Highly Adaptive Cybersecurity Services (HACS)

The HACS SINs feature high quality cybersecurity vendors offering federal, state, and local governments the following services:

• 132-45A Penetration Testing is security testing in which assessors mimic real-world attacks to identify methods for circumventing the security features of an application, system, or network.
• 132-45B Incident Response services help organizations impacted by a cybersecurity compromise determine the extent of the incident, remove the adversary from their systems, and restore their networks to a more secure state.
• 132-45C Cyber Hunt activities are responses to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats. Cyber Hunt activities start with the premise that threat actors known to target some organizations in a specific industry or specific systems, are likely to also target other organizations in the same industry or with the same systems.
• 132-45D Risk and Vulnerability Assessment conducts assessments of threats and vulnerabilities; determines deviations from acceptable configurations, enterprise, or local policy; assesses the level of risk; and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations. This SIN offers the following services:
  • Network Mapping
  • Vulnerability Scanning
  • Phishing Assessment
  • Wireless Assessment
  • Web Application Assessment
  • Operating System Security Assessment (OSSA)
  • Database Assessment
  • Penetration Testing

The HACS SINs offer:

• Access to pool of technically evaluated cybersecurity vendors
• Rapid ordering and deployment of services
• Reduction in open market ordering and contract duplication
• Cybersecurity/acquisition support resources from GSA

• View the recorded HACS webinar (5/8/2017)
• Send all acquisition-related questions, eligibility requirements, and ordering guide requests go to IT SecurityCM@gsa.gov.

Ordering Guides

Browse our Acquisition Resources page for resources useful for acquisition help or download our SOW and RFQs below to get started.

• Experts are available to advise federal agencies on procurements
• HACS Quick Start Ordering Guide [DOCX - 127 KB] (federal)
• HACS Quick Start Ordering Guide [DOCX - 154 KB] (state, local, tribal, and territorial governments)
• Contact the HACS Team at ITSecurity@gsa.gov

How to Order from Schedule 70

Make purchases through eBuy and GSA Advantage! or issue an RFI or RFQ and allow vendors to respond to your requirements. Federal, state, and local governments can purchase products, services, and solutions through IT Schedule 70.

• 70 General Purpose Commercial IT Equipment, Software, and Services
• GSA Advantage
• Learn more about how to order

State and Local Government Ordering

State and local governments can buy technology via Schedule 70 through the GSA Cooperative Purchasing Program. To find out if your government entity qualifies, or what fees may apply, refer to the links below:

• Cooperative Purchasing
• Learn more about state and local government ordering

Statement of Work (SOW) and Request for Quote (RFQ) Templates

• RFQ HACS Cyber Hunt Support Template [DOCX - 78 KB]
• RFQ HACS Incident Response Support Template [DOCX - 78 KB]
• RFQ HACS Penetration Testing Support Template [DOCX - 78 KB]
• RFQ HACS RVA Support Template [DOCX - 81 KB]
• RFQ HACS Support Template [DOCX - 85 KB]
• SOW HACS Cyber Hunt Support Template [DOCX - 62 KB]
• SOW HACS Incident Response Support Template [DOCX - 62 KB]
• SOW HACS Penetration Testing Support Template [DOCX - 62 KB]
• SOW HACS RVA Support Template [DOCX - 63 KB]
• SOW HACS Support Template [DOCX - 67 KB]

For information on applying for the HACS SIN, contact ITSecurityCM@gsa.gov.