Recently the President announced his new Cybersecurity National Action Plan (CNAP), the GSA is supporting this plan by adding four new Highly Adaptive Cybersecurity Services SINs. The following services will be included: penetration testing, incident response, cyber hunt and risk and vulnerability assessment.
Each SIN added to GSA has it’s own specific purpose and is designed to work together with other new cybersecurity and preexisting schedule 70 SINs to propose a full solution.
Here’s a quick description of the proposed SIN:
Penetration Testing (132-45A) is security testing in which assessors mimic real-world attacks to identify methods for circumventing the security features of an application, system, or network.
Incident Response(132-45B) services help organizations impacted by a Cybersecurity compromise determine the extent of the incident, remove the adversary from their systems, and restore their networks to a more secure state.
Cyber Hunt (132-45C) activities are responses to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats
Risk and Vulnerability Assessments (132-45D) conduct assessments of threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations
One major GSA related change for adding cybersecurity your GSA schedule is SCP-FSS-004 within the solicitation document which required an Oral Technical Evaluation for offers submitting under those SINs. The Technical Evaluation Board will be an unclassified level discussion where your company will need to show their expertise in the subject matter.
Based on CNAP, over $19 billion dollars will be invested into cybersecurity as part of the President’s FY17 budget increasing more that 35%. With cybersecurity threats constantly looming and the world moving more and more into cyberspace, the government is recognizing the importance of security.