What Vendors Need to Know About GSA’s New Cyber Offerings

The General Service Administration is introducing an additional step to evaluate cybersecurity vendors: an oral exam.

The agency last week posted a draft solicitation for Highly Adaptive Cybersecurity Services, four new IT Schedule 70 Special Item Numbers designed to offer agencies quick access for cyberattack prevention and remediation. The SINs include penetration testing, incident response, cyber hunt and risk and vulnerability assessment services, and the agency is on the hunt for “high-quality cybersecurity vendors.”

That’s where the oral technical evaluation comes in.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

In addition to narrative project descriptions and other regular Schedule 70 requirements, vendors that want to provide services for the new SINs will need to explain their way through a variety of scenarios posed by a HACS panel, according to an Aug. 24 GSA webinar. Five key personnel can expect to spend up to 40 minutes per SIN, and up to three hours if the vendor wants to provide services for all four SINs.

Vendors will be tested on the same scenarios, earning either an acceptable or unacceptable. Any graded unacceptable will not be allowed to submit proposals for six months.

The oral evaluations are mandatory for all vendors that want to offer the new cyber SINs, even if they are already on Schedule 70 and migrating their services, GSA officials said.

The agency expects the HACS SINs to be available and evaluations to begin Sept. 1. A GSA tiger team will support offers and modifications. A GSA official said the agency has an “internal goal of 15 vendors,” though there is no limit to the number of awardees.

Federal agencies should be able to purchase the new SINs Oct. 1, according to the solicitation.