GSA Schedule 70 is now called "Large Category F" per Mass Mod #A812 released on February 5 - 6, 2020.
It's 2020 and cybersecurity has been a growing part of the government sector for decades now. Since 2016, GSA has introduced four SINs offering cyber security services. By 2018, the four SINs were merged into one SIN with subcategories. In order to offer SIN 54151HACS, you must go through an evaluation process initiated by GSA. This is what the evaluation process entails:
Beginning of the Technical Oral Evaluation Process
After you submit your proposal or contract modification, you will be contacted by your contracting officer to begin the process for the Highly Adaptive Cybersecurity Services (HACS) Technical Oral Evaluation. Someone from the Federal Acquisition Service’s Office of Information Technology Services will contact you to schedule the evaluation and verify the subcategories your company will offer for your schedule contract.
The HACS SIN consists of 5 subcategories:
- High Value Asset Assessments (primary)
- Risk and Vulnerability Assessments (primary)
- Penetration Testing (primary)
- Incident Response
- Cyber Hunt
For the Technical Oral Evaluation, you are permitted to assemble a team of representatives that can consist of a maximum of 5 individuals. All members of your team will be required to review and sign a Non-Disclosure Agreement (NDA) prior to the start of your evaluation session.
Before the exam you will be asked three simple Pre-Evaluation questions:
- Which cybersecurity services do you offer?
- How quickly can you deploy resources for an engagement?
- Do you have resources to deploy nationwide?
After these questions, your evaluation will start
Here are 4 topics you are likely to be asked regarding the HACS SIN:
- What activities do you carry out during the pre-engagement, testing/assessment, and post-engagement phases?
- Provide a background of your organization’s High Value Asset Assessments/ Penetration Testing (PT)/Incident Response (IR)/Cyber Hunt (CH)/Risk and Vulnerability Assessment (RVA) capabilities.
- Give a scenario when you perform High Value Asset Assessments/Penetration Testing/Incident Response/Cyber Hunt/Hypothesis Generation/Risk and Vulnerability Assessments and some of your previous experience with it in the past 2 years.
- What are the specific processes and methods used to conduct: reconnaissance/preparation/risk and vulnerability assessments testing activities?
Quick Tips For A Successful Technical Oral Evaluation
Sell yourself, brag about your company! Treat this evaluation as an interview and not an exam.
Incorporate as much prior experience as possible into each question – not just when they ask for it. Give an answer then back that answer up with a past performance example your company has dealt with.
Most sources recommend taking thorough notes during the evaluation. You ARE allowed to take notes during the evaluation, but you are not allowed to take any of those notes out of the evaluation room. The only notes allowed to leave the room are those taken by the evaluators, and these notes are incorporated into your, the vendor’s contract file, and incorporated into the GSA Pre-Negotiation Memorandum (PNM). Evaluator notes although important, are never seen by any potential agencies looking to buy services around the cyber SINs, and therefore won’t play a part in an agencies choice on which vendor to select for a contract.
Currently there are only 152 contractors actually approved and on the SIN, so the time to get on is now. If you have any questions regarding either the SIN 54151HACS or a Large Category F contract, don’t hesitate to contact us at Winvale with any questions or concerns.
