OMB reminds agencies to use BPA for credit monitoring services

Agencies that are victimized by a data breach of personal information should use a new blanket purchase agreement set up by the General Services Administration, according to a new Office of Management and Budget memo.

Karen Evans, OMB's administrator for e-government and IT, and Paul Denett, administrator of the Office of Federal Procurement Policy, co-signed a memo to the heads of all agencies that requires agencies to use the BPA or justify to GSA and OMB why they did not.

The directive said if agencies do not use the BPA, they must notify GSA and Evans 10 days before they make the award to explain 'how the proposed contract offers a better value to the agency.' The notice should include pricing and terms and conditions of the potential award.

GSA then will review the contract to see if there is a way to improve the BPA.

GSA awarded the BPA to three vendors in August.

'The BPAs offer a variety of protection levels, depending on the degree of risk, vulnerability and exposure encountered, and supports a consistent approach to mitigating the adverse impacts of personal data loss,' the OMB memo said.

OMB also reminded agencies to follow the recommendations of the President's Identity Theft Task Force to determine if credit monitoring services are needed.

OMB also included BPA ordering procedures with the memo.


  • automated processes (Nikolay Klimenko/

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected