and buy IT more as a single enterprise than a loose collection of disparate parts.

This is federal category management in action. Internally, we’ve restructured our program units to better support enterprise offerings like managed services.

What once was called our office of Telecommunications Services is now Enterprise Technology Solutions because customers increasingly want secure, simple, and flexible capabilities that run on top of traditional networks.

Shared services have both stayed the same and evolved. I have two of the original e-Gov services in my portfolio with USAccess and the Federal Public Key Infrastructure program. Agencies still rely on these offerings every day, and they go a long way to reducing duplication of effort.

GSA, here to help

Of course that’s only the first part of the question. What hasn’t changed is the hard work and dedication of public servants and industry partners working hand in hand to ensure each agency fulfills its mission.

Visit our website to learn more or use our IT Solutions Navigator to find the vehicle that’s right for you.

Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.

October is Cybersecurity Awareness Month

Blue promotional image with laptop, desktop, and mobile device clipart on the right side of the image. White text on the left reads "Is your agency cyber ready? GSA can help."

Is your agency cyber ready?

October is Cybersecurity Awareness Month and this year’s theme is “See Yourself in Cyber.”
Planning and executing a cybersecurity acquisition is a winding road. It can be daunting without a clear place to start. Federal agencies are challenged with navigating changing threat environments, new policy mandates, and an ever-evolving technology landscape. Acquisition professionals within the federal government have a large role in helping to protect our Nation’s networks and assets but don’t have to take this on alone. GSA offers convenient access to a range of resources to help identify requirements and create a plan, compare contract vehicles, and develop a solicitation to award a contract.

GSA is here to help “See Yourself in Cyber” and get your agency one step closer towards being cyber ready.

Current cybersecurity requirements

Executive Order (EO) 14028: Improving the Nation’s Cybersecurity and associated Office of Management and Budget (OMB) memoranda established critical policy goals federal agencies must follow. These goals include implementation of a Zero Trust Architecture (ZTA) and the adoption of Cybersecurity Supply Chain Risk Management (C-SCRM) practices within Information and Communication Technology (ICT) supply chains. Federal agencies have also been targeted in a number of high-profile cyber attacks resulting in new and evolving program needs to protect their networks from and respond to future attacks.

GSA offers multiple resources to help make sense of these new policies and program drivers and translate them into requirements for a solicitation:

  • GSA’s EO 14028 webpage and the Zero Trust webpage connect users with resources related to recent cybersecurity requirements.
  • GSA subject matter experts (SMEs) offer focused cybersecurity training that discuss many of the policy and technology drivers impacting the Federal cybersecurity marketplace.
  • GSA has multiple videos on cybersecurity on ITC’s YouTube playlist. Topics include use case scenarios for agencies seeking to procure cybersecurity solutions and the journey toward implementing a ZTA.

Buyer’s Guides

GSA offers a wide range of cybersecurity services and solutions. We know it can be difficult to select the right fit for your agency’s requirements. To help demystify this process, GSA developed a number of buyer’s guides that identify which solutions meet your agency’s specific cybersecurity needs:

GSA-offered cybersecurity services and solutions

GSA has several cybersecurity-specific contracting offerings, including:

  • The Highly Adaptive Cybersecurity Services (HACS) Special Item Number (SIN) on the Multiple Award Schedule Information Technology (MAS IT), established in collaboration with OMB and the Cybersecurity and Infrastructure Security Agency (CISA), which provides:
    • Proactive and reactive cybersecurity services.
    • A wide range of vendors capable of meeting your agency’s small business and socioeconomic contracting goals.
    • Access to technically evaluated cybersecurity vendors. Vendors must pass an oral-technical evaluation to be able to offer services through the HACS SIN.

If you have questions about whether your requirement fits within the scope of the HACS SIN, GSA SMEs are available to provide free and individualized consultations, and scope reviews.

  • The IT Professional Services SIN on MAS IT that offers agencies:
    • Access to pre-vetted IT solution providers.
    • Pre-negotiated prices that can be further discounted.
    • Established terms and conditions at the master contract level that can be customized at the task order level.
    • A diverse pool of vendors to help meet socioeconomic and small business contracting goals.
    • Two cybersecurity-specific subcategories: IT Backup and Security Services, and Information Assurance.
  • The Continuous Diagnostics and Mitigation (CDM) Tools. CISA maintains the CDM Approved Products List (APL), the authoritative catalog for CISA-approved CDM IT products. To purchase products on the APL, agencies can use:

Planning and procurement tools

GSA gives buyers an entire toolbox to guide the process of developing and releasing a solicitation, from market research to procurement.

