Resources
The ITVMO has developed and collected helpful resources to make government IT acquisitions smarter and faster. Review these knowledge cases to learn more about specific topics. We will regularly update and add to the resources posted to this page.
Don’t see what you are looking for?
If you are unable to find the information you are looking for please Contribute. For any other questions or help please Contact us.
AbilityOne Program
Providing employment opportunities to approximately 40,000 people who are blind or have significant disabilities, including more than 2,500 veterans, the AbilityOne Program is among the nation’s largest providers of jobs for people who are blind or have significant disabilities.
Acquisition analytics
Acquisition Analytics from cost management, manufacturer analysis, vendors, order size, and price analysis. Includes acquisition data such as: Category overview, Manufacturer analysis, Price Analysis, Vendor analysis, Order size analysis, Cost avoidance.
Acquisition Gateway
A platform for information sharing about Government-wide Acquisition programs, policies, initiatives and tools.A workspace for acquisition professionals and federal buyers to connect with information and resources to improve acquisition governmentwide.
ACT IAC Small Business Alliance
ACT-IAC is committed to fostering the growth of small businesses and ensuring that they continue to play an important role in the government information technology marketplace - which is why ACT-IAC launched the Small Business Alliance in March 2014. This member-focused group is chartered to promote the interests and contributions of Small Business through programs and events designed to increase member engagement, enable stronger liaison across ACT-IAC offerings and provide an in-depth Community of Interest specific to the affinity of small business, tailored to the varying levels of maturity of our members.
Adobe Agency Challenges & Proposed Resolutions
In 2021, the ITVMO began evaluating Adobe through the OEM Assessment Process. As a result of the Assessment, the ITVMO identified common challenges for Federal agencies focused on a perceived lack of support from Adobe in supporting Federal Agencies with sufficient explanations on how to leverage the Adobe products best suited for their unique environments.
Adobe Buyers Vendor Assessment Guide
Review this Adobe Vendor assessment guide for the full documentation on guidance provided for agencies procuring Adobe.
Adobe Close Out Flyer
The ITVMO categorized agency challenges and worked with Adobe to provide solutions. The resulting resources and trainings provided significantly reduced the challenges and impacts previously identified.
Adobe Executive Close Out Memo
In 2021, the ITVMO launched an OEM assessment of Adobe. This memo serves as an executive summary of the engagement.
Adobe OEM Assessment Summary
The ITVMO supports agency acquisitions by providing subject matter expertise on IT vendors. This document highlights common challenges agencies identifies when acquiring Adobe products and services.
Adobe Presentation: Modernizing the Mission of the Government
Adobe has been supporting government since 1985. Review this presentation to learn more about how they are modernizing the mission of government through digital experiences that put people first.
Advanced Persistent Threat Buyer's Guide
Advanced Persistent Threat Buyer's Guide: helps organizations evaluate potential products and solutions that detect, respond to, and recover from APTs. It provides guidance on engaging capable, proven industry partners to minimize APTs and enhance the overall resilience of the nation's cybersecurity.
Agency for International Development (USAID) Small Business Program
The Office of Small and Disadvantaged Business Utilization (OSDBU) is responsible for monitoring USAID’s implementation and execution of the small business programs and advising the Administrator and senior leadership.
Army CHESS Government-wide Strategic Solutions (GSS) for Desktops and Laptops
The GSS systems were implemented for purchase in 2015. A comprehensive refresh process has been deployed every year since in which Agencies provide updates to their requirements, and industry shares its directions and feedback. GSS Version 8 systems have been available since July 2022. GSS Version 9 systems are now available. GSS Version 8 systems will still be offered until they reach end-of-life or are no longer available from the manufacturer.
AWS Acquisition Best Practices
This AWS presentation reviews best practices for Government Cloud Acquisitions. Review AWS recommendations to help better procure your next AWS need.
AWS Acquisitions Guide
Review this AWS Vendor assessment guide for the full documentation on guidance provided for agencies procuring AWS.
AWS Agency Challenges & Proposed Resolutions
In August 2021, the ITVMO began evaluating AWS through the OEM Assessment Process. As a result of the Assessment, the ITVMO identified common challenges for Federal agencies focused on monitoring and managing consumption and improved invoice management.
AWS Close Out Flyer
The ITVMO categorized agency challenges and worked with AWS to provide solutions. The resulting procurement related best practices series significantly reduced the challenges and impacts previously identified.
AWS Executive Close Out Memo
In 2021, the ITVMO launched an OEM assessment of AWS. This memo serves as an executive summary of the engagement.
AWS OEM Assessment Summary
The ITVMO supports agency acquisitions by providing subject matter expertise on IT vendors. This document highlights common challenges agencies identifies when acquiring AWS products and services.
Biden-President's Management Agenda: Learning Agenda
A management-focused learning agenda in support of the President’s Management Agenda (PMA) identifies key questions to answer to support the PMA vision. REfer to Page 22 for additional resources related to the Learning Agenda, to include agency-specific agendas.
Category Management Basics, Policies, and Guidance
Provides an overview of common category management (CM) principles and policies. Scroll to mid-page for several attachments on amendments and updates to CM and acquisition policies, to include new small business utilization requirements.
Cisco Agency Challenges & Proposed Resolutions
In August 2022, the ITVMO began evaluating Cisco through the OEM Assessment Process. As a result of the Assessment, the ITVMO identified common challenges for Federal agencies focused on price escalation and budget planning, license management, end user license agreement confusion, and extended lead times for hardware.
Climate Policy Office
Implements the President’s domestic climate agenda, coordinating the all-of-government approach to tackle the climate crisis, create good-paying, union jobs, and advance environmental justice.
Cloud and Infrastructure Community Guides & Resources
Provides resources for federal agencies to consolidate and modernize their IT infrastructure.
Cloud Information Center (CIC)
The CIC is designed to educate on all aspects of the acquisition lifecycle, including business, technical, and contractual aspects of cloud solutions.
Coalition for Government Procurement: Small Business Committee
Through our Small Business Committee, the Coalition provides updates on small business-related acquisition rules, regulations, programs, and Federal contract opportunities for small businesses. Agencies include DoD, GSA, OMB, SBA, and the VA.
Consumer Financial Protection Bureau (CFPB) Small Business Program
The CFPB works to help small businesses access the credit they need and deserve by increasing awareness in the small business lending marketplace. Visit this page for added agency resources.
Contract Data (Formerly FPDS)
The FPDS reports transition is complete and the DataBank is the only place to go to create and run contract data reports. If you are searching for contract data (i.e., searching for specific contracts), you must do so at FPDS.gov , which remains the authoritative source for contract data.
Contracting Officer Representative Toolkit
The Contracting Officer Representative Toolkit is a knowledge base tool, developed by a Spring 2020 LEAP team in partnership with FAI. Some of the links provided require an additional user ID and password to access the material.
Contracting Officers Toolkit
The Contracting Officer Toolkit is a knowledge based, ready reference guide, developed by the Fall 2020 LEAP team in partnership with FAI. Some of the links provided may require you to register and login in order to access the material.
Contracting Professionals Smart Guide
The Contracting Professionals Smart Guide is organized into two sections: Contract Formation and Contract Administration. The tables below link to the Activities and their corresponding flow charts.
Council on Environmental Quality
Coordinates the federal government’s efforts to improve, preserve, and protect America’s public health and environment and assists the FAR in developing regulatory amendments to promote increased contractor attention on reduced carbon emission.
Data to Decisions: Small Business Dashboard
Small Business Dashboard pulls from the Federal Procurement Database System (FPDS) plus Category Management data augmentations.Note that DOD and military branch obligation data may be delayed up to 90 days; other departments' reporting is through date indicated within dashboard
Data to Decisions Dashboard
The D2D Portal is the gateway to data-driven decisions. It is a data analytics portal that is used to share business insights, including visualizations, reports and datasets. The D2D Portal enables users to search for, access, and share dashboards, datasets, and other content supporting data-driven decision-making across a broad range of stakeholders. Some dashboards are limited to government-only, others are open to industry and the public.
Department of Commerce’s National Institute of Standards and Technology (NIST) Manufacturing Extension Partnership (MEP)
Providing any U.S. manufacturer with access to resources they need to succeed.
Department of Commerce (DOC) Small Business Program
The Office of Small and Disadvantaged Business Utilization (OSDBU) is an advocacy and advisory office responsible for promoting the use of small, small disadvantaged, 8(a), women-owned, veteran-owned, service-disabled veteran-owned, and HUBZone small businesses within the U.S. Department of Commerce's acquisition process. This involves promoting small business prime and subcontracting opportunities in accordance with Federal laws, regulations, and policies and the utilization of products from the National Industries for the Blind and services provided by SourceAmerica.
Department of Defense (DoD) Small Business Program
The DoD’s Office of Small Business Programs maximizes opportunities for small businesses to contribute to national security by providing combat power for our troops and economic power for our nation.
Department of Education (Ed) Small Business Program
The Office of Small and Disadvantaged Business Utilization (OSDBU) works as an advocate to maximize participation of small businesses in Department contracts, through outreach to the business community and partnerships with Department offices to develop and implement acquisition strategies for achieving ED’s mission.
Department of Energy (DoE) Small Business Program
The Office of Small and Disadvantaged Business Utilization OSDBU maximizes contract opportunities for small businesses while advancing the Agency’s missions. The office works to make it easier for small businesses to do business with the DOE, maximizing business opportunities and awards and improving socio-economic category performance.
Department of Health and Human Services (HHS) Small Business Program
HHS’ Office of Small Disadvantaged Business Utilization (OSDBU) has the information and resources to guide your small business to support HHS.
Department of Homeland Security (DHS) Small Business Program
At DHS, we understand that small businesses are vital to our national strength. We ensure that small businesses have a fair opportunity to compete for our contracts.
Department of Interior (DOI) Small Business Program
The Department of the Interior's Office of Small and Disadvantaged Business Utilization (OSDBU) advises the Secretary of the Interior on all matters related to small business and collaborates with leadership throughout the Department to maximize opportunities for small businesses in our acquisitions. The OSDBU implements policies, procedures, and training programs for the Department to emphasize our commitment to contracting with small businesses. Our mission also includes outreach to small and disadvantaged business communities, including Indian economic enterprises, small disadvantaged, women-owned, veteran-owned, service disabled veteran owned, and small businesses located in historically underutilized business zones (HUBZone) areas.
Department of Justice (DoJ) Small Business Program
The DoJ works to ensure that small businesses, including small, disadvantaged businesses, woman owned small businesses, service disabled veteran owned small businesses and HUBZone certified businesses have the maximum practicable opportunity to participate as prime contractors and subcontractors.
Department of Labor (DoL) Small Business Program
The Office of Small and Disadvantaged Business Utilization (OSDBU) administers the U.S. Department of Labor's responsibility to ensure procurement opportunities for small businesses, small, disadvantaged businesses, women-owned small businesses, HUBZone businesses, and businesses owned by service-disabled veterans.
Department of State Small Business Program
How small businesses can do business with the Department of State.
Department of Transportation (USDOT) Small Business Program
The United States Department of Transportation (USDOT), Office of Small and Disadvantaged Business Utilization (OSDBU) mission is to ensure Small Business policies and goals of the Secretary of Transportation are implemented in a fair, efficient and effective manner.
Digital Dashboard
Enables agencies to monitor and improve their digital capabilities
DoD Army Computer Hardware, Enterprise Software and Solutions (CHESS) IT Best-in-Class Vehicle
CHESS provides architecturally sound standards and policy-compliant IT enterprise solutions from more than 20 prime industry IT providers to all Army activities and organizations.
E.O. 13985 Advancing Racial Equity and Support for Underserved Communities Through the Federal Government:
Our Nation deserves an ambitious whole-of-government equity agenda that matches the scale of the opportunities and challenges that we face. The Federal Government should pursue a comprehensive approach to advancing equity for all, including people of color and others who have been historically underserved, marginalized, and adversely affected by persistent poverty and inequality.
E.O. 14005: Ensuring the Future Is Made in All of America by All of America’s Workers
Ensuring the Future is Made in All of America by All of America’s Workforce: The United States Government should, whenever possible, procure goods, products, materials, and services from sources that will help American businesses compete in strategic industries and help America's workers thrive.
E.O. 14008: Tackling the Climate Crisis at Home and Abroad
Climate Crisis: Tackling the Climate Crisis at Home and Abroad: The US and the world face a profound climate crisis. We have a narrow moment to pursue action at home and abroad in order to avoid the most catastrophic impacts of that crisis and to seize the opportunity that tackling climate change presents. Domestic action must go hand in hand with United States international leadership, aimed at significantly enhancing global action. Together, we must listen to science and meet the moment.
E.O. 14017 America’s Supply Chain
America’s Supply Chain: Resilient American supply chains will revitalize and rebuild domestic manufacturing capacity, maintain America's competitive edge in research and development, and create well-paying jobs. It is the policy of the Administration to strengthen the resilience of America's supply chains.
Environmental Protection Agency (EPA) Small Business Program
The EPA Small Business Solutions and Opportunities (SBSO) team is responsible for the implementation of Section 15(k) of the Small Business Act to ensure that small businesses are afforded the maximum practicable opportunity to participate in EPA’s acquisitions.
Equity in Procurement
This page provides quick access to government wide policy on small business procurement strategies and access to the federal marketplace. Access the page for latest copies of policy, agency small business policies, and the small business landscape.
E.O. 14028, Improving the Nation’s Cybersecurity
Agencies must accelerate efforts to implement zero trust architecture and enhanced cybersecurity measures like multi-factor authentication and encryption. This aims to protect sensitive systems from sophisticated threats. There will be increased information sharing and coordination between agencies for cyber incident response. This includes adopting common response playbooks. Improved logging, data retention, and investigative capabilities will be prioritized. This aims to enable rapid detection, investigation, and remediation of cyber incidents across agencies. Agencies will be required to conduct an assessment of their most sensitive data and systems that are at high risk. This will inform plans for improving protections.
FAQ Sheet on M-23-11: Creating a More Diverse and Resilient Federal Marketplace
The following questions and answers are intended to supplement OMB Memorandum M-23-11, Creating a More Diverse and Resilient Federal Marketplace through Increased Participation of New and Recent Entrant.
FAR 16.505 Ordering vs FAR 15.3 Negotiated Procurements
Article explaining typical mistakes to avoid when ordering off a Governmentwide Acquisition Contract (GWAC) and other indefinite delivery/indefinite quantity (IDIQ)-type contracts. Refer to Pages 3 and 4 providing a comparative analysis of the major differences between FAR 16.505 and FAR 15.3.
