GovCon Bid and Proposal Insights
GovCon Bid and Proposal Insights
The 2nd Generation Information Technology (2GIT) RFI- General Services Administration- Federal Acquisition Service
GSA FAS has issued a Sources Sought for the 2nd Generation IT (2GIT) BPA worth $5.5B
Key Details
•Type: Sources Sought
•Awards: 70
•RFP Release: Dec 2025
Get the full breakdown and strategies on our latest podcast episode!
Contact ProposalHelper at sales@proposalhelper.com to find similar opportunities and help you build a realistic and winning pipeline.
Imagine you're at the helm of a massive organization, maybe a big federal agency, and you need to get your hands on critical tech fast. But not just fast, right, you need absolute confidence. Every laptop, every server, every single piece has to be secure, reliable and delivered without a hitch. Sounds like a pretty high-stakes game, doesn't it? Well, today, on the Deep Dive, that's exactly the scenario we're diving into. We're going to unpack the General Services Administration's that's, GSA's second-generation IT blanket purchase agreement. You'll hear it called 2GIT and, like, this isn't just another government contract, it's a multibillion-dollar five-year vehicle and it's really changing how federal agencies buy their IT, and not just federal, actually State, local and tribal governments too.
Speaker 1:So our mission today? We want to give you a shortcut, basically, to understanding this critical government initiative. We'll explore what 2GIT actually is, how it's streamlining that whole government tech procurement process and maybe most importantly, it's really groundbreaking approach to securing supply chains. That's huge these days. So get ready, hopefully, for some aha moments about how the public sector is tackling well, one of the biggest challenges in modern tech. All right, let's pull back the curtain on this. We've set the stage. The stakes are high in government tech. Now 2GIT for you listening, what exactly is this massive initiative? What's its core problem it's trying to solve?
Speaker 2:Right. Well, what's fascinating here, I think, is its dual purpose. It's powerful. So 2GIT, it's a five-year multiple award blanket purchase agreement. Think of it like a pre-negotiated master contract.
Speaker 1:Okay, a BPA.
Speaker 2:Got it Exactly, and it's designed to help federal agencies, but also state, local and tribal governments through GSA's cooperative purchasing program by commercial tech products and services, and the key is, with far less administrative burden. That's the goal. Less red tape Precisely Simplify purchasing faster delivery, better cost effectiveness and capture those economies of scale because they're buying so much centrally.
Speaker 1:That sounds incredibly efficient, almost like a one-stop shop for government IT.
Speaker 2:That's a good way to put it, yeah.
Speaker 1:But okay, to really grasp the scale. What kind of products and services are we actually talking about? What falls under that IT umbrella for 2G IT? Anything surprising?
Speaker 2:Oh, it's extensive, Really comprehensive we're talking. I think the number is over 4.9 million products available now.
Speaker 1:Wow 4.9 million.
Speaker 2:Yeah, and they're categorized into five main areas. You 4.9 million, yeah, and they're categorized into five main areas. You've got data centers, so compute storage, that kind of thing, yeah, and user devices, think laptops, desktops, monitors, network stuff for connectivity, radio equipment, which is interesting, and even order-level materials.
Speaker 1:So servers, security appliances, what else? Rugged tablets.
Speaker 2:Exactly Ruggedized tablets, handheld radios maybe for first responders, plus all the services around it installation, training, maintenance. It's designed to cover pretty much any tech need an agency might run into.
Speaker 1:You mentioned earlier, it was designed in collaboration with the Air Force. How does that partnership play out? What does that tell us?
Speaker 2:Yeah, that's key. The Air Force was a really hands-on partner in developing it. Specifically, they needed a follow-on, something robust, because their big NetSense 2IT products contract was expiring.
Speaker 1:Ah okay.
Speaker 2:So timing was critical for them, very critical. They needed a streamlined, high-volume solution and 2GIT basically became their quote priority source for IT acquisition source for IT acquisition. So that deep collaboration means 2GIT is really tailored to meet demanding high-level agency needs, like the Air Force's needs. It's not just theoretical, it's battle-tested, you could say.
Speaker 1:Right, practical, not just on paper. And how easy is it for, say, a contracting officer or even just someone with a purchase card to actually use 2GIT day-to-day? Does it feel simple?
Speaker 2:It's designed for simplicity. Remarkably so. Agencies can solicit quotes through GSA eBuy, that's their online RFQ system. Or, for simpler buys, they can just directly purchase items right through the GSA Advantage portal using a government purchase card, kind of like consumer online shopping, the prices already negotiated. That saves countless hours. You know procurement effort, yeah, and GSA says they've seen a significant jump in those online transactions just because it is easy to use.
Speaker 1:Makes sense.
Speaker 2:But, like you hinted at before, with that ease of access the critical question becomes security. Right, yeah, how does GSA make sure everything bought this easily is actually secure?
Speaker 1:Exactly that. Streamlined access is great, but let's pivot to what you called groundbreaking, the security piece, specifically supply chain risk management, scrm. What makes 2GIT's approach to SCRM so different or unique in government procurement?
