Contract Number: 47QTCA19D00CN
Period of Performance: Base: May 24, 2019 – May 23, 2024
Evergreen Option Period 1: May 24, 2024 – May 23, 2029
Evergreen Option Period 2: May 24, 2029 – May 23, 2034
Evergreen Option Period 3: May 24, 2034 – May 23, 2039
Contract Types: Firm Fixed Price (FFP), Time & Materials (T&M)
Contract Access Fee: Inclusive in rates and paid by contractor – no additional cost to Government
GSA Schedule 70 – IT Schedule 70 is an Indefinite Delivery Indefinite Quantity (IDIQ) Multiple Award Schedule (MAS) contract. It allows our industry partners to offer a comprehensive array of IT products, services, and solutions. IT Schedule 70 is the largest procurement vehicle and the most widely used acquisition offering in the federal government. Nearly one-third of all GSA Multiple Award Schedule contractors are available through IT Schedule 70’s Special Item Numbers (SINs), which means customers can get the products, services, and solutions they need. TekSynap’s offering spans the needs of our customers including the following service areas:
SPECIAL ITEM NUMBERS AWARDED:
132-51 - IT Professional Services
IT Schedule 70’s Special Item Number (SIN) 132-51 for all IT Professional Services includes:
- Cloud services (all associated labor);
- Cognitive computing;
- Conversion and implementation support;
- Database planning and design;
- Internet of Things (IoT);
- IT project management;
- Migration services (of all kinds);
- Network services;
- Resources and facilities management;
- Systems analysis, design, and implementation; and
- Other services relevant to 29 CFR 541.400.
Widespread use of modern IT paradigms help to ensure protection of data, increased administrative efficiencies, greater cost savings, and improved customer experience.
With the IT Professional Services SIN, you get
- Access to pre-vetted, experienced IT solution providers;
- Access to the complete range of IT professional services;
- Innovative and cutting-edge technologies and methodologies;
- Universal labor category set that includes subject-matter experts (SMEs) in any technical field;
- Ability to meet socioeconomic goals with awards to small businesses and other qualified vendors;
- Ability to establish Blanket Purchase Agreements (BPAs) for recurring needs or indefinite requirements over several years;
- Reduced procurement lead times, with no synopsis required;
- Pre-negotiated ceiling prices that can be further discounted;
- Established terms and conditions at the master contract level;
- Flexibility to have customized terms and conditions at the task order level;
- Simplified procurement process for services; and
- More data available to track IT spend.
132-45 - Highly Adaptive Cybersecurity Services (HACS)
We have established a Highly Adaptive Cybersecurity Services (HACS) Special Item Number (SIN) on IT Schedule 70 to provide agencies quicker access to key support services from technically evaluated vendors that will:
- Expand agencies’ capacity to test their high-priority IT systems;
- Rapidly address potential vulnerabilities; and
- Stop adversaries before they impact our networks.
The scope of the HACS SIN includes proactive and reactive cybersecurity services. Assessment services needed for systems categorized as High Value Assets (HVA) are also within scope of this SIN. It includes Risk and Vulnerability Assessments (RVA), Security Architecture Review (SAR), and Systems Security Engineering (SSE). Additionally, the scope of the SIN includes services for the seven step Risk Management Framework (RMF), and Security Operations Center (SOC) services.
- The seven-step RMF includes preparation, information security categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring. RMF activities may also include Information Security Continuous Monitoring Assessment (ISCMA) which evaluate organization-wide ISCM implementations, and also Federal Incident Response Evaluations (FIREs), which assess an organization’s incident management functions.
- SOC services are services such as: 24x7x365 monitoring and analysis, traffic analysis, incident response and coordination, penetration testing, anti-virus management, intrusion detection and prevention, and information sharing.
