Celebrating our Veterans

In thinking about Veterans Day this year, I want to pay special tribute to America’s Veterans for their service and dedication to this great nation. I’m grateful for the sacrifices they have made to defend our nation. Our Veterans are an example of the strength, courage, and resolve that allows our country to overcome so many of the challenges we face.

I have spent time with Veterans and Service Disabled Veteran Owned Small Business (SDVOSB) owners and know their desire to serve continues after they leave active service. I am proud that GSA is committed to working with this community.

GSA working with Veterans

GSA is dedicated to tapping into that strength, courage, and resolve by bringing the SDVOSB community to the federal IT market.

There were more than 800 SDVOSBs across the entire government-wide IT category last year that reported sales. ITC is represented by 357 of those industry partners through our Multiple Award Schedule – IT (MAS-IT) contract and the Veterans Technology Services 2 (VETS 2) and 8(a) STARS III IT services Governmentwide Acquisition Contracts (GWAC). Through these acquisition vehicles, SDVOSBs won more than $1.46 billion of the IT market last year.

Through GSA contract vehicles like VETS 2, service-disabled veterans continue to serve our nation by providing innovative IT solutions in support of agency missions and the military. VETS 2 is currently the government’s only GWAC set aside exclusively for SDVOSBs.

The VETS 2 option period is coming up next year and we have every intention of exercising that option for those SDVOSBs meeting the terms and conditions of the contract. This will provide federal agencies with continued use of this socio-economic small business, best-in-class solution for their long-term IT service project needs, with the performance of task orders extending out through 2033.

SDVOSBs bringing real mission impact

While I can’t call out individual SDVOSBs, I do want to offer a couple of examples of their great work:

  • One of our customer agencies recently awarded a $248 million order through VETS 2 to provide IT Support Services for their digital infrastructure services center. Through these IT support services, the SDVOSB will fill the agency’s need for maintaining legacy operations and to innovate, at an accelerated pace, to meet the customer’s requirements into the future.
  • Another recent innovative task order award for $166 million was for enterprise services integration and modernization. The scope of the task order is to provide a quality-focused process and capability that enables effective sustainment and modernization of command, control, communication, computers, and information technology systems. The task order will modernize military headquarters to include operations centers, planning rooms, and conference rooms, utilizing innovative technologies such as video walls, audio processors, and multi-classification video teleconference systems.

Veterans, key to the future

Our commitment doesn’t stop with VETS 2 and MAS-IT. GSA’s next small business and socio-economic small business GWAC, Polaris, will have an SDVOSB pool. Polaris is designed to assist agencies in acquiring customized IT services and IT services-based solutions while expanding opportunities for SDVOSB firms. Stay tuned to our Small Business Community of Practice Interact page for updates.

These contracts drive progress on important public policy objectives, including the President’s Executive Order 13985 On Advancing Racial Equity and Support for Underserved Communities Through the Federal Government as we work to improve diversity, equity, inclusion, and accessibility.

I’m grateful for the meaningful partnership we have with our Service Disabled Veteran Owned Small Businesses and for their continued hard work and dedication to helping agencies achieve their missions every day. I’m really excited for what the future holds.

Visit our website to learn more about VETS 2, MAS-IT, and Polaris or use our IT Solutions Navigator to find the vehicle that’s right for you.

Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.

20 years of E-Government

This year marks the 20th anniversary of the enactment of the eGov Act, and I was recently asked in an interview what I felt had changed the most in the federal technology market and what had stayed the same. It was an interesting conversation, and so I’d like to share my thoughts with you.

Changing times, evolving technology

In 2002 your work revolved around your office building and your desk. Most everyone in government was tied to their office because of the technology at the time — desktop computers and desk phones.

Now think back to when you got your first Blackberry. I think it was 2004/5 for me. All of a sudden you could access your email on the go and connect to your headset wirelessly through Bluetooth.

Then of course the iPhone came in 2007 and has since changed everything. So, while I still have a desk at GSA’s central office, I haven’t had a desk phone in almost a decade or a desktop computer in two decades — today, I work from a laptop and a mobile phone.

In terms of the federal technology market, we are once again seeing two big technological trends that are radically transforming how we all operate: the shift to telework and cloud adoption.

Cloud adoption and telework

The pandemic hammered home the value of flexibility and collaboration. GSA invested in an efficient mobile workforce long before COVID hit, and that investment paid off. Our teams adapted quickly to full-time telework, enabling us to rapidly turn around and help other agencies do the same.

Part of the reason we were able to move so quickly was because we had embraced cloud computing early by investing in modern network architecture using GSA’s Networx contract.