FAR Part 19 -- Small Business Programs
This part implements the acquisition-related sections of the Small Business Act ( 10 U.S.C. 3063-3064 and 3203), applicable sections of the Armed Services Procurement Act ( 10 U.S.C. 2302, et seq.), 41 U.S.C. 3104, and Executive Order 12138, May 18, 1979.
FAR Smart Matrix
Searchable and filterable interactive tool to view or research information within the FAR.
February 2023 Monthly Bulletin: OEM Solutioning
In late FY 2021, the ITVMO developed the Original Equipment Manufacturer (OEM) Vendor Assessment Offering to provide a coordinated voice representing all agencies to the vendor community. The ITVMO performs governmentwide deep dives of top OEMs identified and prioritized through a Federal IT Buyer Survey and using agency input provided in OMB’s Integrated Data Collection (IDC) Survey. The vendor assessment approach uses a repeatable process that engages agency buyers, vehicle solution holders (e.g., Best-in-Class vehicles), and the OEMs. Continuing reading...(government-only)
Federal Acquisition Regulation
Browse Federal Acquisition Regulations (FAR) Part/Subpart or download in various formats. Complete FAR also available for download.
Federal Deposit Insurance Corporation (FDIC) Small Business Program
Small business ownership can help individuals and families nationwide achieve financial stability and build long-term wealth. Access to credit and participation in the banking system among existing or aspiring small businesses is vital to the success of communities and the broader economy. The FDIC offers a wide range of resources and tools to consumers and bankers that help plan, launch, manage and grow small business initiatives in their communities. The FDIC also supports small business lending through technical assistance, education, and access to government guaranteed loan programs.
Federal Emergency Management Agency (FEMA) Small Business Program
FEMA’s Small Business Program’s (SBP) mission is to assist small businesses in the pursuit of federal procurements. The SBP office actively engages with FEMA’s procurement personnel to ensure that small businesses have the maximum practicable opportunity to participate in contracts.
Federal IT Dashboard
The IT Portfolio is a management tool that contains budgetary data for Federal IT investments and displays key performance indicators (KPI), metrics and key data points to monitor the health of different investments.
Federal Register
Official journal of the federal government of the United States that contains government agency rules, proposed rules, and public notices. It is published every weekday, except on federal holidays.
Federal Register 101
The office annually compiles all current regulations into the bound volumes of the Code of Federal Regulations (CFR). This is an information slick that explains the register.
Federal Risk and Authorization Management Program (FedRAMP®)
The Federal Risk and Authorization Management Program (FedRAMP®) provides a standardized approach to security authorizations for Cloud Service Offerings.
Data to Decisions: Federal Supplier Base Dashboard
Helps agencies evaluate and compare the composition of their contractor base (including specific market segments of interest) to those at other agencies and the government at large. This tool was developed as part of the Administration's Strategy Priority 3, Strategy 1, Goal 1 for beginning using benchmarking to evaluate opportunities for strengthening supplier diversity.
Federal Zero Trust Strategy
Federal Zero Trust Strategy: sets forth a Federal zero trust architecture (ZTA) strategy, requiring agencies to meet specific cybersecurity standards and objectives by the end of Fiscal Year (FY) 2024 in order to reinforce the Government’s defenses against increasingly sophisticated and persistent threat campaigns. Those campaigns target Federal technology infrastructure, threatening public safety and privacy, damaging the American economy, and weakening trust in Government.
FedRAMP Baselines Rev 5 Transition Guide
The purpose of this document is to facilitate a structured approach to completing security assessments and reports required to meet FedRAMP compliance based on NIST SP 800-53, Rev. 5. In addition, it defines the required deadlines for transitioning from Revision 4 (Rev. 4) to Rev. 5.
Food and Drug Administration(FDA) requirements for Cybersecurity in Medical Devices
Ensures that manufacturers of cyber devices provide a software bill of materials (SBOM) for the commercial, open-source, and off-the-shelf software components contained within the device. Forces manufacturers of cyber devices to make available postmarket updates and patches to the device and related systems to address vulnerabilities. Requires manufacturers of cyber devices to submit plans to manage vulnerabilities and exploits as part of their premarket submissions.
Forecast of Contracting Opportunities Tool
The goal of this tool is to provide a nationwide dashboard of upcoming federal contracting opportunities. All projected procurements are subject to revision or cancellation. Final decisions on the extent of competition, small business participation, estimated value, or any aspect of the procurement are made if/when a solicitation is posted to SAM.gov. Forecast data is for planning purposes only and is not a commitment by the Government to purchase the described products and/or services. Address questions regarding a planned procurement to the point of contact listed in the record.
Future of Workstations Whitepaper
This white-paper informs how the Federal Acquisition Programs join forces to produce annual standards for procuring end user solutions for desktops and laptops.
FY 2021 ITVMO Industry Day
The ITVMO hosted an Industry Day to engage industry as an ITVMO partner to inform acquisition trends and priorities.
FY 2021 ITVMO Open House
THe ITVMO hosted an Open House for government IT buyers and program managers to increase understanding and awareness of the program's capabilities.
FY2023 ITVMO Annual Summit
On August 2, 2023, the ITVMO partnered with ACT-IAC to host the first Annual ITVMO Summit. This in-person event brought both industry and government together to foster collaboration and increase knowledge sharing on IT acquisition contract strategies, Best-in-Class IT vehicle solutions, and federal marketplace opportunities for small businesses. This page compiles resources relevant to the 2023 Summit focus areas. Information may be added or updated, as needed. Check back for new inclusions.
General Services Administration (GSA) Small Business Program
The resource page will help small businesses learn more about doing business with GSA, government contracting opportunities, and marketing your contract.
Governmentwide Acquisition Contracts (GWACs)
Using pre-competed Governmentwide Acquisition Contracts (GWACs) will help your agency buy total IT solutions more efficiently and economically. Federal contracting officers must follow these steps to begin using GSA's GWACs.
Governmentwide Technology Playbooks
Comprehensive guides to various technical topics from both a tactical and a strategic perspective. Includes: Application Rationalization, Technology Business Management, Robotic Process Automation, Database Transformation, 18F User Experience, Federal IT Accessibility, and Digital Services.
Govt-wide CM and contract management operating tools
Includes contract management tools: Operational reporting working bench, Agency CM planning workbench, Awards exploration tool, Contract inventory exploration tool.
Govt-wide CM oversight & Performance Management Tools
Govt-wide CM oversight & Performance Management Tools, which includes links to: Exec Summary dashboard, Agency Profile 2.0, Small business dashboard, BIC dashboard, Common Defense centric spend data tables.These reports collectively enable CM KPIs to be tracked and analyzed by agency, department, category, sub category, and vendors, and contracts.
GSA 8(s) STARS III IT Best-in-Class Vehicle
8(a) STARS III is a small business set-aside GWAC that provides flexible access to customized IT solutions from a large, diverse pool of 8(a) industry partners. This next-generation GWAC builds upon the framework of 8(a) STARS II and expands capabilities for emerging technologies and outside the continental United States (OCONUS) requirements.
GSA Alliant 2 IT Best-in-Class Vehicle
Alliant 2, a Best-in-Class GWAC that is preferred governmentwide solution, offers artificial intelligence (AI), distributed ledger technology (DLT), robotic process automation (RPA), and other types of emerging technologies.
GSA Complex Commercial Satellite Communications (SATCOM) IT Best-in-Class Vehicle
Complex Commercial Satellite Communications (SATCOM) Solutions allows federal agencies to build large, complex, custom satellite solutions. Solutions include satellite transport (bandwidth), fixed or mobile satellite service, and service-enabling components such as terminals, handsets, and tail circuits with engineering services to integrate, operate, and maintain the solution
GSA Contact information for small business support
GSA's small business contacts provide access to GSA’s nationwide procurement opportunities through outreach, training, and counseling. They are advocates for small businesses, including small disadvantaged businesses, women-owned small businesses, service-disabled veteran-owned small businesses, HUBZone small businesses, and veteran-owned firms.
GSA Enterprise Infrastructure Solutions (EIS) IT Best-in-Class Vehicle
Enterprise Infrastructure Solutions (EIS) is the go-to contract for enterprise telecommunications and networking solutions.
GSA FAS GWAC Sales Dashboard
The GWAC dashboard displays obligated sales and task orders by agency, bureau and by industry partner for three GWAC programs: 8A Stars II, Alliant 2 and VETS 2.
GSA Federal Acquisition Service Government-wide Strategic Solutions (GSS) for Desktops and Laptops
The GSS systems were implemented for purchase in 2015. A comprehensive refresh process has been deployed every year since in which Agencies provide updates to their requirements, and industry shares its directions and feedback. GSS Version 8 systems have been available since July 2022. GSS Version 9 systems are now available. GSS Version 8 systems will still be offered until they reach end-of-life or are no longer available from the manufacturer.
GSA Multiple Award Schedule (MAS) IT Best-in-Class Vehicle
Buying through MAS Information Technology shortens procurement cycles, ensures compliance, and delivers the best value on over 7.5 million innovative IT products, services, and solutions from over 4,600 pre-vetted vendors.
GSA Polaris Vehicle
Polaris will be a small business governmentwide acquisition contract (GWAC) for acquiring customized information technology (IT) services and IT services-based solutions.
GSA Polaris Vehicle Information Brochure
Planned for 2023, Polaris will be a multiple-award indefinite-delivery/indefinite-quantity (MA-IDIQ) Governmentwide Acquisition Contract (GWAC). Polaris will provide access to customized information technology (IT) services and IT service-based solutions from small businesses.
GSA Training Resources for Small Businesses
This page provides a list of available training materials and opportunities for small businesses, which help them to do better business with government.
GSA Vendor Support Center
Whether you're looking at getting your first contract, researching contract maintenance/compliance, or reporting your contract sales. The Vendor Support Center is here to provide you with the information necessary to help your business be successful.
GSA VETS2 IT Best-in-Class Vehicles
The VETS 2 GWAC is the only GWAC set aside exclusively for Service-Disabled, Veteran-Owned Small Businesses (SDVOSB). It's designed to meet diverse agency IT services requirements, including new and emerging technologies.
GSA Zero Trust Buyers Guide
GSA Zero Trust Buyers Guide: your agency's roadmap to designing and deploying ZTA, and maps the components defined by NIST to the GSA solutions that help meet them. We offer a variety of ZTA solutions across contract vehicles.
Housing and Urban Development (HUD) Small Business Program
The HUD OSDBU is responsible for ensuring that small businesses are treated fairly and that they have an opportunity to compete and be selected for a fair amount of the Agency's prime and subcontracting opportunities.
How OEMs Operate: Module-2: Structure
Understanding the various teams and support functions within the OEM organization helps customers be better prepared for acquisitions and be better positioned to maintain a beneficial relationship with the OEM over the course of the contract. .gov/.mil audience only
How OEMs Operate: Module-3: Sales Roles
The forward-facing part of product companies is in their sales organization. The OEM’s salespeople approach all parts of your IT organization to explain their value proposition for their products. They are also instrumental in approaching your acquisition personnel on how to purchase their products. .gov/.mil audience only
How OEMs Operate: Partners
The OEM has a partner network to expand its reach to all potential customers. Often referred to as the channel, these partners are an extension of the sales arm of the OEM.
How OEMs Operate: Recap
Recap of understanding how OEMs are organized and operate. .gov/.mil audience only
How OEMs Operate: Sales Cadence
Understanding the OEM sales processes requires a better understanding of two complementary concepts: account planning and customer relationship management (CRM). .gov/.mil audience only
How OEMs Operate: Sales Support
OEMs have several different functions to support the sales arm of its operations. Many of these functions may be in the background hidden from your organization, but others are front and center when executing a purchase. This overview focuses on the sales support areas that your team will likely encounter during the sales process. .gov/.mil audience only
How OEMs Operate: Sales Support -- Continued
The OEM has a partner network to expand its reach to all potential customers. Often referred to as the channel, these partners are an extension of the sales arm of the OEM.
IT Acquisitions and Contracts Management
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0. Provides a state of the IT Portfolio, many of these policies and guidance still relevant today.
IT Buyers Agency Knowledge Sharing
As a broker of IT acquisition intelligence requests, the ITVMO works across the community and fellow agency IT Buyers to gather and increase the availability of standards, best practices, and guides. To further support the growing increase in agency specific requests, the ITVMO provides an agency knowledge sharing forum on Connect.gov. This is for government-only.
IT Buyers MAX Portal
All IT Buyers Community of Practice materials will be posted on the ITB CoP MAX page. This MAX page link will be shared via the CoP meetings and email correspondences.Includes: Trainings/ Webinars, ITB Resources, ITB Tools, ITB Knowledge Sharing, Cohorts, SME POCs
IT Category Management Reports
Includes CM IT Key Performance Indicators (KPI) across agency, expiring awards and contracts, market landscape, price analysis, and spend channel analysis: IT Agency Profile and GSA FAS acquisitions analytics - IT category.
July 2023 Monthly Bulletin: Growing Small Business via IT Category Management
The federal government spent over $72B on IT in FY 22. Of this $72B, 38% was spent on small businesses exceeding the category's annual key performance indicator (KPI) of 37.5%. This percentage has increased each of the last three (3) years. Further, these dollars were awarded to ~8,500 different small businesses primes, ~3,500 of which were small disadvantaged businesses (SDBs). However, the number of small business primes has slid down more than 20% since just FY20. As part of this year's strategic plan, the Governmentwide IT Category Manager is prioritizing mechanisms to rebound and grow this small business supply base.
June 2023 Monthly Bulletin: Contract Review Service
The ITVMO is thrilled to announce the establishment of its newest service offering, Contract Review as a Service (CRaaS). Over the last several years, the ITVMO has worked with dozens of agencies to identify and resolve common Original Equipment Manufacturer (OEM) related challenges, ranging from customer service issues to product deficiencies to contractual “gotchas”. Our collaboration with customer agencies and top OEMs has led to enhanced communication and industry partnership commitments that will certainly help agencies get the most out of their IT investments. Continuing reading...(government-only)
M-19.14: Category Management: Making Smarter Use of Common Contract Solutions and Practices
Provides guidance on the use of category management to include 5 actions to agencies. As used in this document, the term "category management" refers to the business practice of buying common goods and services as an enterprise to eliminate redundancies, increase efficiency, and deliver more value and savings from the Government's acquisition programs. Refer to Page 4 for starting detail guidance on the 5 actions.
