Safeguarding Information
Safeguarding information is a subject area related to protecting electronic information from unwanted access (breaches). Several high-profile data breaches involving the release of personal information underscore the need for this type of information security.
Background
The Federal Information Security Management Act (FISMA) requires each federal agency to develop, document and implement an agencywide program to provide information security for the information and information systems that support the operations and assets of the agency.
By definition an effective information-security program should include:
- Periodic assessments of risk, including the magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification or destruction of information and information systems that support the operations and assets of the organization;
- Policies and procedures that are based on risk assessments, cost-effectively reduce information security risks to an acceptable level, and ensure that information security is addressed throughout the life cycle of each organizational information system;
- Subordinate plans for providing adequate information security for networks, facilities, information systems, or groups of information systems, as appropriate;
- Security awareness training to inform personnel (including contractors and other users of information systems that support the operations and assets of the organization) of the information security risks associated with their activities and their responsibilities in complying with organizational policies and procedures designed to reduce these risks;
- Periodic testing and evaluation of the effectiveness of information security policies, procedures, practices, and security controls to be performed with a frequency depending on risk, but no less than annually;
- A process for planning, implementing, evaluating and documenting remedial actions to address any deficiencies in the information security policies, procedures, and practices of the organization; and,
- Procedures for detecting, reporting and responding to security incidents.
Acquiring a Safeguarding Information Solution
GSA Multiple Award Schedules allow customers flexibility to mix-and-match Schedules to provide comprehensive integrated security solutions. Many vendors hold several Schedule contracts, allowing them to provide quotes for complex cross-Schedule procurements. Searching GSA eLibrary by Special Item Numbers (SINs) will return a list of vendors who can provide these solutions.
When there are no single vendor solutions, GSA Schedule Contractor Team Arrangements (CTAs) allow customer agencies to order a solution rather than making separate buys from various contractors. A CTA allows the contractor to meet the government agency’s needs by providing a total solution that combines the supplies and/or services from the team members' separate GSA Schedule contracts. A list of the Schedule contracts relevant to safeguarding information are identified below:
Blanket Purchase Agreements (BPAs) eliminate contracting and open market costs such as the search for sources, development of technical documents and solicitations, and evaluation of offers. A BPA may further decrease costs, reduce paperwork, and save time by eliminating the need for repetitive, individual purchases from Schedule contracts or Contractor Teams.
GSA MAS 36 OFFICE, IMAGING AND DOCUMENT SOLUTION
| 47 147 |
Security Applications for Business Machines |
| 51-507 |
Destruction Services |
GSA MAS 70 GENERAL PURPOSE COMMERCIAL INFORMATION TECHNOLOGY EQUIPMENT, SOFTWARE, AND SERVICES
| 132 8 |
Purchase Of Equipment |
| 132 32 |
Term Software License |
| 132 33 |
Perpetual Software License |
| 132 34 |
Maintenance of Software |
| 132 50 |
Classroom Training |
| 132 51 |
Information Technology Services |
| 132 53 |
Wireless Services |
| 132 62 |
Homeland Security Presidential Directive 12 (HSPD-12) Product and Service Components |
GSA MAS 71 III E: MISCELLANEOUS FURNITURE
GSA MAS 81 I B SHIPPING, PACKAGING AND PACKING SUPPLIES
| 617-13 |
Unique Identification (UID)/Radio Frequency Identification (RFID) |
GSA MAS 84 TOTAL SOLUTIONS FOR LAW ENFORCEMENT, SECURITY, FACILITIES MANAGEMENT, FIRE, RESCUE, CLOTHING, MARINE CRAFT AND EMERGENCY/DISASTER RESPONSE
| 246-35-1 |
Access Control Systems, Door entry control by card access, magnetic proximity |
| 246-35-2 |
Access Control Systems, Door entry control by touch access, dial, digital, keyboard, keypad |
| 246-35-4 |
Access Control Systems, Emergency exit door access/alarm systems for security and/or fire safety |
| 246 60 1 |
Security Systems Integration and Design Services |
GSA MAS 520 FINANCIAL AND BUSINESS SOLUTIONS (FABS)
| 520-16 |
Business Information Services |
| 520 17 |
Risk Assessment and Mitigation Services (not yet available) |
| 520 18 |
Independent Risk Analysis (not yet available) |
| 520 19 |
Data Breach Analysis (not yet available) |
| 520 20 |
Comprehensive Protection Solutions (not yet available) |
GSA MAS 874 MISSION ORIENTED BUSINESS INTEGRATED SERVICES (MOBIS)
| 874-1 |
MOBIS Consulting Services |
| 874-2 |
MOBIS Facilitation Services |
| 874-3 |
MOBIS Survey Services |
GSA operates the SmartBUY program to consolidate the commercial off the shelf (COTS) software requirements of the federal government for maximum buying discounts. This program includes BPAs for many Data-At-Rest encryption technologies.
GSA acquisition options include Assisted Acquisition Services, an organization within GSA that crafts customized expert solution to information security issues. Assisted Acquisition Services offers fee-based scalable support that brings technical, contracting and project management resources to bear to provide customizable levels of assistance.
Last Reviewed 1/15/2009