That’s the second driver of modern government, the flexibilities afforded by the wide-scale adoption of commercial cloud services, which link the physical world to our virtual environments.

Think about the interview that inspired this blog post and how that content reaches its government audience. Twenty years ago, we’d record the interview, and the audio would play on a regional radio station. That’s the only way the audience would experience it.

Now, you can use a desktop, laptop, tablet, or mobile phone, (or a landline) not just to listen, but to participate. You can chat or post a question, and get a response in real-time. We have captioners (or AI/bots) who listen, transcribe, and produce a running transcript, and even video interpreters who can translate the conversation into American Sign Language.

The cloud-based software-as-a-service we use takes all these inputs and outputs raw data, which is stored and accessed securely within a FedRAMP-authorized environment. All that data is logged and analyzed in real-time while a host of systems operate in the background to defend against malicious actors.

Finally, it all gets encrypted and exits the platform, travels through the open Internet, and crosses the threshold back into a given federal network through Trusted Internet Connections. There are many types of “federal networks” ranging from a wired wide area network at an agency’s headquarters to someone’s home Wi-Fi, accessed through a Virtual Private Network and managed by a trusted vendor.

You may still catch that interview on the radio, but you can also experience it anytime from any device.

Every one of these services must be procured correctly, and that’s what GSA’s contracts ultimately provide.

Shared services — effective and efficient

When done right, a complex resource like what I described above isn’t limited to one department, rather it’s a service that becomes easily available to every employee of the agency — a shared service.

The benefits of such an acquisition are enjoyed across the entire enterprise, and that might be the most exciting change — that government agencies are starting to plan and buy IT more as a single enterprise than a loose collection of disparate parts.

This is federal category management in action. Internally, we’ve restructured our program units to better support enterprise offerings like managed services.

What once was called our office of Telecommunications Services is now Enterprise Technology Solutions because customers increasingly want secure, simple, and flexible capabilities that run on top of traditional networks.

Shared services have both stayed the same and evolved. I have two of the original e-Gov services in my portfolio with USAccess and the Federal Public Key Infrastructure program. Agencies still rely on these offerings every day, and they go a long way to reducing duplication of effort.

GSA, here to help

Of course that’s only the first part of the question. What hasn’t changed is the hard work and dedication of public servants and industry partners working hand in hand to ensure each agency fulfills its mission.

Visit our website to learn more or use our IT Solutions Navigator to find the vehicle that’s right for you.

Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.

October is Cybersecurity Awareness Month

Blue promotional image with laptop, desktop, and mobile device clipart on the right side of the image. White text on the left reads "Is your agency cyber ready? GSA can help."

Is your agency cyber ready?

October is Cybersecurity Awareness Month and this year’s theme is “See Yourself in Cyber.”
Planning and executing a cybersecurity acquisition is a winding road. It can be daunting without a clear place to start. Federal agencies are challenged with navigating changing threat environments, new policy mandates, and an ever-evolving technology landscape. Acquisition professionals within the federal government have a large role in helping to protect our Nation’s networks and assets but don’t have to take this on alone. GSA offers convenient access to a range of resources to help identify requirements and create a plan, compare contract vehicles, and develop a solicitation to award a contract.

GSA is here to help “See Yourself in Cyber” and get your agency one step closer towards being cyber ready.

Current cybersecurity requirements

Executive Order (EO) 14028: Improving the Nation’s Cybersecurity and associated Office of Management and Budget (OMB) memoranda established critical policy goals federal agencies must follow. These goals include implementation of a Zero Trust Architecture (ZTA) and the adoption of Cybersecurity Supply Chain Risk Management (C-SCRM) practices within Information and Communication Technology (ICT) supply chains. Federal agencies have also been targeted in a number of high-profile cyber attacks resulting in new and evolving program needs to protect their networks from and respond to future attacks.

GSA offers multiple resources to help make sense of these new policies and program drivers and translate them into requirements for a solicitation:

  • GSA’s EO 14028 webpage and the Zero Trust webpage connect users with resources related to recent cybersecurity requirements.
  • GSA subject matter experts (SMEs) offer focused cybersecurity training that discuss many of the policy and technology drivers impacting the Federal cybersecurity marketplace.
  • GSA has multiple videos on cybersecurity on ITC’s YouTube playlist. Topics include use case scenarios for agencies seeking to procure cybersecurity solutions and the journey toward implementing a ZTA.

