Have you been hacked yet? Has your personal information been exposed by foreign hackers? Worried this year’s election results might be tampered with foreign cyber attacks? Well, you are not the only one worried about future cyber attacks. The U.S. Government is worried too, and to combat that, the General Services Administration (GSA) will release four Cybersecurity Special Item Numbers (SINs) for its GSA Schedule 70 for Information Technology procurement.
A refresh of the Schedule 70 solicitation is expected to be released in September that will include these new Cybersecurity SINs. GSA is referring to these new SINs as Highly Adaptive Cybersecurity Services (HACS) SINs. The HACS SINs were mandated by the Obama Administration’s Cybersecurity National Action Plan. This is no small initiative, but rather a plan to invest $19 billion in an attempt to ensure “Americans have the security tools to protect their identities online, that companies can protect and defend their operations and information from hackers, and that the U.S. Government protects the private information citizens provide for federal benefits and services” (Source).
The HACS SINs will be divided into four distinct SINs:
- Penetration Testing under SIN 132-45A
- Incident Response under SIN 132-45B
- Cyber Hunt under SIN 132-45C
- Risk and Vulnerability Assessment under SIN 132-45D
The vetting process for vendors will be the most thorough and detailed of any SIN on Schedule 70. While vendors will have requirements similar to those for services SINs such as SIN 132-51, the HACS SINs will also require vendors to pass an oral technical evaluation. These oral technical evaluations will be scenario-based in an attempt by GSA to ascertain the knowledge level of the prospective vendor. Vendors will be given a pass/fail grade after an undetermined time (target is seven days) from the completion of the oral evaluation. Vendors who are not able to pass this oral evaluation will not be allowed to submit an offer or modification for any HACS SIN for at least six months from the date of their previous evaluation. Oral evaluations will be conducted virtually and each SIN will have its own scenario that vendors will have to address and complete. GSA will allow up to five key personnel to attend these oral evaluations from the vendor, but no recording devices of any kind will be allowed during the evaluation. These evaluations could take anywhere between forty minutes to three hours by GSA’s estimates, depending on how many HACS SINs the vendor is proposing in their offer/modification.
There will be no limit to the number of awardees of the HACS SINs, but GSA is targeting to have an initial fifteen vendors awarded once the HACS SINs are officially rolled out. The turnaround time for GSA will be dependent on the number of vendors who propose the HACS SINs, but GSA is creating a dedicated tiger team to evaluate new offers and modifications that include the HACS SINs. GSA’s target for evaluation is seven days for modifications and forty five days for new offers.
While there is still more to be revealed about these new HACS SINs, it is clear GSA is making a concerted effort to put these new SINs at the top of their priority list. If you want to be in the front of the line to get these new SINs awarded on your contract, be sure to check the GSA Interact site and submit your modifications/offers through the eMod/eOffer site.
About the Author
Michael Glazer focuses primarily on GSA/VA Schedule consulting. He regularly assists clients in all aspects of FSS contract management including contract negotiations, modifications, IFF reporting, subcontracting plans and reporting, IOA assessments, and other contract compliance issues. Michael also provides experience with GSA Alliant 1 & 2, ITES 3H and 3S, CIO-CS and SP3, and other large IDIQ contracts on an as needed basis to clients.