9.4 GSA Resources

Highly Adaptive Cybersecurity Services (HACS) Special Item Numbers (SINs)

GSA, in collaboration with DHS and OMB, developed the Highly Adaptive Cybersecurity Services (HACS) Special Item Numbers (SINs) to make it easier for agencies to procure quality cybersecurity services. (GSA. IT Security: GSA's Highly Adaptive Cybersecurity Services (HACS) Special Item Number (SIN).) The program is designed to provide government organizations with access to cybersecurity vendors and to meet the IT security requirements outlined in OMB M-19-03, (OMB M-19-03. Strengthening the Cybersecurity of Federal Agencies by enhancing the High Value Asset Program. 12/10/2018.) M-17-12, (OMB M-17-12. Preparing for and Responding to a Breach of Personally Identifiable Information. 1/3/2017) and the CISO Handbook. (CIO Council. Guidance for Chief Information Security Officers (CISO).) They are available through the Multiple Award Schedule (MAS) IT procurement process.

The scope of HACS SINs includes five categories of cybersecurity services for which vendors in the GSA eLibrary have passed a technical evaluation for the categories:

• High Value Asset Assessments
  • Risk and Vulnerability Assessments (RVA)
  • Security Architecture Review (SAR)
  • Systems Security Engineering (SSE)
• RVA
• Cyber Hunt
• Incident Response
• Penetration Testing (GSA. Highly Adaptive Cybersecurity Services (HACS))

To purchase HACS solutions through the MAS IT procurement process, see the link to the GSA website which includes a HACS Ordering Guide, the HACS SIN vendor listing on the GSA eLibrary, available experts to advise federal agencies on HACS procurement, as well as materials for state and local government ordering and sample Statement of Work (SOW) and Request for Quote (RFQ) Templates.