If you're new here and would like to see more of what I'm saying, you may want to subscribe to my RSS feed (I can even email my blog posts to you when I publish a new one) or have a look at my papers and presentations page for downloads of stuff that you can share or "borrow heavily from". You also might find my guidelines for posting comments interesting, especially if you're a government employee. If you want to see me blog about anything in particular, drop me a private email on how you think I'm completely full of myself, extend me an invitation to speak at your next security meeting/event, or just to ship a huge bag of money in my direction, you can do that through my contact page. Thanks for visiting and happy hacking!

I like SmartBuy, I’ve talked about it before, it’s a software bulk-purchase program sponsored by GSA. The more types of software products they buy, the better for the people who need to depend on this stuff.

So I’m doing my usual beginning-of-the-week upcoming contracts perusal and something interesting caught my eye:  GSA is looking for “Situational Awareness and Incident Response” (SAIR) software to do a blanket purchase agreement for SmartBuy.

What they mean by SAIR (according to the pre-RFP information) is the following:

• Baseline Configuration Management
• Network Mapping
• Vulnerability Management

Really, think something along the lines of FDCC/SCAP-aware tools to manage IT assets.  Not sure how the incident response piece fits in, but OK, I’ll go along with you here.  Makes sense if you stop and think about it–we have a FDCC mandate from OMB, and now we’re looking for the tools to help with it–I mentioned that FDCC without automation was futile almost 9000 years ago.

I know I have blog readers who make similar software, drop me a message if you need more details.

And for my daily dose of snarkiness:  it’s good to see how GSA has come such a long way in my life from being just the provider of skillcraft pens and simple green.  =)

Bookmark to:

Hide Sites