Post-Quantum Cryptography — What is it and where to start?

We all know cybersecurity is a dynamic field that is constantly evolving to protect people from the malicious use of technology. As we’ll explore in this post, cybersecurity professionals may soon be called to defend against technologies that blur the limits of classical physics.

What we know

Think back to high school physics, old episodes of the TV show “Nova,” or even the latest superhero movies, and you’ll recall the term “quantum” or “quantum mechanics.” Quantum, simply speaking, refers to what goes on at the subatomic level.

For decades, our friends at the National Institute of Standards and Technology (NIST) marshaled the resources of the federal government in applying the principles of quantum mechanics to information processing. They helped shape the field of quantum information science and birth an entirely new class of devices: quantum computers.

Right now, when a computer tries to solve a complex problem it has to check every possible solution one by one. That takes an enormous amount of time and computational power. Here’s where quantum computers shine. Because they operate at the subatomic level, they can actually explore and check multiple solutions simultaneously, drastically reducing the time needed to find the right answer. This means that tasks that would take classical computers years or even centuries to complete could be done by quantum computers in a matter of minutes or hours. It’s mind-boggling!

The problem

Here’s the catch: quantum computers could also break many of the encryption algorithms we currently rely on to protect sensitive data. We rely on encryption to keep information and data transfers safe both in our government work and everyday life – everything from logging into networks and websites to paying with credit cards. Quantum computers put all of that encryption at risk.

In 2022, the National Security Council issued a warning that certain quantum computers could “jeopardize civilian and military communications, undermine supervisory and control systems for critical infrastructure, and defeat security protocols for most Internet-based financial transactions.”

The Office of Management Budget then issued M-23-02 advising agencies how to take the threat seriously. Importantly, OMB said agencies should prepare to protect their data from quantum computers trying to break their encryption. Such stronger data protections became known as Post-Quantum Cryptography (PQC).

So what technologies and services will agencies need to transition to PQC?

Where to start

The first step, per M-23-02, is for agencies to inventory their active cryptographic systems and re-inventory them annually through 2035. That includes looking at all deployed cryptographic systems used for creating and exchanging encryption keys, providing encrypted connections, or creating and validating digital signatures. GSA has multiple acquisition vehicles ready to help you find the right resources to do that.

  • The Highly Adaptive Cybersecurity Services (HACS) Special Item Number (SIN) also offers quick access to vendors who have been technically evaluated to do such inventories.
  • If an agency has Enterprise Infrastructure Solutions (EIS) Managed Services awarded, it can tap into those suppliers to conduct these assessments.

The way forward

The experts at NIST are leading the effort to develop algorithms designed to withstand quantum computer attacks. NIST has begun the process of standardizing these algorithms — named CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+, and FALCON. This is the final step before making these mathematical tools available so that organizations can integrate them into their encryption infrastructure. NIST also notes that there will be more post-quantum encryption standards to follow.

Some agencies may wish to start testing the PQC algorithms before they are standardized by NIST. Hardware, web browsers, content delivery networks, cloud service providers, devices and endpoints, and enterprise devices that initiate or terminate encrypted traffic all rely on encryption and might be areas to test pre-standardized PQC algorithms.

If your agency is ready to test or explore quantum computing further, GSA has contracts for that too:

Together, we’re on it

Quantum computers are advancing quickly, increasing the need for reliable PQC solutions. GSA works in close collaboration with NIST and the Cybersecurity and Infrastructure Security Agency (CISA) to keep our contracts aligned with the latest technical and security requirements including emerging PQC standards.

Agencies will need to protect their information systems and data from growing threats. The right suppliers can complement an agencies’ IT and information security staff and resources with relevant products, services and solutions to assess cryptographic risks, test safeguards and identify needed investments.

We look forward to working with more agencies to help them prepare for this imminent post-quantum future. We’re planning to host an in-person Quantum Summit at GSA headquarters on April 16, 2024 from 9-12 EST where you can learn more about quantum resilience from Federal practitioners, so save the date! And while we probably won’t be able to help you traverse time and multiverses like a movie superhero, we are ready to help you get your systems prepared for what comes next. Contact us with your needs and we will help guide you to a solution.

Follow ITC on LinkedIn and subscribe for blog updates.

GSA plans to grant DOJ, DHS extended period to complete EIS transition

Recently, we made a decision that will enable GSA to give the Department of Justice (DOJ) and Department of Homeland Security (DHS) until May 31, 2026 to complete their transitions to EIS. DOJ and DHS asked for more time to complete their transition, citing multiple factors, including global supply chain disruptions and pandemic challenges. GSA agreed to create the requested extensions so that DOJ and DHS can carry out their transition plans without the risk of serious disruptions to critical services.