  • GSA’s Market Research as a Service (MRAS) gives buyers access to rapid, targeted market research for their acquisitions at no cost. MRAS can be used to identify GSA contracts that might fit requirements, get information on vendor pools and market data, or compare and search products offered on GSAAdvantage!®.
  • Buyers can also use GSA’s IT Solutions Navigator to identify the right contract vehicles to meet cybersecurity needs. Users can select types of products or services to see a list of best-fit contract vehicles and solutions that meet requirements.
  • On GSA eLibrary, agencies can view vendor pools offered under different contract vehicles, review vendors’ terms and conditions, and view their socioeconomic designations and geographic locations.
  • The IT Security Hallway on the Acquisition Gateway displays multiple resources for government users in one convenient location. Users can access sample statements of work for the HACS SIN and a tool to help calculate Independent Government Cost Estimates (IGCE).
  • Agencies can also use GSA eTools, including GSA eBuy and GSA Advantage!® to initiate the procurement process and release documents to industry. On GSA eBuy, Requests for Information, Requests for Quote, and Requests for Proposals can be released to holders of the contract vehicle selected. On GSAAdvantage!® buyers can compare products and pricing to make purchases or view past solicitations released as a resource.

GSA offers continued support

GSA support doesn’t stop once you’ve released your solicitation. We are committed to providing support to agencies throughout the entire acquisition lifecycle. If you have questions related to an offeror’s submission, or need to clarify questions from industry, our experienced cybersecurity and contracting SMEs can assist. For SME support, contact the GSA IT Security Subcategory at ITSecurityCM@gsa.gov.

While cybersecurity acquisitions may seem intimidating at first glance, GSA offers plenty of resources to help demystify the process. If you need additional assistance, you can contact the Customer Service Director (CSD) dedicated to your agency and region, or your agency’s National Account Manager (NAM). CSDs and NAMs are a valuable source of information on GSA programs and can connect you with further support or training. To learn more about CSDs and how they can help, watch this video.

Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.

Efficiency, security at the heart of ITC’s hardware solutions: governmentwide strategic solutions (GSS) blanket purchase agreement

The IT requirements of government agencies are always shifting, as is the IT acquisition landscape itself. The pandemic amplified the need for desktops and laptops so that agencies can continue carrying out missions during emergencies that keep folks away from a physical workplace. To meet this ongoing need, the Information Technology Category (ITC) established the governmentwide strategic solutions (GSS) BPAs in 2015.

As a Best-in-Class solution that offers desktop and laptop computers with standard configurations that can then be customized to meet customer requirements, the GSS BPAs are another example of how ITC hardware and software solutions are practical and cost-competitive for agencies.

Governmentwide strategic solutions (GSS) BPAs

The GSS BPAs allow all government agencies to simply “click and buy” pre-configured laptops, desktops, tablets, and monitors. They furnish option upgrades and services with a faster, more-efficient business model that provides cost savings for the government as well as next-generation technology customer-service capabilities. With a streamlined buying process for federal, state, local, and tribal governments, no additional competition or brand name justification is required. If an agency needs an end user device, this is the program to get it.

The GSS BPAs are recompeted annually to incorporate customer feedback and new products. This ensures:

  • The latest technology is available.
  • Technology configurations align with agency needs.
  • More consistent and competitive pricing.
  • Better terms and conditions.

Our Workstation Category Team works closely with agency and industry stakeholders to evaluate and refresh GSS standard configurations every nine months, helping the government aggregate demand and use its consolidated buying power.

On September 3, 2022, ITC awarded 4 categories for its Version 8 GSS BPAs for Dell, HP, Lenovo and Microsoft. The BPAs will have a performance period of 5 years, and products are available through GSA Advantage!® under GSS for IT products. To mitigate security risks, each of the awardees maintain vetted supply chain risk management (SCRM) plans in compliance with the NIST standard. As of Version 8, all machines now have a RAM minimum of 16GB, and all performance machines boast a minimum of 32GB.

