Compliance Support

Background

Several key publications direct and assist federal civilian agencies in implementing security measures for information technology. See the standards list.

The topics covered include access control, awareness and accountability, certification, accreditation and security assessments, configuration management, contingency management, identification and authentication, incident response, maintenance, media protection, physical and environmental protection, planning, personal security, risk assessment, systems and services acquisitions, system communications protection and system information integrity.

An entirely different and additional set of standards exists for the protections surrounding Classified and Sensitive But Unclassified (SBU) national-security information. These standards are identified in a set of documents promulgated by the Committee on National Security Systems (CNSS). A set of relevant questions and answers are also available for the newcomer to the subject. Also provided is a general index to National Security Issuance documents.

In all cases involving U.S. classified information the appropriate security offices and personnel with specialized training must be involved from the onset, before any classified information is actually received, handled, stored or processed.

 Acquiring a Compliance Support Solution

GSA Multiple Award Schedules allow customers flexibility to mix-and-match Schedules to provide comprehensive integrated security solutions. Many vendors hold several Schedule contracts, allowing them to provide quotes for complex cross-Schedule procurements. Searching GSA e-Library by Special Item Numbers (SINs) will return a list of vendors who can provide these solutions.

When there are no single vendor solutions, GSA Schedule Contractor Team Arrangements (CTAs) allow customer agencies to order a solution rather than making separate buys from various contractors. A CTA allows the contractor to meet the government agency’s needs by providing a total solution that combines the supplies and/or services from the team members' separate GSA Schedule contracts. A list of the Schedule contracts relevant to compliance support are identified below.

Blanket Purchase Agreements (BPAs) eliminate contracting and open market costs such as the search for sources, development of technical documents and solicitations, and evaluation of offers. A BPA may further decrease costs, reduce paperwork, and save time by eliminating the need for repetitive, individual purchases from Schedule contracts or Contractor Teams.

GSA MAS 36 OFFICE, IMAGING AND DOCUMENT SOLUTION

GSA MAS 70 GENERAL PURPOSE COMMERCIAL INFORMATION TECHNOLOGY EQUIPMENT, SOFTWARE, AND SERVICES

GSA MAS 84 TOTAL SOLUTIONS FOR LAW ENFORCEMENT, SECURITY, FACILITIES MANAGEMENT, FIRE, RESCUE, CLOTHING, MARINE CRAFT AND EMERGENCY/DISASTER RESPONSE

GSA MAS 520 FINANCIAL AND BUSINESS SOLUTIONS (FABS)

GSA MAS 874 MISSION ORIENTED BUSINESS INTEGRATED SERVICES (MOBIS)

GSA MAS 874V LOGISTICS WORLDWIDE (LOGWORLD)

GSA acquisition options include Assisted Acquisition Services, an organization within GSA that crafts customized expert solution to information security issues. Assisted Acquisition Services offers fee-based scalable support that brings technical, contracting and project management resources to bear to provide customizable levels of assistance.