FAST 2021: Incorporating IT Security into Acquisitions

Posted by Laura Stanton
on May 6, 2021

Join us May 13th at 1:00 pm EDT for a live webinar led by GSA’s IT Acquisition experts as we explore:

  • Benefits in shifting from a compliance model to the cybersecurity maturity model
  • Adopting a supply chain risk evaluation approach in government contracting
  • Easy to understand acquisition planning packages (e.g., playbooks, checklists, templates)

The 3-hour session features an overview of requirements and evaluation factors used in developing the 2nd Generation Information Technology (2GIT) blanket purchase agreement; and a quick look into the GSA’s IT Solutions Navigator connecting buyers with resources, tools, and decision support for IT procurements.

This is the third session in GSA’s 2021 monthly Federal Acquisition Service Training (FAST) Conference series. Each session is worth up to 3 Continuous Learning Points. You can find the full lineup of events here.

Registration is open and free for agency and industry partners. Reserve your virtual seat today – we look forward to seeing you there!

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.

Continue Reading...

2GIT Solution Now Open for Business

Posted by Laura Stanton
on April 29, 2021
2nd Generation Information Technology (2GIT) logo.

In February 2021, GSA announced the re-award of the 2nd Generation Information Technology (2GIT) Blanket Purchase Agreements (BPAs). During the five year period of performance of the BPAs, it is expected to result in an estimated buy in excess of $5.5 billion. BPAs are available through GSA Advantage!®, eBuy and Air Force Advantage!® and provide a streamlined process for procuring IT hardware and software commodities, ancillary supplies and installation services.

Over the course of two years, we’ve worked with the U.S. Air Force to better understand their IT procurement requirements and demonstrate the benefits of using GSA to build a next generation contract solution.

The fundamental scope of the 2GIT BPAs is to provide a total solution to meet the IT needs of the USAF, Department of Defense agencies, and other federal, state, local, regional and tribal governments.

The 2GIT BPAs offer pre-competed IT products through GSA Multiple Award Schedule North American Industry Classification System (NAICS) codes. The SINs covered in these BPAs are:

GSA has integrated supply chain risk management as a foundational part of 2GIT. This is a crucial component due to the paramount need to ensure that cybersecurity vulnerabilities associated with IT products are adequately addressed as they move through the vendor’s order and delivery process. Leveraging industry partners that execute solid enterprise supply chain risk management plans as part of a comprehensive Vendor Risk Assessment Program is critical to ensure processes and reporting are in place to reduce the risk of compromise throughout the supply chain, from original equipment manufacturers to distributors and resellers:

  • Hardware and software
  • Firmware/embedded components
  • System data/information from component substitution
  • Functionality alteration
  • Malware insertion

The benefits of the 2GIT BPAs extend government-wide and align with current policies. We’ve incorporated category management principles such as the collection of prices paid data, the ability to track savings and reduction of duplicative contracts and administrative burden. Other benefits include:

  • Faster ordering
  • Improved supply chain risk management and supplier risk management
  • Increase of authorized resellers of major original equipment manufacturers
  • Improved product availability via the FAStLane Mods process
  • Support for small business participation
  • Complimentary on-site and virtual customer support and training

For more information about the 2GIT BPAs, Contact the 2GIT Program Management Office directly at ITCSC@gsa.gov. Visit GSA Advantage!®, eBuy or Air Force Advantage!® to access the 2GIT eCommerce portal page.

Follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.

Continue Reading...

Introducing the IT Vendor Management Office: a new government-wide collaborative effort to solve the toughest challenges in federal IT acquisitions

Posted by Vera Ashworth
on April 27, 2021

The last months have been a whirlwind of activity for the new government-wide Information Technology Vendor Management Office (ITVMO). We not only chartered the ITVMO, but have started working with several partner agencies and IT acquisition experts from across government to identify existing resources that can assist agencies with their buying decisions. The ITVMO brings together the most critical players in the federal IT acquisition landscape to solve challenges agencies and vendors face when buying and selling IT products and solutions.

Launched in October 2020, the ITVMO is a government-wide effort to amplify the benefits of managing vendor engagement in the IT Category to make IT acquisitions faster and more cost effective. The ITVMO serves as a trusted independent advisor and advocate to help agencies buy common IT goods and services. As a one-stop shop, the ITVMO will leverage government-wide IT procurement data, conduct market research, and develop shared agency acquisition knowledge to support agencies’ buying decisions.

