Federal agencies face a pressing challenge: aging IT systems that drain budgets and increase risks. Despite over $100 billion in annual IT spending, 80% of funds go toward maintaining outdated systems, many running on obsolete programming languages like COBOL. These systems are costly to maintain, vulnerable to security risks, and hinder innovation.
GSA IT services simplify modernization efforts with tools, frameworks, and pre-approved contracts, enabling agencies to upgrade systems efficiently. Through programs like Alliant 2 and VETS 2, agencies can access cloud services, modern architectures, and security solutions, while small businesses gain opportunities to contribute to federal projects.
Key takeaways:
- Modernization benefits: Improved security, reduced costs, and faster service delivery.
- Assessment tools: GSA’s TIME framework helps agencies evaluate which applications to keep, improve, migrate, or retire.
- Modernization roadmap: GSA’s M3 framework guides agencies through planning, contractor selection, and implementation.
- Security focus: FedRAMP ensures cloud solutions meet federal security standards.
For federal agencies and small businesses alike, GSA IT services provide the resources and pathways to replace outdated systems with modern, secure, and efficient solutions.
What GSA IT Services Offer for Application Modernization
What Are GSA IT Services?
GSA IT services provide government agencies with pre-vetted commercial solutions, simplifying the technology acquisition process. Through the Multiple Award Schedule (MAS) IT Category, agencies gain access to over 7.5 million IT solutions, including hardware, software, and professional services. This approach not only addresses immediate technology needs but also supports long-term modernization goals. With pre-negotiated pricing (which includes a 0.75% Industrial Funding Fee), agencies can secure fair rates without needing to conduct separate market analyses.
To address a variety of modernization challenges, the GSA offers several specialized contract vehicles. These include Governmentwide Acquisition Contracts (GWACs) like Alliant 2, 8(a) STARS III, and Polaris, which deliver Best-in-Class solutions for complex projects such as software engineering, systems design, and information assurance. Importantly, more than half of GSA’s industry partners are small businesses, helping agencies meet socioeconomic contracting goals while accessing tailored IT solutions. These diverse options create a strong foundation for targeted modernization efforts.
How GSA Services Enable Modernization
GSA services simplify modernization by offering specialized categories designed to meet specific technical needs. For instance, the Cloud Special Item Number (SIN 518210C) provides access to Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), Software-as-a-Service (SaaS), and expert labor for cloud migration and application rationalization. This integrated approach ensures agencies can procure both the tools and expertise required to execute modernization projects effectively.
Security plays a central role in this process. Through the Federal Risk and Authorization Management Program (FedRAMP), cloud products undergo standardized security assessments, ensuring they meet federal requirements. This focus on security aligns seamlessly with broader modernization efforts. Additionally, GSA offers free scope and technical reviews of draft requirements, helping agencies refine their project plans and reduce acquisition risks.
Beyond procurement, GSA actively supports workforce development and collaboration to drive modernization. The IT Modernization Division provides free training for federal employees in key areas such as cloud operations, DevSecOps, and cybersecurity certifications (e.g., AWS, Azure, CISSP). Furthermore, Communities of Practice focused on Agile methodologies, Cloud & Infrastructure, and Robotic Process Automation enable agencies to share best practices and learn from one another.
| Contract Vehicle | Primary Focus | Key Capabilities |
|---|---|---|
| Cloud SIN (518210C) | Cloud Adoption & Migration | IaaS, PaaS, SaaS, AI/ML tools, migration labor |
| Alliant 2 GWAC | Enterprise IT Solutions | Software engineering, systems design, information assurance |
| 8(a) STARS III | Small Business IT Services | Emerging technologies, IT services-based solutions |
| EIS | Infrastructure Modernization | Telecommunications and networking services |
How to Assess Legacy Applications for Modernization
Before diving into modernization, it’s crucial to determine which legacy applications need attention. Federal agencies allocate around 80% of their $90 billion IT budget to maintenance alone, so a thoughtful assessment is key to using resources wisely. This step lays the groundwork for all future modernization efforts.
Evaluate Business Needs and Costs
A thorough evaluation ensures that modernization is both efficient and secure. Start by examining whether each application aligns with your agency’s current mission goals. Use three key metrics to guide your analysis:
- Value: How much benefit does the application provide?
- Fit: Does it meet technical and security compliance standards?
- Cost: What inefficiencies exist in its total ownership?
As Jim Hansen from GCN highlights:
"Aging systems are becoming increasingly obsolete and difficult to maintain… As they age, they also introduce cybersecurity risk and are less effective at accomplishing their intended purpose."