There are five subcategories under the HACS SIN 132-45. Vendors listed within each subcategory in GSA eLibrary have passed a technical evaluation for that specific subcategory:
- High Value Asset Assessments – include Risk and Vulnerability Assessment (RVA) which assesses threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations. See the section below on RVA for details on those services. Security Architecture Review (SAR) evaluates a subset of the agency’s HVA security posture to determine whether the agency has properly architected its cybersecurity solutions and ensures that agency leadership fully understands the risks inherent in the implemented cybersecurity solution. The SAR process utilizes in-person interviews, documentation reviews, and leading practice evaluations of the HVA environment and supporting systems. SAR provides a holistic analysis of how an HVA’s individual security components integrate and operate, including how data is protected during operations. Systems Security Engineering (SSE) identifies security vulnerabilities and minimizes or contains risks associated with these vulnerabilities spanning the Systems Development Life Cycle. SSE focuses on, but is not limited to the following security areas: perimeter security, network security, endpoint security, application security, physical security, and data security.
- Risk and Vulnerability Assessment – assesses threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations. The services offered in the RVA sub-category include Network Mapping, Vulnerability Scanning, Phishing Assessment, Wireless Assessment, Web Application Assessment, Operating System Security Assessment (OSSA), Database Assessment, and Penetration Testing.
- Cyber Hunt – activities respond to crises or urgent situations within the pertinent domain to mitigate immediate and potential threats. Cyber Hunts start with the premise that threat actors known to target some organizations in a specific industry or with specific systems are likely to also target other organizations in the same industry or with the same systems.
- Incident Response – services help organizations impacted by a cybersecurity compromise determine the extent of the incident, remove the adversary from their systems, and restore their networks to a more secure state.
- Penetration Testing – is security testing in which assessors mimic real-world attacks to identify methods for circumventing the security features of an application, system, or network.
The HACS SIN offers:
- Access to a pool of technically evaluated cybersecurity vendors
- Rapid ordering and deployment of services
- Reduction in open market ordering and contract duplication
- Cybersecurity/acquisition support resources from GSA
132-56 - Health IT Services
IT Schedule 70’s Special Item Number (SIN) 132-56 for all Health IT services includes:
- Connected health;
- Electronic health records;
- Emerging research;
- Health analytics;
- Health informatics;
- Health information exchanges;
- Innovative solutions;
- Personal health information management; and
- Other health IT services.
Widespread use of Health IT improves the quality of health care, prevents medical errors, protects data, increases administrative efficiencies, and decreases paperwork.
With the Health IT Services SIN offers, you can:
- Easily identify Health IT solutions and experts;
- Award small business set-aside contracts to meet socio-economic goals;
- Establish Blanket Purchase Agreements (BPAs) focused on Health IT solutions;
- Get HIPPA compliance expertise;
- Support the Federal Health IT Strategic Plan to expand adoption of Health IT services, reduce prices, advance secure and interoperable health information solutions, and strengthen healthcare-delivery systems;
- Reduce procurement lead times:
- No synopsis required;
- Pre-negotiated ceiling prices which can be further discounted through head-to-head competition; and
- Established terms and conditions?.
- Clearly differentiate between Health IT services from other IT services;
- Get access to innovative and cutting-edge technologies;
- Increase visibility and accessibility of pre-vetted industry partners;
- Simplify procurement process for services; and
- Get data available to track Health IT spend.
132-60F - Identity and Access Management Professional Services
Supports planning, risk assessment, deployment, implementation and integration of Identity and Access Management (IAM) with customer agency applications, both certificate-based and non-certificate-based.
132-62 - Homeland Security Presidential Directive 12 Product and Service Component
Products and services for agencies to implement the requirements of HSPD-12, FIPS-201 and associated NIST special publications. The HSPD-12 implementation components specified under this SIN are:
- PIV enrollment and registration services,
- PIV systems infrastructure,
- PIV card management and production services,
- PIV card finalization services,
- Physical access control products and services,
- Logical access control products and services,
- PIV system integration services, and
- Approved FIPS 201-Compliant products and services.
132-100 - Ancillary Supplies & Services
70-500 - Order-Level Materials (OLMs)
OLMs are supplies and/or services acquired in direct support of an individual task or delivery order placed against a Schedule contract or BPA. OLM pricing is not established at the Schedule contract or BPA level, but at the order level. Since OLMs are identified and acquired at the order level, the ordering contracting officer (OCO) is responsible for making a fair and reasonable price determination for all OLMs.
OLMs are procured under a special ordering procedure that simplifies the process for acquiring supplies and services necessary to support individual task or delivery orders placed against a Schedule contract or BPA. Using this new procedure, ancillary supplies and services not known at the time of the Schedule award may be included and priced at the order level.