M-21-26, Increasing Opportunities for Domestic Sourcing and Reducing the Need for Waivers from Made in America Laws
Agencies must designate a Senior Accountable Official (SAO) to oversee implementation of Made in America laws and work with the new Made in America Office (MIAO) on waiver reviews and domestic sourcing strategies. MIAO will conduct phased-in reviews of certain waivers, beginning with non-availability and Jones Act waivers from CFO Act agencies. Agencies must provide standardized information to justify waivers.
M-21-28, Interim Implementation Guidance for the Justice40 Initiative
Sets a goal that 40% of overall benefits from federal investments in areas like clean energy and climate resilience should go to disadvantaged communities. Provides an initial definition of disadvantaged communities and identifies over 20 pilot programs that must develop plans to maximize Justice40 benefits. Agencies managing covered programs must identify benefits, develop methodologies to track benefits to disadvantaged communities, and report data to OMB on meeting the 40% goal.
M-21-30 Protecting Critical Software Through Enhanced Security Measures
Provides instructions for the implementation of those fundamental measures required to secure the use of software falling within NIST’s definition of critical software and directs executive departments and agencies to implement those measures in phases.
M-21-31 Improving the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incident
Establishes a maturity model for logging, log retention, and log management, with a focus on ensuring centralized access and visibility for the highest-level enterprise security operations center (SOC) of each agency. Establishes requirements for agencies to increase the sharing of such information, as needed and appropriate, to accelerate incident response efforts and to enable more effective defense of Federal information and executive branch departments and agencies.
M-22-01, Improving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Systems through Endpoint Detection and Response
Improved agency capabilities for early detection, response, and remediation of cybersecurity incidents on their networks, using advanced technologies and leading practices. Agency enterprise-level visibility across components/bureaus/sub-agencies to better detect and understand threat activity.
M-22-03 Advancing Equity in Procurement
Sets a goal of increasing the percentage of federal contracts awarded to small disadvantaged businesses (SDBs) to 15% by 2025. Agencies are instructed to negotiate higher SDB contracting goals for 2022 to help meet this target.
M-22-05, Fiscal Year 2021-2022 Guidance on Federal Information Security and Privacy Management Requirements
Directs agencies to implement specific zero trust security goals by the end of Fiscal Year (FY) 2024, organized around five pillars: Identity, Devices, Networks, Applications and Workloads, Data. Creates development of a strategy to enable agencies to report performance and incident data in an automated and machine-readable manner.
M-22-09, Moving the U.S. Government Toward Zero Trust Cybersecurity Principles
Requires agencies to achieve specific zero trust security goals by the end of Fiscal Year (FY) 2024.
M-22-14, FY 2024 Agency-wide Capital Planning to Support the Future of Work
Addresses agencies’ real property resource needs and agency efforts to define the amount and types of real property required to fully implement the future of work at each agency. Agencies should coordinate with their Chief Information Officer to assess the status at the agency of online collaboration tools, cloud-based software, and cybersecurity to support a distributed workforce, including as demonstrated during the COVID-19 pandemic, and the potential impact of these tools to the agency’s need for office space agency-wide
M-22-15, Multi-Agency Research and Development Priorities for the FY 2024 Budget
Global Competitiveness and Risk Reduction: Prioritize investments in science, technology, and innovation for long-term competitiveness and reduction of catastrophic risks from emerging technologies. Collaboration and World-Leading Innovation: Agencies should unite for world-class research in critical technologies like AI, QIS, and space tech. Foster collaboration with non-government entities for multidisciplinary research on emerging technologies. Security, Communication, and Cybersecurity: Emphasize investments in biosecurity, system survivability, and nuclear non-proliferation. Focusing on defending resilient communications across all domains and fund foundational cybersecurity research, including zero-trust architectures and software security.
M-22-16, Administration Cybersecurity Priorities for the FY 2024 Budget
Outlines the Administration’s cross-agency cyber investment priorities for formulating fiscal year (FY) 2024 Budget submissions to the Office of Management and Budget (OMB). Federal Civilian Executive Branch (FCEB) agencies will make investments in three cyber investment priority areas: Improving the Defense and Resilience of Government Networks; Deepening Cross-Sector Collaboration in Defense of Critical Infrastructure; and Strengthening the Foundations of Our Digitally-Enabled Future . Priorities should be addressed within the FY 2024 Budget guidance levels provided by OMB.
M-22-18 Enhancing the Security of the Software Supply Chain
The NIST Guidance provides “recommendations to federal agencies on ensuring that the producers of software they procure have been following a risk-based approach for secure software development.”12 Federal agencies must only use software provided by software producers who can attest to complying with the Government-specified secure software development practices, as described the NIST Guidance.
M-23-02, Migrating to Post-Quantum Cryptography
Describes preparatory steps for agencies to undertake as they begin their transition to PQC by conducting a prioritized inventory of cryptographic systems . Provides transitional guidance to agencies in the period before PQC standards are finalized by the National Institute of Standards and Technology (NIST), after which OMB will issue further guidance
M-23-03, Fiscal Year 2023 Guidance on Federal Information Security and Privacy Management Requirements
Metrics will increasingly focus on measuring implementation of zero trust architecture and alignment with cybersecurity framework outcomes. CIO metrics reporting will incorporate more automation, with the goal of reducing manual reporting burdens for agencies.The assessment process will transition to a multi-year cycle, with annual evaluation of core metrics plus other controls evaluated biennially. Guidance is provided on major incident designation, requiring reporting to OMB and Congress within 1 hour and 7 days, respectively. Breaches affecting 100,000+ people are designated as major incidents.
M-23-10, The Registration and Use of .gov Domains in the Federal Government
Agencies must use .gov or .mil domains for all official communications, information, and services, with limited exceptions. Non-.gov usage will be reviewed and restricted by OMB. New .gov registrations and renewals require CIO or agency head approval and detailed justification on usage and conformance to policies. OMB will review requests. Agencies must review previously registered domains for compliance with .gov requirements within 180 days and identify any non-compliant domains to OMB.
M-23-11: Creating a More Diverse and Resilient Federal Marketplace
Issued guidance directing agencies to use a common definition for “new entrant” as they take steps to find small disadvantaged businesses and other contractors and measure progress in diversifying the federal supplier base. Guidance starts on Page 2.
M-23-13, No TikTok on Government Devices” Implementation Guidance
Applies to “the social networking service TikTok or any successor application or service of TikTok developed or provided by ByteDance Limited or an entity owned by ByteDance Limited” (“covered application”) and applies to all “executive agencies”. Applies to not only information technology (IT) owned or operated by agencies, but also IT “used by a contractor under a contract with the executive agency that requires the use” of that IT, whether expressly or “to a significant extent in the performance of a service or the furnishing of a product.”
M-23-16, Update to Memorandum M-22-18, Enhancing the Security of the Software Supply Chain through Secure Software Development Practices
Deadlines are extended for agencies to collect attestations from software producers. Critical software attestations are due 3 months after OMB approves the common attestation form. All software attestations are due 6 months after approval. Attestations only need to come from the producer of the end software product used by an agency, not creators of incorporated third-party components. Freely obtained, public domain proprietary software is excluded from attestation requirements. Whether contractor-developed software requires attestations depends on the agency's involvement in the full development lifecycle. If a producer cannot attest, agencies can accept a POA&M documenting risk mitigation practices and must request a deadline extension from OMB. Agencies must discontinue software use if no extension is approved.
M-23-18, Administration Cybersecurity Priorities for the FY 2025 Budget
Agencies must continue improving cybersecurity through initiatives like zero trust architecture implementation and IT modernization. Budgets should show progress on meeting goals in key strategy documents. Critical infrastructure collaboration is a priority, with budgets needing to show increased capacity for public-private partnerships and information sharing. Combating cybercrime and ransomware is a focus area. Relevant agencies must prioritize resources for investigating and disrupting these threats. Cyber workforce expansion is emphasized, with budgets needing to demonstrate initiatives to develop talent and expand the workforce through inclusive hiring practices.
Manufacturing USA Program
National network created to secure U.S. global leadership in advanced manufacturing through large scale public-private collaboration on technology, supply chain and workforce development.
Memorandum Federal Acquisition Certification in Contracting (FAC-C) Modernization
This Federal Acquisition Certification in Contracting (FAC-C) modernization reflects a new model of lifelong learning that reimagines how the Federal Government develops the workforce. Starting on Page 2 is the overview of the new FAC-C Program.
Memorandum for Senior Accountable Officials, Improving the Transparency of Made in America Waivers
Agencies must submit proposed non-availability waivers to a new public website, MadeInAmerica.gov, prior to awarding contracts to foreign suppliers. This promotes transparency. Certain waiver information will be public, allowing domestic manufacturers to better understand federal needs. The goal is to expand the supplier base and reduce the need for waivers. OMB's Made in America Office will review waivers, focusing on mission impact, market research, and public feedback. Reviews aim to avoid unnecessary waivers while not unduly delaying awards.
Memorandum on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems
Establishes cybersecurity requirements for National Security Systems (NSS) that are equivalent to or exceeds those outlined in E.O. 14028.
Microsoft Agency Challenges & Proposed Resolutions
In July 2021, the ITVMO began a deep dive of Microsoft to support Agencies with specific procurement issues including transitioning from G3 to G5, negotiating terms and conditions, and contract lifecycle management.
Microsoft G5 Transition Guide
This guide assessed the risks associated with Microsoft G5 migrations. It was developed to provide agencies with effective acquisition strategies, identify major milestones for contract renewals, and help agencies identify and prioritize relevant factors when considering an upgrade to G5. .gov/.mil audience only
Microsoft Webinar 1: Negotiating Terms and Conditions
The first training session on Negotiating Terms and Conditions presented the latest knowledge and best practices on negotiating with Microsoft including licensing agreements, pricing and cost information, and discount approaches.
Microsoft Webinar 2: Infrastructure and Security Management
The second session covered IT Infrastructure and Security best practice from an acquisitions perspective and focused on the suite of Microsoft cloud products, best practices for managing these services, and recommendations on how to implement them effectively.
Microsoft Webinar 3: IT Contract Lifecycle Management
The final session addressed Microsoft Contract and Lifecycle Management best practices including how to manage requirements, ensure audi readiness, and recommendations on how to centralize Microsoft services within an agency.
Minority Business Development Agency (MBDA)
The U.S. Department of Commerce, Minority Business Development Agency (MBDA) is the only federal agency solely dedicated to the growth and global competitiveness of minority business enterprises.
NASA SEWP Government-wide Strategic Solutions (GSS) for Desktops and Laptops
The GSS systems were implemented for purchase in 2015. A comprehensive refresh process has been deployed every year since in which Agencies provide updates to their requirements, and industry shares its directions and feedback. GSS Version 8 systems have been available since July 2022. GSS Version 9 systems are now available. GSS Version 8 systems will still be offered until they reach end-of-life or are no longer available from the manufacturer.
NASA SEWP Small Business Contract Holders
This tool shows small business on vehicle with NASA SEWP.
NASA Solutions for Enterprise-Wide Procurement (SEWP) IT Best-in-Class Vehicle
The NASA SEWP (Solutions for Enterprise-Wide Procurement) GWAC (Government-Wide Acquisition Contract) provides the latest in Information and Communications Technology (ICT) and Audio-Visual (AV) products and services for all Federal Agencies and their approved contractors.
National Aeronautics and Space Administration (NASA) Small Business Program
The mission of the NASA Office of Small Business Programs is to promote and integrate small businesses into the industrial base of contractors and subcontractors that support the future of space exploration, scientific discovery, and aeronautics research.
National Institute of Health (NIH) Small Business Program
If you're a small business interested in contracting at NIH, please start by reading the information provided by our parent Agency, the Department of Health and Human Services.
National Science Foundation (NSF) Small Business Program
The National Science Foundation (NSF) Office of Small and Disadvantaged Business Utilization (OSDBU) helps increase contract and subcontract awards to small and disadvantaged businesses and identifies potential businesses to support NSF.
National Security Memorandum/NSM-10, Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems
The US aims to expand its quantum computing capabilities while mitigating risks to data security. The memo directs agencies to support quantum R&D and workforce development to maintain US leadership. Agencies must inventory systems vulnerable to quantum computers within 180 days and develop encryption modernization plans. This aims to protect sensitive data as quantum computing advances. A Quantum Cryptography and Post-Quantum Cryptography Technical Evaluation Group will be established. This interagency group will coordinate technical strategies for cryptographic modernization across government.
National Security Memorandum/NSM-8 on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems
The President calls for accelerated efforts to modernize cybersecurity defenses and move towards zero trust architectures. This aims to protect national security systems from sophisticated cyber threats. The National Security Advisor will convene an interagency process to establish performance targets and accountability measures for cybersecurity. This aims to drive progress on modernization efforts. Agencies must adopt multi-factor authentication, encryption for data at rest and in transit, and enhanced logging and monitoring. These are core technical measures to improve cybersecurity across sensitive systems.
Networx Security Services
The Networx contracts require a basic level of security management for its contractors that ensures compliance with Federal Government generally accepted security principles and practices, or better. The contracts employ adequate and reasonable means to ensure and protect the integrity, confidentiality, and availability of Networx services, Operational Support Systems (OSS), and Government information transported or stored in the contractors Networx services infrastructure. These requirements are detailed in Section C.3.3.2 of the Networx contracts.
NIH NITAAC Government-wide Strategic Solutions (GSS) for Desktops and Laptops
The GSS systems were implemented for purchase in 2015. A comprehensive refresh process has been deployed every year since in which Agencies provide updates to their requirements, and industry shares its directions and feedback. GSS Version 8 systems have been available since July 2022. GSS Version 9 systems are now available. GSS Version 8 systems will still be offered until they reach end-of-life or are no longer available from the manufacturer.
NIH NITAAC Small Business Search Tool
This tool provides guidance on identifying small business and set-aside categories through the NITAAC website.
NIH NITAAC University
Welcome to NITAAC University, where you can begin your education on Information Technology (IT) acquisitions and find trainings that cover the basics of using our Government-Wide Acquisition Contracts (GWACs). Our hope is to simplify the complexities of acquisitions enough to assure our clients enjoy the faster, easier procurements that are available through NITAAC.
