Contact Vets GSA for more information if you are either an existing vendor or want to get on schedule:
The General Services Administration (GSA) is considering a new Special Item Number (SIN) under IT Schedule 70 specifically for Highly Adaptive Cybersecurity Services (HACS). The purpose of this change would be to:
- Improve the way that GSA offers Cybersecurity services through IT Schedule 70,
- Increase visibility and improve access to Cybersecurity services offerings; and
- Provide industry partners the opportunity to differentiate their Cybersecurity services from other IT related services.
This effort would support initiatives to improve customer procurement of Cybersecurity services and enable agencies to take full advantage of Cybersecurity services benefits to maximize capacity utilization, improve IT flexibility and responsiveness, and minimize cost.
This RFI is meant to achieve two goals:
- Gain feedback from industry and any other relevant stakeholders on the proposed SIN; and
- Better understand how industry partners are selling Cybersecurity services today on IT Schedule 70.
The benefits of the proposed SIN would be:
- Realignment of IT Schedule 70 Cybersecurity services to reflect the market and customer needs;
- Consolidation of Cybersecurity services for ease of customer discovery and access, to support market research and acquisition planning;
- An avenue for IT Schedule 70 industry partners to more easily differentiate Cybersecurity services from other IT offerings;
- Improved Cybersecurity services sales reporting and visibility for IT Schedule 70; and
- Added value to GSA’s customers – GSA provides a high-level-vetting of what technologies and industry partners are available through the HACS SIN.
GSA believes the Cybersecurity services market is sufficiently mature for this SIN to attract both industry partners and government buyers.
Proposed SIN Scope descriptions for HACS
The SIN consists of Highly Adaptive Cybersecurity Services (HACS) that are categorized as Proactive Services, Reactive Services, and Remediation Services. The Proactive Services includes Network Mapping, Vulnerability Scanning, Penetration Test, Phishing Assessment, Wireless Assessment, Web Applicant Assessment, Operation System Security Assessment (OSSA), Database Assessment, and Proactive Hunt. Reactive Services encompasses Incident Responses and Reactive Hunt for security purposes. Remediation Services to include Security Engineering Services including Post-incident or Post-assessment Remediation to be able to support to agencies in implementing NIST Special Publication 800-160 “Systems Security Engineering, An Integrated Approach to Building Trustworthy Resilient Systems” to identify and address system security deficiencies across an agency’s IT enterprise.
- The Network Mapping service activity consists of identifying assets on an agreed upon IP address space or network range(s).
- The Vulnerability Scan service comprehensively identifies IT vulnerabilities associated with agency systems that are potentially exploitable by attackers.
- Penetration Testing consists of evaluating the security of the agency’s IT assets by attempting to gain access to the computer system contrary to intended technical controls, application, or network.
- The Phishing Assessment includes activities to evaluate the level of awareness of the agency workforce with regard to attempts to acquire sensitive information in an unauthorized manner. Phishing assessments can include scanning, testing, or both, and can be conducted as a one- time event or as part of a larger campaign to be conducted over several months.
- The Wireless Assessment can include wireless access point (WAP) detection, penetration testing, or both and is performed while onsite at an agency’s facility.
Web Application Assessment
- The Web Application Assessment can include scanning, testing, or both of outward facing web applications.
Operating System Security Assessment (OSSA)
- The Operating System Security Assessment (OSSA) service assesses the configuration of select host operating systems (OS) against standardized configuration baselines.
- The Database Assessment assesses the configuration of selected databases against configuration baselines in order to identify potential misconfigurations and/or database vulnerabilities.
- “Proactive” adversary hunt activities are intended to identify the presence of a previously unknown adversary or compromise on a target system or network. Hunt activities start with the premise that threat actors known to target some organizations in a specific industry, or specific systems, are likely to also target other organizations in the same industry or with the same systems. Hunt activities apply known, or discover new, Indicators of Compromise (IOCs) and Techniques, Tactics and Procedures (TTPs) used by threat actors and focus their attention on disruption or removal of specific adversaries when identified.
- Incident Response Services help organizations impacted by a cybersecurity compromise determine the extent of the incident, remove the adversary from their systems, and restore their networks to a more secure state.
- “Reactive” Hunt missions provide the same general capability as Proactive Hunt, but use information and threat intelligence specifically focused on the proximate incident to identify undiscovered attacks.
Security Engineering Services including Post-incident or Post-assessment Remediation
- Remediation Services provide agencies with technical assistance in implementing necessary security controls, system updates, or architectural improvements to address the findings of a proactive assessment or resolve vulnerabilities identified by a cybersecurity compromise. In addition, this capability would provide support to agencies in implementing NIST Special Publication 800-160 “Systems Security Engineering, An Integrated Approach to Building Trustworthy Resilient Systems” to identify and address system security deficiencies across an agency’s IT enterprise.