Tag Archives: GSA

What to Expect With EIS Network Modernization Initiatives

Posted on by
Reply

The goals set by the General Services Administration (GSA) through its Enterprise Infrastructure Services (EIS) contract are high – and rightfully so. EIS, which will serve as the government’s primary vehicle for telecommunications-related services, is designed to enable agencies to modernize their networks, particularly through new technologies such as software-defined networking, 5G wireless services, and managed services.

EIS has two additional end goals: greater efficiency with taxpayers’ dollars and, ultimately, greater effectiveness in carrying out agency missions.

The EIS contract was awarded in 2017 to nine companies offering, at minimum, virtual private network services, managed network services, voice services, and ethernet. Agencies had been required to transition away from the previous contract vehicle—Networx—to EIS by the Spring of 2020. GSA extended the deadline to May 2023 to provide agencies with more time.

Three years into the effort, with many delays and three years to go, what should we expect to see when the deadline approaches?

Modernization through the cloud

First and foremost, we’ll see a dramatic shift to cloud computing and the implementation of technologies to enable and enhance the move. According to Allen Hill, director of the Telecommunications Services Office at GSA, “Today’s network is not what we need to support the Cloud Smart initiative. We have to create a network that is based on cloud technology.”

As a function of this shift, most agencies’ highest priorities will focus on modernization, as this shift will provide dramatic cost saving and improved quality of service. According to consulting firm McKinsey & Company, “IT infrastructure modernization—particularly improvements in networks and the hosting of compute and storage through the cloud—has been a major driver of value in private-sector industry. … The public sector, however, has struggled to modernize its infrastructure and has not realized the same [benefits].”

Zero trust is paramount

EIS also serves as a catalyst for agencies to implement a zero-trust model, helping enhance network service delivery and data protection. Zero trust is a security model based on the concept of maintaining the strictest possible access controls by trusting nobody—not even users inside the network. In doing so, federal IT teams wouldn’t have to configure and maintain various levels of access control, which can ultimately serve as an attack vector.

The blossoming of SD-WAN

Finally, EIS will provide a platform for agencies to implement software-defined wide area networking (SD-WAN), which will offer easier network management. An SD-WAN is essentially a virtual wide-area network—a network abstracted from its hardware—allowing the federal IT team to remotely manage and quickly scale resources. Because it’s virtual, it’s more flexible and available than a standard WAN.

Patience is key

That said, patience is key relative to EIS. GSA has stated its preference is for agencies to take a strategic approach to modernization, focusing on mission objectives and the technologies to support those objectives, rather than implementing technology for technology’s sake.

So, for now, we wait and see.

Visit our webpage to learn more information on key features of managing and auditing access rights across your IT infrastructure.

Leaders In Innovation: Identity and Access Management

Posted on by
Reply

Agencies have been learning the importance of identity and access management for nearly two decades, but, like many technological evolutions, the coronavirus pandemic has encouraged adoption on an entirely new scale. As remote work became the norm, agencies adapted to use technology like smart identity cards in new ways, enabling capabilities like digital signatures. These new features are secured by the common access card (CAC) in the Department of Defense (DoD) or the Personal Identity Verification (PIV) card in the civilian environment, and all follow the principles and strategies of identity and access management.

Learn more: 8 cybersecurity experts from across the Federal government and industry discuss identity and access management in the latest Leaders in Innovation report.

Shane Barney, the Chief Information Security Officer at the U.S. Citizenship and Immigration Services in the Homeland Security Department, said as agencies move to the cloud, a new common framework focused on data around identity credentialing and access management is necessary.

“I know GSA is working toward that. I’m excited to see where we are heading with that, honestly, because we’ve been working in the identity world for quite a while now, very early on adopting some of those frameworks and trying to figure out a standard and hoping we are getting it right, and I think we’ve made good decisions, we made a couple of errors along the way and more good lessons,” he said in an executive brief sponsored by RSA and Carahsoft.

COVID-19 Has Also Highlighted Challenges

While agencies adapted to renewing or extending smart card authorizations, the pandemic made clear that other form factors must play a larger role in the months and years ahead, especially as agencies move toward a zero trust architecture.

Steve Schmalz, the Field Chief Technology Officer of the Federal Group at RSA, said agencies, like the commercial world, are starting to understand how cloud and remote workers are making the perimeter disappear.

“Zero trust is a fantastic conceptual way of dealing with that and talking about how you have to make sure to authenticate closer to the resource or make use of attributes and entry based access control to determine whether or not somebody should be allowed access to a particular resource,” Schmalz said, “That process of implementing attribute-based access control, looks like what you would have to do to implement a full zero trust architecture, where before individuals or processes get access to another resource, you have to check, you have to do some authentication.”

FNN Leaders in Innovation Blog Embedded ImageThe Future of FIDO

The changes happening, whether at DoD, the U.S. Army or across GSA’s shared services, are not going unnoticed by the National Institute of Standards and Technology (NIST). David Temoshok, the NIST Senior Policy Advisor for Applied Cybersecurity, said the standards agency is updating the Federal Information Processing Standards (FIPS) 201 document to allow for new kinds of tokens such as those from FIDO Alliance.

“As FIDO continues to mature as an organization in standardizing secure authentication processes, one of the things that they have established is a certification program for devices to both be certified for conformance to the FIDO specifications, but also to evaluate the security because FIDO tokens and the FIDO authentication processes use cryptographic keys for cryptographic authentication processes, which are very secure, very resistant to man-in-the-middle and phishing attacks,” he said. “We would be recommending their use for both external authentication processes, but also internal, where it’s convenient for agencies to use that.”