GSS BPAs by the numbers

Did you know that the largest purchasing customer off of the GSS BPA realized a bulk discount of 50 percent of the Schedule price? Check out some other GSS BPA statistics below to see how it measures up:

  • Agencies executing large-quantity purchases through GSA’s GSS program in FY22 have an average savings per unit of 38 percent off the base price.
  • The GSS Program has 29 vendors (23 of which are small businesses).
  • The U.S. Special Operations Command is the GSS BPAs’ top user with over $238 million of orders since FY18.
  • Over 1,300 total transactions have been conducted this year.
  • From FY20 to FY21, GSS program sales increased 36.4 percent, recognition of the value many agencies see in the program.
A bar graph depicting GSS Program Sales from FY16 through FY21. The graph indicates a steady increase in total value in millions each FY.

As the end of the fiscal year nears, check out the GSS BPAs as an easy-to-use, compliant and efficient purchasing option for your hardware needs. These BPAs are available via the GSA AdvantageSelect buying platform. Use eBuy to get quotes for your GSS desktop and laptop products.

To read more on how to buy, check out the ITC GSS buying guide. For more details on ordering, visit the GSS information page. Visit gsa.gov/gssdesktoplaptop to learn more about these solutions or use our IT Solutions Navigator to find the vehicle that’s right for you.

Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.

Efficiency, security at the heart of ITC’s hardware solutions: 2nd generation IT (2GIT) blanket purchase agreement

In Fiscal Year 2022, ITC has continued making GSA’s hardware and software solutions easy to use, cost-effective, compliant, and convenient for agencies. Two of ITC’s blanket purchase agreements (BPAs), the 2nd generation IT (2GIT) BPAs and governmentwide strategic solutions (GSS) BPAs, have raised the bar, addressing the current risk climate by:

  • incorporating supply chain risk management (SCRM) principles,
  • improving product availability, and
  • increasing customer training.

Whether you are looking for pre-competed commercial hardware, software, or ancillary services, ITC strives to deliver an efficient buying experience to get mission-enabling technology to you.

The 2GIT blanket purchase agreements

The 2GIT BPAs provide access to commercial off-the-shelf (COTS) hardware and software products and services. With almost 5 million products offered, they are available governmentwide, including to State, Tribal, and Local governments through GSA’s cooperative purchasing program.

SCRM is a foundational part of the 2GIT program, which employs groundbreaking SCRM best practices by performing active post-award compliance management in addition to 2GIT’s pre-award requirements. 

With cybercrime (data breaches, ransomware attacks, etc.) threats on the rise, 2GIT’s SCRM requirement addresses vulnerabilities associated with IT products cycling through the vendor’s order and delivery processes. To date, the continuous monitoring and direct engagement with our 2GIT BPA team leads and distribution partner awardees has resulted in key process improvements through verification and validation.

2GIT also benefits from another line of defense in our ongoing efforts to reduce supply chain risk: the Verified Products Portal (VPP). This portal is designed to freely host authoritative product content, including standardized manufacturer names, part numbers, specifications and more for wholesalers and authorized distributors. By doing so,

  • Buyers have accurate product descriptions.
  • Only authorized distributors and resellers are listed.
  • Industry products are marketed with authoritative and current information.

Since its pilot, the VPP has removed over 75,000 unauthorized products on GSA Advantage!® by working with industry.

2GIT by the numbers

  • 43 agencies have ordered off of the 2GIT BPAs, taking advantage of the more than 50 small business partners from different socioeconomic categories.
  • More than $127 million in sales have gone to small businesses, constituting more than 74 percent of total sales.
  • Over 59,000 2GIT transactions have been conducted on GSA Advantage!®, demonstrating our easy online ordering process.
  • ITC has conducted complimentary on-site and virtual customer support and training sessions on a global scale, including all Pacific and European Air Force units, reaching over 800 customers. These sessions are tailored to address unique aspects of the program, market research best practices, and how to procure through GSA eCommerce acquisition tools.

You can order 2GIT products through GSA Advantage!®, eBuy and Air Force Advantage!®. Agencies can submit requests for quote (RFQs) directly to 2GIT vendors on the eBuy portal under the BPA section. Only authorized 2GIT vendors can view and respond to RFQs posted there.

As we once again approach the end of another fiscal year, we encourage you to check out 2GIT as a straightforward purchasing option that helps  meet your procurement needs and goals. 
Visit gsa.gov/2git to learn more or use our IT Solutions Navigator to find the vehicle that’s right for you.

Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.

Last Chance: Signing Deadline Approaches for Expiring Telecom Contracts Continuity of Service MOU

In January, GSA decided it will invoke the Continuity of Service (CoS) clauses for expiring enterprise network and telecommunications contracts. This will allow agencies an additional year to either complete their transition to Enterprise Infrastructure Solutions (EIS) or find another solution to prevent interruption of services.

