Information Technology Acquisition

GSA offers a full suite of information technology (IT) and telecommunications products, services, and solutions from highly qualified industry partners. GSA also directly procures IT for use within GSA.

This webpage identifies each of the categories of IT and summarizes policies that may be applicable for IT procurements. Summary guidance and links to applicable resources are provided in alphabetical order.

IT Categories

• IT Hardware: communications equipment, computing equipment, electronic equipment

• IT Security: security controls, penetration testing, incident response, vulnerability assessments

• IT Services: cloud IT services, consulting services, data center services, training

• IT Software: commercial software, custom software

• Telecom: secure wireless services, satellite services, mobile services

Summary of IT Acquisition Policies

1. Access Management (HSPD-12): Contract requirements for access to GSA IT resources must be consistent with GSA HSPD-12 Personal Identity Verification and Credentialing Handbook for contracts or orders including FAR clause 52.204-9, Personal Identity Verification of Contractor Personnel and GSAM clause 552.204-9, Personal Identity Verification Requirements. See GSAM 504.1370 for additional guidance.

2. Cloud First Storage: Cloud computing enables convenient, rapid, and on-demand computer network access to shared pool of configurable computing resources (in form of servers, networks, storage, applications, and services). See Best Business Practices for USG Cloud Adoption for further information.

3. CIO Coordination:

• GSA Procurements: A contract action that involves GSA IT must be coordinated by the GSA acquisition team with the Office of the GSA Chief Information Officer (CIO) in accordance with GSAM 511.170. The acquisition plan must be approved by the GSA CIO in accordance with GSAM 507.104.

• Interagency Acquisitions: The requesting agency is responsible for the required information technology coordination in accordance with GSAM 517.502-70.

4. Commercial Supplier Agreements: GSAR Case 2015-G512 was published as a final rule on February 22, 2018 to address some of the most common CSA terms that conflict or are otherwise incompatible with Federal law. The rule provides relief to GSA and contractors by removing the need to negotiate the unacceptable terms, reducing the risk to the Government by uniformly addressing the unacceptable terms, and further streamlining the acquisition process when acquiring items with CSAs. The changes incorporated into multiple sections of the GSAM as outlined in GSA Order 2800.12B, Change 83.

5. Cybersecurity: Contracts must incorporate applicable requirements and policies in accordance with Acquisition Letter MV-19-04, Contract Requirements for GSA Information Systems [PDF - 263 KB].

• CIO 09-48, IT Security Procedural Guide: Security and Privacy IT Acquisition Requirements [DOCX - 277 KB]

• CIO 12-2018, IT Policy Requirements Guide [PDF - 277 KB]

6. GSA IT Standards: In order to be used in the GSA information technology environment, information technology must also be approved for use in the IT Standards Profile. More details about the GSA information technology standards approval process can be found on the GSA IT Standards webpage.

7. IPv6: In accordance with FAR 11.002(g), the contract must include IPv6 requirements in all contracts and orders for IT hardware or software which will have the capability to access the Internet or any GSA network. See GSAM 511.170(d) for more guidance.

8. Open Source Software: For procurements of software, a 3 step analysis must be completed by the GSA acquisition team in accordance with OMB Memo 16-21 (Federal Source Code Policy) to leverage existing solutions and suitable commercial solutions, while mitigating duplicative spending on custom-developed software solutions.

9. Section 508 Accessibility: The contract must include any applicable requirements to ensure compliance with GSA Section 508 Procedures Handbook and FAR Sections 10.001, 11.002, and 39.2. See Section 508 Accessibility webpage for additional guidance.

10. Standard Configurations: Standard configurations for GSA information technology procurements must be specified in contracts when feasible. A list of standard configurations for applicable information technology procurements can be found on the Acquisition Gateway Information Technology Hallway.