A significant decision

Executing these extensions will be a major undertaking for GSA and the contract holders. GSA anticipates there are more than sixty contracts that will need extensions after May 31, 2024. GSA will execute modifications to extend each contract. The justification for these modifications will detail the current status, the delays and obstacles agencies have faced in their transitions, and the timeline in which they expect to have their transitions completed.

GSA is proceeding according to FAR 6.3, which prescribes policies and procedures, and identifies the statutory authorities, for contracting without providing for full and open competition. The specific authority is under FAR 6.302-1, “Only one responsible source and no other supplies or services will satisfy agency requirements.”

No guarantees

The approach we are taking is not without risks. For instance, contractors may not agree to an extension. They can refuse to sign on to extend further and GSA cannot force them to continue providing these services. Further prolonging transition generates risks for agencies, too. The EIS contracts offer benefits to agencies such as cost savings opportunities, avenues for technology modernization, and access to modern cybersecurity capabilities.

GSA supports your transition

GSA remains committed to the successful completion of the EIS Transition program. We conduct weekly updates to the transition inventory to ensure agencies and contractors have the most accurate data at their fingertips. In addition to frequent meetings with individual agencies, we hold monthly EIS Transition Office Hours and Interagency EIS Transition Meetings, both of which serve as forums for agencies to share their knowledge and ask transition-related questions. GSA also meets monthly with the contractors for an all-agency progress check and conducts comprehensive quarterly reviews.

GSA is and will continue to actively monitor agency progress toward stated EIS deadlines. If you need assistance, have additional data to share on the speed of your transition to EIS, or would like to meet with us, please contact your assigned GSA Solutions Broker.

For more information, visit gsa.gov/eistransition.

Follow ITC on LinkedIn and Twitter, and subscribe for blog updates.

Last Chance: Signing Deadline Approaches for Expiring Telecom Contracts Continuity of Service MOU

In January, GSA decided it will invoke the Continuity of Service (CoS) clauses for expiring enterprise network and telecommunications contracts. This will allow agencies an additional year to either complete their transition to Enterprise Infrastructure Solutions (EIS) or find another solution to prevent interruption of services.

Transition has been slow for many federal agencies. As of June 30, 2022, only 94 percent of the planned task orders for transition have been awarded. Also, 5.3 million of the nine million legacy services governmentwide are still in use. These services range from telephone lines to high bandwidth secure internet access.

We urge agencies to push toward completing 100 percent disconnection of services by September 30, 2022 and assess their risk of not completing transition by May 30, 2023. Those who need more time to transition must sign a Memorandum of Understanding (MOU) to be authorized to use the CoS period from June 1, 2023 to May 31, 2024.

Sign the MOU by September 30th

If an agency does not sign the MOU by September 30, 2022, GSA will remove the agency from the Networks Authorized User List (NAUL) for the expiring contracts. The contractors will begin the disconnect process as early as November 2022 and complete it no later than May 2023.

Agencies that want to take advantage of the CoS period can do so only under these conditions:

  • Agencies must sign a Memorandum of Understanding (MOU) with GSA by September 30, 2022: GSA has sent a copy of the MOU to all potentially impacted agencies. The MOU must be signed by the agency head, or their designee with delegated authority. If an agency’s transition team has not received a copy of the MOU, please contact GSA at eistcc.ta@gsa.gov.
  • On May 31, 2024 (the end of the 12-month CoS period), any services remaining active on the expiring contracts will be disconnected, according to the terms and conditions of their respective contracts. Services cannot be reinstated on those contracts.

If an agency will not complete transition before the CoS period ends, the agency must:

  • Identify the services that will be cut off when the CoS period ends;
  • Develop a contingency plan to maintain operation of those services on another contractual arrangement; and
  • Implement that contingency plan so when the contracts expire and the services are disconnected, the agency’s mission is not interrupted or otherwise negatively affected.

GSA Resources

If your agency is mid-transition, weigh the pros and cons of signing the MOU and make a risk-based decision appropriate for your agency.

GSA remains available to help you assess your transition risk and understand your acquisition options. We are holding monthly EIS Transition Office Hours and monthly Interagency EIS Transition Meetings, both of which act as a forum for agencies to share best practices and lessons learned and ask transition-related questions. For an invitation to these open forums, please email benjamin.todd@gsa.gov.