NIST Computer Security Resource Center
NIST Computer Security Resource Center: has information on many of NIST's cybersecurity- and information security-related projects, publications, news and events. CSRC supports people and organizations in government, industry, and academia—both in the U.S. and internationally.
NIT NITAAC CIO Commodity Services (CIO-CS) IT Best-in-Class Vehicle
Every IT commodity you can think of and any IT commodity-enabling solution you can imagine, can be procured through the CIO-CS contract. From Cloud Computing, Cyber Security and Mobility CIO-CS contractors have a solution.
NIT NITAAC CIO IT Services and Solutions (CIO-SP3) IT Best-in-Class Vehicle
With more than 137 labor categories and 10 task areas, the CIO-SP3 contract is designed to give federal agencies a streamlined ordering process to acquire a wide range of IT services and solutions
NIT NITAAC CIO IT Services and Solutions (CIO-SP3)Small Business IT Best-in-Class Vehicle
The CIO-SP3 vehicle provides federal or civilian agencies a mechanism for efficiently ordering IT solutions and services at equitable and reasonable prices while helping to achieve their socio-economic contracting goals.
NITAAC Assisted Acquisition Request Form
Use this form to request NITAAC Assisted Acquisition support.
NITAAC Contract Holder Directory
Search 450+ contract holders using the NITAAC contract holder directory tool.
NITAAC Independent Government Cost Estimate (IGCE ) Template
The NITAAC Independent Government Cost Estimate (IGCE ) is used to assist in the determination of the acquisition strategy, as well as an estimated cost for the proposed effort.
NOAA Small Business News Page
This page provides a compilation of recent and past articles related to NOAA's efforts to increase small business and opportunities for small businesses to support NOAA.
North American Industry Classification System (NAICS) Search Tool
This official U.S. Government Web site provides the latest information on plans for NAICS revisions, as well as access to various NAICS reference files and tools. Additional information on the background and development of NAICS is available in the History section of this Web site.
Nuclear Regulatory Commission (NRC) Small Business Program
The U.S. Nuclear Regulatory Commission (NRC) is committed to ensuring that small businesses are afforded the maximum practicable prime and subcontract opportunities in support of agency mission operations. The Small Business Program takes the lead in this effort by serving the NRC and the business community by advocating for small businesses, including businesses owned by the disadvantaged, women, veterans, and service-disabled veterans, as well as companies located in Historically Underutilized Business Zones (HUBZones).
Office of Personnel Management (OPM) Small Business Program
OPM has established a world-class small business program at OPM by using the authorities of small business legislation to expedite the acquisition process in order to maximize the use of small businesses that provide the best value to OPM.
OMB Equity Learning Community
Provides a community of equity leaders that meet weekly to ask questions and share knowledge on implementing the new executive order. This community is for government-only.
Open FAR Cases Report (updated bi-weekly)
This agency provides an updated bi-weekly report of open Federal Acquisition Regulation (FAR) cases. Visit the site and click open cases for the latest bi-weekly PDF report.
Oracle Agency Challenges & Proposed Resolutions
In May 2021, the ITVMO began evaluating Adobe through the OEM Assessment Process. As a result of the Assessment, the ITVMO identified common challenges for Federal agencies focused certification and audit clauses, price holds, maintenance and support caps, and virtualization.
Oracle Vendor Assessment Playbook
This training resource provides an 8-part information series on OEM operating practices to educate agency IT buyers and help them achieve a stronger negotiating position challenges. .gov/.mil audience only
Part 39 - Acquisition of Information Technology
This part prescribes acquisition policies and procedures for use in acquiring— (a) Information technology, including financial management systems, consistent with other parts of this regulation, OMB Circular No.A-127, Financial Management Systems and OMB Circular No.A-130, Management of Federal Information Resources; (b) Information and communication technology (see 2.101(b)).
Periodic Table of Acquisition Innovations
The governmentwide acquisition knowledge management portal for innovative business practices and technologies.
Presidential Management Agenda: Foster lasting improvements in the Federal acquisition system
Follow progress on the Administration's Priority 3, Strategy 1 set of goals to strengthen the U.S. domestic manufacturing base, support American workers, lead by example toward sustainable climate solutions, and create opportunities for underserved communities.
Procurement Equity Tool
Helps agencies reach socioeconomic small businesses that have not received federal work but are registered in System for Award Management (SAM) and may be interested in participating in agency procurement competitions. This tool is government use only.
Product Service Code (PSC) Guide
Welcome to the Product and Service Code (PSC) manual page, where you can find the archive version in multiple formats along with supporting documentation.
Product Service Code (PSC)Selection Tool
This tool allows users to search for the right PSC by keyword search, code search, or using the Federal Government's category management (CM) spend categories. These categories, as established by the Office of Management and Budget (OMB) and the cross-agency Category Management Leadership Council (CMLC), group together like products or services to enable the government to buy smarter and more like a single enterprise, delivering more savings, value, and efficiency for Federal Agencies. The tool also allows searches by DOD's legacy sixteen portfolio groups that were established under the Better Buying Power initiative.
Public CM Dashboards and Analytics
A similar collection as the Govt-wide CM tools with the addition of: Awards Exploration, Contract Inventory Exploration, Vendor Managed Spend.
SBA's Contracting Guide for Small Businesses
The federal government contracts with small businesses to buy products and services. This page provides access to several resources, tools, and guidance reports to help small businesses navigate the Federal Marketplace.
SBA’s Small Business Investment Company (SBIC) program
Seeks to stimulate and supplement the flow of private equity capital and long-term loan funds to small businesses, which small business concerns need for the sound financing of their business operations and for their growth, expansion, and modernization when such capital is not available in adequate supply.
ServiceNow Agency Challenges & Proposed Resolutions
In February 2022, the ITVMO began evaluating ServiceNow through the OEM Assessment Process. As a result of the Assessment, the ITVMO identified common challenges for Federal agencies focused on best practices and operations and maintenance.
ServiceNow Close Out Flyer
The ITVMO categorized agency challenges and worked with ServiceNow to provide solutions. The resulting procurement related best practices series significantly reduced the challenges and impacts previously identified.
ServiceNow Executive Close Out Memo
In 2021, the ITVMO launched an OEM assessment of ServiceNow. This memo serves as an executive summary of the engagement.
ServiceNow Webinar 5: Implementing a Citizen Development Program
Low- and no-code development can help your organization expand its application development to include citizen developers. With effective management in place, citizen development boosts your digital transformation efforts and delivers more innovation because it extends your development potential beyond the IT developer team, generating flexibility and efficiency.
ServiceNow Webinar 6: Understanding the Licensing Model and Pricing Framework
As a critical platform for many agencies, ServiceNow acquisition and growth strategy requires careful planning and preparation. Watch this webinar to learn best practices for how to purchase ServiceNow to ensure your agency can effectively manage its ServiceNow footprints and receive the best value for your investment.
Small Business Administration Site Page
Continues to help small business owners and entrepreneurs start, grow, expand, and recover in the federal marketplace. SBA is the only cabinet-level federal agency fully dedicated to small business and provides counseling, capital, and contracting expertise as the nation’s only go-to resource and voice for small businesses.
Small Business Census Data
Here you will find detailed statistics about U.S. businesses that are essential to help small businesses succeed and grow.
Small Business Frequently Asked Questions (GSA)
OSDBU has compiled a list of Frequently Asked Questions from several webinars and events. Visit each event page to learn more.
Small Business Innovation Research Program (SBIR)
Small Business Innovation Research Program (SBIR) and Small Business Technology Transfer (STTR) programs are highly competitive programs that encourage domestic small businesses to engage in Federal Research/Research and Development (R/R&D) with the potential for commercialization.
Small Business Mentor-Protégé Programs Congressional Research Services Report
This is a CRS report from 2021. This report provides an overview of the federal government’s various small business mentor-protégé programs. All of these programs are intended to assist small businesses in performing as contractors, subcontractors, or suppliers on federal or federally funded contracts, but the programs differ in their scope and operations. The federal government currently has several mentor-protégé programs to assist small businesses in various ways. Other agencies also have agency-specific mentor-protégé programs designed to assist various types of small businesses or other entities in obtaining and performing subcontracts under agency prime contracts.
SmartBUY Blanket Purchase Agreements
Through SmartBUY government-wide blanket purchase agreements, agencies can (1) order commercial off the shelf software with pre-negotiated terms and conditions; (2) reduce risks, costs, and administrative burden. support the SmartBUY Federal Strategic Sourcing Initiative, (3) a partnership with the Department of Defense Enterprise Software Initiative, GSA, and software vendors.
Social Security Administration (SSA) Small Business Program
The Social Security Administration (SSA), is committed to advancing the small business procurement program, by provide maximum practicable opportunities in SSA acquisitions to small business, veteran-owned small business, service-disabled veteran-owned small business, HUBZone small business, small disadvantaged business, and women-owned small business concerns.
System for Award Management (SAM)
Register to do business with the U.S. Government. Update, renew, or check the status of your entity registration.
The Manufacturing Institute
Grows and supports the industry’s skilled workers for the advancement of modern manufacturing. The MI’s diverse initiatives support all American workers, including emerging workers, women, veterans and students, through skilled training programs, community building and career growth.
U.S. Department of Treasury Small Business Program
The following links are provided for reference and information. The Federal OSDBU Council does not endorse any non-government websites, companies, or applications—and cannot attest to the accuracy of the information provided by third-party websites or any other linked websites.U.S.
US Trade Representative Small Business Report
This site page provides an overview of the US Trade Representative's Office for Small Business to include its domain experts evaluating small business performance. Refer to this page for added access to small business reports and analysis.
Veteran Affairs Small Business Program
The office of Small & Disadvantaged Business Utilization programs implement the requirements to aid, counsel, assist, and protect the interests of small and Veteran business concerns.
White Paper: Analysis of Small Business Utilization within the Information Technology Category
The Data Analytics and AI Working Group recently published a White Paper on their findings from a lab project, where the Government could leverage and understand the potential of state of the art Analytics and AI tools, as applied to Agency provided use cases.
Advancing the Responsible Acquisition of Artificial Intelligence in Government
The use of artificial intelligence (AI) in the Federal Government presents tremendous opportunity for modernizing agency operations and improving the delivery of government services to the public, provided that the risks presented by the use of AI technology are mitigated. Realizing this goal involves recognizing that AI poses novel types of risk, and proactively integrating considerations for AI risk management into agency acquisition planning. This memorandum builds on previous efforts to harness the power and utility of AI in service of agency missions while protecting the public from potential risks or harms.
AI.gov Use Cases
The United States stands to benefit significantly from harnessing the opportunities of AI to improve government services. The federal government is leveraging AI to better serve the public across a wide array of use cases, including in healthcare, transportation, the environment, and benefits delivery. The federal government is also establishing strong guardrails to ensure its use of AI keeps people safe and doesn’t violate their rights.
AI Use Cases Department of Agriculture
The U.S. Department of Agriculture (USDA) has compiled an inventory of its Artificial Intelligence (AI) use cases, in line with Executive Order (EO) 13960, ""Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government."" This order mandates federal agencies to catalog their AI applications and make this information accessible to other government entities and the public. The primary goal is to ensure that the deployment of AI not only drives economic growth and enhances the quality of life for all Americans but also upholds public trust and safeguards the rights and values of the American populace. The USDA's AI inventory, updated in May 2023, encompasses both existing and prospective AI applications, aligning with the agency's mission. This initiative reflects the broader commitment to adopting AI in a manner that is responsible, transparent, and aligned with the nation's values and legal frameworks.
AI Use Cases Department of Commerce
The Department of Commerce (DOC) has meticulously compiled an inventory of Artificial Intelligence (AI) use cases, in strict alignment with the directives outlined in Executive Order (EO) 13960, which is titled ""Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government."" This comprehensive catalog stands as a pivotal element of the DOC's steadfast commitment to harnessing AI for the betterment of the United States' commercial and economic landscape. This dataset establishes a structured framework that enables federal agencies to systematically document their AI applications, ensuring transparency and fostering public trust in the responsible utilization of these cutting-edge technologies. The methodical approach applied guarantees that each AI use case is comprehensively recorded, offering clear insights into the AI's purpose, characteristics, and developmental stage within the Department of Commerce.
AI Use Cases Department of Education
The U.S. Department of Education, in compliance with Executive Order 13960, has compiled an inventory of its Artificial Intelligence (AI) use cases, encompassing both current and planned applications. This initiative aligns with the broader goal of leveraging AI to enhance the United States economy and improve the quality of life for all Americans.These AI applications demonstrate the Department's commitment to integrating advanced technology into its operations, enhancing efficiency, and improving user experience. The detailed inventory of these and other AI use cases reflects the Department's mission to foster educational excellence and ensure equal access.
AI Use Cases Department of Energy
The Department of Energy (DOE) has diligently compiled a catalog of Artificial Intelligence (AI) utilization scenarios, in strict accordance with the directives set forth in Executive Order (EO) 13960, titled ""Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government."" This catalog represents a vital component of the DOE's unwavering commitment to harnessing AI for the advancement of the United States' energy infrastructure and related services. This dataset serves as a systematic mechanism through which federal agencies can systematically document their AI deployments, thereby ensuring transparency and instilling public confidence in the responsible use of these technological innovations. The structured approach employed guarantees that each AI application is comprehensively documented, providing a lucid understanding of the AI's purpose, nature, and development stage within the purview of the DOE.
AI Use Cases Department of Health and Human Services
The Department of Health and Human Services (HHS), in accordance with Executive Order 13960, "Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government," has developed an inventory of its Artificial Intelligence (AI) use cases. This inventory encompasses both current and planned non-classified and non-sensitive AI applications. The purpose of this initiative is not only to comply with the executive order but also to enhance public awareness and foster cross-agency collaboration on AI initiatives. This initiative reflects HHS's commitment to leveraging AI responsibly and transparently, ensuring that these technologies are used in a manner that benefits the public and aligns with the agency's mission to enhance health and well-being.
AI Use Cases Department of Homeland Security
The Department of Homeland Security (DHS), in compliance with Executive Order 13960 "Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government," has established an inventory of non-classified and non-sensitive Artificial Intelligence (AI) use cases. This inventory is part of a broader federal initiative to ensure that AI technologies are used in a manner that is transparent, responsible, and aligned with public interest. The DHS's AI Use Case Inventory is publicly accessible and aims to provide insights into how AI is being utilized across various branches of the department. This initiative reflects the DHS's commitment to leveraging AI to enhance its operations and services while ensuring adherence to ethical guidelines and safeguarding the rights and privacy of individuals.