Buyer’s Guides

GSA offers a wide range of cybersecurity services and solutions. We know it can be difficult to select the right fit for your agency’s requirements. To help demystify this process, GSA developed a number of buyer’s guides that identify which solutions meet your agency’s specific cybersecurity needs:

GSA-offered cybersecurity services and solutions

GSA has several cybersecurity-specific contracting offerings, including:

  • The Highly Adaptive Cybersecurity Services (HACS) Special Item Number (SIN) on the Multiple Award Schedule Information Technology (MAS IT), established in collaboration with OMB and the Cybersecurity and Infrastructure Security Agency (CISA), which provides:
    • Proactive and reactive cybersecurity services.
    • A wide range of vendors capable of meeting your agency’s small business and socioeconomic contracting goals.
    • Access to technically evaluated cybersecurity vendors. Vendors must pass an oral-technical evaluation to be able to offer services through the HACS SIN.

If you have questions about whether your requirement fits within the scope of the HACS SIN, GSA SMEs are available to provide free and individualized consultations, and scope reviews.

  • The IT Professional Services SIN on MAS IT that offers agencies:
    • Access to pre-vetted IT solution providers.
    • Pre-negotiated prices that can be further discounted.
    • Established terms and conditions at the master contract level that can be customized at the task order level.
    • A diverse pool of vendors to help meet socioeconomic and small business contracting goals.
    • Two cybersecurity-specific subcategories: IT Backup and Security Services, and Information Assurance.
  • The Continuous Diagnostics and Mitigation (CDM) Tools. CISA maintains the CDM Approved Products List (APL), the authoritative catalog for CISA-approved CDM IT products. To purchase products on the APL, agencies can use:

Planning and procurement tools

GSA gives buyers an entire toolbox to guide the process of developing and releasing a solicitation, from market research to procurement.

  • GSA’s Market Research as a Service (MRAS) gives buyers access to rapid, targeted market research for their acquisitions at no cost. MRAS can be used to identify GSA contracts that might fit requirements, get information on vendor pools and market data, or compare and search products offered on GSAAdvantage!®.
  • Buyers can also use GSA’s IT Solutions Navigator to identify the right contract vehicles to meet cybersecurity needs. Users can select types of products or services to see a list of best-fit contract vehicles and solutions that meet requirements.
  • On GSA eLibrary, agencies can view vendor pools offered under different contract vehicles, review vendors’ terms and conditions, and view their socioeconomic designations and geographic locations.
  • The IT Security Hallway on the Acquisition Gateway displays multiple resources for government users in one convenient location. Users can access sample statements of work for the HACS SIN and a tool to help calculate Independent Government Cost Estimates (IGCE).
  • Agencies can also use GSA eTools, including GSA eBuy and GSA Advantage!® to initiate the procurement process and release documents to industry. On GSA eBuy, Requests for Information, Requests for Quote, and Requests for Proposals can be released to holders of the contract vehicle selected. On GSAAdvantage!® buyers can compare products and pricing to make purchases or view past solicitations released as a resource.

GSA offers continued support

GSA support doesn’t stop once you’ve released your solicitation. We are committed to providing support to agencies throughout the entire acquisition lifecycle. If you have questions related to an offeror’s submission, or need to clarify questions from industry, our experienced cybersecurity and contracting SMEs can assist. For SME support, contact the GSA IT Security Subcategory at ITSecurityCM@gsa.gov.

While cybersecurity acquisitions may seem intimidating at first glance, GSA offers plenty of resources to help demystify the process. If you need additional assistance, you can contact the Customer Service Director (CSD) dedicated to your agency and region, or your agency’s National Account Manager (NAM). CSDs and NAMs are a valuable source of information on GSA programs and can connect you with further support or training. To learn more about CSDs and how they can help, watch this video.

Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.

Efficiency, security at the heart of ITC’s hardware solutions: governmentwide strategic solutions (GSS) blanket purchase agreement

The IT requirements of government agencies are always shifting, as is the IT acquisition landscape itself. The pandemic amplified the need for desktops and laptops so that agencies can continue carrying out missions during emergencies that keep folks away from a physical workplace. To meet this ongoing need, the Information Technology Category (ITC) established the governmentwide strategic solutions (GSS) BPAs in 2015.

As a Best-in-Class solution that offers desktop and laptop computers with standard configurations that can then be customized to meet customer requirements, the GSS BPAs are another example of how ITC hardware and software solutions are practical and cost-competitive for agencies.

Governmentwide strategic solutions (GSS) BPAs

The GSS BPAs allow all government agencies to simply “click and buy” pre-configured laptops, desktops, tablets, and monitors. They furnish option upgrades and services with a faster, more-efficient business model that provides cost savings for the government as well as next-generation technology customer-service capabilities. With a streamlined buying process for federal, state, local, and tribal governments, no additional competition or brand name justification is required. If an agency needs an end user device, this is the program to get it.

