Transforming Government IT Procurement: Better Contracting Initiative Priority 2

As part of our ongoing efforts to modernize government IT procurement and management, the Better Contracting Initiative (BCI) has been a cornerstone of our strategy at the Governmentwide IT Program Management Office. Today, I am excited to discuss the strides we are making under the BCI, particularly Priority 2, which focuses on negotiating common enterprise-wide software licenses.

We’ve embarked on a journey to streamline how our federal government procures and manages its software assets. Our new Governmentwide Acquisition Strategy initiative not only aims to enhance operational efficiencies but also to achieve substantial cost savings and increase buying efficiencies.

Strategic collaboration and enhanced efficiency

Our approach under Priority 2 of the BCI involves collaboration and strategic negotiation directly with Original Equipment Manufacturers (OEMs), which are essential in managing the government’s vast array of IT resources. By centralizing our engagement processes and encouraging industry to view government agencies as “one customer,” we are ensuring that all government agencies, large and small, benefit from the best possible terms and prices, avoiding the inefficiencies of fragmented and duplicative contract terms.

IT Vendor Management Office’s role in the Governmentwide Acquisition Strategy initiative

The IT Vendor Management Office (ITVMO) has been instrumental in this effort, spearheading direct engagements by developing partnerships with OEMs, conceptualizing solutions for governmentwide challenges, negotiating resolutions, and establishing guidelines that will serve as the benchmark for software procurement across federal agencies. The Governmentwide Acquisition Strategy initiative is truly a governmentwide endeavor.

Steps to success

The ITVMO first identifies target OEMs by soliciting quantitative and qualitative data from all 24 Chief Financial Officers (CFO) Act agencies. Using analysis of governmentwide spend and the gravity of common OEM-specific challenges, the ITVMO recommends an OEM to address, which is then validated and approved by government leadership.

The ITVMO then collects contract data from all 24 CFO Act agencies and performs significant analysis on terms and pricing to identify inconsistencies and abnormalities (both good and bad). With the help of a Governmentwide Integrated Project Team, the ITVMO builds a list of best-in-class terms and target pricing to pursue via a variety of recommended solutions.

After a comprehensive review and discussion of these recommended solutions through a Civilian Service Acquisition Workshop, which further supports implementation of BCI through Prong #3 focusing on getting requirements right the first time which will avoid waste and save financial resources, the CFO Act agencies and the ITVMO works to finalize a set of governmentwide requests for the OEM.

Finally, the government engages the OEM in a collaborative fashion by walking decision-makers through the government’s challenges and recommended solutions for the purpose of cooperative adjustment and, ultimately, acceptance of our governmentwide concepts through modifications to all governmentwide acquisition vehicles so that all federal entities get the benefits of our “one customer” approach.

Consistency in contracts = Better contracting

The initiative is part of a broader effort to not only manage costs but also to ensure that the software we procure is secure, reliable, and meets the diverse needs of the federal workforce. To that end, we’ve made significant progress in identifying key areas where terms and conditions can be standardized to benefit all agencies. Our focus has been on improving license flexibility and mobility, enhancing cybersecurity measures, and implementing cost-effective pricing strategies. The feedback from various stakeholders has been overwhelmingly positive, indicating strong support for a more unified approach to software licensing in the federal sector.

Looking ahead

As we continue to advance this initiative, the insights gained from our ongoing discussions and negotiations will inform our strategies, ensuring that the federal government remains a prudent and effective purchaser of IT resources. To that end, the ITVMO is putting together a guide for agency acquisitions, specific to critical OEMs, to ensure broad recognition and adoption of the best-in-class practices we learned about throughout the Governmentwide Acquisition Strategy process. The goal is not only to save money but also to improve our IT infrastructure, making it more responsive to the needs of our agencies and the public.

The Better Contracting Initiative is a testament to our commitment to innovation and excellence in government IT procurement. With Priority 2, we are setting new standards for how the government collaborates and negotiates in the IT realm, ensuring better outcomes for all our stakeholders. Stay tuned as we continue to make strides in transforming government IT procurement for the better.

Visit our website to learn more about how ITC is addressing the BCI through the ITVMO.

Please follow us on LinkedIn to join our ongoing conversations about government IT.

To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.

What does the future of cybersecurity look like?

As we look ahead, there are several key areas of focus that will undoubtedly shape the virtual battleground. Government agencies who proactively embrace and implement current high priorities in these key areas will be better prepared to navigate the evolving digital threatscape and safeguard their sensitive information and assets. Here are some top drivers we anticipate will impact agencies’ cybersecurity strategy and spending plans.

Zero Trust Architecture (ZTA)

ZTA has been at the forefront of government guidance in recent years. Now that agencies have had time to plan for their ZTA requirements, implementing strategies should commence. ZTA provides agencies with the foundation to build a strong security posture that evolves with the ever-changing technological environment of dynamic and accelerating threats.