The legacy telecommunications contracts are expiring very soon. Do not delay in transitioning services and, if needed, signing the CoS MOU and conducting contingency planning.

GSA is and will continue to actively monitor agency progress toward stated EIS deadlines. If you need assistance, have additional data to share on the speed of your transition to EIS, or would like to meet with us, please contact your assigned GSA Solutions Broker.

For more information, visit gsa.gov/eistransition.

Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.

ICYMI: ITC Activating Continuity of Service for Telecom Contracts

In case you missed it, we are invoking the continuity of service (CoS) clause for these expiring enterprise network and telecommunications contracts: 

  • Networx
  • Local Service Contracts
  • Washington Interagency Telecommunications System (WITS) 3

This gives agencies the opportunity to sign on for an additional 12 months of service. During this time, agencies must either complete their transition to Enterprise Infrastructure Solutions or find another solution to prevent interruption of services. 

Invoking the CoS clause helps reduce the risks associated with not completing transition by the original May 31, 2023 deadline. It also provides more time for agencies to address challenges resulting from delayed task order awards, supply chain disruptions caused by the pandemic, and other important priorities.

The transition to EIS has significant governmentwide cybersecurity, mission, operational, and financial implications. Agencies that don’t move their services before the CoS period ends could face: 

  • Interruption of critical public services.
  • Increased cyber vulnerabilities.
  • Failure to carry out their missions.

More time to complete transition

GSA awarded EIS in 2017 to replace these expiring contracts, beginning a period of transition. Many federal agencies aren’t on track to complete their transition to EIS before the May 2023 expiration.

As of February 28, 2022, only 89% of the planned task orders for transition have been awarded. Also, 45% of the nine million services governmentwide (like telephone lines and high bandwidth secure internet access) are still in use. 

What this means for agencies

Agencies that want to take advantage of the CoS period can do so only if:

  • The agency signs a Memorandum of Understanding (MOU) with GSA by September 30, 2022
  • The MOU is signed by the agency head, or follows agency delegation of authority.
  • The designee is accountable for Chief Information Officer (CIO), Chief Acquisition Officer (CAO), and Chief Financial Officer (CFO) functions. 

At the end of the 12-month CoS period (May 31, 2024), any services remaining active on the expiring contracts will be disconnected according to the terms and conditions of their respective contracts. They cannot be reinstated on those contracts. This will occur at the contract level, not on the agencies’ task orders.

If an agency doesn’t transition before the exercised option or CoS period ends, the agency must:

  • Identify the services that will be cut off when the CoS period ends.
  • Develop a contingency plan to maintain operation of those services on another contractual arrangement. 
  • Implement the contingency plan to ensure mission isn’t disrupted when the contracts expire and services are disconnected.

If an agency does not sign the MOU, GSA will remove the agency from the Networks Authorized User List (NAUL) for the expiring contracts in October 2022. Contractors will then begin the disconnect process as early as November 2022 and complete it no later than May 2023.

What this means for our industry partners

As agency transition rates increase, so will the demand on industry partners to implement task orders and execute disconnects quickly. 

We value our industry partners and will work closely together as we execute contractual actions over the next year. We’ll also look to our partners to continue supporting our agency customers as they

  • Expedite EIS orders.
  • Explore other options for maintaining service on another contractual arrangement.
  • Reconcile records for services that are being disconnected.

Next steps

If your agency is mid-transition, weigh the pros and cons of signing the MOU and make a risk-based decision appropriate for your agency. We’re here to help you assess your transition risk and understand your acquisition options.

Agencies with services on the expiring contracts should expect a message from GSA in May 2022 including the MOU. If you need more information or would like to meet, please contact your assigned GSA Solutions Broker.

Follow ITC on Twitter and LinkedIn, and subscribe for blog updates.

Listening, Learning, Acting: Customer Needs Are Front and Center in FY21

The recent White House customer experience Executive Order holds government agencies accountable for “designing and delivering services with a focus on the actual experience of the people whom it is meant to serve.”

This philosophy of centering service around an individual customer’s experience is easy to comprehend but tough to execute. Our goal is to help agencies deliver on their missions to the public. To do that, we connect them with businesses offering approved, secure technology solutions that are customer-centric, cost effective, and compliant.

ITC was able to perform well in FY21 by listening closely to customers and taking action based on their needs. Whether working with agencies federal, state, local, or tribal, big or small, we consistently get asked the same questions:

  • Can you guide me through finding the solution I need and help me acquire it efficiently?
  • How can you save me money on the solution I need?
  • Can you ensure that the solutions I purchase are compliant with regulations and security directives?

