Government Contracts Monitor

Short Take: GSA Expands Cybersecurity Opportunities under Schedule 70

August 30, 2016

The General Services Administration (GSA), a central procurement source available for all federal agencies, has released a draft solicitation for four new Special Item Numbers (SINs) for Highly Adaptive Cybersecurity Services (HACS). The new HACS SINs will be available under GSA’s Schedule 70 Indefinite Delivery/Indefinite Quantity (ID/IQ) contract, which covers IT services. Federal agencies can begin awarding task orders under these SINs on October 1.

GSA released the solicitation on August 17, 2016 in response to President Obama’s Cybersecurity National Action Plan, released in February. That plan mandated the GSA to create contract vehicles to allow federal agencies to procure cybersecurity services. This approach is aimed at allowing agencies to procure these services much more quickly as task orders, instead of stand-alone contracts, which typically have a longer acquisition cycle.

The new HACS SINs are for Penetration Testing (132-45A), Incident Response (132-45B), Cyber Hunt (132-45C), and Risk and Vulnerability Assessment (132-45D). Vendors currently on Schedule 70 for HACS will be required to shift their products to the appropriate SINs before October 1. The new SINs will allow agencies to procure services with more specificity and will also allow vendors to describe their services more thoroughly, rather than being only able to state that they provide “cybersecurity services.”

The solicitation is the result of months of preparation, partnership and coordination between GSA and other agencies to identify their specific cybersecurity service needs and determine how best to meet those needs. Key inputs on the solicitation were provided by the Departments of Defense and Homeland Security.

GSA plans to publish the final SIN and begin onboarding vendors in September. The agency will also release another SIN, for cybersecurity and information assurance (CyberIA), in the coming months. The focus of this SIN will be cyber tools, such as firewalls and antivirus protection, instead of services, in the hope that agencies can acquire necessary tools to combat the burgeoning threat of cyber-attacks.