Cybersecurity Supply Chain Risk Management (C-SCRM)

The growing interconnectedness of systems, services, and products makes management and mitigation of supply chain risks even more important. Effective C-SCRM should be a fundamental component in cybersecurity strategy. Having C-SCRM as an essential element in procurement helps to ensure the resilience, security, and continuity of operations for organizations, government agencies, and critical infrastructure.

Post-Quantum Cryptography (PQC)

PQC is an emerging field within the cyber realm that is gaining increased relevance due to the potential threat quantum computers pose to traditional encryption methods. PQC involves the development of new cryptographic algorithms resistant to quantum computer attacks to ensure the security of digital communications and sensitive information. Agencies should begin to plan for future quantum resistant methods by inventorying their systems and engaging with vendors on how they are addressing quantum-readiness.

Some challenges agencies may face include:

  • The ability to identify PQ-vulnerable systems.
  • The ability to identify and implement appropriate PQC algorithms.
  • The high cost and complexity of implementation.
  • A gap in a trained and certified workforce to implement and maintain PCQ algorithms.

Artificial Intelligence (AI)

The rapid emergence and adoption of generative AI tools has created new challenges, especially for data security. As AI becomes more prevalent in our modern technology, agencies will need to assess the associated risks and develop strategies to mitigate vulnerabilities.

GSA and other agencies are working to support the new Executive Order to help ensure that AI systems are safe, secure, and trustworthy.

Follow ITC on LinkedIn and subscribe for blog updates.

FAST 2021: Incorporating IT Security into Acquisitions

Join us May 13th at 1:00 pm EDT for a live webinar led by GSA’s IT Acquisition experts as we explore:

  • Benefits in shifting from a compliance model to the cybersecurity maturity model
  • Adopting a supply chain risk evaluation approach in government contracting
  • Easy to understand acquisition planning packages (e.g., playbooks, checklists, templates)

The 3-hour session features an overview of requirements and evaluation factors used in developing the 2nd Generation Information Technology (2GIT) blanket purchase agreement; and a quick look into the GSA’s IT Solutions Navigator connecting buyers with resources, tools, and decision support for IT procurements.

This is the third session in GSA’s 2021 monthly Federal Acquisition Service Training (FAST) Conference series. Each session is worth up to 3 Continuous Learning Points. You can find the full lineup of events here.

Registration is open and free for agency and industry partners. Reserve your virtual seat today – we look forward to seeing you there!

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.

2GIT Solution Now Open for Business

2nd Generation Information Technology (2GIT) logo.

In February 2021, GSA announced the re-award of the 2nd Generation Information Technology (2GIT) Blanket Purchase Agreements (BPAs). During the five year period of performance of the BPAs, it is expected to result in an estimated buy in excess of $5.5 billion. BPAs are available through GSA Advantage!®, eBuy and Air Force Advantage!® and provide a streamlined process for procuring IT hardware and software commodities, ancillary supplies and installation services.

Over the course of two years, we’ve worked with the U.S. Air Force to better understand their IT procurement requirements and demonstrate the benefits of using GSA to build a next generation contract solution.

The fundamental scope of the 2GIT BPAs is to provide a total solution to meet the IT needs of the USAF, Department of Defense agencies, and other federal, state, local, regional and tribal governments.

The 2GIT BPAs offer pre-competed IT products through GSA Multiple Award Schedule North American Industry Classification System (NAICS) codes. The SINs covered in these BPAs are:

GSA has integrated supply chain risk management as a foundational part of 2GIT. This is a crucial component due to the paramount need to ensure that cybersecurity vulnerabilities associated with IT products are adequately addressed as they move through the vendor’s order and delivery process. Leveraging industry partners that execute solid enterprise supply chain risk management plans as part of a comprehensive Vendor Risk Assessment Program is critical to ensure processes and reporting are in place to reduce the risk of compromise throughout the supply chain, from original equipment manufacturers to distributors and resellers:

  • Hardware and software
  • Firmware/embedded components
  • System data/information from component substitution
  • Functionality alteration
  • Malware insertion

The benefits of the 2GIT BPAs extend government-wide and align with current policies. We’ve incorporated category management principles such as the collection of prices paid data, the ability to track savings and reduction of duplicative contracts and administrative burden. Other benefits include:

  • Faster ordering
  • Improved supply chain risk management and supplier risk management
  • Increase of authorized resellers of major original equipment manufacturers
  • Improved product availability via the FAStLane Mods process
  • Support for small business participation
  • Complimentary on-site and virtual customer support and training

For more information about the 2GIT BPAs, Contact the 2GIT Program Management Office directly at ITCSC@gsa.gov. Visit GSA Advantage!®, eBuy or Air Force Advantage!® to access the 2GIT eCommerce portal page.

Follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.

Introducing the IT Vendor Management Office: a new government-wide collaborative effort to solve the toughest challenges in federal IT acquisitions

The last months have been a whirlwind of activity for the new government-wide Information Technology Vendor Management Office (ITVMO). We not only chartered the ITVMO, but have started working with several partner agencies and IT acquisition experts from across government to identify existing resources that can assist agencies with their buying decisions. The ITVMO brings together the most critical players in the federal IT acquisition landscape to solve challenges agencies and vendors face when buying and selling IT products and solutions.

Launched in October 2020, the ITVMO is a government-wide effort to amplify the benefits of managing vendor engagement in the IT Category to make IT acquisitions faster and more cost effective. The ITVMO serves as a trusted independent advisor and advocate to help agencies buy common IT goods and services. As a one-stop shop, the ITVMO will leverage government-wide IT procurement data, conduct market research, and develop shared agency acquisition knowledge to support agencies’ buying decisions.

There are many programs and initiatives across government that are interested in improving how government buys IT. The ITVMO is unique in that it is a collaborative effort amongst partners in Category Management (CM) with the most critical IT acquisition Best in Class (BIC) contract vehicles and associated programs including:

  • The General Services Administration (GSA);
  • The National Aeronautics and Space Administration (NASA);
  • The National Institutes of Health (NIH);
  • The Department of Defense (DOD);
  • The White House Office of Management and Budget (OMB) Office of Federal Procurement Policy (OFPP).

Through this collaboration, the ITVMO will advance the goals of IT Category Management (CM) to improve how the government buys common IT goods and services and enable the government to act more as a single entity by sharing best practices and acquisition intelligence as well as eliminating the unnecessary duplication and redundancy that exists between federal agencies.

What’s Happening & What’s Next

One of the central drivers of CM is to mature federal IT acquisitions so that the government acts more like a single buyer rather than many independent agencies. By creating a space where some of the biggest and most impactful federal IT acquisitions programs and initiatives can collaborate and solve shared problems, establishing the ITVMO is a major step toward that goal.

The ITVMO is chartered and led by an Executive Steering Committee (ESC) comprised of several agencies including those with the largest IT BIC vehicles. The ESC determines the strategic direction and project priorities for the ITVMO to solve problems for agencies and vendors alike.

To identify shared challenges and opportunities throughout government, the ITVMO surveyed hundreds of IT and acquisition experts including the Chief Information Officers Council (CIOC) and the Chief Acquisition Officers Council (CAOC) as well as several communities of practices. The ITVMO team also conducted listening sessions with industry groups. The data and feedback gathered from across government is driving the challenges the ITVMO seeks to address in the near future.

ITVMO Customer Segments

The ITVMO’s primary customers are the programs and offices responsible for making buying decisions at each agency, and the vendor community. On January 27th, the ITVMO hosted an Open House for agencies to provide an overview of the ITVMO’s mission and services, and to answer any questions from the community. More information about the ITVMO Open House, including a video recording of the event, is available to government employees.

Based on customer feedback, the ITVMO is working on several products and services that will be made available to agencies in the near future, including:

  • Continuing a Small Business Webinar Series developed in partnership with the IT Government-wide Category and the American Council for Technology and Industry Advisory Council Small Business Alliance so agencies and vendors can learn how GSA’s Federal Acquisition Service Multiple Award Schedules Program will allow agencies to more easily procure IT products and services from small businesses.
  • Vendor Profiles that provide agencies with pricing information, specific vendors’ terms and conditions, and best practices for negotiating with that vendor.
  • Deep Vendor Intelligence crowdsourced from IT acquisition experts from across the federal government participating in integrated project teams (IPTs).
  • A Technology Life Cycle Assessment to provide agencies with insights into buying emerging technology and updating existing systems and services to meet evolving needs.
  • A deep dive and review of current Cost Avoidance Methodologies used by IT BIC acquisitions vehicles. The ITVMO is working closely with GSA’s IT Category to provide recommendations on how to improve the accuracy and reliability of cost avoidance methodologies and the underlying contract data.

If any of the above interest you, we would love to connect with you. Please feel free to reach out to the ITVMO inbox at itvmo@gsa.gov.

Coming Soon…

The ITVMO recently launched the first of several IPTs made up of the federal government’s foremost experts in working and negotiating with specific IT vendors. The IPTs will produce recommendations and strategies that can be shared and leveraged throughout government.

ITVMO - Integrated Project Teams

On May 12, 2021, The ITVMO will also host an Industry Day intended for our industry and vendor partners to learn about the mission of the ITVMO and the best way to collaborate with the ITVMO and federal IT acquisitions staff.