In FY21, ITC provided a model for how government employees can thrive in remote work environments. We conducted a great deal of government business despite supply chain and other pandemic-related challenges, recording over $32 Billion of business volume. We improved CX in buying and selling technology and saved our customers time and money, modernized their networks, and secured their systems. We welcomed 315 new small and disadvantaged businesses onto the Multiple Award Schedule (MAS) in FY21. These efforts are ongoing, but have underpinned much federal government success during the pandemic.

Back to basics – meeting customer needs

Customers come to ITC to enlist the help of our acquisition specialists and subject matter experts. We want to provide a convenient, consolidated acquisition experience that is time-efficient and provides the best value to our customers. We currently manage 23 contract programs and more than 4,700 vendors on the Multiple Award Schedule, of which 52% are small businesses. Small and disadvantaged businesses saw a 23% increase in business volume from FY20 to FY21!

Creating taxpayer value – ITC sees record revenue in FY21

Customers buy through GSA to leverage the full buying power of the government. In FY21, we recorded more than $32.3B in business volume through our contracts. For context, this accounts for 35% of the $92.9B total that was appropriated for IT across all federal agencies during the fiscal year. ITC accounted for more than $2.3B in savings to our government customers, a 7.7% increase from FY20.

There is a good reason agencies are using our Office of Management and Budget (OMB) recommended Best-In-Class (BIC) solutions during this pandemic spending period. Our price analysis tools, upfront market research, transactional data, and the great value of offerings on Schedule can’t be found elsewhere. Our success exemplifies the trust that our customer agencies have placed in our ability to help them meet their missions.

Securing the stack – keeping our industry partners accountable

Security mandates such as Supply Chain Risk Management (SCRM), Cybersecurity-Supply Chain Risk Management (C-SCRM), The National Defense Authorization Act (NDAA) 889, and The Executive Order on Improving the Nation’s Cybersecurity are crucial to the nation’s digital and physical safety.

The line between physical and virtual security has blurred as threats have become more complex, and complying with these security mandates is crucial to agency customers. That’s why ITC adds these mandates and others into our master contracts — to streamline proof of compliance for industry and allow agencies to focus on mission delivery.

ITC helps ensure that the products and services our customers buy will comply with federal law and safeguard their network’s security. Large contracts like our 2nd Generation Information Technology (2GIT) hardware/software blanket purchase agreement have SCRM built in as a key operational component.

GSA tools like the new Verified Products Portal (VPP) help identify authorized resellers to enhance SCRM capabilities. Security and cybersecurity approaches and policy are ever-evolving, and GSA recognizes both as core acquisition tenets. We understand the considerable responsibility we have for agencies’ IT health.

Looking ahead

We’re looking forward to finalizing several exciting efforts in 2022. We are bolstering our Cloud marketplace with a one-stop shop BPA, which will be awarded in phases. Polaris (our contract replacement for Alliant 2 Small Business) will release its Request For Proposal in Q2, with awards to be made later in the year. As the September 2022 Enterprise Infrastructure Solutions (EIS) transition deadline quickly approaches, we are in the process of assisting agencies as they award remaining task orders and ultimately disconnect from old telecommunications contracts.

We’ll continue to view things through the lens of our customers, facilitating direct conversations with stakeholders and providing the products, services, and attention needed to achieve agency missions. Our goal is a customer experience that prioritizes cost-efficiency, expediency, and security. You can buy with confidence when you work with the Information Technology Category.

Follow us on Twitter @GSA_ITC and LinkedIn, and subscribe for blog updates.

GSA’s Enterprise Infrastructure Solutions Instills Cybersecurity Confidence

On May 12, the White House issued the Executive Order on Improving the Nation’s Cybersecurity. This EO underlines the fundamental problem of how cybersecurity weaknesses leave critical infrastructure open to debilitating attacks. It also outlines what government agencies must do to improve their collective defensive posture, reduce risk, improve visibility and secure their infrastructure.

GSA’s Information Technology Category (ITC) tracks cybersecurity trends and is involved in conversations with industry experts on this topic. We incorporate the EO’s technological goals in our contract solutions, like Enterprise Infrastructure Solutions Contract, or EIS.

When it comes to network security, Zero-Trust Architecture (ZTA) is the gold standard. We even published a Zero Trust Architecture Buyer’s Guide to help agencies build toward it. EIS is featured prominently in the guide, because it offers baked-in security “building blocks” to create customizable solutions.

