Welcome Login

You are here

GSA IT Schedule 70 to Incorporate Highly Adaptive Cybersecurity Services SIN(s)


In support of the President’s Cybersecurity National Action Plan (CNAP), the General Services Administration’s (GSA) IT Schedule 70 intends to establish four (4) new Highly Adaptive Cybersecurity Services (HACS) Special Item Numbers (SINs). The HACS SINs will better enable  GSA to provide agencies quick, reliable access to key services before, during, and after cyber threats occur.

The new SINs, entitled “Highly Adaptive Cybersecurity Services” (HACS), will be available for federal agencies to begin purchasing cybersecurity services, starting October 1, 2016.

The SINs will feature high quality cybersecurity vendors offering federal agencies the following services:


Suite of Service Offerings

132- 45A

Penetration Testing

132- 45B

Incident Response

132- 45C

Cyber Hunt

132- 45D

Risk and Vulnerability Assessment (RVA)

Impact to Industry Partners


  • GSA will be requiring that all current IT Schedule 70 vendors that offer services within the scope of the HACS SINs migrate those services to the HACS SINs.


GSA will host a public webinar to provide interested parties an opportunity to learn about the planned changes and ask related questions.  Webinars will be in a listen-only format with the ability for participants to type questions via an online chat function at the end of the presentation.  Information for the scheduled webinar is provided below:

SIN Timeline



SIN Milestones


Request For Information (RFI) published to get vendor feedback.


Held industry day in Washington, D.C.


Held industry day in San Francisco, CA.


Draft solicitation is published on GSA Interact


HACS SINs are established and vendor evaluations begin.


Summary of Planned Changes


Below is a high-level description of significant changes planned for the upcoming refresh identified above. The full text for any new or updated clauses and provisions not currently available in the FAR or GSAM is provided at the end of this document.



Title Clause/Provision

New Language



Factor Four – Relevant Project Experience: The Offeror must submit a narrative demonstrating relevant project experience. A narrative is required for each proposed total solution or service SIN, (this includes, but is not limited to, SIN 132-51 -Information Technology Professional Services, SIN 132-45A Penetration Testing, SIN 132-45B Incident Response, SIN 132-45C Cyber Hunt, SIN 132-45D Risk and Vulnerability Assessment, SIN 132-56 – Health Information Technology Services and SIN 132-60f - Identity and Access Management Professional Services).



Factor 5 - ORAL TECHNICAL EVALUATION: Offerors proposing services under SIN 132-45A Penetration Testing, SIN 132-45B Incident Response, SIN 132-45C Cyber Hunt, SIN 132-45D Risk and Vulnerability Assessment shall participate in an oral technical evaluation that will be conducted by a Technical Evaluation Board (TEB). The oral technical evaluation will be held at the unclassified level and will be scheduled by the TEB. The oral technical evaluation will be used to assess the offeror’s capability to successfully perform the services within the scope of each SIN as set forth in this solicitation.




132 51 --- Information Technology Professional Services - SUBJECT TO COOPERATIVE PURCHASING

Includes resources and facilities management, database planning and design, systems analysis and design, network services, programming, conversion and implementation support, network services project management, data/records management, and other services relevant to 29CFR541.400.

Excludes professional services within the scope of SIN 132-45A Penetration Testing, SIN 132-45B Incident Response, SIN 132-45C Cyber Hunt, SIN 132-45D Risk and Vulnerability Assessment (RVA) Services.



Provide a description of the offeror’s experience in the professional information technology services offered under SIN 132-45A, SIN 132-45B, SIN 132-45C, SIN 132-45D, SIN 132-51 and/or SIN 132-60f. Describe three completed or on-going project(s), similar in size and complexity to the projects the offeror effort contemplates  competing for and performing at the task-order level, and in sufficient detail for the Government to perform an evaluation. For SIN 132-60f, two of the three projects described must be prior Federal Government application deployment projects for public-facing IT systems. Each completed example shall have been completed within the last two years. All examples of completed services shall have been found to be acceptable by the customer or client. If the offeror cannot provide three examples of past experience, they may provide additional documentation to substantiate project experience to be evaluated by the contracting officer.

Contact Information


For additional information, please review this post’s attachments.


  1. Draft Significant changes document (includes summary of clause changes)

  2. Fact Sheet

  3. SIN Descriptions

  4. Factor 5 Oral Evaluation Criteria

DISCLAIMER: GSA FAS is posting this notification of a planned solicitation refresh or mass modification as a courtesy to industry. All comments on the attached DRAFT document should be submitted in the “Comments” section below within ten (10) business days of this posting. Comments provided elsewhere or after 10 business days may not be considered. GSA FAS will consider all relevant comments and may make changes to the DRAFT as appropriate, but will not issue a formal response to industry comments or related inquiries. Interested parties should review the final version of the solicitation refresh or mass modification closely for additional changes made to this DRAFT.




Views: 17853



Thanks for the earlier response.  Can the five key personnel designated to field the questions be a different set of five per SIN?  Only five would be in the room at a given time and the individuals could change per SIN as required.”  


IT Schedule 70 ...

Contractors are permitted to bring a maximum of five key personnel who will field questions during the oral technical evaluation.


Please confirm contractors are permitted to have five key personnel attendees per SIN.

Are attendees permitted to bring presentation material, such as capability statements, to the Orals?

IT Schedule 70 ...
Contractors are permitted to bring a maximum of five key personnel who will field questions during the oral technical evaluation.
Contractors will not be allowed to make presentations. Evaluation times will only be used for contractors to respond to the questions posed by the evaluation panel. Evaluations will be conducted solely on the responses to questions from the panel and written material will not be considered.

Can you please let us know when the slides from yesterday's webinar will be posted?

Thank you.

IT Schedule 70 is the largest and most widely used acquisition vehicle in the federal government. Schedule 70 is an indefinite delivery indefinite... More
  • dmwestern
  • jacob.ohatnick
  • peggy.wright