Welcome Login

You are here

GSA IT Schedule 70 Program to Incorporate Highly Adaptive Cybersecurity Services (SIN 132-45)

NOTE:

All answers in response to questions received from the webinar held on November 19, 2018 and any other questions received on the modernization of the HACS SINs will be posted to this GSA Interact site no later than January 2019.  Additionally, please expect to see updates to the information provided during the webinar.  We will continue to monitor this site for additional questions that may be posted. 

______________________________________________________________________________________________________

In 2016, the General Services Administration (GSA) Federal Acquisition Service (FAS) Information Technology Category (ITC), IT Schedule 70 program launched four (4) Highly Adaptive Cybersecurity Services (HACS) Special Item Numbers (SINs) to provide agencies quicker access to key support services that expanded agencies’ capacity to test their high-priority IT systems, rapidly address potential vulnerabilities, and stop adversaries before they impact networks.

The current HACS SINs offer federal, state, and local governments the following services:

132-45A: Penetration Testing
132-45B: Incident Response
132-45C: Cyber Hunt
132-45D: Risk and Vulnerability Assessment (RVA)

Since the initial creation of the HACS SINs in 2016, the field of cybersecurity has evolved to include multiple new facets of services. In collaboration with Office of Management and Budget (OMB) and the Department of Homeland Security (DHS), GSA has identified several key areas that need to be included in the HACS offerings such as High Value Assets (HVA’s) Assessments to include: Risk and Vulnerability Assessment (RVA), System Architecture Review (SAR) and System Security Engineering (SSE).

Federal agencies use large complex network and data systems to maintain and manage varying types of data and information, including HVAs that hold sensitive information critical to national and economic security. As a result, GSA ITC is proposing to restructure the HACS SINs, 132-45 (A-D), into a single HACS SIN, 132-45, with sub-categories of cybersecurity services.

The full set of HACS SIN services includes:

  • High Value Asset Assessments
  • Risk and Vulnerability Assessment (RVA)
  • Incident Response
  • Penetration Testing
  • Cyber Hunt

The four current HACS SINs will be deleted from the solicitation and added as subcategories under the new HACS SIN 132-45. The restructuring falls in line with the initiatives outlined in the IT Modernization Report, the Cybersecurity National Action Plan (CNAP) and Cybersecurity Implementation Plan (CSIP) for Federal Civilian Government (OMB Memo M-17-09).

Register for a virtual webinar scheduled for Monday November 19th at 10:00am EST

Attached are related documents for download:

132-45 HACS SIN Terms & Conditions FAQ Document
Proposed HACS SIN Description
Combined Solicitation Refresh Document for ICAM, Mobility, and HACS SIN Rewrites

November 19, 2018 HACS Webinar Slide Deck

DISCLAIMER: GSA FAS is posting this notification of a planned solicitation refresh or mass modification as a courtesy to industry. All comments on the attached DRAFT document should be submitted in the “Comments” section below within ten (10) business days of this posting. GSA FAS will consider all relevant comments and may make changes to the DRAFT as appropriate, but will not issue a formal response to industry comments or related inquiries. Interested parties should review the final version of the solicitation refresh or mass modification closely for additional changes made to this DRAFT.

Upload
Files: 
Attachment TitleSizeType
PDF icon 132-45 HACS SIN - Terms & Conditions.pdf193.26 KBPDF
 
 
Attachment TitleSizeType
PDF icon HACS SIN 132-45 Webinar Slide Deck.pdf203.29 KBPDF
 
 
Share

Views: 1771

IT Schedule 70 is the largest and most widely used acquisition vehicle in the federal government. Schedule 70 is an indefinite delivery indefinite... More
  • PaulSnyder
  • Gavboyd
  • kerawilkins