Winvale Blog

IT-70 Prepares For a New Addition With the Creation of a Cyber Security SIN

Written by Meghan Gallagher | Jul 20, 2016 1:00:00 PM

As new needs and challenges arise, the General Services Administration (GSA) considers adding new Special Item Numbers (SIN) to preexisting Schedules before creating new ones. We’ve seen this most recently with the addition of a new Schedule 70 Health IT SIN, and will be seeing it again shortly as the government works towards releasing the Highly Adaptable Cybersecurity Services (HACS) SIN to the IT-70 schedule beginning September 12, 2016.

Schedule 70 is one of the largest, and arguably one of the most successful, GSA schedules available. It’s also the source for more than $16 billion in IT purchases annually for federal, state and local customers.

This number is expected to grow with the addition of the HACS SIN. We expect some preexisting schedule holders to add new items to their schedule relating to the SIN and for new organizations to actively pursue an IT-70 schedule just to work under the cyber security SIN.

A History of HACS

As we take a look back at the path that led to the development of HACS, it’s very clear that everything began with President Obama directing his Administration to implement a cyber security national action plan (CNAP).

Within CNAP, GSA and the Homeland Security Department were directed to set up contracts for incident response and penetration/hunt services. GSA, with the help of the Office of Management and Budget (OMB), worked to research contract vehicle options available to help fill the void for cyber security related needs.

Instead of creating a new Schedule they determined that the cyber security market would fall nicely under IT-70 within its own SIN.

How CNAP will Make a Difference

The goal of this new SIN is to support CNAP and it will do so by covering two major areas concerning the cyber security market, proactive and reactive services.

Some examples of a proactive service include:

  • Network mapping
  • Vulnerability scanning
  • Penetration testing
  • Web application assessments
  • Database assessments

Examples of reactive services include:

  • Incident response
  • Remediation services

There is no doubt that this SIN will provide a space for the much needed cyber security market to thrive. Contractors and buyers alike will want to follow the progress of this sin and prepare for its release.

Those wishing to learn more about the SIN before its expected release date of September 12, 2016 will be able to find additional information posted mid-August on GSA Interact.

To have any questions answered, contact a member of our team today.