The General Services Administration has launched several efforts to manage cybersecurity of information technology products and services that vendors provide to customer agencies.
Mary Davie, assistant commissioner of the integrated technology service office at GSA’s Federal Acquisition Service, wrote in a blog entry posted Monday the agency will establish a supply chain risk management program office to develop SCRM guidelines and review IT Schedule 70 contracts.
“The implementation of a SCRM capability will give customers confidence that our IT products come from original equipment manufacturers, their authorized resellers, or other “trusted” sources,” Davie stated.
She added her office collaborates with GSA, the Office of Management and Budget and the Department of Homeland Security to identify a cost-reimbursable contracting tool for incident response services.
Davie’s office has also introduced a project that aims to categorize cybersecurity/information assurance offerings based on the National Institute of Standards and Technology‘s Framework for Improving Critical Infrastructure Cybersecurity.
GSA also works to help federal civilian agencies obtain access-control credentials through its USAccess shared service program as well as address identity management issues through the Federal Public-Key Infrastructure, according to Davie.
She said the agency also integrated security requirements into the Alliant 2 and Alliant 2 Small Business contract vehicles and the Network Services Programs.