Zero Trust and GSA

How we can support your agency's zero trust journey

Zero trust is an approach to cybersecurity that goes beyond "trust but verify" and treats all networks and traffic as potential threats. A Zero Trust Architecture helps agencies build zero trust principles into industrial and enterprise infrastructure and workflows.

There is no single technology, product, or service that can achieve the goals of implementing a ZTA. A truly effective ZTA incorporates technologies that:

• Authenticate, monitor, and validate user identities and trustworthiness.
• Identify, monitor, and manage devices and other endpoints on a network.
• Control and manage access to and data flows within networks.
• Secure and accredit applications within a technology stack.
• Automate security monitoring and connect tools across information systems.
• Analyze user behavior and other data to observe real-time events and proactively orient network defenses.
• Support IPv4 and IPv6.

Each agency's journey and solution will be unique, and GSA is here to help. Our Zero Trust Buyer's Guide [PDF - 2 MB] helps agencies identify the contract vehicles that offer ZTA-related products and services.

Government resources

• Executive Order 14028 - "Improving the Nation's Cybersecurity" requires agencies to enhance cybersecurity and software supply chain integrity to ensure information technology (IT) and operational technology (OT) systems (whether cloud-based, on-premises or hybrid) are secure.
• Office of Management and Budget Memo M-22-09, "Moving the U.S. Government Toward Zero Trust Cybersecurity Principles" provides agencies further guidance to achieve specific zero trust security goals by the end of Fiscal Year (FY) 2024.
• National Institute of Standards and Technology Special Publication 800-207 contains cybersecurity measures and guidelines highlighting the ZTA core components.

Buying ZTA solutions

Ransomware attacks, remote working environments, and the transition to cloud networks have driven the need to protect data from internal and external threats. We have secure solutions to help you meet your mission and your security requirements.

Our Buyer's Guide [PDF - 2 MB] is your agency's roadmap to designing and deploying ZTA, and maps the components defined by NIST to the GSA solutions that help meet them. We offer a variety of ZTA solutions across contract vehicles.

Our Advanced Persistent Threat Buyer's Guide [PDF - 693 KB] is also available. As part of your ZTA journey, this informative guide helps organizations evaluate potential products and solutions that detect, respond to, and recover from APTs. It provides guidance on engaging capable, proven industry partners to minimize APTs and enhance the overall resilience of the Nation's cybersecurity posture.

Multiple Award Schedule

Buy on Schedule for commercial-off-the-shelf products and services. Options include:

• IT Security to help your agency enhance security, improve resilience, protect important information, and bring systems up to date.
• IT Hardware for one-off hardware purchases or as part of a total IT solution.
• IT Software for reduced cost and complexity when buying commercial software for your agency.

Governmentwide Acquisition Contracts

Buy on GWACs for savings per unit.

Enterprise Infrastructure Solutions

Buy on EIS for a comprehensive IT, telecommunications, and infrastructure solution.