AI Use Cases Department of Housing and Urban Development
The U.S. Department of Housing and Urban Development (HUD) has complied with Executive Order (EO) 13960, ""Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government,"" by inventorying its Artificial Intelligence (AI) use cases. The department has identified a significant AI use case: Consolidated Plan Pilot Analysis: Initiated in March 2023, the Planning Development and Research (PD&R) began a pilot project to analyze aspects of HUD's Consolidated Plans. These plans are essential as they identify and assess affordable housing and community development needs and market conditions. They are submitted by grantees of HUD's formula block grant programs and are publicly available on HUD's website. This AI use case reflects HUD's commitment to leveraging technology to improve its services and operations, ensuring that housing and urban development programs are as effective and efficient as possible.
AI Use Cases Department of Justice
The Department of Justice (DOJ) has embraced Executive Order (EO) 13960: Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government by meticulously compiling an inventory of its AI applications. This comprehensive inventory encompasses both present and anticipated applications of AI, all in alignment with the DOJ's overarching mission to cultivate public confidence, safeguard the rights and values of the American populace, while simultaneously harnessing AI to propel the growth of the United States economy and enhance the quality of life for all American citizens. The DOJ is steadfastly committed to ensuring that the integration of AI within its operational framework adheres to the principles of responsible and reliable AI. This commitment encompasses the pillars of legality, purposefulness, accuracy, safety, comprehensibility, responsibility, continuous monitoring, transparency, and accountability.
AI Use Cases Department of Labor
The U.S. Department of Labor (DOL) has embraced the use of Artificial Intelligence (AI) and Machine Learning (ML) to enhance its services and fulfill its mission more efficiently. In line with Executive Order 13960: Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government, the DOL has cataloged its active AI use cases to ensure transparency in the adoption of these advanced technologies. These AI use cases demonstrate the DOL's commitment to leveraging advanced technology to improve its operations and help their labor-related programs and initiatives operate as effective and efficient as possible.
AI Use Cases Department of State
The U.S. Department of State has compiled an inventory of Artificial Intelligence (AI) use cases, showcasing the department's commitment to leveraging AI to enhance its diplomatic efforts and operational efficiency. These AI use cases reflect the Department of State's innovative approach to using advanced technology to improve diplomatic efforts, operational efficiency, and data-driven decision-making. The department's AI inventory is a testament to its commitment to responsible and effective use of AI in fulfilling its mission.
AI Use Cases Department of the Interior
The Department of the Interior (DOI), adhering to Executive Order 13960 "Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government," has curated a catalog of non-classified and non-sensitive Artificial Intelligence (AI) applications. This catalog is a segment of a larger federal endeavor to guarantee that AI technologies are employed transparently, responsibly, and in harmony with the public's interest. The DOI's AI Use Case Catalog is openly available and strives to shed light on the diverse applications of AI across the department's various sectors. This effort underscores the DOI's dedication to harnessing AI to advance its operations and services, while firmly upholding ethical standards and protecting the rights and privacy of individuals.
AI Use Cases Department of the Treasury
The U.S. Department of the Treasury has compiled an inventory of Artificial Intelligence (AI) use cases as of May 2023. This inventory includes various AI applications that are in different stages of development and deployment. The AI use cases illustrate the Department of the Treasury's dedication to harnessing cutting-edge technology to improve its functions and offerings, guaranteeing maximum effectiveness and efficiency in its financial and regulatory initiatives.
AI Use Cases Department of Transportation
The Department of Transportation (DOT) has compiled an inventory of Artificial Intelligence (AI) use cases, adhering to the directives of Executive Order (EO) 13960: Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government. This inventory is part of the department's commitment to leveraging AI to enhance the United States' transportation infrastructure and services. The dataset provides a structured mechanism for federal agencies to catalog their AI applications, ensuring transparency and fostering public trust in the use of these technologies. This structured approach ensures that each AI use case is documented comprehensively, providing clear insights into the nature, purpose, and development stage of the AI applications within the DOT.
AI Use Cases Department of Veteran Affairs
The Department of Veterans Affairs (VA) has established an inventory of Artificial Intelligence (AI) use cases, aligning with the principles outlined in Executive Order (EO) 13960: Promoting the Use of Trustworthy Artificial Intelligence in Federal Government. These principles ensure that AI applications are lawful, purposeful, accurate, safe, understandable, responsible, regularly monitored, transparent, and accountable. These AI use cases demonstrate the VA's commitment to leveraging advanced technology to enhance healthcare services, improve diagnostic accuracy, and ensure effective treatment for veterans. The inventory reflects the department's dedication to responsible and innovative use of AI in fulfilling its mission.
AI Use Cases Export-Import Bank of the United States (EXIM)
The Export-Import Bank of the United States (EXIM) has conducted a review of its Federal Information Security Modernization Act (FISMA) systems in response to Executive Order (EO) 13960: Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government. This review aimed to identify any use cases of Artificial Intelligence (AI) within the agency. As per the information provided, EXIM did not identify any AI use cases in its current operations. The agency has committed to continuously monitoring its systems and will update the public AI use case inventory as needed to ensure transparency and adherence to the directives of the executive order.
AI Use Cases National Aeronautics and Space Administration
NASA has updated its AI Use Case inventory for 2023, following a process similar to the previous year. The inventory was compiled with input from NASA's Community of Practice of researchers, utilizing a newly deployed web tool. The list represents projects where NASA is currently employing AI tools developed in-house, with many of the AI activities being in the formulation phase or still under development. NASA's commitment to AI reflects its broader mission to explore the unknown, innovate for the benefit of humanity, and inspire the world through discovery. The AI inventory is a testament to NASA's dedication to advancing the frontiers of knowledge and technology.
AI Use Cases National Aeronautics and Space Administration
NASA has updated its AI Use Case inventory for 2023, following a process similar to the previous year. The inventory was compiled with input from NASA's Community of Practice of researchers, utilizing a newly deployed web tool. The list represents projects where NASA is currently employing AI tools developed in-house, with many of the AI activities being in the formulation phase or still under development. NASA's commitment to AI reflects its broader mission to explore the unknown, innovate for the benefit of humanity, and inspire the world through discovery. The AI inventory is a testament to NASA's dedication to advancing the frontiers of knowledge and technology.
AI Use Cases National Institute of Standards and Technology
The National Institute of Standards and Technology (NIST) has taken steps to align with Executive Order 13960: Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government. As required by the executive order, NIST annually prepares an inventory of its non-classified, non-sensitive, and non-research use cases of AI. However, as of the current update, NIST has reported that it does not have any operational use cases that meet the scope of this Executive Order. This proactive approach by NIST reflects its commitment to the responsible and transparent use of AI, ensuring that the technology is used in a manner that is safe, secure, and trustworthy, aligning with the broader goals of the executive order.
AI Use Cases National Science Foundation
The U.S. National Science Foundation (NSF) has compiled an inventory of Artificial Intelligence (AI) use cases in compliance with Executive Order 13960: Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government. This inventory includes AI applications that the NSF uses to advance its mission, enhance decision-making, or otherwise benefit the public. These AI use cases demonstrate NSF's commitment to leveraging advanced technology to enhance its operations and services, ensuring that scientific research and educational programs are as effective and efficient as possible.
AI Use Cases National Transportation Safety Board
The National Transportation Safety Board (NTSB) has stated that it does not currently utilize any Artificial Intelligence (AI) systems for agency operations. This information is part of the AI use case inventory that organizations are compiling in response to Executive Order 13960: Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government. While the NTSB does not have AI use cases to report at this time, the agency's transparency in this matter aligns with the broader goal of the executive order to ensure that the deployment of AI in federal agencies is transparent, responsible, and aligned with public interest.
AI Use Cases Small Business Administration
The U.S. Small Business Administration (SBA) has conducted a review of its Federal Information Security Modernization Act (FISMA) systems in response to Executive Order (EO) 13960, ""Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government."" This review aimed to identify any use cases of Artificial Intelligence (AI) within the agency. As per the information provided, the SBA did not identify any AI use cases in its current operations. The agency has committed to continuously monitoring its systems and will update the public AI use case inventory as needed to ensure transparency and adherence to the directives of the executive order. This proactive approach demonstrates the SBA's commitment to responsible governance and the thoughtful integration of AI technologies in its operations.
AI Use Cases Social Security Administration
The U.S. Social Security Administration (SSA) has developed a comprehensive list of Artificial Intelligence (AI) applications in alignment with Executive Order 13960, titled "Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government." This detailed inventory encompasses AI solutions that the SSA employs to further its mission, improve decision-making processes, and deliver benefits to the public. These AI applications reflect the SSA's dedication to adopting cutting-edge technology to optimize its functions and services, guaranteeing that social security programs and services are delivered in the most effective and efficient manner.
AI Use Cases U.S. Agency for International Development
The United States Agency for International Development (USAID) has compiled its 2023 Inventory of Artificial Intelligence (AI) Use Cases in accordance with Section 5(e) of Executive Order (EO) 13960. This inventory is part of USAID's commitment to upholding the principles outlined in EO 13960, which promotes the use of trustworthy AI in the federal government. For those interested in exploring the specific AI use cases within USAID, the inventory can be accessed through the provided link on the USAID's official website. Additionally, USAID has committed to reviewing and updating the public AI Use Case inventory as needed in the future, reflecting the agency's dedication to responsible and innovative use of AI in fulfilling its mission.
AI Use Cases U.S. Department of Personnel Management
The Office of Personnel Management (OPM) has developed an inventory of Artificial Intelligence (AI) use cases in response to Executive Order 13960, ""Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government."" This order mandates federal agencies to catalog their non-classified and non-sensitive AI applications and make this information accessible to the public and other government entities, as feasible. The OPM's Office of the Chief Information Officer (OCIO) has compiled this inventory, which not only adheres to the requirements of the executive order but also aims to enhance public understanding of the agency's AI initiatives. The inventory includes both current and planned AI use cases, reflecting OPM's commitment to leveraging AI technology to improve its operations and services. For those interested in exploring the specific AI use cases within OPM, the 2023 OPM Artificial Intelligence Inventory is available as an Excel file. This initiative underscores OPM's dedication to transparently integrating AI into its processes, ensuring that these technologies are used responsibly and effectively.
AI Use Cases U.S. Environmental Protection Agency
The Environmental Protection Agency (EPA) maintains an inventory of Artificial Intelligence (AI) projects in compliance with Executive Order (EO) 13960, "Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government." This inventory showcases the EPA's commitment to leveraging AI to enhance its environmental protection efforts. These AI projects reflect the EPA's innovative approach to using advanced technology to improve environmental protection and regulatory compliance. The agency's AI inventory is a testament to its commitment to responsible and effective use of AI in fulfilling its mission.
AI Use Cases U.S. General Services Administratiobn
The General Services Administration (GSA) has compiled an inventory of Artificial Intelligence (AI) use cases, in line with Executive Order 13960, "Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government." This inventory showcases various AI applications within the GSA, highlighting their development stages and purposes. These AI applications demonstrate GSA's commitment to leveraging advanced technology to enhance efficiency and improve service delivery. The complete inventory can be downloaded as a CSV file for a detailed overview.
ARTIFICIAL INTELLIGENCE: Agencies Are Implementing Management and Personnel Requirements
AI is rapidly changing the world and has significant potential to transform society and people’s lives. According to the Administration, agencies are already using AI operationally in various areas. Further, agencies have requested $1.9 billion for research and development investment in AI for fiscal year 2024. Given the rapid growth in capabilities and widespread adoption of AI, the federal government must responsibly manage its use.
Artificial Intelligence: GAO's Work to Leverage Technology and Ensure Responsible Use
This U.S. Government Accountability Office (GAO) report discusses how GAO is leveraging Artificial Intelligence (AI) internally to improve efficiency, effectiveness, and depth of its work for Congress and taxpayers. It mentions the deployment of a large language model for tasks such as synthesizing past reports and scanning congressional documents. The report outlines eight AI use cases GAO is exploring, from organizing large volumes of text to assisting with editorial tasks, and how these initiatives help GAO gain insights into AI's benefits and risks.
Building our Best: Recruitment and Retention of the Contracting Workforce
Last year, the Federal Government purchased over $750 billion in goods and services through contracts awarded by tens of thousands of acquisition professionals. These professionals' business acumen, analytical and research skills, and judgment are critical to the success of agency missions. As the largest buyer of goods and services globally, the Federal Government depends heavily on this workforce—the cornerstone of a successful federal acquisition system—to deliver best-value solutions and ensure the system benefits all Americans. To maintain a strong pipeline of acquisition talent at all levels and meet future challenges, this memorandum establishes a blueprint for prioritizing the recruitment and retention of contracting professionals.
CISA Names First Chief Artificial Intelligence Officer
The Cybersecurity and Infrastructure Security Agency (CISA) appointed Lisa Einstein as its first Chief Artificial Intelligence Officer. This move emphasizes CISA's commitment to responsibly using AI to enhance its cyber defense mission and support the secure development and adoption of AI in critical infrastructure across the U.S. Einstein, who has been leading CISA’s AI efforts since 2023, will focus on building AI expertise within the agency and ensuring safe AI practices.
CISA Services Portal
CISA provides a secure means for constituents and partners to report incidents, phishing attempts, malware, and vulnerabilities.
CISA’s Roadmap for Artificial Intelligence
The Cybersecurity & Infrastructure Security Agency (CISA) addresses artificial intelligence (AI) security, emphasizing the need for AI to be secure by design. CISA's Roadmap for Artificial Intelligence outlines a whole-agency approach to promote AI's beneficial uses in cybersecurity, protect AI systems from cyber threats, and prevent the malicious use of AI against critical infrastructure. The Roadmap includes five key lines of effort: responsibly using AI in CISA's mission, assuring AI systems, protecting critical infrastructure from AI threats, collaborating on AI efforts, and expanding AI expertise within the workforce.
Cloud Computing: Agencies Need to Address Key OMB Procurement Requirements
In 2019, the Office of Management and Budget established 5 key requirements for agencies related to procuring secure, cost-effective cloud services. As of July 2024, the 24 major agencies set policies and guidance that addressed some of these requirements but not others. For example, all the agencies had established guidance to ensure their chief information officer oversees agency modernization efforts. But most hadn't established guidance on service level agreements—which define the levels of service and performance the agency expects its cloud providers to meet.
Cloud Operations Best Practices & Resources Guide
GSA's guide supports a federal agency’s journey to optimize its cloud operations. Whether purchasing new cloud services, migrating applications, or simply managing your current IT investments, your agency’s ability to manage the cost, capability, security and quality of your cloud impacts how well it serves its mission and its stewardship of taxpayer dollars. The guide is not a how-to or training document; it is not meant to be read cover to cover. Rather, it is organized to allow readers to quickly find the relevant best practices, useful resources, and agency templates on a specific topic of interest.
Critical Infrastructure Protection: Agencies Need to Enhance Oversight of Ransomware Practices and Assess Federal Support
This U.S. Government Accountability Office (GAO) report highlights the critical need for enhanced oversight of ransomware practices within four key sectors: manufacturing, energy, healthcare and public health, and transportation systems. It points out that although federal agencies have assessed or plan to assess risks associated with ransomware, they have not fully evaluated the adoption of leading cybersecurity practices or the effectiveness of federal support in mitigating these risks. The report underlines the devastating impacts of ransomware, including significant financial losses and disruptions to essential services, and makes 11 recommendations to improve the situation.
Cyber Resiliency: CrowdStrike Outage Highlights Challenges
Challenges in supply chain risk management, testing, contingency planning, and cyber information sharing make it more difficult to mitigate cybersecurity risks to IT systems. GAO’s work in these areas highlights the need to mitigate them.
Cybersecurity: An overview of cyber challenges facing the nation, and actions needed to address them.
Federal agencies and our nation’s critical infrastructure—including energy, transportation systems, communications, and financial services—rely on IT systems to perform operations and process essential data. Ensuring the security of these systems and data is crucial for protecting individual privacy and national security. However, risks to IT systems are on the rise, with malicious actors becoming more willing and capable of launching cyberattacks. Additionally, the frequency and cost of cyberattacks across the United States are increasing.
Cybersecurity: Implementation of Executive Order Requirements is Essential to Address Key Actions
U.S. GAO report (GAO-24-106343) addresses the implementation of Executive Order 14028, aimed at enhancing federal cybersecurity. Issued in 2021, the order outlines 55 leadership and oversight requirements to safeguard federal IT systems against cyberattacks. Key agencies, including the DHS's Cybersecurity and Infrastructure Security Agency, the National Institute of Standards and Technology, and the Office of Management and Budget, are responsible for these implementations. As of March 2024, 49 out of 55 requirements have been fully met. The GAO recommends further actions to complete all requirements, ensuring comprehensive protection of federal systems and data.
Cybersecurity: Improvements Needed in Addressing Risks to Operational Technology
The U.S. Government Accountability Office (GAO) report, published on March 7, 2024, addresses the cybersecurity risks to operational technology (OT) systems, which are crucial for controlling processes and production in critical infrastructure, such as oil pipelines. The report highlights the significant threat cyberattacks pose to these systems. It evaluates the Cybersecurity and Infrastructure Security Agency's (CISA) efforts in providing technical assistance to critical infrastructure owners and operators to mitigate these risks. Despite some positive feedback, challenges persist, including insufficient staffing with the necessary skills at CISA and delays in addressing reported vulnerabilities. The GAO recommends that CISA improve its workforce planning and customer service measurement to better address OT cybersecurity risks. Additionally, the report identifies challenges in collaboration between CISA and other agencies, noting that CISA has not fully adopted leading collaboration practices. To enhance its support for OT cybersecurity, the GAO makes four recommendations aimed at improving CISA's products, services, and collaboration efforts. The Department of Homeland Security (DHS) has concurred with these recommendations and outlined plans for their implementation.
Cybersecurity: National Cyber Director Needs to Take Additional Actions to Implement an Effective Strategy
This U.S. Government Accountability Office (GAO) report, evaluates the National Cybersecurity Strategy and its implementation plan, led by the Office of the National Cyber Director (ONCD). The strategy aims to protect federal information systems and the nation's critical infrastructure against cyberattacks. While the strategy and plan establish a solid foundation, the GAO identifies gaps in detailing how to consistently and effectively implement the strategy across the government. The report highlights the need for the ONCD to incorporate more specific performance measures and estimate implementation costs to enhance the strategy's execution. The strategy and plan address four of six desirable characteristics identified by the GAO but only partially meet the remaining two. The gaps include a lack of outcome-oriented performance measures and detailed resource and cost estimates for implementation initiatives. The GAO emphasizes that addressing these shortcomings is crucial for understanding plan outcomes and managing the funding of activities effectively. The report concludes with two recommendations for the ONCD: to develop outcome-oriented performance measures and to estimate the costs of implementation activities. While the ONCD agrees with the first recommendation, it disagrees with the second, highlighting a divergence in views on the strategy's execution.
De-Risking Government Technology 2.0 Guide
The De-risking Government Technology Guide 2.0 offers 18F’s expertise on lowering the risk of project failure at any stage, from budgeting to post award. This is the first update since the guide was published in 2020.
Department Of Homeland Security Artificial Intelligence Roadmap 2024
The Department of Homeland Security (DHS) is actively incorporating artificial intelligence (AI) into its operations to enhance national security and efficiency across various domains. AI's role in DHS's mission has expanded significantly, with the department leveraging this technology for over a decade. Initially, AI was used for tasks requiring human intelligence, but it now includes systems capable of reasoning, inference, and learning. The sophistication of AI systems has notably increased, especially in recent years, making them more accessible through internet-based interfaces and integrated software. DHS's AI applications span across border security, cybersecurity, immigration, trade, transportation safety, and workforce productivity. The department has been pioneering in using machine learning (ML) technologies since 2015, starting with identity verification tasks. Currently, DHS has documented 41 different AI use cases, with plans to expand this inventory as AI usage grows.
DHS Briefing on the AI Executive Order
The Department of Homeland Security (DHS) has been leveraging artificial intelligence (AI) to enhance various mission areas for several years, witnessing the transformative impact of this technology daily. From the application of machine learning models in customs and border protection, which intelligently predict the need for additional inspections among the myriad vehicles, passengers, and cargo shipments crossing borders each day, to the strategic allocation of inspection resources by Homeland Security Investigations, AI's role is profound and multi-faceted. Recognizing the potential of AI, the Department has intensified its commitment to integrating this technology throughout its operations responsibly. In a significant move to consolidate these efforts, Secretary Mayorkas, in April, inaugurated the Department's Artificial Intelligence Task Force under the leadership of the Secretary for Science and Technology. The commitment was further solidified in September with the appointment of Eric Hysen as the Department's inaugural Chief AI Officer. This strategic positioning marks a pivotal step in propelling the Department's endeavors in the realm of AI, ensuring a focused and robust integration of AI technologies in enhancing national security and operational efficiency.
Digital Experience: Agency Compliance with Statutory Requirements
Public-facing federal websites should be user-friendly. To achieve this, the 21st Century Integrated Digital Experience Act requires federal agencies to ensure their websites meet 8 modernization requirements. For example, websites should be accessible, mobile-friendly, and searchable. How did agencies do in 2023? We looked at 24 large agencies that provide high-impact services through their websites. About a third of them reported making progress on all the requirements. The rest either reported progress on some requirements, none, or didn't submit reports.
Digital Identity Guidelines
This publication presents the process and technical requirements for meeting the digital identity management assurance levels specified in each volume. They also provide considerations for enhancing privacy, equity, and usability of digital identity solutions and technology.
Dual-Use Foundation Models with Widely Available Model Weights Report
On October 30, 2023, President Biden signed an executive order focused on the safe and trustworthy development of AI. It directs the Secretary of Commerce, through NTIA, to gather feedback from various stakeholders on the risks, benefits, and regulatory approaches for dual-use AI models with widely available weights. NTIA released a Request for Comment in February 2024 and hosted public events to collect input. The findings were compiled into a report for the President, offering policy and regulatory recommendations.
Energy Act of 2020 IT Sustainability Best Practice Guide
In 2021, President Biden's Executive Order 14057 positioned the Federal Government as a sustainability leader, aiming to significantly reduce U.S. greenhouse gas emissions by 2030 and achieve net-zero emissions procurement by 2050. The accompanying Federal Sustainability Plan outlines strategies in key areas like electricity, vehicles, and infrastructure to meet these targets. To support these goals, the Energy Act of 2020 mandated the Federal Chief Information Officers (CIO) Council to develop sustainable practices for IT management. The IT Sustainability Best Practices Guide, aligned with EO 14057, provides comprehensive recommendations to integrate IT modernization with sustainability efforts. This guide, informed by industry research and expert insights from the OMB, CIO Council, and General Services Administration (GSA), offers federal agencies a roadmap to enhance IT sustainability, contributing significantly to the broader sustainability objectives of the Federal Government. The implementation of these practices ensures a unified and cost-effective approach to IT sustainability across federal agencies, reinforcing the U.S.'s commitment to global sustainability leadership.
Fact Sheet: Biden-Harris Administration Announces Commitments from Across Technology Ecosystem including Nearly $100 Million to Advance Public Interest Technology
The Biden-Harris Administration has announced nearly $100 million in commitments from various technology sectors to advance public interest technology. Key initiatives include $48 million from the National Science Foundation for research and learning opportunities, a $20 million investment from the Siegel Family Endowment, and substantial contributions from the Ford Foundation and other partners. These efforts aim to build a diverse, expert technology workforce, enhance ethical AI practices, and support inclusive, equitable technology development.
Fact Sheet: Biden-Harris Administration Announces Investment in Twelve Regional Technology Hubs, Creating Good-paying Jobs and Driving Economic Opportunity and Innovation in Communities Across the Country
The Biden-Harris Administration announced a $504 million investment in twelve Regional Technology and Innovation Hubs to spur job creation and economic growth in underinvested areas. These hubs, funded by the CHIPS and Science Act, will advance industries like semiconductors, clean energy, and biotechnology, fostering innovation and technological development across 14 states. The initiative aims to ensure economic opportunities in rural, Tribal, and disadvantaged communities, supporting President Biden’s Investing in America agenda and emphasizing a bottom-up approach to regional economic growth.
Fact Sheet: Biden-Harris Administration Announces Key AI Actions Following President Biden’s Landmark Executive Order
The Biden-Harris Administration has made significant strides in AI governance following President Biden's Executive Order. The White House AI Council, led by Deputy Chief of Staff Bruce Reed, reported the completion of all mandated 90-day actions, focusing on AI safety, security, and innovation. Key measures include enforcing disclosure requirements for AI developers, assessing AI risks in critical infrastructure, and monitoring foreign AI development. Initiatives like the National AI Research Resource pilot and the AI Talent Surge aim to foster AI innovation and expertise. Additionally, the EducateAI initiative and funding for NSF Engines promote AI education and regional innovation. These efforts collectively aim to position the U.S. as a leader in AI, balancing innovation with risk management and ethical considerations.
FACT SHEET: Biden-Harris Administration Announces New Better Contracting Initiative to Save Billions Annually
The BCI is a four-pronged initiative to ensure that the Federal Government is getting better terms and prices when purchasing goods and services. The BCI also ensures the Government is deliberate about who we buy it from, including small and disadvantaged businesses.
Fact Sheet: Circular A-137, Strategic Management of Acquisition Data and Information Summary
OMB Circular A-137 outlines a strategic approach to managing acquisition data and information, emphasizing the importance of accurate, timely, and comprehensive data to enhance decision-making and accountability. The circular mandates agencies to improve data governance, standardize data formats, and adopt modern data analytics tools. It also highlights the need for interagency collaboration and sharing best practices to achieve a more efficient and transparent acquisition process. The goal is to ensure that federal procurement decisions are informed by high-quality data, fostering better outcomes and greater public trust.
Fact Sheet: Key AI Accomplishments in the Year Since the Biden-Harris Administration’s Landmark Executive Order
One year ago, President Biden issued a landmark Executive Order to ensure that America leads the way in seizing the promise and managing the risks of artificial intelligence (AI). The Executive Order directed sweeping actions to manage AI’s safety and security risks, protect Americans’ privacy, advance equity and civil rights, stand up for consumers and workers, promote innovation and competition, advance American leadership around the world, and more. Today, the Biden-Harris Administration is announcing that Federal agencies have completed on schedule each action that the Executive Order tasked for this past year—more than one hundred in all. Below are some of the Administration’s most significant accomplishments on managing AI’s risks and seizing its promise in the year since President Biden signed his Executive Order.
FACT SHEET: President Biden Issues Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence
The Executive Order establishes new standards for AI safety and security, protects Americans’ privacy, advances equity and civil rights, stands up for consumers and workers, promotes innovation and competition, advances American leadership around the world, and more.
FACT SHEET: Two Years after the CHIPS and Science Act, Biden-Harris Administration Celebrates Historic Achievements in Bringing Semiconductor Supply Chains Home, Creating Jobs, Supporting Innovation, and Protecting National Security
Two years ago, President Biden signed into law the CHIPS and Science Act (CHIPS), aimed at reestablishing United States’ leadership in semiconductor manufacturing, shoring up global supply chains, and strengthening national and economic security. America invented the semiconductor, and used to produce nearly 40 percent of the world’s chips, but today, we produce only about 10 percent of global supply—and none of the most advanced chips. The CHIPS and Science Act aimed to change that by investing nearly $53 billion in U.S. semiconductor manufacturing, research and development, and workforce.
FACT SHEET: Vice President Harris Announces OMB Policy to Advance Governance, Innovation, and Risk Management in Federal Agencies’ Use of Artificial Intelligence
Vice President Kamala Harris announced the White House Office of Management and Budget (OMB)'s first government-wide policy to address the risks and harness the benefits of artificial intelligence (AI), fulfilling a key aspect of President Biden's Executive Order on AI. This policy mandates federal agencies to implement safeguards by December 1, 2024, for AI applications that could impact Americans' rights or safety, covering areas such as health, education, employment, and housing. These safeguards aim to ensure responsible AI use, including algorithmic fairness, transparency, and human oversight in critical decision-making processes. Additionally, the policy encourages federal agencies to consult with employee unions and adopt principles to mitigate AI's potential harms to workers. It also outlines measures for risk management in AI procurement, enhancing transparency in AI use, promoting responsible AI innovation, and expanding the AI workforce within the federal government. This initiative represents a significant step towards establishing the U.S. government as a global model for the safe and ethical use of AI.