The GSS BPAs are recompeted annually to incorporate customer feedback and new products. This ensures:

  • The latest technology is available.
  • Technology configurations align with agency needs.
  • More consistent and competitive pricing.
  • Better terms and conditions.

Our Workstation Category Team works closely with agency and industry stakeholders to evaluate and refresh GSS standard configurations every nine months, helping the government aggregate demand and use its consolidated buying power.

On September 3, 2022, ITC awarded 4 categories for its Version 8 GSS BPAs for Dell, HP, Lenovo and Microsoft. The BPAs will have a performance period of 5 years, and products are available through GSA Advantage!® under GSS for IT products. To mitigate security risks, each of the awardees maintain vetted supply chain risk management (SCRM) plans in compliance with the NIST standard. As of Version 8, all machines now have a RAM minimum of 16GB, and all performance machines boast a minimum of 32GB.

GSS BPAs by the numbers

Did you know that the largest purchasing customer off of the GSS BPA realized a bulk discount of 50 percent of the Schedule price? Check out some other GSS BPA statistics below to see how it measures up:

  • Agencies executing large-quantity purchases through GSA’s GSS program in FY22 have an average savings per unit of 38 percent off the base price.
  • The GSS Program has 29 vendors (23 of which are small businesses).
  • The U.S. Special Operations Command is the GSS BPAs’ top user with over $238 million of orders since FY18.
  • Over 1,300 total transactions have been conducted this year.
  • From FY20 to FY21, GSS program sales increased 36.4 percent, recognition of the value many agencies see in the program.
A bar graph depicting GSS Program Sales from FY16 through FY21. The graph indicates a steady increase in total value in millions each FY.

As the end of the fiscal year nears, check out the GSS BPAs as an easy-to-use, compliant and efficient purchasing option for your hardware needs. These BPAs are available via the GSA AdvantageSelect buying platform. Use eBuy to get quotes for your GSS desktop and laptop products.

To read more on how to buy, check out the ITC GSS buying guide. For more details on ordering, visit the GSS information page. Visit gsa.gov/gssdesktoplaptop to learn more about these solutions or use our IT Solutions Navigator to find the vehicle that’s right for you.

Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.

Efficiency, security at the heart of ITC’s hardware solutions: 2nd generation IT (2GIT) blanket purchase agreement

In Fiscal Year 2022, ITC has continued making GSA’s hardware and software solutions easy to use, cost-effective, compliant, and convenient for agencies. Two of ITC’s blanket purchase agreements (BPAs), the 2nd generation IT (2GIT) BPAs and governmentwide strategic solutions (GSS) BPAs, have raised the bar, addressing the current risk climate by:

  • incorporating supply chain risk management (SCRM) principles,
  • improving product availability, and
  • increasing customer training.

Whether you are looking for pre-competed commercial hardware, software, or ancillary services, ITC strives to deliver an efficient buying experience to get mission-enabling technology to you.

The 2GIT blanket purchase agreements

The 2GIT BPAs provide access to commercial off-the-shelf (COTS) hardware and software products and services. With almost 5 million products offered, they are available governmentwide, including to State, Tribal, and Local governments through GSA’s cooperative purchasing program.

SCRM is a foundational part of the 2GIT program, which employs groundbreaking SCRM best practices by performing active post-award compliance management in addition to 2GIT’s pre-award requirements. 

With cybercrime (data breaches, ransomware attacks, etc.) threats on the rise, 2GIT’s SCRM requirement addresses vulnerabilities associated with IT products cycling through the vendor’s order and delivery processes. To date, the continuous monitoring and direct engagement with our 2GIT BPA team leads and distribution partner awardees has resulted in key process improvements through verification and validation.

2GIT also benefits from another line of defense in our ongoing efforts to reduce supply chain risk: the Verified Products Portal (VPP). This portal is designed to freely host authoritative product content, including standardized manufacturer names, part numbers, specifications and more for wholesalers and authorized distributors. By doing so,

  • Buyers have accurate product descriptions.
  • Only authorized distributors and resellers are listed.
  • Industry products are marketed with authoritative and current information.

Since its pilot, the VPP has removed over 75,000 unauthorized products on GSA Advantage!® by working with industry.

