What You Need to Know About GSA’s New Cyber SINs

By Steve Charles, immixGroup Co-founder

If you’re a top-tier cyber-services firm in the federal market, the General Services Administration’s new cyber Special Item Numbers (SIN) within IT Schedule 70 are for you.

Adding cyber-related services to your schedule contract under these new SINs will be different. GSA, with technical people from the Department of Homeland Security (DHS), will put your company through an oral cyber-scenario evaluation for each SIN:

• Penetration testing (132-45A)
• Incident response (132-45B)
• Cyber hunt (132-45C)
• Risk and vulnerability assessment (132-45D)

GSA is asking for human-performed services, not products or technologies, organized within these four categories. Technology companies will want to align with firms awarded schedule contracts with labor categories and/or fixed price offerings under one or more of these four new Special Item Numbers.  These are the contractors that will be the most influential in the cyber market segment.  For details on each SIN, click on “Description 15: Factor 5 Oral Technical Evaluation Criteria” in the updated IT Schedule 70 Solicitation.

Here’s what you need to know about the new SINs:

• Get ready to talk

The GSA and DHS technical panel will verbally describe scenarios and up to five people from your company will have 45 minutes per SIN to respond. Canned presentations and written materials will not be considered. The oral examinations won’t be recorded, and you will only be able to add services under the categories your company passed. You get one chance to get this right or sit out for six months before trying again. As with all orals in the world of government contracting, bring the people who actually do the work, not sales, business development, or contracts people.

• The timeline is flexible

The IT 70 solicitation is a standing solicitation meaning that offers, including updates, can be made anytime.

• The cyber market just got more elite

Each SIN represents a unique subset of products or services to help buyers narrow their search, so only contractors awarded one of these SINs will see opportunities under those particular categories.

• GSA’s initial push is for 15 awardees in each category

GSA wants the contractors in place by the beginning of FY17. That’s probably a stretch, but the good news is there are no deadlines and there’s no limit on the number of awardees over time.  GSA is leveraging its FASt Lane program to make this happen quickly for those contractors ready to go.

• Price still matters

Price reasonableness will depend on whether the company is running its contract under the current scheme involving commercial sales practice disclosures with the price reduction clause tied to a basis of award set of commercial customers, or the new Transactional Data Reporting (TDR) pilot.  That choice is made at the contract level, not the SIN level. GSA says if you are doing TDR anywhere on your contract, new offerings, including new SINs, will be under TDR.  But since that doesn’t kick in for IT Schedule 70 until November, initial offers will be under the traditional CSP/PRC model.

• This is better than a Request for Proposal (RFP)

Each schedule contract can be updated and expanded at any time, unlike a contract based on a competitive RFP which is stuck in time until the next round of full and open competition. Companies that have professional services on an IT Schedule 70 contract now under SIN 132-51 that are within the scope of one or more of the 132-45 series of SINs, will be able to migrate them. But only after the company passes the technical review board’s orals.

• There’s a reason why it’s called “Highly Adaptive Cybersecurity Services”

We all know the cyber landscape is constantly changing, so the contracting community needs a contract vehicle that can adapt while assuring agencies that the approved contractors are in sync with current events. The IT Schedule 70 contract provides this adaptability and the new SINs are the part of the contract vehicle for services in support of the President’s Cybersecurity National Action Plan.

Need help navigating the GSA’s cyber SINs change? Reach out to your immixGroup account manager.

Get more insight on selling to the government by subscribing to the blog.