Fact Sheet: White House Hosts: Classroom to Career Summit, Celebrates Successful Efforts to Expand High-Quality Career Pathways and Workforce Development Programs in Every Community
On November 13, 2024, President Joe Biden and First Lady Jill Biden hosted the: Classroom to Career Summit at the White House, bringing together approximately 200 education and workforce leaders. The event highlighted the Administration's progress in expanding career pathways to good-paying jobs in sectors like infrastructure, clean energy, and advanced manufacturing. President Biden announced that over $80 billion from the American Rescue Plan had been allocated to strengthen and expand the American workforce, supporting initiatives such as free community college programs, Registered Apprenticeships, and workforce development in critical industries.
Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) Plan
As the operational lead for federal cybersecurity, CISA uses the FOCAL Plan to guide coordinated support and services to agencies, drive progress on a targeted set of priorities, and align collective operational defense capabilities. The end result is reducing the risk to more than 100 FCEB agencies. CISA developed this plan in collaboration with FCEB agencies to provide standard, essential components of enterprise operational cybersecurity and align collective operational defense capabilities across the federal enterprise. The FOCAL Plan is not intended to provide a comprehensive or exhaustive list that an agency or CISA must accomplish. Rather, it is designed to focus resources on actions that substantively advance operational cybersecurity improvements and alignment goals.
Federal Software Licenses: Agencies Need to Take Action to Achieve Additional Savings
Annually, the U.S. federal government allocates over $100 billion to IT and cybersecurity initiatives, a significant portion of which is dedicated to acquiring software licenses. With thousands of these licenses procured from various vendors each year, the Government Accountability Office (GAO) was tasked to scrutinize the procurement of these software licenses by federal agencies. To achieve this, the GAO examined self-reported data from agencies under the Chief Financial Officers Act of 1990, focusing on their five most used and costliest software licenses. These were then ranked based on the frequency of specific vendors and products mentioned across the government. Furthermore, the GAO conducted a detailed review of nine agencies, chosen based on their IT budget sizes. This review involved comparing the agencies' most used licenses against established federal guidelines and conducting interviews with officials from all 24 agencies. As a result, the GAO has put forward 18 recommendations for nine agencies, urging them to meticulously track software license usage and align their inventories with the licenses purchased.
Federal Zero Trust Data Security Guide
This document was developed by the Zero Trust (ZT) Data Security Working Group in furtherance of its directive under the Office of Management and Budget (OMB) Memorandum M-22-09, Moving the U.S. Government Towards Zero Trust Cybersecurity Principles. The Working Group is a joint committee comprised of members from the Federal Chief Data Officer (CDO) Council and Chief Information Security Officer (CISO) Council, as well as other Federal stakeholders. OMB M-22-09 charges the Working Group with developing a guide for Federal agencies that addresses how existing Federal information categorization schemes can support effective data categorization in a security context. It also focuses on developing enterprise-specific data categories not addressed by existing Federal categories, identifying members to act as leads or designate leads within their agencies to convene a community of practice (CoP) for specific areas of focus, and supporting pilots of emerging approaches and best practices among agencies. This document is intended to assist agencies on their ZT journey as they continue to implement ZT principles year-to-year and across Administrations.
FedRAMP Modernization Overview
Provides an overview of the FedRAMP Modernization initiative, detailing the steps being taken to upgrade technology and processes to better meet the future needs of FedRAMP’s stakeholders. The modernization efforts are in response to legislation codifying FedRAMP and align with OMB budget’s draft memo on modernizing FedRAMP. The goal is to improve federal cloud cybersecurity by reducing the time, cost, and effort for initial assessments of commercial cloud service offerings (CSOs), improving customer experience, increasing the quality and accuracy of security artifacts through standardization, and refining the continuous monitoring program. Efforts are being made to evaluate and optimize security assessment and monitoring processes to reduce authorization timelines and costs. This includes addressing backlogs and streamlining the flow of security packages. The focus is on strengthening collaboration and engagement with the stakeholder community (agencies and commercial partners) to meet their needs and achieve program goals. The modernization efforts aim to make it easier for stakeholders to create, submit, and process assessment and continuous monitoring documentation.
FedRAMP's Emerging Technology Prioritization Framework - Overview and Request for Comment
The FedRAMP Emerging Technology Prioritization Framework, introduced in response to Executive Order 14110, aims to guide the safe and responsible development and use of AI within the federal government. This framework outlines how FedRAMP will prioritize Cloud Service Offerings (CSOs) that provide emerging technologies, starting with generative AI, to enhance federal agencies' mission effectiveness. The initial focus will be on large language models (LLMs) for chat interfaces, code-generation tools, and prompt-based image generators. The framework integrates into existing FedRAMP authorization processes without adding new pathways, maintaining rigorous standards. The General Services Administration (GSA) seeks public feedback on the draft to ensure it meets stakeholder needs and aligns with the executive order's goals.
FedRAMP's Role In The AI Executive Order
Discusses the FedRAMP's role in implementing the Executive Order (EO) on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI), issued by the White House on October 30, 2023. The EO aims to support a wide range of activities across the federal government, focusing on the safe, secure, and trustworthy development and use of AI. FedRAMP is tasked with establishing strategies for authorizing emerging technologies, particularly cloud-based AI-related products. This is to ensure that agencies have the necessary tools to serve the public more effectively. The organization is working closely with stakeholders from both the commercial and federal sectors. It is also coordinating with the FedRAMP Board, the Office of Management & Budget, the National Institute of Standards and Technology, and the Federal Secure Cloud Advisory Committee to create and agree on an authorization strategy for emerging technologies.
FinOps - Agency Case Study: U.S. Army - CAMO
In 2019, the U.S. Army stood up the EnterpriseCloudManagementAgency (ECMA) to kickstart cloud migration. ECMA identified and satisfied the requirement for a prototype process to help the Army effectively plan, budget, and consume commercial cloud services. In March 2021, ECMA awarded the CloudAccount ManagementOptimization (CAMO) Agreement to begin the Army’s cloud journey by providing Cloud Service Provider (CSP) reselling services to the Army. CAMO was initiated as an Other Transaction Authority (OTA) to experiment with industry partners to bring multi-cloud products and services to the Army with best possible pricing and without excessive toil by the customer. CAMO demonstrates the value of an enterprise solution which incentivizes appropriate behaviors, provides tangible value to the user base and Army, creates visibility of utilization and investments, and creates long term cost avoidance when compared to alternatives.
FinOps Assessment Tool
This tool allows the user to evaluate their cloud cost management maturity against the standard FinOps domains. This utility provides both a current state and future state assessment.
FinOps Best Practices
Delves into the operational model and management of unused or underutilized resources.
FinOps Cloud Cost Reporting Template
This tool can read multiple months of Azure billing data and generate spend trend reports.
FinOps ForeCast Spreadsheet
This tool can help forecast 24 months of future spend with only 6 months of data. It also can show savings plan discount coverage.
FinOps Optimization through discounts
A document that describes savings available from vendor savings plans, reserved instances and consolidated billing.
Fiscal Year 2024 Guidance on Federal Information Security and Privacy Management Requirements
The Department of Homeland Security (DHS) has been leveraging artificial intelligence (AI) to enhance various mission areas for several years, witnessing the transformative impact of this technology daily. From the application of machine learning models in customs and border protection, which intelligently predict the need for additional inspections among the myriad vehicles, passengers, and cargo shipments crossing borders each day, to the strategic allocation of inspection resources by Homeland Security Investigations, AI's role is profound and multi-faceted. Recognizing the potential of AI, the Department has intensified its commitment to integrating this technology throughout its operations responsibly. In a significant move to consolidate these efforts, Secretary Mayorkas, in April 2023, inaugurated the Department's Artificial Intelligence Task Force under the leadership of the Secretary for Science and Technology. The commitment was further solidified in September 2023 with the appointment of Eric Hysen as the Department's inaugural Chief AI Officer. This strategic positioning marks a pivotal step in propelling the Department's endeavors in the realm of AI, ensuring a focused and robust integration of AI technologies in enhancing national security and operational efficiency.
Frequently Asked Questions for Contractors
The IT Governmentwide Category, under the principles of Category Management (CM), engages in activities to increase small business utilization across the Federal Government. These activities raise awareness of and support contract improvements and opportunities via the IT Best-In-Class (BIC) contract solutions and how they benefit small businesses. This FAQ is intended to assist small businesses with finding contracting opportunities with the IT BIC vehicles and increase the number of small businesses in the federal IT marketplace.
Frequently Asked Questions for IT BIC Solution Owners
The IT Governmentwide Category, under the principles of Category Management (CM), engages in activities to increase small business utilization across the Federal Government. These activities raise awareness of and support contract improvements and opportunities via the IT Best-In-Class (BIC) contract solutions that benefit small businesses to the acquisition workforce. CM has a role in promoting small business utilization through the following OMB Policy Memos: Increasing the number of new and recent entrants (M-22-03); Increasing the Share of Contract Dollars Awarded to Small Disadvantaged Businesses for Fiscal Year (FY) 2024 and in Subsequent FYs (M-24-01)and Increasing Small Business Participation on Multiple-Award Contracts (OMB Memo 1/25/24).
GSA - OEM and VAR Vendor Assessment Initiative - Market Research RFI Only
The ITVMO is conducting research as part of an assessment of the challenges OEMs, VARs, and Agencies face in using small business VARs and the development of guidance and recommendations on how to increase the number and utilization of small and SDB business VARs in the federal IT marketplace.
Hi-Def Initiative
The Hi-Def Initiative is a government-wide effort to promote Hi-Definition (Hi-Def) acquisitions by enabling agencies to leverage government-wide acquisition data that is relevant, easily accessed, and available at the time of need. This will help agencies more efficiently and effectively acquire products and services as well as gain key acquisition insights.
Highlights of the 2023 Executive Order on Artificial Intelligence for Congress
On October 30, 2023, the Biden Administration issued Executive Order 14110 to promote the safe, secure, and trustworthy development and use of Artificial Intelligence (AI). This government-wide initiative involves over 50 federal agencies undertaking 100+ actions within eight key policy areas: Safety and Security: Establishing processes to mitigate AI-related risks in biosecurity, cybersecurity, national security, and critical infrastructure. Innovation and Competition: Encouraging AI talent in the U.S., addressing new intellectual property issues, protecting creators, and fostering innovation, especially in startups and small businesses. Worker Support: Addressing workforce disruptions due to AI, with agencies researching and proposing solutions. Federal Use of AI: Mandating the Office of Management and Budget (OMB) to lead an interagency council for AI governance in federal agencies, promoting GenAI tool adoption with safeguards, and enhancing federal AI workforce capacity. International Leadership: Aiming for U.S. global leadership in AI by collaborating with international allies, leading in AI regulatory and accountability standards, and promoting responsible global technical standards.
Implementation of Executive Order Requirements Is Essential to Address Key Actions
Federal IT systems are intricate, diverse, and dispersed across locations, complicating their security management. For over 25 years, the Government Accountability Office (GAO) has highlighted information security as a high-risk area for government operations, expanding its focus to include critical infrastructure protection and privacy of personal data. In 2021, the President issued Executive Order 14028 to bolster the government's cybersecurity response. The Federal Information Security Modernization Act (FISMA) mandates periodic reports to Congress on federal cybersecurity practices. A recent GAO report assessed federal agencies’ adherence to the executive order’s cybersecurity leadership and oversight requirements, identifying significant areas of progress and ongoing challenges. The analysis involved reviewing 55 specific leadership and oversight directives, evaluating their implementation, and discussing cybersecurity strategies with federal chief information security officers to identify critical areas needing attention.
Increasing Small Business Participation on Multiple-Award Contracts
Details new policies to boost small business participation in government procurement through Multiple Award Contracts (MACs) and Category Management Acquisition Tools (CATs). This initiative aims to ensure small businesses have fair access to federal contracting opportunities, promoting economic diversity and enhancing competition within federal acquisitions. It outlines specific steps to implement these changes, reflecting a commitment to economic inclusivity and the growth of small enterprises within the national economy.
Increasing Small Business Subcontracting Participation in the Federal Marketplace
Building supply chain resilience in the federal marketplace requires agencies to work aggressively with their prime contractors to promote meaningful small business subcontracting opportunities. Subcontracting is the primary gateway into the federal marketplace – helping companies to become acclimated to federal missions and buying practices, and agencies to become familiar with the talents of small businesses that perform important functions within supply chains and may wish to compete as prime contractors in the future.
Internet of Things: Federal Actions Needed to Address Legislative Requirements
The Internet of Things (IoT) generally refers to the technology and devices that allow for the connection and interaction of devices throughout such places as buildings, vehicles, and the transportation infrastructure. The National Institute of Standards and Technology (NIST) and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency have issued guidance for securely procuring IoT. For example, NIST has issued cybersecurity guidance for agencies to use in mitigating risk with the acquisition, procurement, and use of IoT at all stages of a system's life cycle.
Leading The Way in a Complex Industry with Kyra Stewart
ITVMO Program Manager KyraStewart talks with the IMPACT podcast about leveraging her passion for process improvement to help drive impactful, whole-of-government change.
M-24-10 Memorandum For The Heads Of Executive Departments And Agencies
The memorandum from the Office of Management and Budget (OMB), titled: Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence (AI), outlines the U.S. government's approach to harnessing AI's potential while addressing its risks. Issued on March 28, 2024, it aligns with the AI in Government Act of 2020, the Advancing American AI Act, and Executive Order 14110, emphasizing the need for responsible AI use within federal agencies. Key directives include the establishment of AI governance frameworks, the appointment of Chief AI Officers (CAIOs) within 60 days, and the development of agency-specific AI strategies. Agencies are tasked with managing AI risks, especially those impacting public rights and safety, through minimum risk management practices. Additionally, the memo encourages the sharing and reuse of AI models, code, and data to foster innovation, while also addressing the challenges posed by generative AI. This governance initiative aims to ensure that AI technologies are used in a manner that is safe, secure, and trustworthy, reflecting a commitment to both innovation and ethical responsibility.
Memorandum on Advancing the United States’ Leadership in Artificial Intelligence
This memorandum fulfills the directive set forth in subsection 4.8 of Executive Order 14110 of October 30, 2023 (Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence). This memorandum provides further direction on appropriately harnessing artificial intelligence (AI) models and AI-enabled technologies in the United States Government, especially in the context of national security systems (NSS), while protecting human rights, civil rights, civil liberties, privacy, and safety in AI-enabled national security activities. A classified annex to this memorandum addresses additional sensitive national security issues, including countering adversary use of AI that poses risks to United States national security.