2GIT by the numbers

  • 43 agencies have ordered off of the 2GIT BPAs, taking advantage of the more than 50 small business partners from different socioeconomic categories.
  • More than $127 million in sales have gone to small businesses, constituting more than 74 percent of total sales.
  • Over 59,000 2GIT transactions have been conducted on GSA Advantage!®, demonstrating our easy online ordering process.
  • ITC has conducted complimentary on-site and virtual customer support and training sessions on a global scale, including all Pacific and European Air Force units, reaching over 800 customers. These sessions are tailored to address unique aspects of the program, market research best practices, and how to procure through GSA eCommerce acquisition tools.

You can order 2GIT products through GSA Advantage!®, eBuy and Air Force Advantage!®. Agencies can submit requests for quote (RFQs) directly to 2GIT vendors on the eBuy portal under the BPA section. Only authorized 2GIT vendors can view and respond to RFQs posted there.

As we once again approach the end of another fiscal year, we encourage you to check out 2GIT as a straightforward purchasing option that helps  meet your procurement needs and goals. 
Visit gsa.gov/2git to learn more or use our IT Solutions Navigator to find the vehicle that’s right for you.

Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.

Last Chance: Signing Deadline Approaches for Expiring Telecom Contracts Continuity of Service MOU

In January, GSA decided it will invoke the Continuity of Service (CoS) clauses for expiring enterprise network and telecommunications contracts. This will allow agencies an additional year to either complete their transition to Enterprise Infrastructure Solutions (EIS) or find another solution to prevent interruption of services.

Transition has been slow for many federal agencies. As of June 30, 2022, only 94 percent of the planned task orders for transition have been awarded. Also, 5.3 million of the nine million legacy services governmentwide are still in use. These services range from telephone lines to high bandwidth secure internet access.

We urge agencies to push toward completing 100 percent disconnection of services by September 30, 2022 and assess their risk of not completing transition by May 30, 2023. Those who need more time to transition must sign a Memorandum of Understanding (MOU) to be authorized to use the CoS period from June 1, 2023 to May 31, 2024.

Sign the MOU by September 30th

If an agency does not sign the MOU by September 30, 2022, GSA will remove the agency from the Networks Authorized User List (NAUL) for the expiring contracts. The contractors will begin the disconnect process as early as November 2022 and complete it no later than May 2023.

Agencies that want to take advantage of the CoS period can do so only under these conditions:

  • Agencies must sign a Memorandum of Understanding (MOU) with GSA by September 30, 2022: GSA has sent a copy of the MOU to all potentially impacted agencies. The MOU must be signed by the agency head, or their designee with delegated authority. If an agency’s transition team has not received a copy of the MOU, please contact GSA at eistcc.ta@gsa.gov.
  • On May 31, 2024 (the end of the 12-month CoS period), any services remaining active on the expiring contracts will be disconnected, according to the terms and conditions of their respective contracts. Services cannot be reinstated on those contracts.

If an agency will not complete transition before the CoS period ends, the agency must:

  • Identify the services that will be cut off when the CoS period ends;
  • Develop a contingency plan to maintain operation of those services on another contractual arrangement; and
  • Implement that contingency plan so when the contracts expire and the services are disconnected, the agency’s mission is not interrupted or otherwise negatively affected.

GSA Resources

If your agency is mid-transition, weigh the pros and cons of signing the MOU and make a risk-based decision appropriate for your agency.

GSA remains available to help you assess your transition risk and understand your acquisition options. We are holding monthly EIS Transition Office Hours and monthly Interagency EIS Transition Meetings, both of which act as a forum for agencies to share best practices and lessons learned and ask transition-related questions. For an invitation to these open forums, please email benjamin.todd@gsa.gov.

The legacy telecommunications contracts are expiring very soon. Do not delay in transitioning services and, if needed, signing the CoS MOU and conducting contingency planning.

GSA is and will continue to actively monitor agency progress toward stated EIS deadlines. If you need assistance, have additional data to share on the speed of your transition to EIS, or would like to meet with us, please contact your assigned GSA Solutions Broker.

For more information, visit gsa.gov/eistransition.

Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.

8(a) STARS III Instrumental in Biden-Harris Equity in Procurement Vision

President Biden has a vision for a more equitable and resilient federal procurement system, using federal contract spending to support the participation of small businesses in traditionally underserved communities in the federal marketplace. GSA is committed to doing our part to make that vision a reality.

Diversity, Equity, Inclusion, and Accessibility to the Core

GSA has worked hard to develop a portfolio to support small businesses from their formation as small 8(a) firms, to more mature small businesses, and finally unrestricted. These efforts help the Administration’s goals of increasing access and building a solid platform for success for a diverse spectrum of vendors across the federal marketplace.

