If all goes as planned, by the end of May providers of identity, credential and access management (ICAM) programs and tools to federal agencies will learn the General Services Administration’s (GSA) latest requirements for their products and services.
That’s because May 14 is the date for an Industry Day at which the GSA will reveal its responses to industry concerns.
It’s been a long time coming for this Industry Day. Its most recent origins can be found in a December 2014, GSA-issued request for information from vendors, industry and other government agencies asking how best to accommodate changes in ICAM technology and the marketplace.
But in a broader sense, it goes back much further. Indeed, it could be said that it goes back to the very concept of securing access.
Where once locks and keys provided security and access to sensitive items, today the role falls to ICAM. It is one of the most complicated, intricate and rapidly evolving sectors of secure technology, and nowhere are the secrets more vital or the stakes higher than in government.
Industry is ready, willing and able to meet the challenges of providing secure access tools to government, but the path has been confusing and complex. GSA, which does all the purchasing for the civilian side of government, fully recognizes that fact.
The civilian consumer marketplace has seen radical changes in ICAM tools and technology, but the U.S. government has had to do some catching up. The feds have vast requirements and mandates such as Homeland Security Presidential Directive 12, which sets standards for secure government access. It was this need that prompted GSA to re-evaluate its ICAM standards in the first place.
The re-evaluation impacts the two schedules that GSA uses to make its ICAM acquisitions.
Schedule 70 covers a vast array of information technology products and services and, with a list of 5,000 vendors, is the most widely used schedule in the federal government. More to the point, it covers physical and logical access control systems.
Schedule 84 covers law enforcement, disaster response and security products and services and in particular, physical access control systems. It’s a massive schedule of $1.55 billion in indefinite delivery and indefinite quantity contracts and includes more than a thousand vendors, according to Brenda McCall, the lead contracting officer for GSA’s Law Enforcement and Security Branch.
Within these schedules, GSA realized that it needed to update the descriptions of products contained in its list of Special Item Numbers (SINs) as well as its criteria for evaluating those products. Further, it had to align its acquisitions with government policies and requirements mandated by the Office of Management and Budget.
In response to the December request for information, companies and industry representatives, including the Security Industry Association (SIA), submitted 14 comments. GSA followed up with an Industry Day on February 3 to discuss the results, and on February 25 SIA hosted a webinar to further answer questions and concerns.