Hours for live chat and calls:
Sun 8 p.m. - Fri 8:30 p.m. CST
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
With Highly Adaptive Cybersecurity Services, or HACS, your agency can:
The scope of HACS includes proactive and reactive cybersecurity services. HACS vendors are categorized under five subgroups for market research purposes. Check a contractor's GSA price list to verify and confirm availability of awarded products and services.
HVA assessments include Risk and Vulnerability Assessment (RVA) which: assesses threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.
Security Architecture Review evaluates a subset of the agency’s HVA security posture to determine whether the agency has properly architected its cybersecurity solutions and ensures that agency leadership fully understands the risks inherent in the implemented cybersecurity solution.
Some vendors may require a HACS self-attestation form [PDF - 103 KB] to apply for the HACS High Value Assessments subcategory.
Penetration testing is security testing in which assessors mimic real-world attacks to identify methods for circumventing the security features of an application, system, or network
RVA assesses threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations. includes network mapping, vulnerability scanning, phishing assessment, wireless assessment, web application assessment, Operating System Security Assessment (OSSA), database assessment, and penetration testing.
Incident response includes services that help organizations impacted by a cybersecurity compromise determine the extent of the incident, remove the adversary from their systems, and restore their networks to a more secure state.
Cyber hunt includes activities that respond to crises or urgent situations within the pertinent domain to mitigate immediate and potential threats. Cyber hunts start with the premise that threat actors known to target some organizations in a specific industry or with specific systems are likely to also target other organizations in the same industry or with the same systems.
Subgroups are provided for market research purposes only; check a contractor’s GSA price list to verify and confirm availability of awarded products and services.
Combine SINs to meet your requirements or try a blanket purchase agreement to easily fill recurring needs. You can also set aside the requirement for one or more socio-economic categories including but not limited to small businesses, veteran-owned businesses, and women-owned businesses.
Need support or subject matter expertise? Reach our team at ITSecurityCM@gsa.gov.
HACS templates provide typical language for a cybersecurity solicitation, and material from these examples can be copied and pasted directly into sections 3.0 and 4.0 of the RFQ template.
Submit a modification to add a SIN in the eOffer/eMod portal.
Follow the MAS Roadmap guidance for preparing and sending an offer.
Need help? Contact the Vendor Support Center.
Join our IT security Interact community for news and updates for agencies and industry.