Managed Security Services

The EIS Managed Security Service (MSS) is a comprehensive service that protects an agency’s information technology assets—hardware devices, network, software, and information—from malicious attacks. It includes capabilities such as authentication, anti-virus, anti-malware/spyware, intrusion detection, and security event management. MSS comprises the following sub-services: Trusted Internet Connections Service (TICS), Managed Prevention Service (MPS), Vulnerability Scanning Service (VSS), and Incident Response Service (INRS).

Managed Network Services

The EIS Managed Network Service (MNS) enables an agency to outsource a portion or all of its network planning, design, implementation, maintenance, operations and customer service as a strategic move to improve IT services and lower costs.

Software Defined – Wide Area Network (SD-WAN) Services

SD-WAN services provide significant benefits by giving agencies central security management and visibility, the ability to segment networks where security policies can be tailored per application and data type, and identity-based user access.

Managed Trusted Internet Protocol Services (MTIPS)

MTIPS version 2.2 provides security for all external connections to public Internet, Extranet, and Cloud Service Providers. As agencies look to implement the Cybersecurity and Infrastructure Security Agency (CISA) TIC 3.0 guidance, MTIPS may be complemented with additional EIS services to achieve the updated security capabilities of a TIC 3.0 Traditional TIC solution.

FedRAMP Authorized Software-as-a-Service (SaaS) Tools

SaaS gives an agency access to applications hosted in the cloud. The provider manages the security, availability, and performance of the applications as part of their service. Using SaaS allows an agency to reduce the time, expense, and risk associated with the installation and maintenance of software on agency computers. EIS SaaS meets all federally required security standards for Cloud services.

EIS delivers solutions to agencies that will meet CISA’s latest Trusted Internet Connections (TIC) 3.0 guidance and ZTA requirements which include the Core Zero Trust Logical Components described in the National Institute of Standards and Technology (NIST) Special Publication 800-207. GSA continues to collaborate with CISA to provide guidance to agencies advancing legacy networks towards a zero trust architecture.


In the past decade, the typical federal agency network has evolved from being static with a known perimeter to mobile-friendly with nodes across the country. We are now regularly reminded that security solutions must correspondingly evolve to secure agency data and be able to ensure the safe transport of information to and from cloud applications, data centers, and remote users. If they don’t, the U.S. will continue to be vulnerable to malicious actors all over the world.

The Cybersecurity EO prioritizes “accelerated movement to secure cloud services; centralized and streamlined access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks; and investment in both technology and personnel to match these modernization goals.” EIS already supports these by supplying SD-WAN services, 5th Generation (5G) telecommunications technology, Internet of Things (IoT) offerings, and Cloud-based security solutions.

Using EIS to buy IT infrastructure ensures a greater degree of consistency in the government’s telecommunications and network infrastructure services. It also consolidates the government’s purchasing power, driving lower prices on products and services that to satisfy complex security, flexibility, and visibility needs. EIS solutions offer the foundation needed to adapt to evolving threats and continue accomplishing your mission. The sooner agencies transition, the sooner they can take advantage of the secure solutions available on EIS. Accelerate your transition progress by Taking A.I.M. at EIS.

Taking A.I.M. at EIS

Enterprise Infrastructure Solutions (EIS) transition

The transition to Enterprise Infrastructure Solutions (EIS) is one critical path for agencies to evolve to more modernized and secure IT infrastructures and away from legacy technologies that are vulnerable to security risks — a high priority for this Administration. With the President’s Executive Order on Improving the Nation’s Cybersecurity, it’s important to remember that the transition to EIS is not about shutting down expiring contracts; it’s ultimately about the safety, security, and sustainability of the federal government’s IT infrastructure.

The most recent EIS transition milestone came and went on March 31, when agencies were expected to have disconnected at least 50 percent of their services from the expiring Networx, Washington Interagency Telecommunications System (WITS) 3, and Local Service contracts.

