Citing the expanding role of cybersecurity in safeguarding federal networks, the General Services Administration said late Wednesday that it is consolidating its cybersecurity services contract vehicles and providing more features.
GSA currently provides cybersecurity tools across four Highly Adaptive Cybersecurity Services (HACS) Special Item Numbers, or SINs. These SINs allow agencies to buy services like penetration testing, incidence response, cyber hunting, and risk and vulnerability assessment.
But with more emphasis placed on data and infrastructure protection, GSA wants to condense the four HACS SINs into a single offering to broadly provide more services.
“Federal agencies use large complex network and data systems to maintain and manage varying types of data and information, including [high-value assets] that hold sensitive information critical to national and economic security,” officials from GSA’s Office of Information Technology Category said in a Wednesday post on the agency’s Interact page. “As a result, GSA ITC is proposing to restructure the HACS SINs, 132-45 (A-D), into a single HACS SIN, 132-45, with sub-categories of cybersecurity services.”
The combined contract will continue to provide the original HACS services, plus high value asset (HVA) assessment services. Those HVA assessment services will include offerings like network mapping, vulnerability scanning, phishing assessment, wireless assessment, web application assessment, operating system security assessment (OSSA), database assessment, penetration testing, security architecture review and systems security engineering.
The HACS SINs debuted in 2016 as part of the then-Obama administration’s Cybersecurity National Action Plan to make it easier for agencies to procure those services through vehicles on GSA’s IT Schedule 70.
GSA officials noted that the cybersecurity needs of the federal government have shifted in the past two years and that the HACS consolidation falls in line with several White House initiatives centered on increasing the government’s cyber posture, like last year’s IT Modernization Report and the recent White House cybersecurity strategy.
GSA had been looking for a way to freshen up the HACS SINs as far back as spring, when it asked for industry input in a May request for information on how to make the service vehicles more modern.
The current HACS SINs will be deleted from any solicitation and incorporated into SIN 132-45 as subcategories. GSA will hold an informational webinar on the consolidation Nov. 19.