The General Services Administration (GSA), an autonomous agency of the United States government declared earlier this week that the GSA Federal Acquisition Service Office of Information Technology Category (GSA FAS ITC), IT Schedule 70 program is restructuring its Highly Adaptive Cybersecurity Services Special Item Numbers (HACS SINs).
Two years back, in 2016, GSA FAS ITC introduced four Highly Adaptive Cybersecurity Services Special Item Numbers, 132-45A: Penetration Testing, 132-45B: Incident Response, 132-45C: Cyber Hunt, and 132-45D: Risk and Vulnerability Assessment. GSA said that those were aimed to provide agencies with immediate access to key support services. However, since the initial formulation of the HACS SINs in 2016, the Cybersecurity field has evolved multiple new facets of services. The agency described in their announcement this week that in partnership with Office of Management and Budget (OPM) and the Department of Homeland Security (DHS), GSA has classified numerous key areas that need to be included in the HACS offerings such as High Value Assets’ (HVA’s) Assessments that include Risk and Vulnerability Assessment (RVA), System Security Engineering (SSE), and System Architecture Review (SAR).
Following the new plan, GSA will restructure the HACS SINs into a single HACS SIN 132-45 with subcategories of cyber services. GSA pointed out that the full set of HACS SIN services includes High-Value Asset Assessments; Incident Response; Risk and Vulnerability Assessment (RVA); and Cyber Hunt. However, the current HACS SINs will be withdrawn from solicitation and added as subcategories under the new HACS SIN 132-45. Additionally, GSA will conduct a webinar on Nov. 19 to discuss the restructuring plan.