Speaker 2:Well, what really sets 2GIT apart? It's not just the scale, but it's a fundamental shift in how security is approached. It's not an add-on, it's baked in from day one. That's the phrase.
Speaker 1:Baked in, okay yeah.
Speaker 2:Before 2GIT, security checks often came much, much later in the buying process. Here it's integrated right from the very start. Think about building a house. You wouldn't bolt on the security system after it's built. Right, Right, You'd want it in the blueprint.
Speaker 1:Makes sense.
Speaker 2:That's kind of the two GIT difference. It means federal buyers can and this is GSA's term again buy with confidence, knowing that the products comply with really stringent supply chain risk management policies and also the Federal Acquisition Supply Chain Security Act, official as CSA.
Speaker 1:FSCSA right Heard that acronym yeah.
Speaker 2:And, as one GSA official actually put it, gsa was doing SCRM stuff before. It was cool. It's proactive, you know, preventative, trying to reduce risk before a single piece of gear even enters an agency's network.
Speaker 1:That's a strong claim buying with confidence, security built in. So how do they actually do that? What are the mechanics? What's GSA actually doing on the ground to implement this?
Speaker 2:It starts with a really strong foundation in NIST standards National Institute of Standards and Technology their SCRM guidance.
Speaker 1:The NIST guidelines Exactly.
Speaker 2:Specifically, they leverage elements from NIST Special Publication 800-161. That's kind of the detailed playbook for assessing and mitigating supply chain risks all the way through the product lifecycle.
Speaker 1:Right.
Speaker 2:So vendors on 2GIT, they are required to continuously monitor and update their own SCRM plans and they use about two dozen core elements from that NIST framework covering things like strict access control, knowing who touches what, rigorous asset tracking, how they handle incidents, verifying providence where it really comes from Provenance.
Speaker 1:yeah.
Speaker 2:Camper resistance, malware prevention Pretty comprehensive.
Speaker 1:So it's definitely not just a one-time check at the start, it's continuous vigilance. How does GSA manage that proactively? How do they keep tabs on this ongoing basis?
Speaker 2:Exactly, continuous is the key word. Gsa does these robust pre-award assessments and they use advanced tools, even AI, apparently. Ai interesting yeah to get deep insights into potential issues, Things like hidden foreign ownership or influence or maybe the risk of counterfeit products showing up. And doing it pre-award makes it, as they say, a lot easier to fix problems before a company has a contract. Much harder later.
Speaker 1:Makes sense and after the contract is awarded.
Speaker 2:Post-award GSA evaluates and assesses the contractors every year through detailed surveillance supports. For instance, they've flagged issues related to Section 889 as the prohibition on certain Chinese telecom products.
Speaker 1:Yeah.
Speaker 2:A really critical security law.
Speaker 1:Section 889, right.
Speaker 2:And they've even used real-world incidents like the Log4J vulnerability. That was huge a while back.
Speaker 1:Oh yeah, I remember that.
Speaker 2:They use that as a sort of teaching moment, you know, to refine how vendors comply and how they respond to new threats.
Speaker 1:And what about the vendors themselves? What hoops do they have to jump through? What's required regarding transparency, quality it sounds like a pretty high bar.
Speaker 2:It absolutely is a high bar and that's essential for building that confidence, that trust. Vendors have to be really transparent about their supply chains. They need to report on their downstream companies, who they're buying from and the nature of the purchases. Is it new, is it refurbished? They have to disclose that. They also need to detail exactly how products are shipped. What controls are in place to prevent tampering or modification between the factory and the agency's loading dock? One official used the analogy of a security seal on a bottle of Tylenol. You need that assurance it hasn't been messed with.
Speaker 1:It's a good visual.
Speaker 2:Yeah, and furthermore all the main BPA holders and their key dealers or resellers. They must get ISO 9001.201 size certified within 10 months of getting the award.
Speaker 1:ISO 9001. That's the quality management standard right.
Speaker 2:Exactly. It's not just paperwork, it's the international gold standard. It proves they have robust, repeatable, consistent quality management processes for product quality reliability every single time.
Speaker 1:This level of rigor, the continuous monitoring, the certifications, it sounds like it requires a ton of engagement from GSA, from the vendors. How does GSA balance these super strict security needs with keeping the program user friendly and agile enough for the town world which changes so fast?
Speaker 2:Yeah, that balance is crucial, and that's where the program's agility really comes into play. They have something they call a fast lane modification process.
Speaker 1:Fast lane- Okay, fast lane.
Speaker 2:And this lets them add new products, modify prices often really quickly, like within 24 to 48 hours sometimes.
Speaker 1:Wow, that is faster government contracting.
Speaker 2:It is and that agility is absolutely vital, especially now with, you know, constant market volatility, global supply chain hiccups, inflation hitting prices and availability. It means agencies can hopefully still access the latest tech at competitive prices, but without cutting corners on security.
Speaker 1:Okay, but what about when things inevitably don't go perfectly? Supply chains are complex. How does GSA support customers if there are issues Like, say, a product is backhoarded for months?