While the data illustrates agencies are making progress, with 55% of the federal government’s inventory remaining to be disconnected, there is still much work to be done. Therefore, we urge our agency partners to take A.I.M. at EIS:

  • Assess their status and accelerate their progress
  • Disconnect & transition their Inventory
  • Mitigate risk to ensure mission operations continue

Assessing status and accelerating progress

Less than two years remain before the Networx, WITS 3, and Local Service contracts expire on May 31, 2023. Though the September 30, 2022 deadline for 100% disconnect from expiring contracts is a little over 15 months away, we want to remind agencies that a lack of transition progress could result in service disconnection much sooner. Please assess your progress against several important dates that are outlined in the revised Project Plan for Closeout of Transition and accelerate actions accordingly:

  • June 30, 2021 – Agencies that are not transitioning to EIS will have services disconnected. On this date, agencies for whom GSA has provided a report for a price-only fair opportunity decision, but have yet to award the task order, will also be disconnected.
  • August 31, 2021 – Agencies that have not awarded any EIS task orders for their solicitations will be disconnected.
  • September 30, 2021 – Agencies that have not awarded EIS task orders for all their solicitations will be disconnected.
  • October 1, 2021 – GSA will no longer accept or process any exception requests for the expiring contracts (Networx, WITS 3, and Local Service Agreements). All new services should be ordered from the EIS contracts or other viable contracts.
Enterprise Infrastructure Solutions Transition Timeline with remaining milestone dates and upcoming Closeout Phases for 2021 June 30, 2021. Agencies that are not transitioning to EIS will have services disconnected. On this date, agencies for whom GSA has provided a report for a price-only fair opportunity decision, but have yet to award the task order, will also be disconnected .  August 31, 2021. Agencies that have not awarded any EIS task orders for their solicitations will be disconnected. September 30, 2021. Agencies that have not awarded EIS task orders for all their solicitations will be disconnected. October 1, 2021. GSA will no longer accept or process any exception requests for the expiring contracts (Networx, WITS 3, and Local Service Agreements). All new services should be ordered from the EIS contracts or other viable contracts.
Enterprise Infrastructure Solutions Transition Timeline with remaining milestone dates and upcoming closeout phases for 2021

The next major milestone for EIS transition is on March 31, 2022, which calls for 90% of services disconnected from expiring contracts. With less than 12 months to go, we urge agencies to accelerate progress, so as not to fall further behind.

Inventory: enhanced focus on disconnecting and transitioning inventory to EIS

Government-wide, we are behind the EIS curve. 11 of 17 large agencies and 15 of 25 medium-size agencies have yet to disconnect even 50 percent of their services as of March 31, 2021. Ultimately, missing transition milestones and continued reliance on expiring contracts risks disruption of critical services delivered to the public.

Mitigating risk to ensure mission operations continue

The more agencies fall behind the established milestones, the greater the risk to their mission. This not only leaves less time for transition-related activities ahead of the September 2022 milestone, but it will also increase the potential that agencies may be “stuck” waiting for disconnect and transition services to be rendered. In particular, agencies that delay their EIS contractor selection for replacement services may find themselves “in line” behind those that have already chosen a contractor and made transition progress. This further slows progress for disconnecting services from the expiring contracts and connecting new services.

The extended contracts expire on May 31, 2023 and there will be no extensions. We invite our agency partners to ask themselves “Will we complete transition on time?”. If your agency will not complete transition on time, contingency planning must start now.

The time for EIS transition action is now. Regardless if your agency is in the acquisition or implementation phase, know that GSA wants to actively support agency transitions. If your agency is struggling, GSA can provide services such as:

  • An inventory of complete services that need to be transitioned, including custom reports for your agency
  • Technical, acquisition, and ordering assistance, plus automated tools to directly assist agencies with expediting EIS task orders
  • GSA in-scope reviews of agency solicitations
  • Regular outreach to agencies’ Integrated Transition Teams to monitor transition progress and provide guidance

If your agency needs help with transition, please contact the IT Customer Service Center at 855-482-4348, or send an email to ITCSC@gsa.gov. We encourage you to reach out to your agency leadership. Include Chief Information, Acquisition, and Financial Officers in conversations on EIS transition, financials, and risk.

FY20: Exceptional Work in an Exceptional Year

The Numbers Are In – Biggest Year on Record for GSA ITC!

In Fiscal Year 2020, the Information Technology Category (ITC) recorded more than $30 billion in business volume across its portfolio. For context, this accounts for nearly a third (33%) of the $89 billion total that was spent on IT across all federal agencies in FY20.

