Contracts adapted for security
- By Diane Frank
- May 09, 2001
The General Services Administration is adapting existing contracts to include services that will help agencies provide a better picture of security incidents across government.
The GSA Federal Technology Service's Office of Information Assurance and Critical Infrastructure Protection is developing a managed security services contract. Such services would enable agencies to rely on vendors to manage such tools as intrusion-detection systems.
The contract is intended to provide agencies with ways to find and react to security incidents and also to report those incidents to the Federal Computer Incident Response Center (FedCIRC), the governmentwide civilian analysis and warnings group based at GSA.
The managed security services offering will become standard under FTS' Safeguard contract, said Sallie McDonald, assistant commissioner of the Office of Information Assurance and Critical Infrastructure Protection.
"It's a recognizable vehicle, and we're trying to make it as easy as possible for people to take advantage of this," she said.
Once the services are available and agencies start using them, it will lay the groundwork for FedCIRC to gather the incident information in a new analysis center, McDonald said. This will help the government's security experts get a better idea of the threats and attacks that occur across agencies, a goal developed under the National Plan for Information Systems Protection, released by the Clinton administration in January 2000.
Over the next few months, FedCIRC will be increasing its staffing levels to support this effort, McDonald said.
FTS created the Safeguard contract in 1999 to provide a single vehicle for security services needed under Presidential Decision Directive 63, the May 1998 mandate for federal agencies to secure the systems that support infrastructure critical to the nation, such as telecommunications and electricity.
The Safeguard contract is a blanket purchase agreement developed from the Federal Supply Service information technology schedule. FTS is working with FSS to add managed security services to the IT schedule, which will then allow FTS to modify the Safeguard contract, McDonald said.
Managed security services have become a popular commodity in the commercial market, she said, and they are now making waves in the federal sector, so vendors are already working to add their offerings to their schedule contracts.