2GIT Contract Guide
- Federal News Network QandA with GSA's Paul Morris
- GSA Prepares Today for Future of 2GIT Tomorrow
- Air Force Streamlines IT Buys Through 2GIT
- GSA Plans Broad Use of AI Supply Chain Monitoring
- How GSA Partners with Vendors to Keep 2GIT's Supply Chain Risk Management Current
- Federal News Network QandA with GSA's Tom Smith
It would seem the stars aligned when it
comes to the 2nd Generation IT blanket
purchasing agreement and recent federal
Just as the General Services Administration was making awards to vendors for the five-year, multibillion-dollar 2GIT in 2021, the White House and the Office of Management and Budget were kicking the president’s cyber executive order and zero trust efforts into high gear.
The beneficiaries? Federal buyers who know going in that the tools — an extensive sweep of hardware, software and services — available from the 78 2GIT vendors have controls and programs in place to reduce and address supply chain risks.
“They can buy with confidence,” the Federal Acquisition Service’s Paul Morris says. “We ensure that the products are compliant in terms of our supply chain risk management policies and the law,” the Federal Acquisition Supply Chain Security Act.
He can say that because 2GIT is unique among multiple-award governmentwide acquisition contracts. It requires that its sellers continuously monitor supply chain risk management plans integrated into their contracts, using about two dozen core elements derived from the National Institute of Standards and Technology’s SCRM guidance.
FAS’ Tom Smith likes to say that GSA “was doing SCRM stuff before it was cool. We started this journey with the supply chain risk management focus for 2GIT probably about five years ago.”
It began during the proposal phase, when vendors had to develop their initial SCRM plans for their offers. It continues with GSA monitoring the plans for vulnerabilities on the regular, and 2GIT vendors updating their plans based on findings shared by GSA and also in response to changing cyber realities.
Custom Content Editorr
Federal News Network
Download the full report to learn more about the five-year, multiple-award BPA. In partnership with Dell, Promark, Veritas, Connection, Okta, HPE, Immix and Commvault.