Highly Adaptive Cybersecurity Services (HACS) Modernization RFI (Government Agencies)

On September 30, 2016, the General Services Administration (GSA) established four (4) Highly Adaptive Cybersecurity Services (HACS) Special Item Numbers (SINs) on IT Schedule 70. The HACS SINs began offering cybersecurity services to agencies on October 1, 2016, and feature high quality cybersecurity vendors that provide Penetration Testing, Incident Response, Cyber Hunt and Risk and Vulnerability Assessment services.

Since its inception, GSA has considered ways to improve the HACS Portfolio and, as such, is exploring a path to modernizing the HACS SINs. It is hoped that these efforts will provide a more comprehensive assortment of cybersecurity services and expedite their discovery and acquisition. These improvements should allow for enhancements to the HACS as technology and industry best practices continue to evolve.

In order to determine the best course of action, GSA is releasing this Request for Information (RFI). We are asking our HACS awardees to consider the current state of the SINs, what cybersecurity services should be added or removed, and their concerns about the oral technical evaluation and contracting processes (with both GSA and customers). We are also requesting responses from non-HACS awardees, particularly why they chose not to pursue a HACS award, how their cybersecurity services are sold, and other suggestions for improvement.

Specifically, this RFI is meant to assist in the following goals:

• Improve the customer and supplier experience by making it easier to work with GSA’s Federal Acquisition Service;

• Provide expertise that enables agencies to strengthen security, improve citizen service, and reduce legacy IT costs;

• Gain feedback from industry regarding the commissioning of cybersecurity services onto Federal networks and systems;  

• Better understand how industry partners are providing cybersecurity services today on IT Schedule 70;

• Determine the best route for offering cybersecurity services through GSA; and

• Ascertain what cybersecurity provider evaluation scheme(s) would be best for new IT Schedule 70 entrants, current awardees, and modification requesters.

GSA believes the cybersecurity services market is sufficiently mature to further enhance the current array of available HACS and to attract greater participation among industry partners and Government buyers.

If interested in participating, please submit your response by June 9, 2018 at 5:00 pm EST through the HACS Modernization RFI – Vendors Response Form. Access the form at []. We recommend saving your HACS Modernization RFI – Vendors Response Form for your records.

ONLY ONLINE FORM SUBMISSIONS ENTERED VIA THE LINK ABOVE WILL BE RECEIVED AND CONSIDERED.

USE AND CONFIDENTIALITY DISCLAIMER: THIS RFI IS FOR PLANNING PURPOSES ONLY. THIS REQUEST IS NOT A SOLICITATION. PLEASE DO NOT SUBMIT A PROPOSAL. IN ACCORDANCE WITH FAR 15.201(e), A RESPONSE TO THIS RFI IS NOT AN OFFER AND CANNOT BE ACCEPTED BY THE GOVERNMENT TO FORM A BINDING CONTRACT.

This RFI is for market research, information and planning purposes only, and does not constitute a solicitation for bids, proposals or quotations and is not to be construed as a commitment by the Government to issue a request for proposal/quote or award a contract as a result of this RFI. This announcement is NOT a Request for Proposal (RFP) or a Request for Quote (RFQ). The Government will not reimburse respondents for any cost associated with information submitted in response to this request. The purpose of obtaining information is to improve the understanding of Government requirements and industry capabilities.

Respondents to this RFI may be requested to provide additional information/details based on their initial submittals. The Government reserves the right to select one, some, or none of the submissions for further information. Contractors who submit information in response to this RFI do so with the understanding that U.S. Government personnel, as well as their supporting contractors, may review their materials and/or data. The Government shall not be liable for or suffer any consequential damages for any improperly identified confidential/proprietary information. Confidential/Proprietary information will be safeguarded in accordance with applicable Government regulations. The Government does not intend to rank submittals or provide any reply to interested firms.