GSA issues Security LOB enterprise software notice

Under the SmartBuy program, GSA will set up a blanket purchase agreement for situation awareness and incident response software.

The next phase of the Security Line of Business effort is in motion. The General Services Administration issued March 4 a SmartBuy enterprise software license notice for situation awareness and incident response applications. The notice requires agencies to stop buying any software that provides baseline configuration management, network mapping or vulnerability management until GSA issues a blanket purchase agreement for these titles. Officials running the Security LOB said in January they were deciding whether a SmartBuy deal for these three types of software would make the most sense. In the notice on, GSA wants information security collection tools that will: GSA, working with the Defense Department, has signed 12 SmartBuy agreements with 22 vendors, including 11 for data-at-rest enterprise applications. Karen Evans, the Office of Management and Budget’s administrator for e-government and information technology, testified earlier this month at a hearing before the House Oversight and Government Reform subcommittees on Information Policy, the Census and National Archives, and Government Management, Organization and Procurement that SmartBuy could save the government millions of dollars. In 2007, GSA reported that SmartBuy helped agencies avoid spending $133 million on software. She also said under the Security LOB, 12 agencies implemented security awareness training and 13 have implemented Federal Information Security Management Act reporting from shared-service providers. “As a result, agencies are beginning to reduce duplicative investment in common security tools, ensuring a baseline level of training and reporting performance, and are able to refocus their efforts to other complex and critical security issues at their agencies,” Evans said. “OMB expects agencies will fully report the number of employees trained via the Security LOB in their fiscal year 2008 annual FISMA report.”

  • Provide agencies the ability to check for and report on Federal Desktop Core Configuration for Microsoft Windows XP and Vista compliance.

  • Enable all agencies to purchase software that complies with the National Institute of Standards and Technology’s Secure Content Automation Protocol guidelines.

  • Provide products that can perform baseline configuration management, networks mapping or vulnerability management.