Highly Adaptive Cybersecurity Services (HACS)

April 15 HACS Program Update

Register for GSA's HACS SIN Modernization Customer Event on April 15, 9 a.m. - 12 p.m. EDT.

We have established four Highly Adaptive Cybersecurity Services (HACS) Special Item Numbers (SINs) on IT Schedule 70 to provide agencies quicker access to key support services from technically evaluated vendors that will:

  • Expand agencies’ capacity to test their high-priority IT systems;
  • Rapidly address potential vulnerabilities; and
  • Stop adversaries before they impact our networks.

The HACS SINs feature high quality cybersecurity vendors offering federal, state, and local governments the following services:

  • 132-45A Penetration Testing is security testing in which assessors mimic real-world attacks to identify methods for circumventing the security features of an application, system, or network.
  • 132-45B Incident Response services help organizations impacted by a cybersecurity compromise determine the extent of the incident, remove the adversary from their systems, and restore their networks to a more secure state.
  • 132-45C Cyber Hunt activities are responses to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats. Cyber Hunt activities start with the premise that threat actors known to target some organizations in a specific industry or specific systems, are likely to also target other organizations in the same industry or with the same systems.
  • 132-45D Risk and Vulnerability Assessment conducts assessments of threats and vulnerabilities; determines deviations from acceptable configurations, enterprise, or local policy; assesses the level of risk; and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations. This SIN offers the following services:
    • Network Mapping
    • Vulnerability Scanning
    • Phishing Assessment
    • Wireless Assessment
    • Web Application Assessment
    • Operating System Security Assessment (OSSA)
    • Database Assessment
    • Penetration Testing

The HACS SINs offer:

  • Access to pool of technically evaluated cybersecurity vendors
  • Rapid ordering and deployment of services
  • Reduction in open market ordering and contract duplication
  • Cybersecurity/acquisition support resources from GSA

Ordering Guides

Browse our Acquisition Resources page for resources useful for acquisition help or download our SOW and RFQs below to get started.

How to Order from Schedule 70

Make purchases through eBuy and GSA Advantage! or issue an RFI or RFQ and allow vendors to respond to your requirements. Federal, state, and local governments can purchase products, services, and solutions through IT Schedule 70.

State and Local Government Ordering

State and local governments can buy technology via Schedule 70 through the GSA Cooperative Purchasing Program. To find out if your government entity qualifies, or what fees may apply, refer to the links below:

Statement of Work (SOW) and Request for Quote (RFQ) Templates

For information on applying for the HACS SIN, contact ITSecurityCM@gsa.gov.

The shortcut to this page is gsa.gov/hacs.

print Share Icon Last Reviewed 2019-03-18