Cybersecurity services soon will be available under new common provisions of the Multiple Award Schedule (MAS) Program administered by the General Services Administration (GSA). The MAS Program is the primary means to sell commercial products and services to federal agencies.

GSA announced the new provisions this week. In mid-August 2016, GSA issued a draft solicitation and engaged in industry outreach to explain the changes to the current ordering system, in which companies sell such services under a variety of provisions. GSA is now rolling out the new process, which will be available for use in October 2016. These changes will facilitate agency ordering of critical cybersecurity services.

The changes introduce four new Special Item Numbers (SINs) for the Information Technology (IT) contracts included under Schedule 70 of the MAS Program. SINs are the categories under which items or services are listed on MAS contracts. Use of common SINs for cybersecurity will better enable agencies to compare and compete requirements across different contracts.

The new SINs are designed specifically for Highly Adaptive Cybersecurity Services (HACS). The HACS covered by this action are Penetration Testing, Incident Response, Cyber Hunt, and Risk and Vulnerability Assessment services. GSA announced on September 12, 2016 that Schedule 70 suppliers which offer these services under Schedule 70 will be required to migrate those services to the new HACS SINs.

The SINs are expected to be available for agency purchasing starting October 1. GSA must complete vendor evaluations before the services can be added and ordering can begin.

The new SINs reflect the emphasis on cybersecurity by the Government. Inclusion of the SINs also reinforces the criticality of holding a Schedule 70 contract. Schedule 70 is the largest set of contracts under the MAS Program. Thousands of companies hold contracts to sell a wide variety of IT products and services. An IT (or other commercial supplier) that is interested in selling to federal agencies needs a MAS contract to compete effectively for Government business. In addition to such opportunities, MAS contracts also pose some unique risks due to the manner in which they are negotiated and the special terms they include.

Going forward, the Office of Management and Budget (OMB) will encourage agencies to meet their cybersecurity needs through Schedule 70 rather than by using other contract vehicles.

Originally published September 14, 2016

Visit us at mayerbrown.com

Mayer Brown is a global legal services provider comprising legal practices that are separate entities (the "Mayer Brown Practices"). The Mayer Brown Practices are: Mayer Brown LLP and Mayer Brown Europe – Brussels LLP, both limited liability partnerships established in Illinois USA; Mayer Brown International LLP, a limited liability partnership incorporated in England and Wales (authorized and regulated by the Solicitors Regulation Authority and registered in England and Wales number OC 303359); Mayer Brown, a SELAS established in France; Mayer Brown JSM, a Hong Kong partnership and its associated entities in Asia; and Tauil & Chequer Advogados, a Brazilian law partnership with which Mayer Brown is associated. "Mayer Brown" and the Mayer Brown logo are the trademarks of the Mayer Brown Practices in their respective jurisdictions.

© Copyright 2016. The Mayer Brown Practices. All rights reserved.

This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.