BLOG HOME > PCI > SecurityMetrics GSA Schedule 70 Contract Holder; HACS Category 132-45

SecurityMetrics GSA Schedule 70 Contract Holder; HACS Category 132-45

SecurityMetrics is approved for a General Services Administration (GSA) IT Schedule 70 contract. GSA IT Schedule 70 is a Governmentwide Acquisition Contract (GWAC) that supports Government requirements for high-performance IT by providing state-of-the-art commercial hardware, software, services, and solutions. 

The General Services Administration has also established a “Highly Adaptive Cybersecurity Services” (HACS) Special Item Number (SIN) on IT Schedule 70 to provide agencies quicker access to key support services from technically evaluated vendors that will:

Get Started with PCI Compliance

Start Here

  • Expand agencies’ capacity to test their high-priority IT systems;

  • Rapidly address potential vulnerabilities; and

  • Stop adversaries before they impact our networks.

According to the GSA website, “The HACS category includes proactive and reactive cybersecurity services that improve the customer's enterprise-level security posture.”

As a GSA Schedule 70 contract holder, SecurityMetrics’ contract–number 47QTCA19D008S–can be found in the GSA elibrary schedule 70, under HACS category 132-45, specifically.

GSA Schedule Pentesting + Risk and Vulnerability Assessment

Start Here

What services does SecurityMetrics offer as a GSA schedule 70 contract holder on the GSA schedule?

SecurityMetrics offers penetration testing services as well as risk and vulnerability assessments as part of their GSA schedule 70 contract, number 47QTCA19D008S. Penetration testing prices and risk and vulnerability assessment prices can be found here.

Penetration testing is an extensive, manual analysis of network environments that identifies potential vulnerabilities and attempts to exploit those vulnerabilities. The Payment Card Industry Data Security Standard (PCI DSS) requirement 11.3 requires that both an internal and external penetration test, so most companies regularly receive penetration tests to comply with this requirement. But any company can request a penetration test whenever they wish to measure their business security.

Risk and vulnerability assessments (RVAs) involve a security analyst assessing threats, vulnerabilities, and the level of risk at an organization. The analyst then recommends ways to address and mitigate any security issues they find. 

Get my free SecurityMetrics PCI Guide

Download Now

What does GSA stand for? 

GSA stands for General Services Administration. The GSA creates long-term contracts with commercial firms to provide access to millions of products and services at volume discount pricing. GSA Federal Supply Schedule Contracts provide specialized professional services available to all government agencies, using established hourly rates for specified categories of labor.

GSA Schedule Contracts were developed by the federal government to assist federal employees in purchasing products and services; they contain pre-negotiated prices, delivery terms, warranties, and other terms and conditions, which streamlines the buying process. 

Why use GSA Schedule?

One of the benefits to buying through the GSA is that most of red tape is already dealt with. Many government organizations prefer to do business through the GSA. In fact, the process is so streamlined, it takes an average of only 15 days for a GSA order–compared to an average of 268 days in the open market.   

With more than 18 years of experience helping merchants protect payment card data, prevent data breaches, and recover from data compromise, SecurityMetrics’ forensics, penetration testing, and audit teams identify best security practices and simplify compliance mandates (PCI DSS, HIPAA, GDPR). As an Approved Scanning Vendor, Qualified Security Assessor, Certified Forensic Investigator, SecurityMetrics has tested over 1 million systems for data security.

Join Thousands of Security Professionals and Subscribe