DVS has been awarded the Highly Adaptive Cybersecurity Services (HACS) Special Item Number (SIN) under the General Services Administration (GSA) Schedule 70 Information Technology (IT) contract.
GSA developed IT Schedule 70’s HACS SIN 132-45 in collaboration with the Department of Homeland Security (DHS) and the Office of Management and Budget (OMB) to make it easier for agencies to procure quality cybersecurity services.
HACS provide agencies quicker access to key support services from technically evaluated vendors that will:
- Expand agencies’ capacity to test their high-priority IT systems
- Rapidly address potential vulnerabilities
- Stop adversaries before they impact U.S. government networks
DVS has been approved for all five (5) subcategories under the HACS SIN, including:
- High Value Asset Assessments: include Risk and Vulnerability Assessments (RVA), Security Architecture Review (SAR), and Systems Security Engineering (SSE).
- Risk and Vulnerability Assessment: assesses threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations. The services offered in the RVA sub-category include Network Mapping, Vulnerability Scanning, Phishing Assessment, Wireless Assessment, Web Application Assessment, Operating System Security Assessment (OSSA), Database Assessment, and Penetration Testing.
- Cyber Hunt: activities respond to crises or urgent situations within the pertinent domain to mitigate immediate and potential threats. Cyber Hunts start with the premise that threat actors known to target some organizations in a specific industry or with specific systems are likely to also target other organizations in the same industry or with the same systems.
- Incident Response: services help organizations impacted by a cybersecurity compromise determine the extent of the incident, remove the adversary from their systems, and restore their networks to a more secure state.
- Penetration Testing: is security testing in which assessors mimic real-world attacks to identify methods for circumventing the security features of an application, system, or network.
The HACS SIN offers:
- Access to a pool of technically evaluated cybersecurity vendors: The SINs will allow federal agencies to easily identify high-quality cybersecurity vendors vetted against rigorous standards.
- Rapid ordering and deployment of services: Agencies can rapidly deploy needed cybersecurity services using IT Schedule 70’s streamlined ordering procedures that reduce agency procurement lead times by 25-50 percent as compared to open market ordering, which is less efficient and can carry additional risks.
- Reduction in open market ordering and contract duplication
- Cybersecurity/acquisition support resources from GSA:
- Cybersecurity and acquisition subject matter experts will be available to advise federal agencies on procurements under the HACS SINs.
- A quick-start ordering guide will be available to help federal cybersecurity and procurement officials rapidly procure services from the HACS SINs.
- Sample acquisition documents, including sample statements of work, will be available on the acquisition gateway and the GSA cybersecurity website.
Link to GSA IT Schedule 70 HACS SINs Site: https://www.gsa.gov/technology/technology-products-services/it-security/highly-adaptive-cybersecurity-services-hacs