Highly Adaptive Cybersecurity Services (HACS)
We have established four Highly Adaptive Cybersecurity Services (HACS) Special Item Numbers (SINs) on IT Schedule 70 to provide agencies quicker access to key support services from technically evaluated vendors that will:
- Expand agencies’ capacity to test their high-priority IT systems;
- Rapidly address potential vulnerabilities; and
- Stop adversaries before they impact our networks.
The HACS SINs feature high quality cybersecurity vendors offering federal, state, and local governments the following services:
- 132-45A Penetration Testing is security testing in which assessors mimic real-world attacks to identify methods for circumventing the security features of an application, system, or network.
- 132-45B Incident Response services help organizations impacted by a cybersecurity compromise determine the extent of the incident, remove the adversary from their systems, and restore their networks to a more secure state.
- 132-45C Cyber Hunt activities are responses to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats. Cyber Hunt activities start with the premise that threat actors known to target some organizations in a specific industry or specific systems, are likely to also target other organizations in the same industry or with the same systems.
- 132-45D Risk and Vulnerability Assessment conducts assessments of threats and vulnerabilities; determines deviations from acceptable configurations, enterprise, or local policy; assesses the level of risk; and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations. This SIN offers the following services:
- Network Mapping
- Vulnerability Scanning
- Phishing Assessment
- Wireless Assessment
- Web Application Assessment
- Operating System Security Assessment (OSSA)
- Database Assessment
- Penetration Testing
The HACS SINs offer:
- Access to pool of technically evaluated cybersecurity vendors
- Rapid ordering and deployment of services
- Reduction in open market ordering and contract duplication
- Cybersecurity/acquisition support resources from GSA
Browse our Acquisition Resources page for resources useful for acquisition help or download our SOW and RFQs below to get started.
- Experts are available to advise federal agencies on procurements
- HACS Quick Start Ordering Guide [DOCX - 127 KB] (federal)
- HACS Quick Start Ordering Guide [DOCX - 154 KB] (state, local, tribal, and territorial governments)
- Contact the HACS Team at ITSecurity@gsa.gov
How to Order from Schedule 70
Make purchases through eBuy and GSA Advantage! or issue an RFI or RFQ and allow vendors to respond to your requirements. Federal, state, and local governments can purchase products, services, and solutions through IT Schedule 70.
- 70 General Purpose Commercial IT Equipment, Software, and Services
- GSA Advantage
- Learn more about how to order
State and Local Government Ordering
State and local governments can buy technology via Schedule 70 through the GSA Cooperative Purchasing Program. To find out if your government entity qualifies, or what fees may apply, refer to the links below:
Statement of Work (SOW) and Request for Quote (RFQ) Templates
- RFQ HACS Cyber Hunt Support Template [DOCX - 78 KB]
- RFQ HACS Incident Response Support Template [DOCX - 78 KB]
- RFQ HACS Penetration Testing Support Template [DOCX - 78 KB]
- RFQ HACS RVA Support Template [DOCX - 81 KB]
- RFQ HACS Support Template [DOCX - 85 KB]
- SOW HACS Cyber Hunt Support Template [DOCX - 62 KB]
- SOW HACS Incident Response Support Template [DOCX - 62 KB]
- SOW HACS Penetration Testing Support Template [DOCX - 62 KB]
- SOW HACS RVA Support Template [DOCX - 63 KB]
- SOW HACS Support Template [DOCX - 67 KB]
For information on applying for the HACS SIN, contact ITSecurityCM@gsa.gov.
IT Customer Support
Hours for live chat and calls:
Sun 8 p.m. - Fri 8:30 p.m. CST
HACS Quick Start Ordering Guide [DOCX - 127 KB] (Federal)
HACS Quick Start Ordering Guide [DOCX - 154 KB] (State, Local, Tribal, and Territorial Governments)
Cybersecurity Terms and Definitions for Acquisition [PDF - 166 KB]