The General Services Administration got good industry feedback on its proposed cybersecurity and information assurance (CyberIA) special item number (SIN) and could make a decision on whether to move forward with the new category within the next three to six months.
If the agency decides to create the new SIN — which would consolidate cybersecurity offerings on IT Schedule 70 — it likely wouldn't be released for another six months to a year, officials said during a call with industry representatives on Oct. 14.
"[Department of Defense] is, in fact, one of our largest customers. And so we anticipate that as the cybersecurity threat grows around the country and around the globe — the reason why we’re doing this is because there is a demand … "Anything we do will be targeted toward all the agencies involved in the cybersecurity defense framework. "We do anticipate that all agencies will be involved in this process and will be able to buy, including DoD," said Giovanni Onwuchekwa, branch chief for the Center for IT Schedule Business Programs. According to Onwuchekwa, the Department of Defense is one of the schedule's largest customers.
GSA officials stressed that the CyberIA SIN is still in the concept phase and the agency has yet to make a final decision on moving forward.
"We have not committed to creating this CyberIA SIN. We are in an early phase of this where we're just doing some research and trying to get feedback," said Terence Rountree, program manager for Cybersecurity, Information Assurance and Privacy.
"We are just looking now to determine what makes the most sense," said Terence Rountree, program manager for Cybersecurity, Information Assurance and Privacy.Rountree added. "If creating the SIN would complicate things for the vendors or for our customers then we may consider not doing it."
GSA received 63 comments on a request for information issued in August — 62 from vendors and one from the Coalition for Government Procurement.
Most of those responses centered on the scope of the proposed SIN, with the majority suggesting GSA consider broadening to include things like NIST's risk management framework, cloud security, training, governance and policy.
Four respondents said GSA should narrow the scope, namely by removing professional services as an offering.
Officials said they were pleased with the depth of responses garnered from the RFI and likely won't release another before making a decision on the SIN. The agency does plan to do more market research on how a new SIN would affect the purchasing agenciesbuyers (other agencies).
"One of the next steps for us is to engage our customer agencies to really do a deep dive about how they buy, how this will affect their procurement processes going forward and what makes sense for them," said Giovanni Onwuchekwa, branch chief for the Center for IT Schedule Business Programs. "That will factor into our go/no-go decision going forward."
Rountree asked vendors to reach out to their agency partners — particularly cybersecurity professionals and acquisition officials — and urge them to give GSA input on what they would like to see in a potential CyberIA SIN.
Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.
