The General Services Administration (GSA) recently expanded its cybersecurity service offerings for federal, state, and local governments. Specifically, GSA worked in collaboration with the Department of Homeland Security and the Office of Management and Budget to develop IT Schedule 70’s Highly Adaptive Cybersecurity Services (HACS) Special Item Number (SIN) 132-45 to make it easier for agencies to procure quality cybersecurity services.

HACS SIN 132-45 on IT Schedule 70 is intended to provide agencies quicker access to support services from technically evaluated cybersecurity vendors, which will expand agencies’ capacity to test their high-priority IT systems, enable agencies to address potential vulnerabilities rapidly, and stop adversaries before agency networks are impacted. To do so, HACS SIN 132-45 includes proactive and reactive cybersecurity services, including Risk and Vulnerability Assessments, Security Architecture Review, and Systems Security Engineering. HACS SIN 132-45 also includes assessment services for systems categorized as High Value Assets. Additionally, the scope of the SIN includes services for the Risk Management Framework (RMF) and Security Operations Center (SOC) services:
 

  • The seven-step RMF includes preparation; information security categorization; control selection; implementation; assessment; system and common control authorizations; and continuous monitoring. RMF activities may also include Information Security Continuous Monitoring Assessment (ISCMA) that evaluate organization-wide ISCM implementations and Federal Incident Response Evaluations, which assess an organization’s incident management functions.
 
  • SOC services include services such as continuous (24 hours a day, 7 days a week, 365 days a year) monitoring and analysis, traffic analysis, incident response and coordination, penetration testing, anti-virus management, intrusion detection and prevention, and information sharing.
Vendors are organized into five subcategories under HACS SIN 132-45—High Value Asset Assessments, Risk and Vulnerability Assessment, Cyber Hunt, Incident Response, and Penetration Testing—and all vendors listed under each subcategory have passed a technical evaluation for that specific subcategory. Agencies can make purchases through GSA Advantage!® or eBuy system by issuing a Request for Quote (RFQ) against SIN 132-45 and allowing HACS vendors to respond to their requirements.

GSA’s expanded cybersecurity service offerings seem to further evince the integral and growing role that cybersecurity and data privacy requirements play for federal contractors, and as noted by my colleague, Jon Williams, in our first-quarter Legal Advisor Newsletter, cybersecurity awareness and preparedness are critical. The importance of cybersecurity has been demonstrated in both defense and civilian agencies, and President Trump reportedly requested $17.4 billion for cybersecurity at defense and civilian agencies for fiscal year 2020, a 5% increase from the projected $16.6 billion in fiscal year 2019 agency spending. In light of these recent developments, PilieroMazza is hosting an event titled “Gaining a Competitive Edge through Cyber, Data, and Personnel Security” on June 5th in Tyson’s Corner, VA. The event will consist of an expert panel of government officials and representatives from large prime contractors and small businesses. We aim to provide attendees a sense of how cybersecurity is impacting award decisions and teaming for federal contracts, as well as action items for protecting data rights, cybersecurity in mergers and acquisitions, and developing or improving your company’s insider threat program.

In addition to several members of the PilieroMazza team, the expert panel will include: Jerry Howe, General Counsel for Leidos; Mark Drever, President and CEO of Xceleerate Solutions; Philip McMann, Partner at Aronson Capital Partners; Tim Brennan, CEO of SysArc, Inc.

For more information and to register for the event, please click here.

With cybersecurity concerns here to stay and requirements set to increase, please let us know if you have any questions about GSA’s expanded service offerings or other ways in which PilieroMazza’s new Cybersecurity and Data Privacy Practice can assist you.

About the Author: Emily Rouleau is an associate with PilieroMazza. She may be reached at erouleau@pilieromazza.com.