Transition has been slow for many federal agencies. As of June 30, 2022, only 94 percent of the planned task orders for transition have been awarded. Also, 5.3 million of the nine million legacy services governmentwide are still in use. These services range from telephone lines to high bandwidth secure internet access.

We urge agencies to push toward completing 100 percent disconnection of services by September 30, 2022 and assess their risk of not completing transition by May 30, 2023. Those who need more time to transition must sign a Memorandum of Understanding (MOU) to be authorized to use the CoS period from June 1, 2023 to May 31, 2024.

Sign the MOU by September 30th

If an agency does not sign the MOU by September 30, 2022, GSA will remove the agency from the Networks Authorized User List (NAUL) for the expiring contracts. The contractors will begin the disconnect process as early as November 2022 and complete it no later than May 2023.

Agencies that want to take advantage of the CoS period can do so only under these conditions:

  • Agencies must sign a Memorandum of Understanding (MOU) with GSA by September 30, 2022: GSA has sent a copy of the MOU to all potentially impacted agencies. The MOU must be signed by the agency head, or their designee with delegated authority. If an agency’s transition team has not received a copy of the MOU, please contact GSA at eistcc.ta@gsa.gov.
  • On May 31, 2024 (the end of the 12-month CoS period), any services remaining active on the expiring contracts will be disconnected, according to the terms and conditions of their respective contracts. Services cannot be reinstated on those contracts.

If an agency will not complete transition before the CoS period ends, the agency must:

  • Identify the services that will be cut off when the CoS period ends;
  • Develop a contingency plan to maintain operation of those services on another contractual arrangement; and
  • Implement that contingency plan so when the contracts expire and the services are disconnected, the agency’s mission is not interrupted or otherwise negatively affected.

GSA Resources

If your agency is mid-transition, weigh the pros and cons of signing the MOU and make a risk-based decision appropriate for your agency.

GSA remains available to help you assess your transition risk and understand your acquisition options. We are holding monthly EIS Transition Office Hours and monthly Interagency EIS Transition Meetings, both of which act as a forum for agencies to share best practices and lessons learned and ask transition-related questions. For an invitation to these open forums, please email benjamin.todd@gsa.gov.

The legacy telecommunications contracts are expiring very soon. Do not delay in transitioning services and, if needed, signing the CoS MOU and conducting contingency planning.

GSA is and will continue to actively monitor agency progress toward stated EIS deadlines. If you need assistance, have additional data to share on the speed of your transition to EIS, or would like to meet with us, please contact your assigned GSA Solutions Broker.

For more information, visit gsa.gov/eistransition.

Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.

8(a) STARS III Instrumental in Biden-Harris Equity in Procurement Vision

President Biden has a vision for a more equitable and resilient federal procurement system, using federal contract spending to support the participation of small businesses in traditionally underserved communities in the federal marketplace. GSA is committed to doing our part to make that vision a reality.

Diversity, Equity, Inclusion, and Accessibility to the Core

GSA has worked hard to develop a portfolio to support small businesses from their formation as small 8(a) firms, to more mature small businesses, and finally unrestricted. These efforts help the Administration’s goals of increasing access and building a solid platform for success for a diverse spectrum of vendors across the federal marketplace.

What is so impressive is the robust community we’ve created on the newest vehicle. 8(a) STARS III has 1,110 highly qualified 8(a) contractors – that’s more than 20% of all of the entities in the 8(a) program, including dozens of contractors who are new entrants.

Equally impressive is the breadth of IT services offered to support virtually every form of IT modernization, including a wide range of state-of-the-art technologies.

If you need technology for information assurance or to protect from evolving threats, you can find it on 8(a) STARS III. If you need any form of Artificial Intelligence (AI) or Robotic Process Automation (RPA), you can find it on this contract. It’s a great testament to the talents and skills of the 8(a)/Small Disadvantaged Business (SDB) community and a powerful reminder of how small businesses really are the driver of innovation in our economy.

Customer Experience Matters

We designed 8(a) STARS III based on extensive customer feedback to ensure it is responsive to agency needs. For example, a streamlined ordering experience means GSA offers free scope review services and market research for agencies who want it.

Agencies like the Department of Homeland Security (DHS) value this kind of customer experience, and as a result, they’ve been a truly meaningful partner in our 8(a) STARS journey for some time.