Next, map out each application’s interdependencies – databases, storage, and networks – so you can fully understand the ripple effects of modernization. Don’t forget to assess your internal team’s capabilities. If expertise is lacking, factor in the cost of hiring systems integrators to fill the gaps.
Use the TIME Framework
The TIME framework provides a clear method for categorizing applications based on your assessment. This approach helps you decide whether to:
- Tolerate: Keep the application as-is for now.
- Invest: Dedicate resources to improve it.
- Migrate: Transition it to a modern platform.
- Eliminate: Retire the application entirely.
Introduced as part of the Cloud Smart policy in June 2019, developed by the Office of Management and Budget, the Federal CIO Council, and the GSA, the TIME framework simplifies the decision-making process. It encourages agencies to evaluate each application’s role and condition systematically.
For added support, the CIO Council offers spreadsheet templates to assess value, fit, and cost across your portfolio. These tools enable data-driven decisions, ensuring modernization efforts are targeted and effective. By following this structured approach, you’ll be well-prepared to prioritize modernization actions and work with GSA contractors as you move forward.
5 Steps to Modernize Applications Using GSA IT Services
5-Step Application Modernization Process Using GSA IT Services
Once you’ve assessed your legacy applications, it’s time to put your modernization plan into action. The GSA’s M3 framework offers a structured approach, breaking down modernization into clear phases. These five steps guide the process from initial assessment to ongoing improvements.
Step 1: Create a Modernization Roadmap
Start by outlining a clear vision and business case for modernization. Focus on high-value assets that would benefit most from enhanced scalability, performance, and reliability. Document your current "as-is" environment in detail, noting dependencies across databases, storage, and networks.
To streamline planning, use GSA-provided templates like the Business Needs Workbook, Risk Management Plan, and Master Schedule. Define your future goals with the "Target State CONOPS" (Concept of Operations) template, and establish baseline and target performance metrics. Form Integrated Product Teams (IPT) with experts from key areas like security, legal, and acquisitions to ensure all perspectives are covered.
Stakeholder buy-in is critical early on. Develop a Governance Plan and conduct a Stakeholder Analysis to align everyone on the same page. Beth Wisneski, Supervisory IT Specialist at the FDA, shared her perspective:
"We needed to adopt a new way of doing business and look at how we could best accomplish our goals in the cloud".
Start small with a pilot use case to demonstrate value and build momentum before scaling up. Once your roadmap is set, move on to selecting the right contractors.
Step 2: Choose the Right GSA Contractors
GSA offers a range of contracting options for IT modernization. The Multiple Award Schedule (MAS) gives access to commercial services, while specialized Governmentwide Acquisition Contracts (GWACs) like Alliant 2 and VETS 2 provide tailored IT solutions. For additional support, the IT Vendor Management Office (ITVMO) offers market insights and data to help agencies negotiate effectively with vendors.
Leverage Best-in-Class (BIC) contracts and conduct a fit-gap analysis to ensure providers meet your agency’s specific requirements.
Step 3: Move to Modern Architectures
With your roadmap and contractors in place, focus on updating your architectures to meet cloud-specific demands. Avoid replicating outdated on-premise processes in the cloud. Beth Wisneski advises:
"Don’t try to emulate exactly what is on-prem. Focus on what the requirement is and then determine the best way to accomplish that requirement in the cloud".
This approach prevents the migration of outdated systems onto modern platforms.
Conduct application rationalization to decide which systems to modernize, retire, or replace, rather than migrating everything to the cloud. During the migration phase, configure, test, and deploy new systems while continuously optimizing service delivery in the operations phase. Keep in mind that cloud environments require ongoing attention. As Bill Kasenchar, Principal at REI Systems, puts it:
"The idea that you can just set it and forget it, those days are over".
Step 4: Implement Security and Zero Trust
Security should be embedded into every phase of the M3 framework – whether it’s technology, people, processes, or programs. Develop a Risk Management Plan and maintain a RAID log to track and mitigate potential security risks.
Make use of FedRAMP-authorized solutions and agreements like the Tenable Cloud Security Enterprise deal, which offers significant cost advantages. FAS Commissioner Josh Gruenbaum emphasizes the importance of cybersecurity:
"Robust cybersecurity is essential for implementing AI into federal government workflows while simultaneously protecting American citizens’ data and information, a crucial component in supporting the White House’s AI Action Plan".
For comprehensive cloud security, consider Cloud Native Application Protection Platforms (CNAPP). Before migration, conduct data quality assessments and establish a data governance model to ensure data integrity and protection.
Step 5: Test, Deploy, and Monitor Results
Begin with pilot programs to evaluate Cloud Service Providers and security tools before scaling to the entire organization. Shift to a DevOps model that integrates automated testing and iterative development as part of an Agile transformation.