Modernization - Automating FedRAMP's Technology
Discusses the ongoing efforts by FedRAMP to modernize its technology through automation and stakeholder engagement. Stakeholder Engagement: FedRAMP continues to emphasize the importance of ongoing dialogue and engagement with stakeholders to leverage their experience and expertise. This is aimed at informing and revising the modernization strategy to ensure it meets the needs for an automated FedRAMP. Agency stakeholders will be able to review the cybersecurity posture of cloud service offerings (CSOs) on demand via dashboards to continuously monitor and evaluate risk to their own agency, improving threat and risk awareness. FedRAMP also invites stakeholders to join their monthly Office Hours session to discuss technology modernization priorities. Attendees are encouraged to come prepared with questions and to submit them ahead of time.
Modernizing the Federal Risk and Authorization Management Program (FedRAMP)
The purpose of the FedRAMP program is to increase Federal agencies’ adoption and secure use of the commercial cloud, by providing a standardized, reusable approach to security assessments and authorizations for cloud computing products and services. Through centralization, FedRAMP reduces duplicative authorization activities, allowing CSPs to deliver and agencies to adopt secure cloud services more efficiently. Focusing FedRAMP on the highest value work, as outlined in this guidance, will support broader efforts to reduce the nation’s cybersecurity risks, contributing to a more stable technology ecosystem by incentivizing CSPs to make security improvements that protect all of their Federal Government customers. The goal of this guidance is to strengthen and enhance the FedRAMP program. FedRAMP has provided significant value to date, but the program must change to meet the needs of Federal agencies and the evolving cloud marketplace. The FedRAMP Marketplace must scale dramatically to enable Federal agencies to work with many thousands of different cloud-based services that accelerate key agency operations while allowing agencies to reduce the footprint of the information technology (IT) infrastructure that they directly manage.
NIST AI Fact Sheet
The National Institute of Standards and Technology (NIST) is dedicated to fostering confidence in the creation, deployment, management, and use of Artificial Intelligence (AI) technologies and systems. This commitment aims to bolster economic security and enhance the quality of life. NIST's efforts are centered on advancing measurement science, technology, standards, and associated tools, including assessment and data. The agency's direction in AI is shaped by its legal mandates, directives from Presidential Executive Orders, and the requirements voiced by the U.S. industry, other federal entities, and the international AI research community.
NIST AI RMF Playbook
The AI Risk Management Framework (AI RMF) is designed for voluntary adoption with the aim of enhancing the capacity to integrate trustworthiness factors into the creation, advancement, application, and assessment of AI products, services, and systems. As a collaborative reference, the AI RMF Playbook was formulated through an open, transparent, and multidisciplinary approach, spanning an 18-month period of development. This endeavor was conducted in cooperation with over 240 participating entities hailing from private industry, academia, civil society, and government. Valuable feedback received throughout the AI RMF's development phase is openly accessible on the NIST website for public commentary. The Playbook is also availible to all through the NIST website.
NSA Publishes Guidance for Strengthening AI System Security
The NSA has released new cybersecurity guidance to enhance the security of AI systems, particularly for National Security System owners and Defense Industrial Base companies. This guidance, developed by the NSA's Artificial Intelligence Security Center in collaboration with multiple international cybersecurity agencies, addresses various security aspects of AI systems, such as data security and model integrity. The initiative also aims to foster international cooperation on AI security standards and practices, to protect against and respond to potential cyber threats.
Office of Personnel Management FinOps – Agency Case Study
The United States Office of Personnel Management (OPM) established a FinOps program in 2021 with the existing CCOE (Cloud Center of Excellence) dedicated to maturing OPM’s cloud management activities and aligning them to the FinOps Foundation maturity model. The mission of the FinOps team is tied directly to OPM’s Cloud First strategy and helped establish a cross-functional team responsible for ensuring more financial control and predictability. OPM has embraced FinOps and is a thought leader with the FinOps Foundation. OPM is a member of the FinOps Foundation Governing Board and has led the public sector working group along with other government employees and industry professionals. The group is tasked with developing processes and procedures to help government agencies implement FinOps.
OMB Circulars
Instructions or information issued by OMB to Federal agencies. These are expected to have a continuing effect of two years or more. To obtain circulars that are not available on-line, please call the Office of Management and Budget’s information line at (202) 395-3080.
OMB Releases Digital Accessibility Guidance to Ensure All Americans Have Ability to Access Critical Government Resources
The White House's Office of Management and Budget has released new digital accessibility guidance to ensure all Americans, including those with disabilities, can access critical government resources. This initiative is a response to the fact that nearly half of the most popular federal government websites were not fully accessible. The guidance includes testing electronic content for accessibility before publishing, establishing digital accessibility programs and policies, ensuring procurement of accessible products and services, regularly monitoring and remediating accessibility issues, and promoting a culture of digital accessibility within agencies. This comprehensive approach aims to provide universally accessible digital experiences to the public.
OMB Releases Implementation Guidance Following President Biden’s Executive Order on Artificial Intelligence
The Office of Management and Budget (OMB) is releasing for comment a new draft policy on Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence. This guidance would establish AI governance structures in federal agencies, advance responsible AI innovation, increase transparency, protect federal workers, and manage risks from government uses of AI.
Pilot for Artificial Intelligence Enabled Vulnerability Detection
The Cybersecurity and Infrastructure Security Agency (CISA) conducted a pilot program to evaluate the effectiveness of AI-enabled tools for vulnerability detection in federal networks. The pilot found that AI is best used to enhance, not replace, existing detection tools, though it requires significant time for analysts to adapt. Some AI tools were found to be unpredictable and challenging to troubleshoot. CISA will continue monitoring and testing AI tools to ensure their detection capabilities remain cutting-edge.
Protecting Privacy When Federal Agencies Use Commercially Available Information
As Federal agencies increasingly use artificial intelligence (AI) in executing their various missions, how they collect, use, and maintain the information that powers that technology merits renewed attention. Along with the potential benefits of using such technology, there are potential risks. Executive Order 14110, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, recognized “privacy risks potentially exacerbated by AI—including by AI’s facilitation of the collection or use of information about individuals” as one of these potential risks, and it tasked the Office of Management and Budget (OMB) with taking certain steps to mitigate them.
Readout of White House Meeting Convening Global Leaders on Delivering a Secure Digital Government Experience
The White House recently convened global leaders to discuss enhancing digital government services. This meeting, involving officials from OMB, NSC, and various federal agencies, focused on sharing best practices and fostering international collaboration for digital transformation. Key discussions included responsible AI usage, equitable and secure service delivery, and the integration of technology in public services. This inaugural event underscored a commitment to leveraging global expertise to improve government operations and service delivery.
Responsible AI Toolkit
The Responsible AI (RAI) Toolkit, developed by the Chief Digital and Artificial Intelligence Office (CDAO), is designed to align AI projects with the Department of Defense's (DoD) AI Ethical Principles and best practices. It offers a user-friendly interface for navigating through AI product life cycles, incorporating tailorable assessments, tools, and artifacts. The Toolkit, based on principles like modularity, alignment with the RASCI matrix, and holistic approach, integrates the DoD AI Ethical Principles, providing resources for AI system evaluation and improvement. It also includes a list of tools for risk mitigation and development support. The SHIELD assessment, central to the Toolkit, guides users in risk identification and management. The Toolkit, considered a living document, is set to evolve with new capabilities and improvements over time.
Secure Cloud Business Applications (SCuBA) Project
The Secure Cloud Business Applications (SCuBA) project, initiated by the Cybersecurity & Infrastructure Security Agency (CISA), aims to bolster the security of cloud business applications and protect federal information within these environments. SCuBA focuses on providing guidance and capabilities to secure cloud environments used by Federal Civilian Executive Branch (FCEB) agencies, ensuring consistent, modern, and manageable security configurations. CISA actively seeks public feedback to refine these frameworks and ensure they effectively address cybersecurity and visibility gaps in cloud-based business applications.
Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain Risk Management (C-SCRM) Lifecycle
The Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain Risk Management (C-SCRM) Lifecycle product was developed in response to the core challenges of software assurance and cybersecurity transparency in the acquisition process, focusing primarily on software lifecycle activities. The Software Acquisition Guide focuses on the Secure by Demand elements by providing recommendations for agency personnel, including mission owners and contracting staff or requirements office to engage in more relevant discussions with their enterprise risk owners (such as CIOs and CISOs) and candidate suppliers such that better, risk-informed decisions can be made associated with acquisition and procurement of software and cyber-physical products.
Strengthening Federal Agency Procurement Forecasts
The Office of Management and Budget (OMB) continues to work closely with agencies to buy as an organized entity to get better contract outcomes and to improve the resilience of the federal marketplace. Better procurement forecasts are an important part of constructive engagement with industry that helps contribute to effective, responsible, and efficient execution of federal procurements. Consistent with these goals, this guidance provides direction to strengthen procurement forecasts by improving the quality of forecast content, the timeliness of forecast information, and vendor access to agency forecast information through a centralized point that is phased in over the next 18 months. These priorities have been informed by a public crowdsourcing campaign conducted by the Office of Federal Procurement Policy (OFPP) that engaged hundreds of small and large businesses across the country in a collaborative exercise to better understand vendor needs.
Tech Trends 2025
The promised potential of AI and quantum technologies has been touted for decades, but the actualization of those promises has never been closer than it is now. The transformative capabilities of these exponential technologies are becoming more real each day – early understanding and adoption of these technologies is key for mature IT organizations forging future strategies. In this year’s Tech Trends report, we examine three trends in simulated futures with new possibilities and three trends in knowledge assurance that must be considered to mitigate risks.
The Biden-Harris Administration Launches the Federal Program Inventory to Make Federal Spending More Transparent and Accessible
The Biden-Harris Administration, through the Office of Management and Budget (OMB), has launched the Federal Program Inventory (FPI), a new tool aimed at enhancing transparency and accessibility of federal spending. The FPI is a comprehensive, searchable database that provides detailed information on federal programs offering grants, loans, or direct payments to various beneficiaries, including individuals, governments, firms, and organizations. This initiative is part of the administration's commitment to improve government transparency and ensure the effective use of taxpayer funds, fulfilling Congressional mandates for public access to a federal program inventory. The FPI allows users to explore federal programs based on objectives, eligibility, and spending data. It offers a customizable search feature to filter programs by categories, agencies, assistance types, and applicant eligibility, covering over 100 sub-categories. Leveraging data from SAM.gov and USASpending.gov, the FPI facilitates easy access to program-specific spending details, award recipients, and grant opportunities. OMB invites feedback on the FPI to enhance its functionality in future releases, marking a significant step towards a more transparent, equitable, and accountable government.
The Dos and Don’ts of Artificial Intelligence Procurement
Governments across the U.S. are powered by information technology and increasingly dependent on cutting-edge commercial technologies that enhance government efficiency and public service. With the rapid pace of innovation, government procurement processes must evolve. While the government has a diverse set of tools in place for purchasing commercial technology, emerging technologies — such as artificial intelligence (AI) — will require the right blend of traditional and non-traditional procurement strategies.
The NIST Cybersecurity Framework (CSF) 2.0
The Cybersecurity Framework (CSF) 2.0 is crafted to assist entities across various sectors—industry, government, academia, and nonprofits—in managing and mitigating cybersecurity risks, irrespective of their cybersecurity program's maturity or technical sophistication. It acknowledges the diversity of organizations' risks, risk appetites, missions, and objectives, advocating for a tailored implementation rather than a one-size-fits-all solution. The CSF aims to integrate cybersecurity risk management with other organizational risks such as financial, privacy, and supply chain risks. It outlines broad, sector-agnostic outcomes to guide executives and practitioners alike, offering flexibility to address unique organizational needs. This latest version, CSF 2.0, introduces enhancements focusing on governance, supply chains, and accessibility for smaller organizations, complemented by Implementation Examples and Informative References available online. This framework encourages organizations to evaluate their cybersecurity stance contextually and adapt the CSF accordingly, facilitating a more efficient assessment and implementation of security controls.
The Top 10 Things Federal Technology Leaders Should Know About OMB’s Draft AI Policy
The U.S. Chief Information Officers Council's guidance on OMB’s Draft AI Policy outlines the top ten aspects federal technology leaders should be aware of regarding this policy. The policy emphasizes responsible AI use in government, with a focus on enhancing services and promoting equity. It introduces the role of Chief AI Officers for AI governance and risk management, mandates AI Governance Boards in CFO Act agencies, and stipulates AI risk management requirements for safety- or rights-impacting AI uses. The policy also addresses the integration of AI risk management into existing processes and highlights the importance of managing generative AI use. Additionally, the policy will apply to federal contractors, and further guidance is anticipated. The final policy is under development with public and interagency input.
United States Coast Guard FinOps – Agency Case Study
The US Coast Guard (USCG) spent the last year standing up a cloud financial management program to support its multi-cloud environment, which includes Amazon Web Services (AWS) and Microsoft Azure. To best manage this cloud environment, the USCG set up a Cloud Center of Excellence (CCoE) to meet the demands and needs required for mission execution. The CCoE began working with the Army Cloud Account Management Optimization (CAMO) team to procure cloud services under their umbrella contract vehicle. Through this relationship, the USCG was introduced to cloud cost management concepts, the FinOps framework, and the Army’s cloud tracking software, which helps identify optimization opportunities.
White House Roundtable on Protecting Our Nation’s Data and Networks from Future Cybersecurity Threats
In January, the White House hosted a roundtable with leaders from government, industry, and academia to address the challenges and opportunities presented by quantum computing, as outlined in National Security Memorandum 10 (NSM-10) and the Quantum Computing Cybersecurity Preparedness Act of 2022. The discussion focused on the potential of quantum computers to significantly advance processing capabilities, while also posing risks to encryption and cybersecurity. Officials emphasized the importance of strong encryption and the implementation of zero trust defenses to protect critical government services and infrastructure. The roundtable highlighted the need for a whole-of-government approach to maintain a competitive edge in quantum computing and ensure the nation's cyber defenses remain resilient against the emerging threats posed by quantum capabilities. Collaboration with stakeholders from industry and academia was deemed essential for informing migration efforts to post-quantum cryptography (PQC), consistent with legislative and policy directives.
Don’t see what you’re looking for?
We are constantly updating our resources but if you can’t find what you’re
looking for or would like to work with us on developing artifacts, white
papers, templates, or other resources, please reach out to us by email at
itvmo@gsa.gov.