Position Paper: US Government’s Cybersecurity Procurement

I am asking that Congress instruct the General Services Administration (GSA) to develop procurement codes under Schedule 70 specifically for the purchase of Cybersecurity hardware and software products.

 

Here’s why:

Presidents Clinton, Bush, Obama and Trump all claimed that cyber-attacks are our nation’s greatest threat. In response, they all signed executive orders requiring government agencies and departments to beef up cybersecurity. These orders mandate that all agencies use the cybersecurity standards established by NIST. While NIST has defined cybersecurity best practices and requirements, they DO NOT define specific products that satisfy those requirements. Agencies, especially the smaller ones, are having difficulties procuring the equipment to meet those standards. Hackers target these vulnerable agencies to penetrate other agency’s databases. That is why cybersecurity procurement codes are essential to secure our nation’s data.

Agencies are struggling to FIND appropriate products. Because the GSA lacks Cybersecurity SIC and NAICS Procurement Codes, agencies must go through the expensive and time consuming process of writing RFIs, RFPs, and RFQs. Small to Medium Sized businesses (SMBs) have a hard time participating in that process because of the time and cost to participate. Without SMBs participating, government agencies pay more for older technology from the large “Prime” suppliers. They also fail to fulfill the Government’s mandate of awarding contracts to SMBs.

 

National Security Requires Better Procurement Codes:

Schedule 70 (GSA) needs to incorporate sub-procurement categories for cybersecurity specific hardware and software from which agencies can easily find and purchase what they need. Currently, cybersecurity companies list their products and services under categories barely related to cybersecurity.

For example:

  • 561621 – Security Systems Services (here is where you buy bugler alarms, fire alarms, and monitoring services).
  • 334118 – Computer Terminal and other Computer Peripheral Equipment Manufacturing (here is where you can purchase a mouse, printer, display monitor, joy stick and ATM).
  • 541519 – Other Computer Related Services (here you buy computer disaster recovery and software installation service).
  • 511210 – Software Publishers (here is where you can purchase Application software packages, gaming software, programming languages, operating systems, and utility software).
  • 541513 – Computer System Design Services (here is where you buy computer system integration design consultants, LAN integration, and office automation computer systems integration design services)

This inefficient and confusing practice makes it extremely difficult for agencies and procurement specialists to find and implement cybersecurity, keeping them out of compliance with federal mandates. And worse… vulnerable to hackers!

Schedule 70 is so large that companies are easily lost in the crowd. The only way my company is found on the GSA is by placing keywords into our product descriptions with the hope that they match the search words a government procurement agent types. If they don’t use similar keywords, we don’t get found. It’s a hit or miss procurement process that virtually eliminates SMBs with the latest cutting edge products and services.

 

Who I am:

Dovell Bonnett is the founder and CEO of Access Smart, a California Certified Small Business, who has a GSA Schedule 70 Contract (#GS35F327BA) offering cybersecurity products that work with existing PIV, PIV-I, CIV and CAC credentials. Dovell is the author of Making Passwords Secure: Fixing the Weakest Link in Cybersecurity.

I’m passionate about securing passwords with technology! Passwords are not secured by silly tricks used to generate and remember them. Passwords are secured by using the same methods that secure encryption keys. Access Smart’s Power LogOn® uses the same technologies and best practices that secure keys to now secure passwords, at a fraction of the time, cost and management of certificate based systems.

I’d love to chat. You can reach me at (949) 218-8754 or dovell@access-smart.com