The General Services Administration is sprinting to launch four new categories of specialized cybersecurity offerings for agency purchase Oct. 1 on the government’s largest IT services acquisition vehicle.
Named the IT Schedule 70 Highly Adaptive Cybersecurity Services special item numbers, the new categories will focus on cyber offerings in the areas of incident response, penetration testing, cyber hunt, and risk and vulnerability assessments. Under the new special item numbers, or SINs, agencies will gain greater insight into and can differentiate what cybersecurity services they’re buying from contractors.
“In support of the Administration’s [Cybersecurity National Action Plan] activities, these new SINs will provide government agencies with quicker and more reliable access to key, pre-vetted support services that will expand agencies’ capacity to test their high-priority IT systems, rapidly address potential vulnerabilities, and stop adversaries before they impact our networks,” GSA Administrator Denise Turner Roth said in a statement.
Vendors who offer cybersecurity products in the four areas are required to move from the main GSA IT Schedule 70 vehicle to the SINs.
With weeks still until the HACS launch, GSA is using the time until then as a “sprint” to get industry in the right place so agencies can begin buying the services they need right away, Mary Davie, assistant commissioner for GSA’s Office of Integrated Technology Services in the Federal Acquisition Service, said last week at a GSA tech industry day.
“The period in between here through September is us working with industry to get you qualified in any one or all four of those areas,” Davie told vendors. “And what we’re going to do in that approach…is we want to talk to you about it. It’s not going to be: Give us a proposal and we’ll see if you’re qualified.”
GSA has tried to be as transparent and communicative as possible with industry in the development of the SINs, she said. The agency published documentation on the categories Monday after months of engagement through webinars, requests for information and industry days. Vendors can now begin onboarding their corresponding products into the four SINs to begin selling them in October.
“This is so important to us. We really want to make sure we get this right. We want to make sure we get the right companies on this contract with the right services for agencies,” Davie said. “This is going to result in a dialogue between us and industry to get you qualified on the schedule and make sure we’re all aware of what agencies need.”
GSA is not working alone in this effort to provide agencies with better cybersecurity protections. The Department of Homeland Security will partner with GSA to vet the products and services offered on the SINs to make sure the government is receiving best-in-class cybersecurity for its money. Likewise, the Office of Management and Budget will continue its push to centralize federal IT buying to contracts like the HACS SINs.
“The Office of Management and Budget will work closely with agencies to encourage them to buy cybersecurity services through IT 70, and OMB will partner with GSA to provide new capabilities and add more vendors as these SINs evolve and grow more robust in their offerings,” U.S. CIO Tony Scott said in a statement.