What is so impressive is the robust community we’ve created on the newest vehicle. 8(a) STARS III has 1,110 highly qualified 8(a) contractors – that’s more than 20% of all of the entities in the 8(a) program, including dozens of contractors who are new entrants.

Equally impressive is the breadth of IT services offered to support virtually every form of IT modernization, including a wide range of state-of-the-art technologies.

If you need technology for information assurance or to protect from evolving threats, you can find it on 8(a) STARS III. If you need any form of Artificial Intelligence (AI) or Robotic Process Automation (RPA), you can find it on this contract. It’s a great testament to the talents and skills of the 8(a)/Small Disadvantaged Business (SDB) community and a powerful reminder of how small businesses really are the driver of innovation in our economy.

Customer Experience Matters

We designed 8(a) STARS III based on extensive customer feedback to ensure it is responsive to agency needs. For example, a streamlined ordering experience means GSA offers free scope review services and market research for agencies who want it.

Agencies like the Department of Homeland Security (DHS) value this kind of customer experience, and as a result, they’ve been a truly meaningful partner in our 8(a) STARS journey for some time.

They adopted 8(a) STARS into their EAGLE Next Gen portfolio because of its ability to meet their evolving IT requirements. And of particular importance to DHS is 8(a) STARS III’s large pool of vetted industry partners who specialize in emerging technology.

8(a) STARS III also provides DHS access to hundreds of vetted companies with expertise in emerging technologies such as Quantum Computing, RPA, Technological Convergence, and Virtual Reality.

Since DHS adopted the 8(a) contracts (beginning with 8(a) STARS II in 2019) into their strategic sourcing portfolio, 8(a) STARS:

  • Accounts for 9% of all IT Services spend across the agency, and
  • Accounts for 13% of their total 8(a) spend.

Along with increased access to IT services vendors specializing in emerging technology and increased opportunities for proven, vetted 8(a) businesses, this partnership allows DHS to continue its strong commitment to the small business community while ensuring DHS is in alignment with recent executive orders and administrative priorities.

Another reason DHS values our partnership is that we provide them, and all of our customers, with many value-added services such as a dedicated program office for acquisition support, tools, templates, and complementary scope reviews.

Executive Director of the Strategic Solutions Office at DHS James Lewis, has stated that they “can achieve more mission for every dollar spent while maintaining a solid commitment to the small business community and leveraging strategic contracts like 8(a) STARS III.”

Where We Stand

To date, more than 217 task orders estimated at $691 million have been awarded to more than 135 industry partners on 8(a) STARS III. That includes more than 40 task order awards going to 8(a)/SDBs that are new to GSA.

I really couldn’t be more proud of the work my team has done to pull this contract together and build the relationships with customers and industry partners to make it so successful.

You can visit our website to learn more about 8(a) STARS III or use our IT Solutions Navigator to find the vehicle that’s right for you.

Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.

C-SCRM Acquisition Community of Practice (ACoP) Interact Site

Cyber-Supply Chain Risk Management (C-SCRM) Whole of Government logo.

Since the launch of the C-SCRM Acquisition Community of Practice (ACoP), GSA and CISA have been co-leading an effort to broaden the level of awareness and develop agency maturity in the areas of acquisitions, supply chain risk management, and cybersecurity across the Federal Government for information communication technology and services (ICTS).

Many federal departments and agencies have limited C-SCRM capabilities, resources, governance, guidance, and training; especially in the acquisition of ICTS. We need governmentwide collaboration with industry and the sharing of ideas, tools, guidance, and best practices for C-SCRM as part of the acquisition of ICTS.

Many don’t see the acquisition workforce as a key component of agencies’ cybersecurity teams. But federal procurement professionals have unique opportunities, through contracting, to ensure the safety and security of the federal government’s ICTS, help strengthen cybersecurity across networks, and prevent incidents like Solarwinds from occurring.

To increase C-SCRM awareness and adoption government-wide, the C-SCRM ACoP launched an online collaborative space for the federal government’s IT community and industry to share best practices, ideas, guidance, tools, and expertise needed to implement C-SCRM requirements. Working together as a community and sharing information will help us improve our cybersecurity posture across all levels of government.

The C-SCRM ACoP has hosted key events such as the C-SCRM Shark Tank event in collaboration with the American Council for Technology – Industry Advisory Council (ACT-IAC) where industry experts showcased innovative C-SCRM solutions to a government panel. The C-SCRM ACoP also plans to conduct a survey of industry to identify C-SCRM challenges and suggest best practices from industry’s perspective.

