OMB reminds agencies to use BPA for credit monitoring services

Agencies that are victimized by a data breach of personal information should use a new blanket purchase agreement set up by the General Services Administration, according to a new Office of Management and Budget memo.

Karen Evans, OMB's administrator for e-government and IT, and Paul Denett, administrator of the Office of Federal Procurement Policy, co-signed a memo to the heads of all agencies that requires agencies to use the BPA or justify to GSA and OMB why they did not.

The directive said if agencies do not use the BPA, they must notify GSA and Evans 10 days before they make the award to explain 'how the proposed contract offers a better value to the agency.' The notice should include pricing and terms and conditions of the potential award.

GSA then will review the contract to see if there is a way to improve the BPA.

GSA awarded the BPA to three vendors in August.

'The BPAs offer a variety of protection levels, depending on the degree of risk, vulnerability and exposure encountered, and supports a consistent approach to mitigating the adverse impacts of personal data loss,' the OMB memo said.

OMB also reminded agencies to follow the recommendations of the President's Identity Theft Task Force to determine if credit monitoring services are needed.

OMB also included BPA ordering procedures with the memo.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected