This is archived information. It may contain outdated contact names, telephone numbers, Web links, or other information. For up-to-date information visit pages by topic or contact our Office of Public Affairs at For a list of public affairs officers by beat, visit the GSA Newsroom.

GSA’s IT Schedule 70 to Open SINs for Highly Adaptive Cybersecurity Services

September 12, 2016

WASHINGTON, D.C - The General Services Administration (GSA) Federal Acquisition Service (FAS) announces that in support of the President’s Cybersecurity National Action Plan (CNAP), GSA’s IT Schedule 70 has established four (4) new Highly Adaptive Cybersecurity Services (HACS) Special Item Numbers (SINs). IT Schedule 70 is the largest, most widely-used acquisition vehicle in the federal government. Schedule 70 is an indefinite delivery/indefinite quantity (IDIQ) multiple award schedule, providing direct access to products, services and solutions from more than 4,700 certified industry partners.

“In support of the Administration’s CNAP activities, these new SINs will provide government agencies with quicker and more reliable access to key, pre-vetted support services that will expand agencies’ capacity to test their high-priority IT systems, rapidly address potential vulnerabilities, and stop adversaries before they impact our networks,” said GSA Administrator Denise Turner Roth. “The SINs will feature high-quality cybersecurity vendors offering federal agencies the following services: Penetration Testing, Incident Response, Cyber Hunt, and Risk and Vulnerability Assessment.”

Tony Scott, the Federal Chief Information Officer, has applauded GSA’s push to centralize the federal government’s buying experience for cybersecurity products and services. “The Office of Management and Budget will work closely with agencies to encourage them to buy cybersecurity services through IT 70, and OMB will partner with GSA to provide new capabilities and add more vendors as these SINs evolve and grow more robust in their offerings,” said Scott.

The draft solicitation including the new SINs was published to GSA’s Interact on August 17, 2016, to ensure awareness on the part of our industry partners. GSA has partnered closely with the Department of Homeland Security to ensure the SINs will provide a high level of service to agencies and that companies providing these types of services are rigorously vetted to ensure strong performance. GSA will continue to work with DHS as companies move services to the initial four SINs to ensure the government’s cybersecurity needs are being met.

The SINs have been established and supplier evaluations are projected to begin September 12, 2016. All current IT Schedule 70 suppliers that offer Penetration Testing, Incident Response, Cyber Hunt, and Risk and Vulnerability Assessment services will be required to migrate those services to the new HACS SINs. The HACS SINs are projected to be available for federal agencies to begin purchasing cybersecurity services, starting October 1, 2016.


Last Reviewed: 2019-04-22