2GIT Contract Guide
- Federal News Network QandA with GSA's Paul Morris
- GSA Prepares Today for Future of 2GIT Tomorrow
- Air Force Streamlines IT Buys Through 2GIT
- GSA Plans Broad Use of AI Supply Chain Monitoring
- How GSA Partners with Vendors to Keep 2GIT's Supply Chain Risk Management Current
- Federal News Network QandA with GSA's Tom Smith
It would seem the stars aligned when it
comes to the 2nd Generation IT blanket
purchasing agreement and recent federal
cybersecurity initiatives.
Just as the General Services Administration
was making awards to vendors for the
five-year, multibillion-dollar 2GIT in 2021,
the White House and the Office of Management and Budget were
kicking the president’s cyber executive order and zero trust efforts
into high gear.
The beneficiaries? Federal buyers who know going in that the
tools — an extensive sweep of hardware, software and services
— available from the 78 2GIT vendors have controls and programs
in place to reduce and address supply chain risks.
“They can buy with confidence,” the Federal Acquisition
Service’s Paul Morris says. “We ensure that the products are
compliant in terms of our supply chain risk management policies
and the law,” the Federal Acquisition Supply Chain Security Act.
He can say that because 2GIT is unique among multiple-award
governmentwide acquisition contracts. It requires that its sellers
continuously monitor supply chain risk management plans integrated
into their contracts, using about two dozen core elements derived from
the National Institute of Standards and Technology’s SCRM guidance.
FAS’ Tom Smith likes to say that GSA “was doing SCRM stuff
before it was cool. We started this journey with the supply chain
risk management focus for 2GIT probably about five years ago.”
It began during the proposal phase, when vendors had to
develop their initial SCRM plans for their offers. It continues
with GSA monitoring the plans for vulnerabilities on the regular,
and 2GIT vendors updating their plans based on findings shared
by GSA and also in response to changing cyber realities.
Vanessa Roberts
Custom Content Editorr
Federal News Network
Download the full report to learn more about the five-year, multiple-award BPA. In partnership with Dell, Promark, Veritas, Connection, Okta, HPE, Immix and Commvault.
By supplying my contact information, I authorize Carahsoft and its vendors and partner community to contact me with personalized communications about their products and services. Please review our Privacy Policy for more details or to opt-out at any time.