- Increases the flexibility of GSA Schedules to provide a total solution to meet the ordering activity’s requirements
- Reduces agency procurement and administrative costs and enhances the time savings and streamlined processes of leveraging GSA Schedules
- Reduces contract duplication by eliminating the need to set up new commercial IDIQs or conduct open market procurements to obtain necessary order level ODCs
- Increases competition, resulting in cost savings for the ordering activity
- Eliminates the need for Government Furnished Equipment (GFE), which can be labor intensive to administer
- All Schedule terms and conditions apply to OLMs (e.g., TAA and mandatory environmental attributes clauses), which ensures agency purchases are compliant with FAR and other regulatory guidelines
This authority allows buyers the flexibility to easily acquire OLMs, creating consistency between the Schedules program and other established indefinite-delivery/indefinite-quantity (IDIQ) contracts.
SPECIAL ITEM NUMBERS (Pending Award October-December 2019):
132-53 - Wireless Mobility
Wireless Mobility Solutions, including but not limited to, Wireless Carriers Services, Telecommunication Resellers, Other Mobility End-Point Infrastructure – Mobility infrastructure, Mobility-as-a-Service, Enterprise Mobility Management, Mobile Backend-as-a-Service, Telecom Expense Management, Mobile Application Vetting, Mobile Threat Protection, Mobile Identity Management, Internet of Things (IoT), and Other/Mobile Services.
All Nationwide Business Plans under this contract may include “no-cost” Service Enabling Devices (SEDs) (including, but not limited to, cell phones and shall be offered to the general public at “no-cost”) and bundling the SEDs with cellular service. The SEDs are offered on an “as available” basis and may or may not be domestic end products or end products of a designated country. The “no-cost” SEDs are not available through this contract apart from ordering cellular service.
Cellular service is one of several services excluded from the WTO Government Procurement Agreement and the other Free Trade Agreement executed by the United States Government. See FAR 25.401(b). The wireless service offered under this contract has been determined by the GSA Schedule contracting officer to be domestic in origin. See FAR 25.402(a)(2).
132-61 - Public Key Infrastructure (PKI) Shared Service Provider (SSP) Program
PKI SSPs shall provide reliable, authenticated, policy-compliant service offerings to support Federally issued Personal Identity Verification (PIV), Personal Identity Verification Interoperable (PIV-I), and associated certificates and cryptographic key service offerings. In accordance with 40 U.S.C. Federal and State agencies and Tribal organizations can leverage these service offerings to allow authorized personnel physical access to facilities and logical access to networks in accordance with X.509 Certificate Policy for the U.S. Federal PKI Common Policy Framework.
132-60E - Remote Identity and Access Managed Service Offering
Managed services that allow agencies to interface to the hosted service that is aggregating multiple identity sources into a single interface, and to use policy compliant sources to validate application users or subscribers as they attempt to log in to agency applications. This service includes the requirement to know the claimed identity of the user. Agencies will rely on the output in granting account access to the user.
132-44 - Continuous Diagnostics and Mitigation Tools
The Continuous Diagnostics and Mitigation (CDM) program helps strengthen the cybersecurity of government networks and systems. CDM provides federal agencies with capabilities and tools that
- Find cybersecurity risks on an ongoing basis;
- Prioritize these risks based upon potential impacts; and
- Enable cybersecurity personnel to focus on the most significant problems first.
- FPDS Code D301 IT Facility Operation and Maintenance
- FPDS Code D302 IT Systems Development Services
- FPDS Code D306 IT Systems Analysis Services
- FPDS Code D307 Automated Information Systems Design and Integration Services
- FPDS Code D308 Programming Services
- FPDS Code D310 IT Backup and Security Services
- FPDS Code D311 IT Data Conversion Services
- FPDS Code D313 Computer Aided Design/Computer Aided Manufacturing (CAD/CAM) Services
- FPDS Code D316 IT Network Management Services
- FPDS Code D317 Creation/Retrieval of IT Related Automated News Services, Data Services, or
- Other Information Services (All other information services belong under Schedule 76)
- FPDS Code D399 Other Information Technology Services, Not Elsewhere Classified