There are many programs and initiatives across government that are interested in improving how government buys IT. The ITVMO is unique in that it is a collaborative effort amongst partners in Category Management (CM) with the most critical IT acquisition Best in Class (BIC) contract vehicles and associated programs including:

  • The General Services Administration (GSA);
  • The National Aeronautics and Space Administration (NASA);
  • The National Institutes of Health (NIH);
  • The Department of Defense (DOD);
  • The White House Office of Management and Budget (OMB) Office of Federal Procurement Policy (OFPP).

Through this collaboration, the ITVMO will advance the goals of IT Category Management (CM) to improve how the government buys common IT goods and services and enable the government to act more as a single entity by sharing best practices and acquisition intelligence as well as eliminating the unnecessary duplication and redundancy that exists between federal agencies.

What’s Happening & What’s Next

One of the central drivers of CM is to mature federal IT acquisitions so that the government acts more like a single buyer rather than many independent agencies. By creating a space where some of the biggest and most impactful federal IT acquisitions programs and initiatives can collaborate and solve shared problems, establishing the ITVMO is a major step toward that goal.

The ITVMO is chartered and led by an Executive Steering Committee (ESC) comprised of several agencies including those with the largest IT BIC vehicles. The ESC determines the strategic direction and project priorities for the ITVMO to solve problems for agencies and vendors alike.

To identify shared challenges and opportunities throughout government, the ITVMO surveyed hundreds of IT and acquisition experts including the Chief Information Officers Council (CIOC) and the Chief Acquisition Officers Council (CAOC) as well as several communities of practices. The ITVMO team also conducted listening sessions with industry groups. The data and feedback gathered from across government is driving the challenges the ITVMO seeks to address in the near future.

ITVMO Customer Segments

The ITVMO’s primary customers are the programs and offices responsible for making buying decisions at each agency, and the vendor community. On January 27th, the ITVMO hosted an Open House for agencies to provide an overview of the ITVMO’s mission and services, and to answer any questions from the community. More information about the ITVMO Open House, including a video recording of the event, is available to government employees.

Based on customer feedback, the ITVMO is working on several products and services that will be made available to agencies in the near future, including:

  • Continuing a Small Business Webinar Series developed in partnership with the IT Government-wide Category and the American Council for Technology and Industry Advisory Council Small Business Alliance so agencies and vendors can learn how GSA’s Federal Acquisition Service Multiple Award Schedules Program will allow agencies to more easily procure IT products and services from small businesses.
  • Vendor Profiles that provide agencies with pricing information, specific vendors’ terms and conditions, and best practices for negotiating with that vendor.
  • Deep Vendor Intelligence crowdsourced from IT acquisition experts from across the federal government participating in integrated project teams (IPTs).
  • A Technology Life Cycle Assessment to provide agencies with insights into buying emerging technology and updating existing systems and services to meet evolving needs.
  • A deep dive and review of current Cost Avoidance Methodologies used by IT BIC acquisitions vehicles. The ITVMO is working closely with GSA’s IT Category to provide recommendations on how to improve the accuracy and reliability of cost avoidance methodologies and the underlying contract data.

If any of the above interest you, we would love to connect with you. Please feel free to reach out to the ITVMO inbox at itvmo@gsa.gov.

Coming Soon…

The ITVMO recently launched the first of several IPTs made up of the federal government’s foremost experts in working and negotiating with specific IT vendors. The IPTs will produce recommendations and strategies that can be shared and leveraged throughout government.

ITVMO - Integrated Project Teams

On May 12, 2021, The ITVMO will also host an Industry Day intended for our industry and vendor partners to learn about the mission of the ITVMO and the best way to collaborate with the ITVMO and federal IT acquisitions staff.

Finally, the ITVMO will soon launch our website to share the ITVMO’s latest updates and activities, post relevant templates and resources, and direct users to the relevant information to meet their IT acquisition needs.

Additional insight can be found on our ITVMO MAX page, and you can sign up for our newsletter. If you have any questions or general inquiries, please feel free to reach out to us at the ITVMO inbox at itvmo@gsa.gov.

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.

Continue Reading...