Accordingly, this past fiscal year proved to be a record year in other categories as well:

  • IT spending through the Multiple Award Schedule accounted for an impressive $18.1 billion of the $30 Billion total, bolstered by its $12.7 Billion in new obligations. In FY20, MAS IT impressively posted 18% annual growth in new obligations.
  • On the Small Business front, ITC accounted for $7.1 Billion in utilization from Government Wide Acquisition Contracts (GWACs), Schedules, and Telecommunications
  • ITC issued a single award via its telecommunications branch to the tune of $2.5 Billion, using the Enterprise Infrastructure Service (EIS) Contract. The award was made on behalf of the Department of Health and Human Services, and over the lifetime of the contract, the agency estimates it will save more than $700 million.
  • ITC accounted for more than $2 billion in savings and cost avoidance to their customers

FY20 Efforts in Review

The 2020 Fiscal Year drove change through every part of our lives. COVID-19 spurred dramatic change in government work culture and led to rapid technological adaptation across all agencies. A good deal of ITC’s increased business volume can be attributed to agencies transitioning to mobile-friendly technology. However, this unprecedented spending is also due to agencies acknowledging that GSA is a solid partner as they make big IT changes and choices about how to invest. We’re out front and focused when it comes to customer service, agile response to emergency needs, and delivery of mission-enabling and emerging technologies.

In 2020, customer agencies turned to GSA’s schedules program, assisted acquisition services and governmentwide acquisition contracts (GWAC) to fulfill pandemic-driven requirements as well as regular demand for products and services. Our success embodies the trust that federal agencies have put in us and our ability to address elements that our customers most care about:

  • Speed of acquisition
  • Assistance with mobile-friendly technology adoption
  • Technical and market expertise
  • Data transparency
  • General customer service

Agencies have turned to and relied on us to ensure their mission continuity and transition to a more untethered workforce.

In FY20, ITC launched the Information Technology Acquisition University (ITAU) to make it easier to learn about GSA’s products, IT solutions available through GWACs, MAS, and more. ITAU is a digital training platform for emerging technologies, their acquisition, GSA-specific contract training and more.

Additionally, ITC enhanced the Cloud Information Center, the GSA-curated federal resource hub for all things cloud, continuing to place valuable cloud computing resources in the hands of agencies.

These resources are ways that GSA is meeting the rise in demand for virtual access to our subject matter experts and more online learning platforms.

Looking Forward

In FY21, GSA is doubling down on emerging technologies as the way of the future. The 8(a) STARS III and Polaris government-wide acquisition vehicles will have Artificial Intelligence offerings (Machine Learning, Robotic Process Automation, Natural Language Processing), edge computing and more. As the Cybersecurity Maturity Model Certification (CMMC) effort ramps up and Supply Chain Risk Management (SCRM) principles are emphasized, GSA will continue to prioritize security as a core tenet of acquisitions.

As my Deputy Assistant Commissioner Keith Nakasone likes to remind me, agencies are coming to GSA to leverage our IT expertise and the buying power of the government. They want to know that the products they’re adding to their IT footprint aren’t jeopardizing their networks. To that end, the CMMC level can be designated as needed at the task order requirement level. Large contracts such as the 2nd Generation Information Technology (2GIT) hardware/software Blanket Purchase Agreements, have SCRM built in as a key operational component. Ultimately, GSA understands it plays a crucial role and has a considerable responsibility for an agency’s IT health.

Going into FY22, ITC will continue to provide the tools needed to successfully modernize while prioritizing cost-efficiency, expediency, and security. Leveraging Best In Class (BIC) contracts is one way. Taking advantage of online resources like ITAU and the CIC is another. Give your agency a reason to acquire with confidence — work with GSA for your next IT acquisition.

As always, follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.
To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.

EIS Endgame – The Next Phase of the Government’s Transition Off Expiring Telecommunications Contracts

“Often, greater risk is involved in postponement than in making a wrong decision.”

Harry Hopf, a business consultant of the early 20th century, said these words, and many project management gurus probably have them hanging decoratively on their (now home) office walls.

This quote sums up our advice to agencies as we approach the next milestone guiding the governmentwide transition off GSA’s expiring Networx, Washington Interagency Telecommunications System 3 (WITS3), and Local Service Agreement contracts. In this post, we will explore why the transition should be at the top of everyone’s mind and what to expect from GSA as we close it out.

Enterprise Infrastructure Solutions timeline with milestone dates.

Time Is Running Out

By September 30, 2022, 100% of agencies’ telecom inventory must be off the expiring contracts and moved to GSA’s Enterprise Infrastructure Solutions (EIS) program.

The transition, at this point in time, presents an opportunity for your agency to take control of its own destiny. Agencies have seen upwards of 30% savings over current costs and will benefit as they transition their services. They don’t have to worry about exponential cost increases or operational disruptions due to services left on expired contracts. They are free to implement their modernization plans, confident that the technologies and services they plan to introduce are secure and in-scope.