Finally, the ITVMO will soon launch our website to share the ITVMO’s latest updates and activities, post relevant templates and resources, and direct users to the relevant information to meet their IT acquisition needs.

Additional insight can be found on our ITVMO MAX page, and you can sign up for our newsletter. If you have any questions or general inquiries, please feel free to reach out to us at the ITVMO inbox at itvmo@gsa.gov.

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.

Reducing Cybersecurity Risks in Supply Chain Risk Management

Shon Lyublanovits, IT Security Subcategory Manager and Director of the Security Services Division

[Editorial note: This blog is the last of a three part series by Shon Lyublanovits, GSA’s IT Security Subcategory Manager and Director of the Office of IT Security Services for Office of Information Technology Category (ITC). Designed to help build awareness of the Department of Homeland Security’s (DHS) annual October National Cyber Security Awareness Month, this blog series describes a suite of cybersecurity products, services and solutions provided by GSA, outlining the unique benefits each provides to government].

Federal Information and Communications Technology (ICT) systems rely on a complex, globally distributed, and interconnected supply chain ecosystem encompassing geographically diverse routes and multiple tiers of outsourcing. Managing ICT systems is a difficult and complex task for government agencies — especially when these system are affected by various laws, trust models, interests, and national/international supply chains. It becomes even more difficult when criminals constantly introduce proprietary counterfeits and malware, conduct data tampering, and access sensitive information.

To protect ICT systems from criminals, we are working with government agencies to reduce cybersecurity risks through the acquisition of IT hardware and software. We’re also helping government leaders, chief information officers, and IT experts develop and implement sound policy guidance to deploy Supply Chain Risk Management (SCRM) activities throughout the entire acquisition lifecycle.

Challenges for government and industry

The federal government is facing significant cybersecurity challenges when procuring IT products or services resulting from inadequate in-built cybersecurity controls in the supply chain. An increase in the use of ready made, off-the shelf products, plus a rise in outsourced computer and communications operations make it more difficult to manage the supply chain.

Our industry partners are facing challenges as well. Companies require agile, elastic business models to remain competitive and keep pace with emerging technologies, but they also need to protect themselves against volatile cybersecurity threats, especially in the supply chain. From a national security perspective, when large components of these business models become vulnerable to cyber threats, the private sector becomes a target of nation states.

Enhancement of IT procurement through sound policy drives

Within the global marketplace, particularly the supply networks, criminals have more opportunities to penetrate and potentially manipulate information and technology. In order to mitigate these threats, GSA supports various statutory, regulatory, and policy requirements that address the current challenges of the global marketplace.

We are currently developing a Business Due Diligence Information Service that will give agencies a common government-wide capability for identifying, assessing, and managing cyber and supply chain risk throughout the acquisition process.

GSA is also leading the implementation of an IT policy that enhances IT acquisition vehicles, resulting in increased security of customers systems and networks. We are working with federal agencies to address supply chain risks by:

  • Reviewing base ITC acquisition vehicle contract language
  • Developing an acquisition assurance baseline by identifying provisions and clauses that are related to IT security and SCRM to use in IT product and service solicitations
  • Creating a repeatable, scalable SCRM response process for ICT to effectively respond to SCRM incidents and issues of public interest. This includes a description of various roles, responsibilities, and definitions for six phases of the ICT Supply Chain Threat Event (SCTE) Incident
  • Using Response Life Cycle — i.e., notification, escalation, evaluation and validation, reporting, response, and closure activities
  • Establishing a Vendor Risk Assessment Program to provide a well-defined process and robust capability to evaluate known or potential risks related to suppliers of products and services using open source information

Comprehensive SCRM cybersecurity regulations and requirements

ICT systems need the best IT solutions to protect against proprietary counterfeits and malware, data tampering, and unauthorized access to sensitive information. We ensure that our IT products and services in the supply chain are deemed cyber low-risk by complying with cybersecurity regulations and requirements specific to SCRM. This will establish sound policy safeguards, so that when government agencies purchase IT products and develop systems, they do so knowing that we worked with suppliers to determine if SCRM capabilities have been applied to acquired products and services.

We’re also establishing a comprehensive SCRM capability that will ensure government agencies procure IT hardware and software from original equipment manufacturers, including authorized resellers or other trusted sources. Furthermore, GSA is:

  • Managing incidents within IT contracts
  • Establishing and maintaining contact with both internal GSA stakeholders and external agencies on cyber incidents
  • Maintaining awareness of government-wide supply chain policy/trends

GSA remains committed to helping government leaders, chief information officers, and IT experts improve cybersecurity through SCRM. Read the first and second blogs in this series to learn more about our cybersecurity products, services and solutions and how they can help you focus on your mission, while maintaining quality, reducing costs, and minimizing duplications and redundancies.

Follow us on Twitter @GSA_ITC to join the conversation.