Additionally, the C-SCRM ACoP hosts monthly sessions open to federal employees and agency support staff. These sessions and events, held in collaboration with CISA, offer opportunities for knowledge sharing and cross collaboration focusing on supply chain risk awareness and advancements in cyber-acquisitions. Subject matter experts are ‘on hand’ not only providing information related to cybersecurity and acquisition integrity, but also best practices and lessons learned. 

Joining the C-SCRM ACoP helps:

  • Enhance the Federal Government’s cross-agency collaboration
  • Identify agencies’ strengths and capabilities in leading strategic C-SCRM objectives
  • Rapidly disseminate best business practices & outcomes
  • Learn from other agencies

To join the C-SCRM ACoP, email us at C-SCRM_ACoP@gsa.gov.

Visit the C-SCRM ACoP’s Interact site to be part of this collaborative journey. Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.

Marking the One-Year Anniversary of Executive Order 14028 “Improving the Nation’s Cybersecurity”

May 2022 marked one year since President Biden signed Executive Order (EO) 14028 – “Improving the Nation’s Cybersecurity.” It directs sweeping changes to cybersecurity requirements and calls on federal agencies to address key issues critical to building a more resilient cybersecurity posture. The EO also requires federal agencies to take steps to implement a Zero Trust Architecture (ZTA) model to modernize and strengthen cybersecurity standards and detection.

Since May 12, 2021, the Office of Management and Budget (OMB) issued additional guidance to support the mission of “Improving the Nation’s Cybersecurity.”

Timeline of Key Policy and Guidance Associated with the EO beginning on May 12, 2021 when the EO was signed through January 26, 2022.
Figure 1: Timeline of Key Policy and Guidance Associated with the EO

The associated OMB memos outline the steps required for agencies to better protect federal information systems, making them more secure and resilient. The requirements include implementation of:

  • Strict security controls on critical software,
  • Mature event detection and analysis capabilities, and
  • Endpoint data collection within networks to detect and hunt cyber threats.

Federal agencies also have new ways to obtain funding for the cybersecurity products and services needed to implement the EO’s requirements. Bolstering cybersecurity defenses is one of the Technology Modernization Fund (TMF)’s focus areas, and it’s funded three projects to support ZTA implementation. The President’s FY23 Budget request includes increased funding for federal agencies as they implement the EO’s priorities and a ZTA strategy. The request is the largest such increase in over 12 years.

Resources to help meet the EO requirements

There is no single technology, product, or service that can achieve the goals of implementing ZTA. Each agency’s journey and solution will be unique, and GSA’s Federal Acquisition Service (FAS) is here to help.

The FAS Office of IT Category (ITC) has resources to help agencies, vendors, and acquisition professionals continue to work towards a mature ZTA and meet the Administration’s requirements.

Over the past year, GSA’s ITC has:

  • Participated in governmentwide working groups on Cybersecurity Supply Chain Risk Management (C-SCRM) and ZTA. To ensure GSA’s offerings are capable of delivering the products and services that support implementation of the EO’s requirements, subject matter experts (SMEs) participated in working groups led by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST).
  • Educated the acquisition workforce on EO 14028. GSA SMEs conducted multiple trainings and speaking engagements for IT and acquisition professionals on ZTA, C-SCRM, and the EO requirements. If your agency would like to schedule a session with GSA SMEs, reach out to the GSA National Account Manager dedicated to your agency.
  • Incorporated C-SCRM practices into GSA contract vehicles. To assist agencies with EO requirements to mitigate cyber risks in the Government’s IT supply chain, GSA continues to pursue efforts to ensure alignment with EO guidance.
  • Developed informational webpages and Buyer’s Guides to aid agencies navigating the EO requirements.

Other ways GSA can help

Whether your agency is small or large, GSA has solutions that can be tailored to your cybersecurity needs. In addition to the Buyer’s Guides, GSA offers multiple online tools to assist in planning a cybersecurity acquisition. 

  • IT Security Acquisition Planning Package (APP) provides common resources agencies can use to plan a cybersecurity acquisition, including:
    • Overviews of GSA IT Security offerings,
    • IT Security Statement of Work (SOW) and Request for Quote (RFQ) templates, and
    • GSA’s Market Research As a Service (MRAS) tool to identify potential vendor pools and suggested contract vehicles. 
  • GSA developed Buy.GSA.gov, which can help you:
    • Plan – Determine the documents you need, and find vendors and contracts. 
    • Develop Documents – Find sample documents and templates.
    • Research – Find products, services, and pricing data.
    • Purchase – Review buying methods and request submissions for quotations.
  • GSA, in partnership with the Federal Chief Information Officers Council, is developing a series of ZTA Playbooks to help agencies move from the conceptual planning phase to actual implementation of a zero trust security model. Agencies can expect a “base playbook,” followed by playbooks dedicated to the pillars of a mature ZTA.
  • GSA has Customer Service Directors specifically assigned to your agency by location. You can also find the National Account Manager dedicated to your agency. 
  • For cybersecurity SME support, contact the IT Security Subcategory at ITSecurityCM@gsa.gov.