GSA Positions Agencies for a Successful Transition

Some agencies are still in the process of contractor selection. We understand that pandemic mission priorities have taken precedence and want to reaffirm our availability to support agency transitions. If your agency is struggling with the acquisition phase, GSA is here to help! Key services include:

  • An inventory of complete services that need to be transitioned, including custom reports for your agency
  • Technical, acquisition, and ordering assistance, plus automated tools to directly assist agencies with expediting EIS task orders
  • GSA in-scope reviews of agency solicitations
  • Regular outreach to agencies’ Integrated Transition Teams to monitor transition progress and provide guidance

Disconnect Before You’re Disconnected

March 31, 2021 is the next major transition milestone, when 50% of legacy services must be disconnected. At the current rate, the government is not on track to meet the September 30, 2022 milestone for completion. Reliance on expiring contracts risks disruption of critical services delivered to the public.

We made that fact plain in a January 27 letter to all our agency partners and outlined remedies for any agency in jeopardy of missing the milestone dates. In particular, we want agencies to be aware that as of October 1, 2021, GSA will no longer accept or process any exception requests for its expiring contracts.

This is all part of GSA’s plan for the Closeout of Transition to EIS, which details the phased approach we will employ to complete the disconnection of services from the expiring contracts. The objective is to get agencies to transition themselves, with our support, and avoid unilateral disconnection. For those left with services on expired contracts, there will be no viable way to reinstate them. GSA will be unable to help.

Act Now

If your agency needs help with its transition, please contact the IT Customer Service Center at 855-482-4348, or send an email to ITCSC@gsa.gov. We encourage you to reach broadly across the CXO community in your agency. Include Chief Information, Acquisition, and Financial Officers in conversations on transition, financials, and risk.

For more resources on this topic, visit our EIS Transition page. Here you’ll find the GSA Transition Handbook, the GSA Project Plan for Closeout of Transition, the Transition Progress Tracking Report, and much more.

As always, follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.

Can Your Network Adapt to Current and Future Demands? With SD-WAN, It Can!

How adaptable is your network?

Think back on how your organization worked through the early months of the COVID-19 pandemic, and you’ll have your answer.

Having a Modernized Infrastructure Paid Off

Agencies with modernized services such as Ethernet-based networks and software-based IP phones were able to operate with minimal disruption as their workforce shifted to full time telework. They took advantage of scalable bandwidth to quickly meet increased network requirements without the need for physical or onsite changes. This agility is one of the many advantages of modern infrastructure and cloud deployed applications. IP Voice users similarly kept making calls regardless of their physical location, and those with Unified Communications leveraged capabilities such as chat, conferencing, collaboration tools and presence applications to keep their workforce on mission.

SD-WAN Integrates and Orchestrates Your Network

IT leaders are actively seeking to implement a new networking technology called Software Defined – Wide Area Network (SD-WAN). SD-WAN can securely connect your headquarters, data centers, branch offices, and remote workers with numerous cloud-based services. SD-WAN can enable Trusted Internet Connection (TIC) use cases, segment users and applications, and play a role in Zero Trust Network architectures.

SD-WAN Is Now a Managed Service Under EIS

We recently added SD-WAN to our Enterprise Infrastructure Solutions (EIS) contract. SD-WAN is ideal for improving network performance since it increases visibility and control enterprise-wide. It saves money and increases performance by allowing the use of different types of internet connections such as broadband internet, 4G/5G wireless internet or high-availability Direct Internet Access based on availability and need. It can even be incorporated with existing Multiprotocol Label Switching (MPLS) circuits for critical applications.

SD-WAN Features and Ordering At-a-Glance

Our team created four new use cases for SD-WAN, Ethernet, IP Voice and Traditional TIC to show key info as a handy reference. These single-page infographics highlight the technologies we see driving modernization, the business value those technologies can offer you, and our implementation recommendations. We also offer supporting documents such as in-depth savings analyses, service guides, and whitepapers.

Software Defined - Wide Area Network graphic
SD-WAN Modernization Use Case pictured above. Download the PDF version.

In a GSA analysis of SD-WAN, medium-sized agencies can achieve a cost avoidance of 42%. Our SD-WAN Overview and Ordering Guide lays out everything you need to evaluate SD-WAN and acquire it on EIS. How’s your network able to support the ever-expanding use of cloud services? Utilize the numerous GSA resources to assist your organization to modernize with SD-WAN.

For additional information on what IT modernization could look like for your agency, please contact your designated GSA representative or call 855-482-4348.

Visit the Enterprise Infrastructure Solutions page to learn more and use our IT Solutions Navigator to find the vehicle that’s right for you.

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.