New Cybersecurity SINs Under GSA IT Schedule 70
GSA’s Highly Adaptive Cybersecurity Services (HACS) SINs — released on September 2, 2016 — are dedicated categories for cybersecurity services within the GSA IT Schedule 70 Contract. Similar to the recently released Health IT SIN, the HACS SINs will allow federal agencies to easily identify pre-vetted companies that offer cybersecurity services, including penetration testing, incident response, cyber hunt, and risk and vulnerability assessments.
GSA created the HACS SINs in collaboration with the Department of Homeland Security and in response to the President’s Cybersecurity National Action Plan (CNAP). The 2017 federal budget includes a 35% increase in cybersecurity spending. The HACS SINs will help federal agencies meet CNAP initiatives and effectively spend the $19 billion allocated for cybersecurity.
GSA IT Schedule 70 HACS SINs
- 132-45A Penetration Testing is security testing in which assessors mimic real-world attacks to identify methods for circumventing the security features of an application, system, or network.
- 132-45B Incident Response services help organizations impacted by a Cybersecurity compromise determine the extent of the incident, remove the adversary from their systems, and restore their networks to a more secure state.
- 132-45C Cyber Hunt activities are responses to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats.
- 132-45D Risk and Vulnerability Assessment (RVA) conduct assessments of threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.
How Can a Company Apply for GSA’s HACS SINs?
If your company does not already hold a GSA IT Schedule 70 Contract, you will have go through the complete GSA Schedule proposal process. More information on that can be found here.
Existing GSA IT Schedule 70 Contract holders will have to submit a modification to add the new SIN(s) and cybersecurity labor categories. GSA will require standard information, including three past performance projects. However, unlike any other past SIN, companies will be required to pass an oral technical evaluation to be awarded under any of the HACS SINs. Companies that fail the oral presentation will have 24 hours to provide clarifications. If the company fails to meet passing criteria during the clarification, they will be rejected for the SIN and not allowed to resubmit for that SIN for six months.
How Long Will It Take to Obtain GSA’s HACS SINs?
GSA is anticipating an approximate 7-day turnaround on HACS SIN modifications. Companies that have cybersecurity services currently awarded under 132-51, should be approved faster since fair and reasonable pricing has already been negotiated. GSA’s Technical Evaluation Board (TEB) will have to submit a company’s oral evaluation report to the company’s Contracting Officer (CO). Depending upon the TEB’s workload, there could be a 1-2 day delay in delivery of the evaluation results.
Companies that do not currently hold a GSA IT Schedule 70 Contract could be looking at a 45 day turnaround if they submit their proposal through GSA’s FASt Lane Program. GSA is motivated to review and award HACS related services quickly. They are currently estimating agencies will be able to purchase from companies under the HACS SIN by October 1, 2016.
For GSA IT Schedule 70 HACS proposal/modification help, contact Federal Schedules, Inc. at 703-709-8700 or submit our contact form.