They adopted 8(a) STARS into their EAGLE Next Gen portfolio because of its ability to meet their evolving IT requirements. And of particular importance to DHS is 8(a) STARS III’s large pool of vetted industry partners who specialize in emerging technology.

8(a) STARS III also provides DHS access to hundreds of vetted companies with expertise in emerging technologies such as Quantum Computing, RPA, Technological Convergence, and Virtual Reality.

Since DHS adopted the 8(a) contracts (beginning with 8(a) STARS II in 2019) into their strategic sourcing portfolio, 8(a) STARS:

  • Accounts for 9% of all IT Services spend across the agency, and
  • Accounts for 13% of their total 8(a) spend.

Along with increased access to IT services vendors specializing in emerging technology and increased opportunities for proven, vetted 8(a) businesses, this partnership allows DHS to continue its strong commitment to the small business community while ensuring DHS is in alignment with recent executive orders and administrative priorities.

Another reason DHS values our partnership is that we provide them, and all of our customers, with many value-added services such as a dedicated program office for acquisition support, tools, templates, and complementary scope reviews.

Executive Director of the Strategic Solutions Office at DHS James Lewis, has stated that they “can achieve more mission for every dollar spent while maintaining a solid commitment to the small business community and leveraging strategic contracts like 8(a) STARS III.”

Where We Stand

To date, more than 217 task orders estimated at $691 million have been awarded to more than 135 industry partners on 8(a) STARS III. That includes more than 40 task order awards going to 8(a)/SDBs that are new to GSA.

I really couldn’t be more proud of the work my team has done to pull this contract together and build the relationships with customers and industry partners to make it so successful.

You can visit our website to learn more about 8(a) STARS III or use our IT Solutions Navigator to find the vehicle that’s right for you.

Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.

C-SCRM Acquisition Community of Practice (ACoP) Interact Site

Cyber-Supply Chain Risk Management (C-SCRM) Whole of Government logo.

Since the launch of the C-SCRM Acquisition Community of Practice (ACoP), GSA and CISA have been co-leading an effort to broaden the level of awareness and develop agency maturity in the areas of acquisitions, supply chain risk management, and cybersecurity across the Federal Government for information communication technology and services (ICTS).

Many federal departments and agencies have limited C-SCRM capabilities, resources, governance, guidance, and training; especially in the acquisition of ICTS. We need governmentwide collaboration with industry and the sharing of ideas, tools, guidance, and best practices for C-SCRM as part of the acquisition of ICTS.

Many don’t see the acquisition workforce as a key component of agencies’ cybersecurity teams. But federal procurement professionals have unique opportunities, through contracting, to ensure the safety and security of the federal government’s ICTS, help strengthen cybersecurity across networks, and prevent incidents like Solarwinds from occurring.

To increase C-SCRM awareness and adoption government-wide, the C-SCRM ACoP launched an online collaborative space for the federal government’s IT community and industry to share best practices, ideas, guidance, tools, and expertise needed to implement C-SCRM requirements. Working together as a community and sharing information will help us improve our cybersecurity posture across all levels of government.

The C-SCRM ACoP has hosted key events such as the C-SCRM Shark Tank event in collaboration with the American Council for Technology – Industry Advisory Council (ACT-IAC) where industry experts showcased innovative C-SCRM solutions to a government panel. The C-SCRM ACoP also plans to conduct a survey of industry to identify C-SCRM challenges and suggest best practices from industry’s perspective.

Additionally, the C-SCRM ACoP hosts monthly sessions open to federal employees and agency support staff. These sessions and events, held in collaboration with CISA, offer opportunities for knowledge sharing and cross collaboration focusing on supply chain risk awareness and advancements in cyber-acquisitions. Subject matter experts are ‘on hand’ not only providing information related to cybersecurity and acquisition integrity, but also best practices and lessons learned. 

Joining the C-SCRM ACoP helps:

  • Enhance the Federal Government’s cross-agency collaboration
  • Identify agencies’ strengths and capabilities in leading strategic C-SCRM objectives
  • Rapidly disseminate best business practices & outcomes
  • Learn from other agencies

To join the C-SCRM ACoP, email us at C-SCRM_ACoP@gsa.gov.

Visit the C-SCRM ACoP’s Interact site to be part of this collaborative journey. Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.