Speaker 2:Right things happen. Gsa provides what they describe as white glove service. White glove service? Okay, yeah, they have this sophisticated three-tiered ticket management system. It tracks any customer issue, minor glitches, big problems, whatever. So in your example, if a critical product is backordered for months, GSA actively gets involved. They work with the customer and the vendor to try and push that delivery expedited. Or if that's just not possible, they work to find secure, compliant alternative solutions quickly. It's all about ensuring mission continuity for the agency.
Speaker 1:It sounds like through all this the transactions, the support tickets, the monitoring GSA must be collecting a mountain of data. What do they do with all that information? Does it just sit in a database, or does it actually lead to real improvements?
Speaker 2:That's a really important question, right? Does data actually lead to action? And GSA says yes. They analyze data from literally every transaction. They look at e-buy RFQ response rates. They even look at why vendors might decline to quote on something. Huh.
Speaker 1:Why they said no.
Speaker 2:Exactly and, as one official put it, we don't just look at it and let it sit, we do something with it. So this data helps them figure out where targeted training might be needed for agencies or vendors. It helps improve the system's functionality itself. Like apparently there was a small but significant change made to the eBuy navigation just because a vendor suggested it, backed up by data showing it was a pain point.
Speaker 1:Ah, so direct feedback leading to changes.
Speaker 2:Yeah, and they're also planning new training modular on-demand video sessions tailored specifically to different types of buyers the casual purchase card user versus a full-time contracting officer.
Speaker 1:It really sounds like feedback and continuous improvement are just built into the DNA of 2GIT. That eBuy example is great Shows, they're listening.
Speaker 2:Absolutely yeah. That data-driven approach, that feedback loop seems central. That data-driven approach, that feedback loop seems central. Optimizing the platform based on how people actually use it, finding those friction points it's a hallmark of how they're running it.
Speaker 1:So we've talked tech, we've talked security, efficiency, but 2GIT also plays a pretty big role in broader government contracting goals right, especially thinking about small businesses. What are the numbers there?
Speaker 2:What's the bigger picture for you listening, this is a truly crucial benefit and definitely part of 2GIT's design from the start. So of the 78 vendors who initially got 2GIT contracts, an impressive 59 are small businesses.
Speaker 2:Wow, the majority, the clear majority and in its first 18 months, small businesses collectively pulled in nearly 51% of all the sales dollars. That was about $87 million, and that includes specific categories like hub zone businesses, woman-owned, veteran-owned, 8a businesses. These are all designations the government tracks to support specific socioeconomic goals through its purchasing power. So for you listening whether you track policy or maybe you're in a small business looking at federal opportunities listening Whether you track policy, or maybe you're in a small business looking at federal opportunities this really highlights how procurement is evolving. It's serving efficiency and security, yes, but also these vital economic development goals, and the current administration has goals to increase those small business set-aside targets significantly from 5% up to 11% initially, I believe, and then aiming for 15% by 2025.
Speaker 1:That's a powerful commitment to small business using a vehicle like 2GIT. What about the program's long-term health and adaptability? Can new vendors join? Can vendors who aren't performing or maybe pose a risk be removed? How does GSA keep that vendor pool competitive and compliant over the five years?
Speaker 2:Good question. It's not static. The program explicitly includes both off-ramping and on-ramping mechanisms, which is critical for maintaining quality and competition.
Speaker 1:Off-ramping and on-ramping Okay.
Speaker 2:Yeah, so vendors have to meet certain annual minimum sales or volume requirements. But, critically, if those SCRM assessments turn up high risks or if a vendor consistently fails to meet the SCRM reporting standards, that can lead to off-ramping, getting removed from the contract.
Speaker 3:Okay, so there are consequences.
Speaker 2:Definitely, but conversely, GSA also has the discretion to hold open seasons that allows them to add new BPA holders if needed or let existing vendor teams restructure. The goal is to ensure there's always a sufficient, competitive and, most importantly, highly secure vendor base that can adapt as the market and the threads evolve.
Speaker 1:So, pulling this all together, what does this deep dive into 2GIT really mean for you, our listener? What's the biggest takeaway as we think about government tech security in the future?
Speaker 3:Well, this exploration of 2GIT really shows us how the GSA isn't just tweaking government tech buying. They're fundamentally enhancing its security and efficiency in a really innovative way, I think. By building in that rigorous supply chain risk management right from the very start, continuously monitoring vendors using advanced tools like AI and fostering this responsive data-driven environment, 2g IT really aims to give agencies high-quality, secure IT and get it to them fast. It feels like a testament to how proactive planning and continuous improvement can genuinely transform even super complex government processes. So here's something to think about Consider how this model, this idea of baked-in security and continuous adaptation that we see in 2G IT how might that influence procurement and supply chain integrity across all sectors, not just government? What specific lessons maybe can the private sector draw from GSA's proactive approach here?
Speaker 1:Especially when managing those complex risks in a tech landscape that just keeps changing, and thinking about the security and the provenance of critical components deep inside their own systems.