GSA HACS SIN

The General Services Administration (GSA) Federal Acquisition Service (FAS) announced in September 2016 that in support of the President’s Cybersecurity National Action Plan (CNAP), GSA’s IT Schedule 70 established four (4) new Highly Adaptive Cybersecurity Services (HACS) Special Item Numbers (SINs). These new SINs provide organizations seeking specialized IT Security services with faster and more reliable access to pre-vetted support vendors for their cybersecurity needs.

SeNet International Corporation (SeNet), one of the leading cybersecurity services firms, announces that it has been qualified and approved by GSA to add these four new SINs. As such, we have become one of the select few companies to offer these services to federal, state, local, and tribal agencies.

SIN 132-45A Penetration Testing - The Penetration Testing SIN provides for:

• Conducting authorized “white hat” penetration testing; 

• Analyzing enterprise computer network defense policies andconfigurations and assessment of compliance with regulations and enterprise; and

• Assisting with the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems, and processes) directives.

SIN 132-45B Incident Response - The Incident Response SIN will allow organizations impacted by cyberattacks to obtain support in determining the extent of the damage and restoring networks to a secure state. Tasks include:

• Collecting intrusion artifacts (e.g., source code, malware, and Trojans), and use discovered data to enable mitigation of potential Computer Network Defense incidents within the enterprise;

• Performing command and control functions in response to incidents; and

• Correlating incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.

SIN 132-45C Cyber Hunt - Cyber Hunt activities, in times of crisis, require that SeNet utilize global cyber intelligenceinformation to identify undiscovered attacks and mitigate further attacks by threat actors. Tasks include but are not limited to:

• Collecting intrusion artifacts (e.g., source code, malware, and Trojans) and use discovered data to enable mitigation of potential Computer Network Defense incidents within the enterprise;

• Coordinating with and providing expert technical support to enterprise-wide Computer Network Defense technicians to resolve Computer Network Defense incidents; and

• Correlating incident data to identify specific vulnerabilities and making recommendations that enable expeditious remediation.

SIN 132-45D Risk and Vulnerability Assessment - Risk and Vulnerability Assessments must identify threats and vulnerabilities, assess the level of risk, and develop mitigation recommendations. Tasks include but are not limited to: network mapping, vulnerability scanning, and database assessment. Knowledge areas include but are not limited to: access management, network protocols, and application security.

• Network Mapping - consists of identifying assets on an agreed upon IP address space or network range(s).

• Vulnerability Scanning - comprehensively identifies IT vulnerabilities associated with agency systems that are potentially exploitable by attackers.

• Phishing Assessment - includes activities to evaluate the level of awareness of the agency workforce with regard to the digital form of social engineering that uses authentic looking, but bogus, emails requesting information from users or directing them to a fake Website that requests information. Phishing assessments can include scanning, testing, or both,and can be conducted as a one- time event or as part of a larger campaign to be conducted over several months.

• Wireless Assessment - includes Wireless Access Point (WAP) detection, penetration testing, or both, and is performed while onsite at a customer’s facility.

• Web Application Assessment - includes scanning, testing, or both of outward facing web applications for defects in Web service implementation that may lead to exploitable vulnerabilities. Provides report on how to implement Web services securely, and that traditional network security tools and techniques are used to limit access to the Web Service to only those networks and systems that should have legitimate access.

• Operating System Security Assessment (OSSA) - assesses the configuration of select host Operating Systems (OS) against standardized configuration baselines.

These SINs are now available on SeNet’s GSA Schedule 70 contract