What’s next

As the Federal government improves its efforts to better protect Federal information systems, expect additional OMB guidance and updates to the Federal Acquisition Regulation (FAR), driving the need for modification of contract language. GSA will keep you informed, communicating with you the major developments.

Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.

Planet Earth – Keeping Us Grounded

Looking toward Earth Day this year got me thinking about ITC’s efforts to promote a sustainable future. I’d like to share a few things we’ve done and what we’re working on.

One of the Biden-Harris Administration’s core goals is to put the United States on a path toward net-zero emissions, economywide, by no later than 2050

The federal government has a big role to play.

Reading the IT leaves

One trend that we’re seeing is the government relying more on “as-a-service” models for enterprise IT infrastructure. 

Another trend is buying less government-owned physical hardware. Agencies are getting what they need through industry and letting industry manage everything on the backend. 

We see this clearly reflected in our hardware buying data.

Relying more on industry-provided infrastructure through the cloud and other “as-a-service” solutions shrinks the government data centers’ overall footprint. This move reduces the government’s consumption of raw materials and energy. 

We’re seeing this trend across the government. Of course, data centers are just one piece of the IT sustainability puzzle. But it’s encouraging to see those numbers going down.

Looking to the horizon

So what is ITC doing specifically? Well, a lot!

  • In our Enterprise Infrastructure Solutions (EIS) contract, we’ve built sustainability criteria into the contract. Section G.12 — Requirements for Climate Change Adaptation, Sustainability and Green Initiatives support environmental sustainability practices through using energy-efficient, virtual, and streamlined technology that facilitates agile and expansive network communications. 
  • Complex Commercial Satellite Communications (COMSATCOM) Solutions (CS3) Section C.2.1.5 — Climate Change Risk and Mitigation has a contract deliverable to prepare and update as needed a corporate climate risk management plan. This plan identifies and addresses mitigating climate change risks to land-based equipment and services associated with the satellite communication services that CS3 provides.
  • Our Governmentwide Strategic Solutions (GSS) for desktops and laptops has a mandatory Electronic Product Assessment Tool (EPEAT) Governmentwide Program. This comes from OMB Memo M-16-02, which provides standard configurations and minimum requirements for desktops, laptops, and tablets. The offering mandates EPEAT for all end-user devices and optional equipment (i.e., monitors) to meet the standard and be sold through the program.
  • The Alliant 2 Governmentwide Acquisition Contract is another great example of how the federal government leads in environmental sustainability. Alliant 2 requires greenhouse gas emissions (GEG) disclosures and reduction targets from its contractor pool. It is a contractual deliverable. We intend to continue this practice on Alliant 3.
  • With Defense Enterprise Office Solution (DEOS), GSA is helping the DoD leverage enterprise commercial cloud environment to enable cross-department collaboration while reducing the physical footprint of on-premise infrastructure.
  • Looking to the future, we’re working hard on the Cloud Marketplace Blanket Purchase Agreement, a vehicle that will enable agencies to further their cloud adoption strategies by offering common cloud capabilities more easily.

We know that moving to the cloud can reduce an agency’s footprint, but we’re taking that even further. We’re in the early stages of writing in environmental directives related to carbon pollution-free energy for the data centers that will provide those cloud capabilities: geothermal, hydroelectric, hydrokinetic, nuclear, solar, wind, and the like. (I have solar panels at home and I’m also a big fan of wind farms)

Also in the works is Polaris, our small business-focused contract. We’ve outlined two areas of sustainability in the Polaris RFPs:

  1. Products purchased from Polaris are at the EPEAT Bronze Level, and 
  2. Polaris contractors can provide their Sustainable Practices and Impact Statement (i.e., GHG disclosures).

How do we move forward? We planet.

We’ve got a lot yet to do to ensure we meet the president’s goals on sustainability. We’re working hard toward that aim.

As I reflect on Earth Day this year, I’m proud of the important strides we’re making to help agencies buy more sustainable IT products and we continue to seek opportunities to become more sustainable.

Learn more about our solutions or use our IT Solutions Navigator to find the vehicle that’s right for you.

Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.