Regularly update your RAID log and track progress using GSA M3 Playbook tools like QASP templates. Measure performance against the baseline metrics set in your roadmap and refine service delivery based on actual results. For additional support, consider joining GSA’s Cloud and Infrastructure or Agile Communities of Practice.
This final step wraps up the modernization cycle, ensuring continuous improvement and maximizing the value of GSA IT services.
Best Practices for Application Modernization
When it comes to modernizing applications, sticking to a structured plan is important, but incorporating tried-and-true best practices can make a world of difference. These practices help minimize risks, manage costs, and ensure your systems deliver exactly what users need.
Use Agile Methodologies
Traditional waterfall methods often fall short in modernization efforts. Instead, Agile practices are your go-to approach for delivering value incrementally with each sprint. Start with early prototypes to test your assumptions and identify potential infrastructure issues. Before diving into a full DevOps model, focus on building cross-functional teams, automating testing, and working in iterative cycles. The Cloud Adoption Center of Excellence puts it this way:
"Empowered leaders need the space and authority to make sure business practices are adaptive. If all business practices stay the same, you will merely duplicate your current systems and not get the full benefits of a cloud adoption."
To keep things moving in the right direction, hold regular retrospectives. These sessions allow teams to fine-tune their processes and technical solutions, ensuring ongoing improvement throughout the modernization journey. By adopting this agile mindset, you’ll be better equipped to align technology with real user needs.
Apply Human-Centered Design
Agile practices alone aren’t enough – modernization must also prioritize the people using the systems. Human-Centered Design (HCD) shifts the focus to user experience, ensuring that modernized applications genuinely enhance public interaction and operational workflows. By involving users early in the design process and incorporating their feedback, you can address pain points and create solutions that truly resonate. Engaging employees from the start also builds trust and reduces resistance to change.
Use Centers of Excellence
Centralized expertise can be a game-changer when scaling modernization efforts. GSA’s Centers of Excellence (CoE) offer specialized knowledge in fields like artificial intelligence, cloud adoption, contact centers, and data analytics. These teams share valuable lessons and best practices, enabling repeatable and scalable modernization strategies. Joining GSA-led communities of practice, such as the Agile or Cloud & Infrastructure CoPs, connects you with peers tackling similar challenges. Additionally, standardized tools from the M3 Playbook can help streamline processes and reduce risks across all phases of modernization. Tapping into these resources can save time and help you sidestep common obstacles.
Benefits of Using GSA IT Services for Modernization
GSA IT services play a pivotal role in modernizing legacy applications by improving security, cutting costs, and speeding up operations. These advantages align with the strategic framework discussed earlier, highlighting why these services are essential for agency modernization.
Enhanced Security and Compliance
One of the standout advantages is improved security. GSA IT services integrate security measures at every stage of the process. For instance, the FedRAMP framework ensures standardized security assessments and continuous monitoring for cloud-based products, safeguarding modernized systems. Additionally, the M3 Playbook minimizes risks by dividing projects into manageable phases, each with readiness assessments developed with insights from over 100 government and industry professionals.
A practical example of this is the Department of Housing and Urban Development’s (HUD) initiative in October 2024. With $19.8 million from the Technology Modernization Fund, HUD launched an Enterprise Identity, Credential, and Access Management solution under the leadership of CISO Gregg Kendrick. This effort modernized security governance for 230 system applications used by 10,000 internal and 540,000 external users, replacing outdated access controls with a centralized approach. To further support agencies, GSA offers no-cost training in critical areas like CISSP and CompTIA Sec+, empowering teams to manage modern systems without depending on expensive external consultants.
Cost Savings and Operational Efficiency
Modernizing IT systems through GSA services also leads to significant cost reductions. By retiring outdated applications and shifting to cloud environments, agencies can adopt cost-efficient pay-as-you-go models, eliminating the need for expensive physical data centers. Federal agencies have already saved nearly $30 billion by transitioning workloads to the cloud.
These savings are not just theoretical. For example, in October 2024, the Social Security Administration (SSA) received $19.5 million from the TMF to digitize processes, drastically reducing paper usage. This initiative is projected to cut paper mail volume by 50% by 2028, saving over 600 staff work years annually and reducing 1.3 million hours of public travel time. Additionally, GSA’s centralized procurement system, which handles over $100 billion in products and services, allows agencies to benefit from government-wide buying power, further lowering acquisition costs.
Accelerated Service Delivery
Modernized systems built using GSA frameworks allow agencies to deploy new services and features much faster. Cloud-hosted platforms provide the flexibility to scale operations quickly, enabling rapid product launches. This scalability proved invaluable during the COVID-19 pandemic, as agencies needed to expand online services swiftly.
A case in point is the SSA’s modernization of its National Case Processing System in October 2024. With $1.9 million in TMF support, Deputy CIO Brian Peltier’s team integrated AI tools into the system, reducing disability claim backlogs by streamlining data analysis. This upgrade saved thousands of work hours annually. GSA Administrator Robin Carnahan summarized the broader impact:
"By investing in agencies like HUD and SSA, we’re helping over 1 million people take advantage of SSA’s services and more than 540,000 applicants and private lenders who access HUD’s digital technology."
Furthermore, low-code platforms available through GSA contracts simplify and speed up application deployment. These platforms reduce the maintenance demands of custom-coded solutions, allowing teams to deliver critical applications that meet the dual needs of speed and scalability.
Conclusion
Modernizing legacy applications through GSA IT services offers federal agencies and their partners a clear path to modernization. With structured frameworks like M3, pre-approved contract vehicles such as Alliant 2 and VETS 2, and access to cutting-edge tools, the process becomes more efficient, minimizes risks, and speeds up results.
Small businesses also stand to gain from these services. Thanks to GWACs and subcontracting opportunities, they can tap into the federal marketplace with less hassle and benefit from pre-negotiated pricing tied to the government’s $116 billion purchasing power. A great example of this is the OneGov agreement with Broadcom, which provides up to 64% savings on transformational tools through May 2027.
Security and training are key pillars of this modernization effort. With standardized protections through FedRAMP, no-cost training programs, and Communities of Practice, businesses are well-equipped to adopt modern architectures confidently. These resources ensure they’re prepared to engage effectively in the federal market. As GSA Administrator Ed Forst put it:
"GSA is moving fast to deliver acquisition deals that save taxpayers money. We’re happy to work with Broadcom to drive simpler, more effective buying across the federal government".
For small businesses looking to simplify their entry into GSA Schedule contracts, GSA Focus offers a comprehensive solution. Their services – ranging from document preparation and compliance checks to negotiation support – allow businesses to concentrate on delivering impactful modernization solutions without getting bogged down in administrative tasks.
FAQs
How does GSA’s TIME framework guide agencies in modernizing legacy applications?
The TIME framework – short for Technology, Information, Management, and Enterprise – developed by the GSA, provides federal agencies with a step-by-step guide to modernizing outdated applications. It breaks the process into clear phases: evaluating current systems, gauging readiness, selecting the right strategies, and planning the implementation. Each phase is designed to ensure the modernization aligns seamlessly with the agency’s mission and objectives.
This framework emphasizes strategic planning, collaboration with stakeholders, and efficient use of resources. By doing so, it minimizes risks and supports informed decision-making. It helps agencies replace legacy systems with modern, agile, and cloud-ready solutions, addressing both technical challenges and operational demands.
Ultimately, the TIME framework adapts to the specific needs of each agency, paving the way for smoother transitions and enhanced performance.
How does FedRAMP ensure the security of modernized cloud systems?
FedRAMP, short for the Federal Risk and Authorization Management Program, plays a key role in safeguarding cloud systems used by federal agencies. By setting standardized security requirements, it ensures that cloud services meet strict federal cybersecurity standards. Essentially, it provides a unified framework to evaluate, authorize, and monitor cloud solutions, helping agencies manage risks effectively while staying compliant.
The program’s process is rigorous and thorough, involving detailed security assessments, vulnerability testing, and ongoing monitoring. These steps are designed to uncover and address potential risks, ensuring cloud-based applications remain secure. This becomes especially crucial when handling sensitive data or migrating critical systems, as FedRAMP establishes a trusted foundation to protect federal information and infrastructure.
How do GSA IT modernization contracts help small businesses upgrade their technology?
GSA IT modernization contracts equip small businesses with the resources needed to upgrade outdated systems, making them more efficient, secure, and scalable. These contracts often cover areas like cloud migration, optimizing data centers, and integrating modern, AI-ready applications. This approach not only helps businesses stay competitive but also ensures they align with federal standards.
Participating in these contracts simplifies the procurement process for small businesses, giving them a pathway to work on federal IT projects. GSA further supports these efforts with tools like the M3 Playbook, which provides actionable guidance for planning and managing modernization projects. This reduces risks and improves results. By tapping into these opportunities, small businesses can embrace advanced technologies and contribute to federal digital transformation efforts.
Related Blog Posts
- How GSA Plans $3.4B Infrastructure Upgrades
- How Agencies Use GSA Schedules to Order
- Enterprise Infrastructure Solutions: GSA Overview
- GSA IT Services: Contract Acquisition Steps
