Welcome Login

For current information from GSA about COVID19 please click HERE

You are here

GSA IT Schedule 70 Program to Incorporate Highly Adaptive Cybersecurity Services (SIN 132-45)


In continued support for the Report to the President on IT Modernization to expand the visibility, offerings, and agency use of the Highly Adaptive Cybersecurity Services (HACS) Special Item Numbers (SINs) on the IT Schedule 70, GSA intends to reorganize the makeup of the HACS SINs by changing the way the current HACS SINs are advertised.  SINs 132-45 A-D are being deleted from Solicitation Number FCIS-JB-980001-B on April 1, 2019. The contract will be modified to move all services from SINs 132-45A – Penetration Testing, 132-45B – Incident Response, 132-45C – Cyber Hunt, and 132-45D – Risk and Vulnerability Assessments to SIN 132-45 – Highly Cybersecurity Services (HACS) with subcategories as indicated in the November 19, 2018 HACS Modernization Pre-solicitation Industry Webinar Presentation. Current HACS SIN Awardees will be migrated over to the new HACS SIN via a MASS  Modification issued April 1, 2019. Additional information will be provided in the refreshed solicitation posted on April 1, 2019. Please direct questions to anissa.burley@gsa.gov, subject line HACS SIN Modernization.



All answers in response to questions received from the webinar held on November 19, 2018 and any other questions received on the modernization of the HACS SINs will be posted to this GSA Interact site no later than January 2019.  Additionally, please expect to see updates to the information provided during the webinar.  We will continue to monitor this site for additional questions that may be posted. 


In 2016, the General Services Administration (GSA) Federal Acquisition Service (FAS) Information Technology Category (ITC), IT Schedule 70 program launched four (4) Highly Adaptive Cybersecurity Services (HACS) Special Item Numbers (SINs) to provide agencies quicker access to key support services that expanded agencies’ capacity to test their high-priority IT systems, rapidly address potential vulnerabilities, and stop adversaries before they impact networks.

The current HACS SINs offer federal, state, and local governments the following services:

132-45A: Penetration Testing
132-45B: Incident Response
132-45C: Cyber Hunt
132-45D: Risk and Vulnerability Assessment (RVA)

Since the initial creation of the HACS SINs in 2016, the field of cybersecurity has evolved to include multiple new facets of services. In collaboration with Office of Management and Budget (OMB) and the Department of Homeland Security (DHS), GSA has identified several key areas that need to be included in the HACS offerings such as High Value Assets (HVA’s) Assessments to include: Risk and Vulnerability Assessment (RVA), System Architecture Review (SAR) and System Security Engineering (SSE).

Federal agencies use large complex network and data systems to maintain and manage varying types of data and information, including HVAs that hold sensitive information critical to national and economic security. As a result, GSA ITC is proposing to restructure the HACS SINs, 132-45 (A-D), into a single HACS SIN, 132-45, with sub-categories of cybersecurity services.

The full set of HACS SIN services includes:

  • High Value Asset Assessments
  • Risk and Vulnerability Assessment (RVA)
  • Incident Response
  • Penetration Testing
  • Cyber Hunt

The four current HACS SINs will be deleted from the solicitation and added as subcategories under the new HACS SIN 132-45. The restructuring falls in line with the initiatives outlined in the IT Modernization Report, the Cybersecurity National Action Plan (CNAP) and Cybersecurity Implementation Plan (CSIP) for Federal Civilian Government (OMB Memo M-17-09).

Register for a virtual webinar scheduled for Monday November 19th at 10:00am EST

Attached are related documents for download:

132-45 HACS SIN Terms & Conditions FAQ Document
Proposed HACS SIN Description
Combined Solicitation Refresh Document for ICAM, Mobility, and HACS SIN Rewrites

November 19, 2018 HACS Webinar Slide Deck

DISCLAIMER: GSA FAS is posting this notification of a planned solicitation refresh or mass modification as a courtesy to industry. All comments on the attached DRAFT document should be submitted in the “Comments” section below within ten (10) business days of this posting. GSA FAS will consider all relevant comments and may make changes to the DRAFT as appropriate, but will not issue a formal response to industry comments or related inquiries. Interested parties should review the final version of the solicitation refresh or mass modification closely for additional changes made to this DRAFT.


Views: 10632