GSA IT Schedule 70 HACS SINs
During today’s GSAs Interact Webinar for the new stand-alone Highly Adaptive Cybersecurity Services (HACS) SIN 132-45, plans were discussed with industry detailing best practices for the upcoming Schedule 70 Solicitation Refresh. With this upcoming refresh, currents SINs 132-45A, 132-45B, 132-45C, & 132-45D will be deleted in their entirety and reclassified as a subcategory under SIN 132-45. Along with this new structure, GSA discussed a new “fifth” subcategory and what to do as a current and prospective HACS vendor.
5 Subcategories
- 132-45A – Penetration Testing
- 132-45B – Incident response
- 132-45C – Cyber Hunt
- 132-45D – Risk and Vulnerability Assessments (RVA)
- High Value Assets (HVA) Assessments (New Subcategory)
With the migration of the HACS SINs to subcategories, GSA will be adding a fifth subcategory (not previously available on GSA). The new subcategory, High Value Asset Assessments, encompasses a company’s ability to provide Security Architecture Review (SAR) and Systems Security Engineering (SSE). If you believe you qualify for this new subcategory, GSA has identified two group: Vendors with all Currents HACS SINS and Vendors with one or three HACS SINs.
For vendors with all current HACS SINs (132-45A thru D), GSA is accepting a “Service Self-Attestation” acknowledging the company’s capability to perform these services. GSA will be providing a template of the attestation so if you are a vendor with all current HACS SINs, be on the lookout for the template to be released in the solicitation refresh documents. You will have to submit the request through eMod (after the refresh and bilateral modification has been accepted) but the entire mod evaluation process will not be necessary. For vendors with only a few of the HACS SINs, the Service Self-Attestation will not be accepted. Those vendors will be required to go through the evaluation process including the Oral Technical evaluation to add each additional subcategory.
Modification Process:
As of now, GSA has recommended that all mods be postponed until these changes have been implemented, however, GSA is still accepting and processing modifications based on the current solicitation. GSA has not established a cutoff date but as the refresh nears, GSA will be closing the window for accepting mods based on the current solicitation. So, if you have already submitted a mod or have been working on a mod to add the HACS SINs, be sure to work with your contracting officer to process the mod in a timely manner. BE RESPONSIVE to any clarifications to ensure the mod is awarded prior to the refresh.
What This Migration Does In Ebuy:
With the migration of all the HACS SINs under one SIN, vendors previously not able to see SIN specific RFQ’s will now be able to see all available opportunities under 132-45. However, if you are vendor with only a few subcategories, you still may not be eligible to submit a bid. Agencies will now have the responsibility of clearly stating the subcategory(ies) they are looking to compete. You can help those agencies understand these new changes by providing responses during the “Request for Information (RFI)” stage to ensure your subcategory is identified in the Scope of Work.
When To Expect These Changes:
GSA has a tentative release date of Winter 2018-2019.
Additional Resources
Visit GSA Interact for the Presentation and Draft documents: GSA IT Schedule 70 Program to Incorporate Highly Adaptive Cybersecurity Services (SIN 132-45)
If your company offers cybersecurity and is impacted by this update, contact Coley to help with your modification. You can reach us directly at 210-402-6766 or hello@coleygsa.com.
Ramiro is a Certified Federal Contracts Manager (CFCM) and as a Senior Consultant with Coley GCS, LLC, a Government Contracts Consulting, Coaching and Training company. Ramiro has over 10 years’ experience helping companies succeed with their GSA schedules.