GSA to award final Safeguard pacts

The General Services Administration this week will award the last in a series of information security contracts under its Safeguard Program and will work closely with the winning vendors to tailor their individual strengths to the needs of users in various federal agencies.

The Safeguard contracts are intended to help agencies develop plans required under Presidential Decision Directive 63 to protect their critical information systems. The services include everything from continuity and contingency planning to protecting an agency's physical infrastructure.

Because of this wide range, the Office of Information Security (OIS) at GSA's Federal Technology Service will award 28 blanket purchase agreements under Safeguard, most of which had been signed last week. In the next few weeks, GSA will be meeting with the vendors to decide how best to bring their services to agencies.

"We are going to have all of the vendors in for a conference, and we'll be meeting with those who take a proactive approach in the program," said Sallie McDonald, deputy assistant commissioner for information security at OIS. "We will be working with them to determine their strengths and jointly market the services."

Some vendors may be getting a Safeguard BPA "to get their ticket punched" as a contractor certified to offer its services to federal agencies through the GSA program, McDonald said. But other vendors received calls from agencies interested in using their services even before they won contracts, and those are the vendors that GSA wants to work with, she said.

Agencies have been waiting for the contracts to be awarded, and two task orders already are out from the Department of Veterans Affairs and the Military Sealift Command. While there are other contracts with security services available, Safeguard is the only program focusing specifically on PDD-63. This, and the fact that it is a GSA contract, make it very attractive to agencies that are struggling to comply with the directive as quickly as they can, vendors said.

Eric Ek, manager of the Information Security Center of Excellence at Lockheed Martin Mission Systems, said agencies "really want to use a GSA vehicle" because the contracts are easy to use and because of the assistance GSA provides to contract users.

Several agencies have expressed concerns about problems they are having complying with PDD-63, including funding shortfalls and difficulties in determining responsibilities, said Mike Fox, vice president and deputy director of C3I programs at SRA International Inc.

Fox said GSA could perform a vital role by speaking with these agencies as the lead agency for critical infrastructure protection in the federal sector and encouraging agencies to come to the contract as a way to solve those problems.

"I need [GSA] to help bring the federal agencies to the table," Fox said.

Many of the first vendors to be awarded BPAs have been marketing the contracts since late spring. And much of that initial work involved informing agencies that the contracts exist to help them with their critical infrastructure needs, said Thomas McDermott, senior vice president of information assurance in the Communications Systems Division at CACI Inc.

Some agencies already are using security services from Safeguard vendors on other contracts, and both the vendors and GSA would like to see that work transferred to the Safeguard program.

Eugene J. Hunt Jr., assistant vice president and program manager at Science Applications International Corp., said he expects users to embrace the Safeguard program because it offers "increased visibility that they are complying with PPD-63."

Vendors have even tailored their security services offerings specifically to address the areas covered by Safeguard.

"Our team does both technology-type services and consulting-type services," Ek said. "PDD-63 services are big right now, so our consulting services are built right now for meeting agency needs for PDD-63."

Others, such as Unisys Federal Systems, have included research groups in their subcontracting teams to be able to continually offer the latest technology to agencies. "The threat is real, and we need to get the tools out there," said Ed Schaffner, program manager at Unisys.

***

Safeguard at a Glance

* Critical infrastructure asset identification* Risk management* Critical infrastructure continuity and contingency planning* Physical infrastructure protection* Information systems security and information assurance* Emergency preparedness, awareness training, exercises and simulations