GSA Market Research: FAS ITC Proposed Revisions to Software SINs

RFQ ID RFQ1511046

“Background & Justification for Revisions

Multiple Award Schedule (MAS) Information Technology Category (ITC) found a potential gap in supply chain risk management (SCRM) controls in the IT equipment SINs and identified that this same issue could exist in the software SINs. This potential gap pertains to third (3rd) parties performing maintenance and repair, which could be either a supply chain risk or cybersecurity risk. MAS IT’s position is that, by only allowing authorized vendors to perform maintenance and repair, SCRM risks will be minimized in the SINs.

Software maintenance as a product is within scope of SIN 511210 – software maintenance services. However, ITC has determined there is a gap in the requirement for offerors of software maintenance as a product to also provide the corresponding software license under SIN 511210 as part of their contract.

Similarly, ITC has determined there is a gap in the requirement for offerors of SIN 54151 – software maintenance services to also provide the corresponding software license under SIN 511210 or have any association with the Original Equipment Manufacturer (OEM) or Authorized Reseller / Distributor.

These gaps could result in unauthorized third (3rd) party vendors providing software maintenance as a product or as a service without any association to the Original Equipment Manufacturer (OEM) or Authorized Reseller / Distributor. This is considered a possible supply chain risk for Federal Information Systems and Organizations. (Recommended guidance for addressing supply chain risks can be found within NIST SP 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations.)

Software maintenance as a product (SIN 511210) ≠ software license (SIN 511210) = potential risk

Software maintenance as a service (SIN 54151) ≠ software license (SIN 511210) = potential risk

Proposed Solution:

ITC strives to minimize supply chain risk for its customer agencies. ITC’s intent is to reinforce the connection between SINs that offer new IT equipment or software licenses to Original Equipment Manufacturers (OEMs) or authorized resellers/distributors on SINs that offer hardware maintenance or repair and software maintenance as a service. ITC is concerned that unauthorized third (3rd) parties performing maintenance and repair could be either a supply chain or cybersecurity risk. Ensuring that only authorized vendors perform maintenance and repair will minimize risk…”

XFactor Members access the complete set of documents here.

To register for a free XFactor trial, read more here

0
Tags:

This topic contains 0 replies, has 1 voice, and was last updated by  Jackie Gilbert 1 month, 2 weeks ago.

  • Author
    Posts
  • #134353

    Replies viewable by members only

    0

You must be logged in to reply to this topic.

CONTACT US

Questions?. Send us an email and we'll get back to you, asap.

Sending

©2021 MileMarker10, LLC all rights reserved | Community and Member Guidelines | Privacy Policy | About G2Xchange FedCiv

Opportunities. Starting Points.

About our Data

The Vault is a listing of expiring contracts, task orders, etc. within a certain set of parameters, to include:

  • Have an initial total estimated contract value of $10 million or above
  • Federal Civilian Only – DHS, Transportation, Justice, Labor, Interior, Commerce, Energy, State, and Treasury Actions
  • NAICS codes include: 511210, 518210, 519130, 519190, 541511,
    541512, 
    541513, 541519, 541611, 541618,
    541690, 541720, 541990
  • Were modified within the last 12 calendar months
  • The data represented is based on information provided by the government

Who has access? Please note that ALL G2Xchange FedCiv Members will receive access to all basic and much of the advanced data. G2Xchange FedCiv Corporate Members will receive access to ALL Vault content (basic and advanced).

Feedback/Suggestions? Contact us at Vault@G2Xchange.com and let us know what you think. 

G2Xchange FedCiv

Log in with your credentials for G2Xchange FedCiv

Forgot your details?