GSA IT Schedule 70
GENERAL SERVICES ADMINISTRATION INFORMATION TECHNOLOGY SCHEDULE 70
IT Schedule 70 is the largest, most widely used acquisition vehicle in the federal government.
Schedule 70 is an indefinite-delivery/indefinite-quantity (IDIQ) multiple award schedule, providing direct access to products, services and solutions from more than 5,000 certified industry partners. SecureStrux provides services under the Highly Adaptive Cybersecurity Services (HACS) 54151HACS Ordering Procedure.
HACS SIN
The scope of the HACS SIN includes proactive and reactive cybersecurity services. Assessment services needed for systems categorized as High-Value Assets (HVA) are also within this SIN scope. It includes Risk and Vulnerability Assessments (RVA), Security Architecture Review (SAR), and Systems Security Engineering (SSE). Additionally, the scope of the SIN includes services for the seven-step Risk Management Framework (RMF) and Security Operations Center (SOC) services.
There are five subcategories under the HACS SIN.
Vendors listed within each subcategory in GSA eLibrary have passed a technical evaluation for that specific subcategory:
01
High Value Assessments
HVA Assessments include Risk and Vulnerability Assessment (RVA), which assesses threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.
The services offered in the RVA subcategory include Network Mapping, Vulnerability Scanning, Phishing Assessment, Wireless Assessment, Web Application Assessment, Operating System Security Assessment (OSSA), Database Assessment, and Penetration Testing. Security Architecture Review (SAR) evaluates a subset of the agency’s HVA security posture to determine whether the agency has appropriately architected its cybersecurity solutions and ensures that agency leadership fully understands the implemented risks cybersecurity solution.
The SAR process utilizes in-person interviews, documentation reviews, and leading practice evaluations of the HVA environment and supporting systems. SAR provides a holistic analysis of how an HVA’s security components integrate and operate, including how data is protected during operations. Systems Security Engineering (SSE) identifies security vulnerabilities and minimizes or contains risks associated with these vulnerabilities spanning the Systems Development Life Cycle. SSE focuses on, but is not limited to, the following security areas: perimeter security, network security, endpoint security, application security, physical security, and data security.
02
Risk and Vulnerability Assessment
RVA assesses threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations. The services offered in the RVA sub-category include Network Mapping, Vulnerability Scanning, Phishing Assessment, Wireless Assessment, Web Application Assessment, Operating System Security Assessment (OSSA), Database Assessment, and Penetration Testing.
03
Cyber Hunt
Cyber Hunt activities respond to crises or urgent situations within the pertinent domain to mitigate immediate and potential threats. Cyber Hunts start with the premise that threat actors known to target some organizations in a specific industry or with specific systems are likely also to target other organizations in the same industry or with the same systems.
04
Incident Response
Incident Response services help organizations impacted by a cybersecurity compromise determine the extent of the incident, remove the adversary from their systems, and restore their networks to a more secure state.
05
Penetration Testing
Penetration Testing is security testing in which assessors mimic real-world attacks to identify methods for circumventing an application’s security features, system, or network.
Products and ordering information
Products and ordering information on this GSA Schedule are also available on GSA’s online ordering system, GSA! Advantage.
