Welcome to our “Government Cybersecurity” series of blogs! These posts emphasize important cybersecurity news, information, and threats relevant to government and educational organizations. Generally, this series will focus more on local and state news, but the topics should be applicable to all forms of public institution.
A Critical Threat – Cybercrime and Government
Local and state government faces an unprecedented threat. Cybercrime has been steadily targeting critical institutions for the past few decades, growing ever-bolder in attempts to perform espionage and force ransoms. New regulations have been developed by recent administrations with the goal of providing protections around sensitive data and critical infrastructure. Unfortunately, these requirements can lack clarity for organizations looking to achieve an adequate cybersecurity posture in today’s threat environment. This is where specialist organizations that focus on cybersecurity come into play. By working with government IT and security leadership, private firms are able to provide comprehensive assessments and services that help protect vulnerable systems from attack.
What is GSA Highly Adaptive Cybersecurity Services?
The Open Market can be a hassle for government purchases – especially when it comes to concepts such as cybersecurity. Fortunately, there is a range of purchasing arrangements setup by local, state, and federal agencies that help enable easier acquisition of services and products. One of the most popular purchasing arrangement organizations is the General Services Administration, or GSA. The GSA’s acquisition solutions include a component called MAS (Multiple Award Schedule) which serve as a list of offerings and services. The huge advantage to this system is that local, state, and federal organizations can easily acquire services by directly purchasing from the GSA catalog. The GSA eBuy website (linked below) has offerings with fully transparent and pre-negotiated pricing that can be viewed in a catalog format.
One such specialized service under the GSA catalog is the Highly Adaptive Cybersecurity Services, or HACS, SIN. HACS enables organizations to purchase a huge range of expert services for high-demand cybersecurity needs. A special component of certain GSA schedules is the capability to participate in Cooperative Purchasing which allows services or supplies to be purchased directly by state, local, and educational institutions. HACS is one such SIN that falls under the Cooperative Purchasing arrangement, enabling a historically limited talent pool (cybersecurity professionals) to expand into local and state services.
What Services Fall Under HACS?
In order to get a better grasp on what kind of benefits are associated with utilizing services under the GSA HACS SIN, the subcategories included within the HACS SIN are outlined below in “everyday” vocabulary.
o “The scope of the HACS SIN includes proactive and reactive cybersecurity services. Assessment services needed for systems categorized as High Value Assets (HVA) are also within scope of this SIN. It includes Risk and Vulnerability Assessments (RVA), Security Architecture Review (SAR), and Systems Security Engineering (SSE). Additionally, the scope of the SIN includes services for the seven step Risk Management Framework (RMF), and Security Operations Center (SOC) services.” (GSA.gov)
High Value Asset (HVA) Assessment
o Includes Risk and Vulnerability Assessments (RVA), Security Architecture Reviews (SAR), and Systems Security Engineering (SSE).
o Focuses on providing cybersecurity assessments and recommendations for critical devices within government systems.
Risk and Vulnerability Assessment (RVA)
o Subcategories: Network Mapping, Vulnerability Scanning, Phishing Assessment, Wireless Assessment, Web Application Assessment, Operating System Security Assessment (OSSA), Database Assessment, and Penetration Testing.
o Provides services that focus on assessing cybersecurity posture within systems.
o Cybersecurity concept that works on the concept of “the attacker is already inside the environment”.
o Enables teams to evaluate potentially ongoing attacks or cybersecurity gaps.
o A multi-step, regimented process to properly recover from a cybercrime incident.
o A specialized assessment of the network with simulated, “live” attacks geared towards providing actionable feedback on defensive state.
HACS and Scarlett Cybersecurity
The Scarlett Cybersecurity team is a listed vendor on the GSA HACS schedule. Our team is able to provide services such as high value asset assessments, risk and vulnerability assessments, penetration tests, cyber hunt services, and incident response to local, state, educational, and federal entities.
We pride ourselves on our status as a Florida Small Business. Our diverse team of experts have hundreds of years of cumulative cybersecurity experience. We focus on clear, concise solutions to the cybercrime problems facing our local and state governments.
Our team is a highly-specialized Florida-headquartered firm focused heavily on the GSA HACS schedule. We are uniquely certified in performing comprehensive, actionable audits on IT and cybersecurity.
Cutting-edge, Affordable Cybersecurity for Government
We consistently iterate that local, state, educational and federal organizations should highly consider leveraging pre-negotiated GSA services to improve their IT operations and cybersecurity posture. Several high-profile bills have been passed with the goal of providing millions in funding for cybersecurity upgrades. Our nation is under attack every second of every day – our team is alarmed by the number of stories regarding critical services being disabled. There is a relatively small but passionate community of private organizations that are working to prevent attacks that devastate government systems. As ransoms soar and espionage gains more importance, attackers will continue to become experts at exploiting vulnerabilities. Check out the links below to some of the relevant GSA informational and purchasing pages. As always, feel free to contact our team for any questions regarding GSA purchasing!
Scarlett Cybersecurity GSA Contract – Our GSA Contract with Pricing and Labor Categories Included
MAS Information Technology – Purchasing information and explanations of the MAS system
GSA Advantage – Online Shopping and Ordering System
GSA eBuy System - FAR compliant purchasing platform
Highly Adaptive Cybersecurity Services (HACS) - SIN 54151HACS - GSA Description and Capabilities