5.2 General Services Administration (GSA)
GSA provides many services to the Federal Government. CIOs should be aware that GSA provides management and administrative support and establishes acquisition vehicles for agencies’ use. GSA’s information technology acquisition services and offerings are updated along with government-wide policy and are offered through collaboration with DHS, OMB, and other organizations both inside and outside the Federal Government.
GSA collaborates with OMB to sponsor Executive Councils for inter-agency communication and also assist OMB in the development of government-wide policies and guidance. (GSA.Shared Solutions and Performance Improvement.)
GSA also has an important role in procuring products and services for the government and administers the Federal Acquisition Service (FAS). (GSA. Federal Acquisition Service.) The FAS possesses the capability to deliver comprehensive products and services across the government at the best possible value. The continuum of solutions available through FAS include:
- Products and Services
- Motor Vehicle Management
- Procurement and Online Acquisition Tools
Technology Transformation Services
GSA’s Technology Transformation Services (TTS) applies modern methodologies and technologies to improve the lives of the public and public servants. They help agencies make their services more accessible, efficient, and effective with modern applications, platforms, processes, personnel, and software solutions. (GSA. Technology Transformation Services.)
Federal Risk and Authorization Management Program (FedRAMP)
FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. (FedRAMP. FedRAMP Authorization.) The program was established through an OMB Memorandum in December 2011 (FedRAMP. Policy: Security Authorization of Information Systems in Cloud Computing Environments. 12/8/2011) and included the FedRAMP Joint Authorization Board (JAB), which is made up of representatives from DOD, DHS, and GSA. The JAB must authorize any cloud services that will hold federal data. Additionally, GSA established the FedRAMP Program Management Office (PMO) which provides the process for Executive departments and agencies, as well as cloud service providers (CSPs), to adhere to the FedRAMP security authorization requirements created by the JAB.
Per FISMA, agencies must authorize the information systems they use, and these requirements apply to cloud services through FedRAMP. As with FISMA, FedRAMP utilizes the NIST SP 800-53 security controls as a baseline, with additional controls unique to cloud computing. As of September 2020, there have been 200 authorized cloud products through FY19-20, which is up from 100 authorizations between FY13-18. (FedRAMP. FedRAMP Reaches 200 Authorizations. 9/17/2020.)
Information on agency authorization for a cloud service offering (CSO) can be found at FedRAMP.gov.
The GSA DCCOI PMO (CIO Council. The DCCOI PMO) helps agencies meet the legislative requirements of FITARA, as well as OMB M- 19-19, Update to Data Center Optimization Initiative (DCOI). (OMB M-19-19. Update to Data Center Optimization Initiative (DCOI). 6/25/2019.) The DCCOI PMO is OMB’s managing partner of the DCOI and manages the Cloud and Infrastructure Community of Practice (C&I CoP), supports Cloud Smart and provides best practices and a procurement guide for cloud technology, and supports Application Rationalization by capturing best practices and case studies and assisting agencies with pilots and ongoing implementation support. CIOs may leverage the C&I CoP’s expertise and utilize the DCCOI PMO’s capabilities including agency-specific DCOI IDC analysis, Cloud Smart, and Application Rationalization processes.