Cybersecurity services soon will be available under new common provisions of the Multiple Award Schedule (MAS) Program administered by the General Services Administration (GSA). The MAS Program is the primary means to sell commercial products and services to federal agencies.

GSA announced the new provisions this week. In mid-August 2016, GSA issued a draft solicitation and engaged in industry outreach to explain the changes to the current ordering system, in which companies sell such services under a variety of provisions. GSA is now rolling out the new process, which will be available for use in October 2016. These changes will facilitate agency ordering of critical cybersecurity services.

The changes introduce four new Special Item Numbers (SINs) for the Information Technology (IT) contracts included under Schedule 70 of the MAS Program. SINs are the categories under which items or services are listed on MAS contracts. Use of common SINs for cybersecurity will better enable agencies to compare and compete requirements across different contracts.

The new SINs are designed specifically for Highly Adaptive Cybersecurity Services (HACS). The HACS covered by this action are Penetration Testing, Incident Response, Cyber Hunt, and Risk and Vulnerability Assessment services. GSA announced on September 12, 2016 that Schedule 70 suppliers which offer these services under Schedule 70 will be required to migrate those services to the new HACS SINs.

The SINs are expected to be available for agency purchasing starting October 1. GSA must complete vendor evaluations before the services can be added and ordering can begin.

The new SINs reflect the emphasis on cybersecurity by the Government. Inclusion of the SINs also reinforces the criticality of holding a Schedule 70 contract. Schedule 70 is the largest set of contracts under the MAS Program. Thousands of companies hold contracts to sell a wide variety of IT products and services. An IT (or other commercial supplier) that is interested in selling to federal agencies needs a MAS contract to compete effectively for Government business. In addition to such opportunities, MAS contracts also pose some unique risks due to the manner in which they are negotiated and the special terms they include.

Going forward, the Office of Management and Budget (OMB) will encourage agencies to meet their cybersecurity needs through Schedule 70 rather than by using other contract vehicles.