This blog post is part of a seven-part series reviewing the Acquisition Gateway and IT Category data, trends, expertise, and advocacy that GSA’s Office of Information Technology Category (ITC) organization offers to support other agencies’ missions.
(Note: This blog is authored by Shon Lyublanovits, IT Security Subcategory Manager and Director of the Security Services Division for ITC, in GSA’s Federal Acquisition Service. In this capacity, she oversees activities and challenges of infusing Ccbersecurity into contract acquisitions.)
In October 2016, we announced that we were able to complete the first phase of the oral technical evaluations and expedite the modification/award processes to get 15 vendors on the new IT Schedule 70’s “Highly Adaptive Cybersecurity Services (HACS)” Special Item Numbers (SINs).
I am happy to report that we have launched the four new HACS SINs that feature high-quality cybersecurity vendors offering federal, state, and local governments the following services:
- 132-45A: Penetration Testing – security testing in which assessors mimic real-world attacks to identify methods for circumventing the security features of an application, system, or network.
- 132-45B: Incident Response – services help organizations impacted by a cybersecurity compromise determine the extent of the incident, remove the adversary from their systems, and restore their networks to a more secure state.
- 132-45C: Cyber Hunt – responds to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats. Cyber Hunt activities start with the premise that threat actors known to target some organizations in a specific industry, or specific systems, are likely to also target other organizations in the same industry or with the same systems.
- 132-45D: Risk and Vulnerability Assessment – conduct assessments of threats and vulnerabilities; determines deviations from acceptable configurations, enterprise, or local policy; assesses the level of risk; and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.
While the HACS SINs will allow agencies quicker and more reliable access to key pre-vetted support services that will expand agencies’ capacity to test their high-priority IT systems, rapidly address potential vulnerabilities, and stop adversaries before they impact our networks, we will continually look for more options to enhance these services and integrate with the national security community to ensure we have top-notch expertise in cybersecurity.
Ongoing Enhancement to HACS SINs
When we established the SINs in September 2016, we focused on providing the necessary tools to strengthen government agencies’ network and digital defenses against cyber attacks. Likewise, we’ll continue to evaluate and add more vendors to make these offerings even more robust. Altogether, we have evaluated and added 34 vendors to these SINs.
And eventually, all current IT Schedule 70 vendors that offer cybersecurity services will be required to migrate to the new HACS SINs. This, of course, will also provide a way for our industry partners to more easily differentiate these specific cybersecurity services from other IT offerings.
Strength through Inter-Agency Partnerships
We realize that in order to maximize success to guard against cyber attacks, we must create trusted partnerships with the national security community to ensure the rapid delivery of emerging technology to meet government cybersecurity needs.
- First, we have increased communications and collaboration with Department of Homeland Security, Department of Defense, and the intelligence community (e.g., National Security Agency, Office of the Director of National Intelligence, etc.), in order to better structure, develop, and implement cybersecurity-related policy and guidance.
- Second, we continually provide information regarding cybersecurity and feedback through the IT Security Hallway on Acquisition Gateway, and on other web-based platforms – both secure and open domain.
- Lastly, on an ongoing basis, we proactively engage government agencies and industry partners to expand the utilization of the new HACS SINs.
For more information, please contact the following:
- HACS SINs – HACS Program Management Office at HACS@gsa.gov.
- Cybersecurity – IT Security team at firstname.lastname@example.org.
- How to use the SINs to purchase cybersecurity services – HACS web page.
We look forward to hearing from you!