Phone: (202) 296-5505 Email:

New Call-to-action

 Back to all posts

Schedule 70 Cyber SIN: 4 Topics You’ll Definitely Need to Cover for Your Technical Oral Evaluation Blog Feature
Viviana Vargas

By: Viviana Vargas on February 19th, 2020

Print/Save as PDF

Schedule 70 Cyber SIN: 4 Topics You’ll Definitely Need to Cover for Your Technical Oral Evaluation

GSA Schedule | Technology | 3 Min Read

GSA Schedule 70 is now called "Large Category F" per Mass Mod #A812 released on February 5 - 6, 2020.

It's 2020 and cybersecurity has been a growing part of the government sector for decades now. Since 2016, GSA has introduced four SINs offering cyber security services. By 2018, the four SINs were merged into one SIN with subcategories. In order to offer SIN 54151HACS, you must go through an evaluation process initiated by GSA. This is what the evaluation process entails:

Beginning of the Technical Oral Evaluation Process

After you submit your proposal or contract modification, you will be contacted by your contracting officer to begin the process for the Highly Adaptive Cybersecurity Services (HACS) Technical Oral Evaluation. Someone from the Federal Acquisition Service’s Office of Information Technology Services will contact you to schedule the evaluation and verify the subcategories your company will offer for your schedule contract.

The HACS SIN consists of 5 subcategories:

  • High Value Asset Assessments (primary)
  • Risk and Vulnerability Assessments (primary)
  • Penetration Testing (primary)
  • Incident Response
  • Cyber Hunt
The bases of the evaluation will cover 3 of the primary subcategories: High Value Asset Assessments, Risk and Vulnerability Assessments, and Penetration Testing. You will have a 1 hour and 40-minute time period for the base HACS subcategories. If you want to offer services for the additional subcategories (Incident Response and Cyber Hunt), an additional 10 minutes will be permitted for each subcategory selected.

For the Technical Oral Evaluation, you are permitted to assemble a team of representatives that can consist of a maximum of 5 individuals. All members of your team will be required to review and sign a Non-Disclosure Agreement (NDA) prior to the start of your evaluation session.

Before the exam you will be asked three simple Pre-Evaluation questions:

  • Which cybersecurity services do you offer?
  • How quickly can you deploy resources for an engagement?
  • Do you have resources to deploy nationwide?

After these questions, your evaluation will start

Here are 4 topics you are likely to be asked regarding the HACS SIN:

  1. What activities do you carry out during the pre-engagement, testing/assessment, and post-engagement phases?
  2. Provide a background of your organization’s High Value Asset Assessments/ Penetration Testing (PT)/Incident Response (IR)/Cyber Hunt (CH)/Risk and Vulnerability Assessment (RVA) capabilities.
  3. Give a scenario when you perform High Value Asset Assessments/Penetration Testing/Incident Response/Cyber Hunt/Hypothesis Generation/Risk and Vulnerability Assessments and some of your previous experience with it in the past 2 years.
  4. What are the specific processes and methods used to conduct: reconnaissance/preparation/risk and vulnerability assessments testing activities?

Quick Tips For A Successful Technical Oral Evaluation

Sell yourself, brag about your company! Treat this evaluation as an interview and not an exam.

Incorporate as much prior experience as possible into each question – not just when they ask for it. Give an answer then back that answer up with a past performance example your company has dealt with.

Most sources recommend taking thorough notes during the evaluation. You ARE allowed to take notes during the evaluation, but you are not allowed to take any of those notes out of the evaluation room. The only notes allowed to leave the room are those taken by the evaluators, and these notes are incorporated into your, the vendor’s contract file, and incorporated into the GSA Pre-Negotiation Memorandum (PNM). Evaluator notes although important, are never seen by any potential agencies looking to buy services around the cyber SINs, and therefore won’t play a part in an agencies choice on which vendor to select for a contract.

Currently there are only 152 contractors actually approved and on the SIN, so the time to get on is now. If you have any questions regarding either the SIN 54151HACS or a Large Category F contract, don’t hesitate to contact us at Winvale with any questions or concerns.

The Top 5 Mistakes of GSA Schedule Holders (And How to Avoid Them)


About Viviana Vargas

Viviana Vargas is a consultant for Winvale’s Government Contract Services Department. She is originally from Woodbridge, VA and graduated from James Madison University with Bachelor of Science degree in Public Policy and Administration.