2GIT Contract Guide

FNN Expert Edition 2GIT cover
Over 88,000 products from more than 200 vendor partners are available through Carahsoft’s 2GIT Contract 47QTCA21A000R, supporting all DoD and Federal agencies with software, services, maintenance and hardware. In this Federal News Network 2GIT Contract Guide, we take you inside the BPA to learn more about the 2GIT vehicle and how to use it. Featuring insights from government agencies, including:
  • Federal News Network QandA with GSA's Paul Morris
  • GSA Prepares Today for Future of 2GIT Tomorrow
  • Air Force Streamlines IT Buys Through 2GIT
  • GSA Plans Broad Use of AI Supply Chain Monitoring
  • How GSA Partners with Vendors to Keep 2GIT's Supply Chain Risk Management Current
  • Federal News Network QandA with GSA's Tom Smith

It would seem the stars aligned when it comes to the 2nd Generation IT blanket purchasing agreement and recent federal cybersecurity initiatives.
Just as the General Services Administration was making awards to vendors for the five-year, multibillion-dollar 2GIT in 2021, the White House and the Office of Management and Budget were kicking the president’s cyber executive order and zero trust efforts into high gear.
The beneficiaries? Federal buyers who know going in that the tools — an extensive sweep of hardware, software and services — available from the 78 2GIT vendors have controls and programs in place to reduce and address supply chain risks.
“They can buy with confidence,” the Federal Acquisition Service’s Paul Morris says. “We ensure that the products are compliant in terms of our supply chain risk management policies and the law,” the Federal Acquisition Supply Chain Security Act.
He can say that because 2GIT is unique among multiple-award governmentwide acquisition contracts. It requires that its sellers continuously monitor supply chain risk management plans integrated into their contracts, using about two dozen core elements derived from the National Institute of Standards and Technology’s SCRM guidance.
FAS’ Tom Smith likes to say that GSA “was doing SCRM stuff before it was cool. We started this journey with the supply chain risk management focus for 2GIT probably about five years ago.”
It began during the proposal phase, when vendors had to develop their initial SCRM plans for their offers. It continues with GSA monitoring the plans for vulnerabilities on the regular, and 2GIT vendors updating their plans based on findings shared by GSA and also in response to changing cyber realities.

Vanessa Roberts
Custom Content Editorr
Federal News Network

Download the full report to learn more about the five-year, multiple-award BPA. In partnership with Dell, Promark, Veritas, Connection, Okta, HPE, Immix and Commvault.

View and download complete report below.

By supplying my contact information, I authorize Carahsoft and its vendors and partner community to contact me with personalized communications about their products and services. Please review our Privacy Policy for more details or to opt-out at any time.