Connecting the Dots with ICAM

Along with NIST’s FIPS-201 update, the Homeland Security Department has made identity the center of its continuous diagnostics and mitigation (CDM) program. Rob Carey, the vice president and general manager for global public sector solutions at RSA, said what continues to become clear throughout this discussion and use of identity credential and access management (ICAM) is the old way of “one type of approach for all” continues to be proven unworkable.

“We’ve used the term to any device, anytime, anywhere, and DoD for probably 20 years now. Now we’re at the precipice of delivering that. As you validate, authenticate, the question is the back end, how are the systems and the business processes embracing this authorization to move forward to allow the right people to access the ERP or the financial management system,” Carey said, in a panel discussion sponsored by RSA and Carahsoft. “How are we connecting those dots with this somewhat new and better framework that we’ve talked about using role-based access, attribute-based access control?”

As agencies continue to prioritize zero trust architecture, the growth of identity and access management will only become more prevalent. Download the full Leaders in Innovation report to hear from agency leaders at UCIS, CISA, U.S. Army, DHS, DoD, GSA and NIST on how they’re tackling the challenges and reaping the benefits of identity and access management. 

A Guide to GSA MAS Contract

Posted on by
Reply

The Multiple Award Schedule (MAS), previously referred to as Schedule 70, is the General Service Administration’s (GSA) go-to source for IT acquisitions. GSA covers federal, state, and local government as well as other areas supporting the government that are not necessarily .gov addresses: executive agencies and other eligible users.

It is the largest government contract, supporting more than $30 billion of purchases annually through GSA schedules—roughly one in every three government transactions is going through GSA schedules. There are over 17,000 GSA contractors and GSA advertises over 11 million different items available within their schedules program.

FFYE Blog Series GSA MAS Blog ImageGSA is currently engaged in an activity called MAS Consolidation, enabling a new single solicitation process that streamlines terms and conditions across multiple schedule programs. This new process is GSA’s effort to make it easier for both industry and government to contract by having a single, consolidated set of terms. Previously, there were separate schedules for different commodity types, i.e. furniture, office supplies, or software. Consolidation of the varied schedules will enable customers to find total solutions under one contract vehicle while ensuring that necessary terms and conditions are met.

How to Utilize the MAS Program

Carahsoft’s GSA MAS Contract enables us to offer more products and services to the government in a streamlined manner. The need for duplicative GSA contracts has been eliminated and all products can be offered within the same contract vehicle. The prior Schedule 70 contract was specific to IT products and services; today we can offer products and services across lines of business without going through a new contract acquisition phase.

MAS was created in part because in today’s environment, the half-life of a piece of software is six months to a year while hardware refreshes every few years. A contract vehicle like this allows agencies to keep up with the pace of change from a technology perspective and is a real enabler from a mission delivery perspective.

On the industry side, there is a process to apply for the schedules. You must meet the requirements of the schedules program, demonstrating past performance and agreeing to abide by federal acquisition regulations. In addition, there are some particular flow downs and other requirements of the contracts.

The contract acquisition process itself can be somewhat complex for industry, but once it is completed you have a direct link into the government contract and a marketplace that needs services and commodities of all kinds.

Benefits of Procuring Under the GSA Multiple Award Schedule

Speed:  GSA is recognized for its speed of procurement. Agencies know that if they purchase via GSA they will benefit from GSA’s work with technology vendors and cost savings associated with volume purchases. Going through the regular contracting process could take up to a year to complete a purchase while GSA purchases tend to occur in a matter of weeks.

Best-in-Breed: Agencies know they are getting best-in-breed products. GSA is the government’s go-to source and vehicle for IT acquisitions, so agencies can be confident they will get the latest technology.

Small Businesses: GSA requires vendors to employ a certain percentage of small businesses, so it helps agencies fulfill those small business mandated goals in the federal government.

IDIQ: GSA MAS Schedule 70 is an Indefinite Delivery/Indefinite Quantity (IDIQ) based contract. It’s a pre-negotiated contract that includes pricing for products and services available at pre-negotiated rates, so individual agencies do not need to haggle; they just have to decide how much of a product they want and when they want it.

End User License Agreements: GSA offers benefits in the area of terms of service and end user license agreements. Individual consumers usually must accept—sometimes disadvantageous—terms and conditions in order to use technology, but GSA negotiates with vendors before products are added to the schedules. So agencies can buy products from the schedules program with confidence that all the terms of that purchase are in line with federal acquisition regulations. Issues like auto renewals of service or subscriptions are pre-negotiated (and often removed) with GSA, so individual customers and agencies need not negotiate with vendors.

Count on Carahsoft and our reseller partners to deliver and implement cutting-edge cloud solutions and services at the best value. Request a Quote Today and start the conversation with our team on how we can assist you this federal fiscal year-end.

Top 10 Community Blog Posts of 2019

Posted on by
Reply

In 2019, government agencies focused on various government initiatives – FedRAMP, FITARA, 21st Century IDEA – to help streamline internal processes, ensure security, and innovate public services. To accomplish these missions, agencies implemented various technologies such as DevOps, Citizen Engagement, IoT, and other emerging technologies. Check out our Top 10 Blog Posts of 2019 below for insights from various industry leaders including CIOs, CTOs, Solutions Engineers, and more.

Continue reading