The General Services Administration is considering adding a special item number (SIN) for cybersecurity and information assurance (CyberIA) to IT Schedule 70, making it easier for agencies to buy security tools and services and giving vendors a central place to offer their wares.
GSA released a request for information on Aug. 12 asking for feedback on a CyberIA SIN, primarily from the companies whose product and services would be listed there.
Documents: CyberIA SIN RFI and Response Template
The idea for a cybersecurity SIN has been kicking around GSA for some time, though the CyberIA RFI came sooner than expected, with officials originally unsure if the process would get started this year.
Recent incidents — including two high-profile breaches at the Office of Personnel Management — prompted GSA to move ahead with the proposed SIN.
"GSA believes the CyberIA products and services market is sufficiently mature for this SIN to attract both vendors and government buyers," according to the RFI.
The proposed SIN would include hardware, software and services in eight categories:
- Information Assurance;
- Virus Detection;
- Intrusion Detection and Prevention;
- Network Management;
- Situational Awareness and Incident Response;
- Secure Web Hosting;
- Backup and Security Services; and
- Communications Security.
The RFI is looking for industry feedback on how companies sell cybersecurity products and services and general opinions on creating a cybersecurity SIN. GSA is also interested in thoughts on the eight proposed categories.
While the request is industry-focused, agencies are also invited to respond. Agency-specific questions are included in section D of the RFI.
Responses are due by 4 p.m. on Sept. 11.