Marking the One-Year Anniversary of Executive Order 14028 “Improving the Nation’s Cybersecurity”

May 2022 marked one year since President Biden signed Executive Order (EO) 14028 – “Improving the Nation’s Cybersecurity.” It directs sweeping changes to cybersecurity requirements and calls on federal agencies to address key issues critical to building a more resilient cybersecurity posture. The EO also requires federal agencies to take steps to implement a Zero Trust Architecture (ZTA) model to modernize and strengthen cybersecurity standards and detection.

Since May 12, 2021, the Office of Management and Budget (OMB) issued additional guidance to support the mission of “Improving the Nation’s Cybersecurity.”

Timeline of Key Policy and Guidance Associated with the EO beginning on May 12, 2021 when the EO was signed through January 26, 2022.
Figure 1: Timeline of Key Policy and Guidance Associated with the EO

The associated OMB memos outline the steps required for agencies to better protect federal information systems, making them more secure and resilient. The requirements include implementation of:

  • Strict security controls on critical software,
  • Mature event detection and analysis capabilities, and
  • Endpoint data collection within networks to detect and hunt cyber threats.

Federal agencies also have new ways to obtain funding for the cybersecurity products and services needed to implement the EO’s requirements. Bolstering cybersecurity defenses is one of the Technology Modernization Fund (TMF)’s focus areas, and it’s funded three projects to support ZTA implementation. The President’s FY23 Budget request includes increased funding for federal agencies as they implement the EO’s priorities and a ZTA strategy. The request is the largest such increase in over 12 years.

Resources to help meet the EO requirements

There is no single technology, product, or service that can achieve the goals of implementing ZTA. Each agency’s journey and solution will be unique, and GSA’s Federal Acquisition Service (FAS) is here to help.

The FAS Office of IT Category (ITC) has resources to help agencies, vendors, and acquisition professionals continue to work towards a mature ZTA and meet the Administration’s requirements.

Over the past year, GSA’s ITC has:

  • Participated in governmentwide working groups on Cybersecurity Supply Chain Risk Management (C-SCRM) and ZTA. To ensure GSA’s offerings are capable of delivering the products and services that support implementation of the EO’s requirements, subject matter experts (SMEs) participated in working groups led by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST).
  • Educated the acquisition workforce on EO 14028. GSA SMEs conducted multiple trainings and speaking engagements for IT and acquisition professionals on ZTA, C-SCRM, and the EO requirements. If your agency would like to schedule a session with GSA SMEs, reach out to the GSA National Account Manager dedicated to your agency.
  • Incorporated C-SCRM practices into GSA contract vehicles. To assist agencies with EO requirements to mitigate cyber risks in the Government’s IT supply chain, GSA continues to pursue efforts to ensure alignment with EO guidance.
  • Developed informational webpages and Buyer’s Guides to aid agencies navigating the EO requirements.

Other ways GSA can help

Whether your agency is small or large, GSA has solutions that can be tailored to your cybersecurity needs. In addition to the Buyer’s Guides, GSA offers multiple online tools to assist in planning a cybersecurity acquisition. 

  • IT Security Acquisition Planning Package (APP) provides common resources agencies can use to plan a cybersecurity acquisition, including:
    • Overviews of GSA IT Security offerings,
    • IT Security Statement of Work (SOW) and Request for Quote (RFQ) templates, and
    • GSA’s Market Research As a Service (MRAS) tool to identify potential vendor pools and suggested contract vehicles. 
  • GSA developed Buy.GSA.gov, which can help you:
    • Plan – Determine the documents you need, and find vendors and contracts. 
    • Develop Documents – Find sample documents and templates.
    • Research – Find products, services, and pricing data.
    • Purchase – Review buying methods and request submissions for quotations.
  • GSA, in partnership with the Federal Chief Information Officers Council, is developing a series of ZTA Playbooks to help agencies move from the conceptual planning phase to actual implementation of a zero trust security model. Agencies can expect a “base playbook,” followed by playbooks dedicated to the pillars of a mature ZTA.
  • GSA has Customer Service Directors specifically assigned to your agency by location. You can also find the National Account Manager dedicated to your agency. 
  • For cybersecurity SME support, contact the IT Security Subcategory at ITSecurityCM@gsa.gov.

What’s next

As the Federal government improves its efforts to better protect Federal information systems, expect additional OMB guidance and updates to the Federal Acquisition Regulation (FAR), driving the need for modification of contract language. GSA will keep you informed, communicating with you the major developments.

Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.