After an initial delay, GSA has published the Draft Solicitation for the aptly named Highly Adaptive Cybersecurity Services, or HACS, Special Item Number under IT Schedule 70. The new HACS SIN includes the following subcategories:
- 132-45A: Penetration Testing. Security testing mimicking real-world attacks. Potential Labor Categories include: Blue Team Technician, Penetration Test, Red Team Technician, and Ethical Hacker.
- 132-45B: Incident Response. Assisting agencies impacted by a cyber breach determine the extent of the compromise, remove the intruder, and repair networks with better security. Potential Labor Categories include: Incident Response Analyst, Computer Crime Investigator, and Intrusion Analyst.
- 132-45C: Cyber Hunt. Begins with the premise that hackers targeting an organization or system are likely to target other, similar organizations or systems; the idea is to mitigate potential threats under urgent conditions. Potential Labor Categories include: Computer Crime Investigator, Incident Handler, Incident Responder, and Intrusion Analyst.
- 132-45D: Risk and Vulnerability Assessment (RVA). Assessing risks (network vulnerabilities, phishing assessments, etc.) and developing appropriate countermeasures. Potential Labor Categories include: Risk/Vulnerability Analyst, Computer Network Defense Auditor, and Information Security Engineer.
All current IT Schedule 70 vendors who provide these services will be required to migrate to the new HACS SIN. Full details on the new SIN from the GSA are available here.
In an unusual twist, GSA will be conducting oral interviews for this SIN. The questions vary depending on the subcategory—the questions and evaluation criteria are available here.
It’s no secret that, like the private sector, the Government faces a severe shortage of cybersecurity expertise, while becoming increasingly dependent on digital capabilities. Given the urgent demand for cybersecurity, it’s an excellent time for cyber vendors to get on Schedule—contact Global Services today to learn how!