This directive has been cancelled by GSA directive, CIO 2160.1E on February 12, 2014.
GENERAL SERVICES ADMINISTRATION
Washington, DC 20405
September 2, 2010
GSA POLICY AND PROCEDURE
SUBJECT: GSA Information Technology (IT) Standards Profile
1. Purpose. To issue and revise GSA policy on the acquisition, delivery, and use of authorized information technology (IT) products and services.
2. Cancellation. CIO 2160.1C GSA Information Technology (IT) Standards Profile, dated July 12, 2000, is cancelled.
3. Nature of the revision. To update, streamline, and integrate the GSA IT standards management process with the overall IT governance process; to provide web-based accessibility via ea.gsa.gov to the GSA IT standards previously referred to as “the bricks,” and available only via PowerPoint slides.
4. Applicability. This order is applicable to GSA services, staff offices, regions, employees, and contractors or other third parties using IT in the conduct of GSA business. IT includes all data, systems, applications, technical standards, services, and/or products supporting GSA business activities, including pilot projects.
5. Objective. To establish agency-wide IT standards and principles that meet GSA business needs and promote best management practices for integration, interoperability, and resource sharing within GSA.
6. Background. GSA Order CIO 2110.2 requires GSA’s technology architecture to be based on approved technologies contained in the GSA IT Standards Profile. Accordingly, the GSA Chief Information Officer (CIO) aligned the IT standards management process with the Agency IT Governance process. Each IT governance committee is assigned appropriate oversight responsibility for changes to IT standards. In 2009, GSA Order CIO 2130 included oversight of the GSA IT Standards as part of the responsibility of the newly established Enterprise Architecture Committee under the IT Executive Council.
7. Policy. GSA has established an IT standards process to promote the principles of security, performance, innovation, interoperability, efficiency, resource sharing, and sustainability. The GSA IT Standards identify the IT approved for use within the Agency. The GSA IT Standards Profile, formerly referred to as “the bricks,” is located at ea.gsa.gov, the authoritative source for approved IT standards for use within GSA.
a. Oversight. The GSA Office of the Chief Information Officer (OCIO) manages the GSA IT standards process through its oversight of the IT governance process.
The GSA OCIO, through the IT governance oversight process, is the only authorized organization to process requests for—and grant exceptions to—the GSA IT Standards. IT standards management and change management processes, as summarized in Figure 1, are established by the CIO to ensure that proposed IT standards undergo appropriate business justification and technical assessments prior to their incorporation in the IT standards baseline.
Figure 1, IT Standards Execution and Change Management Process
b. Roles and Responsibilities.
(1) Office of the Chief Information Officer. OCIO is responsible for governing IT management; maintaining the content and technical platform that support the GSA IT Standards; providing training and promoting awareness of IT standards and the IT Standards process.
(2) Enterprise Architecture Committee (EARC). The EARC, headed by the Director, Office of Enterprise Management Services (IE), has authority over the GSA IT Standards. The EARC provides overall strategic direction.
(3) Information Technology Executive Committee (ITEC). The ITEC provides oversight for the IT governance process and the GSA technology architecture, including
oversight of the GSA IT Standards.
Figure 2. IT Standards Review Process
(4) Compliance. Information technologies will be used in the GSA IT environment only when approved by the GSA CIO or a delegated authority through the IT standards review processes, criteria, and conditions summarized in Figure 2, above and published on ea.gsa.gov.
(i) Before being considered as an IT standard, the requested IT must meet GSA’s security, legal, accessibility, and sustainability requirements using formal review processes. Products may be conditionally approved for use provided they meet the appropriate security, legal, and accessibility tests. Conditional use may be granted through the IT governance process.
(ii) The GSA Standard Desktop Image, agency-wide Blanket Purchase Agreements, and other operational lists of technologies must align with the GSA IT Standards. Information technologies require a GSA- approved “terms of service” agreement for use in GSA.
(iii) GSA program managers and contracting officials are responsible for including language requiring a determination of compliance to the GSA IT Standards in appropriate goods and services acquisition documents. Information Technologies acquired through any means – including but not limited to formal contract vehicles, credit cards, or open-source – must comply with the GSA IT Standards. IT services that are externally provided, such as by third parties, must be interoperable with the GSA IT Standards.
(iv) GSA functional managers are responsible for ensuring that their activities are compliant with the GSA IT Standards and this policy. Compliance with the GSA IT Standards is not intended to block innovation. Change management processes exist to promote GSA’s innovative use of Information Technology.
(5) Enforcement. Only those Information Technologies listed as a GSA IT standard or fitting within the scope of a conditional-use approval are authorized for use; those not listed or not fitting within the scope of conditional use are subject to removal.
a. The Clinger-Cohen Act of 1996 (Pub. L. 104-106, Division E)
b. Enterprise Architecture Committee Charter
c. GSA Enterprise Architecture Change and Configuration Management Plan (CCMP)
d. GSA Order CIO 2110.2, GSA Enterprise Architecture Policy
e. GSA Order CIO 2130, IT Governance Order
f. OMB Circular A-130, Management of Federal Information Resources
Chief Information Officer
Office of the Chief Information Officer