New SINs under Schedule 70

Recently the President announced his new Cybersecurity National Action Plan (CNAP), the GSA is supporting this plan by adding four new Highly Adaptive Cybersecurity Services SINs. The following services will be included: penetration testing, incident response, cyber hunt and risk and vulnerability assessment.

Each SIN added to GSA has it’s own specific purpose and is designed to work together with other new cybersecurity and preexisting schedule 70 SINs to propose a full solution.

Here’s a quick description of the proposed SIN:

Penetration Testing (132-45A) is security testing in which assessors mimic real-world attacks to identify methods for circumventing the security features of an application, system, or network.

Incident Response(132-45B)  services help organizations impacted by a Cybersecurity compromise determine the extent of the incident, remove the adversary from their systems, and restore their networks to a more secure state.

Cyber Hunt (132-45C) activities are responses to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats

Risk and Vulnerability Assessments (132-45D) conduct assessments of threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations

One major GSA related change for adding cybersecurity your GSA schedule is SCP-FSS-004 within the solicitation document which required an Oral Technical Evaluation for offers submitting under those SINs. The Technical Evaluation Board will be an unclassified level discussion where your company will need to show their expertise in the subject matter.

Based on CNAP, over $19 billion dollars will be invested into cybersecurity as part of the President’s FY17 budget increasing more that 35%. With cybersecurity threats constantly looming and the world moving more and more into cyberspace, the government is recognizing the importance of security. 

FY 2016 GSA Supplier Relationship Management Survey!

The 2016 Supplier survey is out and all contractors on schedules should have received emails in the last couple days explaining the importance of giving the GSA feedback and completing the survey. The survey takes measure of whether the program is beneficial to you, whether you are looking to renew your contract, and if you consider the GSA to be your first choice among government acquisition vehicles.

We all get surveys in our emails always asking for our opinions. The GSA is no different than any other company, looking to improve its customer service, customer relations, and most importantly its’ effectiveness. Plagued by pricing issues and TAA compliance issues over the last year, the GSA is in a transformative moment, attempting to put its vendors first.

Responding to the survey should be top priority to contractors. If we don’t tell the GSA what problems exist or what about the program is great, the GSA cannot adapt to make the marketplace better. It’s vital the contractors are honest about their experiences, grievances, and successes. Past surveys have sparked changes in the GSA like more industry days, updated welcome packages from new contracts, and the plain language roadmap that was released for schedule 70 with more schedules to come.

Each company gets a personalized link, so unfortunately, we cannot share ours to lead you to the survey, but check your email for anything coming from survey@notify.gsa.gov. It’s waiting for you to share your thoughts! 

Schedule 70 is growing, growing, growing!

Since the introduction of the Cloud IT SIN (132 40) has proven to be a successful experiment in subdividing IT purchasing, the next step in that progression is to continue that particular mission. Health IT, which is just about anything IT related, especially related to Electronic Health Records, used in hospitals, by doctors, nurses and other professionals is going to get its own SIN on GSA.

Under the existing SINs, any health IT software or service would be categorized under 132 32 (term software), 132 33 (perpetual software), 132 40 (cloud services) or even 132 51 (IT Professional Services) but the expertise behind the selling of health IT software and services just isn’t enough to truly support GSA and its customers. By grouping all health IT together, GSA is providing agency customers with a pool of highly skilled, experts to help them best understand what they really need.

Schedule 70, as a whole, has been more successful than ever. With $14 billion dollars in annual sales channeling through the acquisition vehicle, buyers are urging the GSA to make its use as easy as possible for them! The new health IT services SIN, 132 56, will allow buyers to access the expertise that they need to make the best decisions all in one place.

The final solicitation, which will include the new SIN, is expected to be rolled out this month. Current IT 70 schedule holders should be on the lookout for Mass Mod notifications to incorporate the new SIN into their contracts.

If you’re looking for more information about the health IT SIN, check out the GSA Interact posting from earlier this year all about it! And if you want to learn more about the government’s use of health IT, browse through HealthIT.gov.  

Latest on the GSA and cyber assurance-

The General Services Administration has been working on several changes due to the latest increase in cyber security issues. The first being a Blanket Purchase Agreement (BPA) and the second being yet another addition to the Schedule 70 service offering.

The GSA is awarding a BPA for credit monitoring and identity protections services to address future issues, coming after the hack of The Office of Personnel Management’s security clearance database.

To also assist with future issues the GSA has release an RFI to determine if adding a SIN (Special Item Number) to Schedule 70 would be advantageous. It would cover hardware, software and services that fall under cyber assurance, virus detection, intrusion detection and network management.

You can take a look at the RFI that is currently on FedBizOpps here: https://www.fbo.gov/index?s=opportunity&mode=form&tab=core&id=68e1e8b5cc17539fc9d4d8ee53189344

Responses to the RFI are currently due September 11, 2015 at 4PM EST.

If you need assistance with responding to the RFI or just have questions in general feel free to give us a call at 216-662-7044.