Reducing Cybersecurity Risks in Supply Chain Risk Management

Posted by Kay Ely
on September 18, 2017

Shon Lyublanovits, IT Security Subcategory Manager and Director of the Security Services Division

[Editorial note: This blog is the last of a three part series by Shon Lyublanovits, GSA’s IT Security Subcategory Manager and Director of the Office of IT Security Services for Office of Information Technology Category (ITC). Designed to help build awareness of the Department of Homeland Security’s (DHS) annual October National Cyber Security Awareness Month, this blog series describes a suite of cybersecurity products, services and solutions provided by GSA, outlining the unique benefits each provides to government].

Federal Information and Communications Technology (ICT) systems rely on a complex, globally distributed, and interconnected supply chain ecosystem encompassing geographically diverse routes and multiple tiers of outsourcing. Managing ICT systems is a difficult and complex task for government agencies — especially when these system are affected by various laws, trust models, interests, and national/international supply chains. It becomes even more difficult when criminals constantly introduce proprietary counterfeits and malware, conduct data tampering, and access sensitive information.

To protect ICT systems from criminals, we are working with government agencies to reduce cybersecurity risks through the acquisition of IT hardware and software. We’re also helping government leaders, chief information officers, and IT experts develop and implement sound policy guidance to deploy Supply Chain Risk Management (SCRM) activities throughout the entire acquisition lifecycle.

Challenges for government and industry

The federal government is facing significant cybersecurity challenges when procuring IT products or services resulting from inadequate in-built cybersecurity controls in the supply chain. An increase in the use of ready made, off-the shelf products, plus a rise in outsourced computer and communications operations make it more difficult to manage the supply chain.

Our industry partners are facing challenges as well. Companies require agile, elastic business models to remain competitive and keep pace with emerging technologies, but they also need to protect themselves against volatile cybersecurity threats, especially in the supply chain. From a national security perspective, when large components of these business models become vulnerable to cyber threats, the private sector becomes a target of nation states.

Enhancement of IT procurement through sound policy drives

Within the global marketplace, particularly the supply networks, criminals have more opportunities to penetrate and potentially manipulate information and technology. In order to mitigate these threats, GSA supports various statutory, regulatory, and policy requirements that address the current challenges of the global marketplace.

We are currently developing a Business Due Diligence Information Service that will give agencies a common government-wide capability for identifying, assessing, and managing cyber and supply chain risk throughout the acquisition process.

GSA is also leading the implementation of an IT policy that enhances IT acquisition vehicles, resulting in increased security of customers systems and networks. We are working with federal agencies to address supply chain risks by:

  • Reviewing base ITC acquisition vehicle contract language
  • Developing an acquisition assurance baseline by identifying provisions and clauses that are related to IT security and SCRM to use in IT product and service solicitations
  • Creating a repeatable, scalable SCRM response process for ICT to effectively respond to SCRM incidents and issues of public interest. This includes a description of various roles, responsibilities, and definitions for six phases of the ICT Supply Chain Threat Event (SCTE) Incident
  • Using Response Life Cycle — i.e., notification, escalation, evaluation and validation, reporting, response, and closure activities
  • Establishing a Vendor Risk Assessment Program to provide a well-defined process and robust capability to evaluate known or potential risks related to suppliers of products and services using open source information

Comprehensive SCRM cybersecurity regulations and requirements

ICT systems need the best IT solutions to protect against proprietary counterfeits and malware, data tampering, and unauthorized access to sensitive information. We ensure that our IT products and services in the supply chain are deemed cyber low-risk by complying with cybersecurity regulations and requirements specific to SCRM. This will establish sound policy safeguards, so that when government agencies purchase IT products and develop systems, they do so knowing that we worked with suppliers to determine if SCRM capabilities have been applied to acquired products and services.

We’re also establishing a comprehensive SCRM capability that will ensure government agencies procure IT hardware and software from original equipment manufacturers, including authorized resellers or other trusted sources. Furthermore, GSA is:

  • Managing incidents within IT contracts
  • Establishing and maintaining contact with both internal GSA stakeholders and external agencies on cyber incidents
  • Maintaining awareness of government-wide supply chain policy/trends

GSA remains committed to helping government leaders, chief information officers, and IT experts improve cybersecurity through SCRM. Read the first and second blogs in this series to learn more about our cybersecurity products, services and solutions and how they can help you focus on your mission, while maintaining quality, reducing costs, and minimizing duplications and redundancies.

Follow us on Twitter @GSA_ITC to join the conversation.

Continue Reading...