GSA Wants to Modernize How the Government Buys Cybersecurity Services

The government’s main contracting agency wants to make it easier for federal and state agencies to quickly acquire a broader array of cybersecurity services, according to contracting documents released this week.

The General Services Administration is interested in updating the list of “highly adaptive cybersecurity services” it offers on its IT Schedule 70, according to the request for information.

GSA schedules are essentially lists of pre-vetted contractors that agencies can buy particular goods and services from without going through their own lengthy vetting processes.

Currently, the highly adaptive cybersecurity services, or HACS, list includes penetration testing, incident response, cyber hunt (essentially hunting for adversaries you fear may already be inside your systems), and risk and vulnerability assessments.

That list dates to 2016.

GSA hopes to update that list to “provide a more comprehensive assortment of cybersecurity services and expedite their discovery and acquisition,” according to the request.

The agency also wants to increase the number of vendors that offer cyber services through Schedule 70 and the number of federal agencies that order those services, the request states.

The request for information seeks feedback from both cybersecurity vendors and agencies that buy their services.

The deadline for responses is June 9.