GSA Looking for a Few Good Tools

Posted September 2nd, 2008 by

I like SmartBuy, I’ve talked about it before, it’s a software bulk-purchase program sponsored by GSA. The more types of software products they buy, the better for the people who need to depend on this stuff.

So I’m doing my usual beginning-of-the-week upcoming contracts perusal and something interesting caught my eye:  GSA is looking for “Situational Awareness and Incident Response” (SAIR) software to do a blanket purchase agreement for SmartBuy.

What they mean by SAIR (according to the pre-RFP information) is the following:

  • Baseline Configuration Management
  • Network Mapping
  • Vulnerability Management

Really, think something along the lines of FDCC/SCAP-aware tools to manage IT assets.  Not sure how the incident response piece fits in, but OK, I’ll go along with you here.  Makes sense if you stop and think about it–we have a FDCC mandate from OMB, and now we’re looking for the tools to help with it–I mentioned that FDCC without automation was futile almost 9000 years ago.

I know I have blog readers who make similar software, drop me a message if you need more details.

And for my daily dose of snarkiness:  it’s good to see how GSA has come such a long way in my life from being just the provider of skillcraft pens and simple green.  =)

Similar Posts:

Posted in FISMA, What Works | 5 Comments »

5 Responses

  1.  Andre Gironda Says:

    I take it that Rancid + Yum, GraphViz/dot, and OpenVAS are unacceptable answers?

    Fine. Check out
    your precious SCAP is on there.

  2.  rybolov Says:

    Hey Dre

    If you can take it all and make it into a software product to sale, then submit it to GSA.

    Let’s just say that the Government buying software is um, complicated sometimes.

    Heh, SCAP is not my precious, I just will be a recipient of the downstream effects one we have achieved “product interoperability nirvana”. And no, I don’t mean ascii, snmp, and syslog–the esperantos of the tech world.

  3.  Darren Couch Says:

    You know those nifty skilcraft pens come in recycled versions now 🙂

  4.  Vlad the Impaler Says:

    One word.


    It’s a suite of tools that will also do network performance simulation.

    YMMV and the cost can get steep.

    Luckily, “I already have one!”

  5.  Comments on SCAP 2008 | The Guerilla CISO Says:

    […] Risk Assessment: A Starting Point on An Open Letter to NIST About SP 800-30Vlad the Impaler on GSA Looking for a Few Good ToolsVlad the Impaler on Ooh, “The Word” is out on S 3474Ooh, “The Word” is out […]

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.

Visitor Geolocationing Widget: