GSA Multiple Award Schedule
The General Services Administration (GSA) Multiple Award Schedule (MAS) is a Government-wide Acquisition Contract (GWAC) that supports Government requirements for high-performance IT by providing state-of-the-art commercial hardware, software, services, and solutions. VariQ performs in four of its Special Item Number (SIN) areas, including IT Professional Services [SIN 54151S], Highly Adaptive Cybersecurity Services [SIN 54151HACS], Cloud [SIN 518210C], and Health IT Services [SIN 54151HEAL].
For more information, visit the GSA MAS website.
Period of Performance-
Who is Eligible
Federal agencies, agency contractors and certain educational institutions; State and local government entities under the authority of Cooperative Purchasing.
Geographic Scope: Domestic Delivery within the 48 contiguous states, Alaska, Hawaii, Puerto Rico, Washington, D.C. and U.S. territories. Domestic delivery also includes a port or consolidation point within the aforementioned areas for orders received from overseas activities.
General Services Administration Federal Acquisition Service
VariQ performs as prime on the GSA MAS while offering 29 labor categories in the following areas:
IT Facility Operation and Maintenance
IT Systems Development Services
IT Systems Analysis Services
Automated Information Systems Design and Integration Services
IT Backup and Security Services
IT Data Conversion Services
Computer Aided Design/Computer Aided Manufacturing (CAD/CAM) Services
IT Network Management Services
Creation/Retrieval of IT Related Automated News Services
Other Information Services
CMMI DEV V2.0, Level 3
CMMI SVC V2.0, Level 3
Extra Tab #1
IT Professional Services SIN 132-51 (legacy) / 54151S (new)
GSA MAS SIN for IT Professional Services includes:
- Agile software development
- Big data and analytics
- Cloud computing
- Data center optimization
- Digital strategy
- Integration and migration services for IaaS, SaaS, and PaaS delivery models
- IT modernization
- IT systems
- Learning management systems
- Network services
- Operations and maintenance
- Other services relevant to 29CFR541.400
Extra Tab #2
Highly Adaptive Cybersecurity Services [HACS] SIN 132-45 (legacy) / 54151HACS (new)
GSA has established a HACS SIN on GSA MAS to provide agencies quicker access to key pre-vetted support services that will expand agencies’ capacity to test their high-priority IT systems, rapidly address potential vulnerabilities, and stop adversaries. VariQ performs in each of these five service areas:
Penetration Testing: Security testing in which assessors mimic real-world attacks to identify methods for circumventing the security features of an application, system, or network.
Incident Response: Services to help organizations impacted by a Cybersecurity compromise to determine the extent of the incident, remove the adversary from their systems, and restore their networks to a more secure state.
Cyber Hunt: Response to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats.
Risk and Vulnerability Assessment: Assessments of threats and vulnerabilities, deviations from acceptable configurations, enterprise or local policy; assessment of levels of risk, and appropriate mitigation countermeasures in operational and non-operational situations.
High Value Asset (HVA): Include Risk and Vulnerability Assessment (RVA) which assesses threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations. See the section below on RVA for details on those services. Security Architecture Review (SAR) evaluates a subset of the agency’s HVA security posture to determine whether the agency has properly architected its cybersecurity solutions and ensures that agency leadership fully understands the risks inherent in the implemented cybersecurity solution. The SAR process utilizes in-person interviews, documentation reviews, and leading practice evaluations of the HVA environment and supporting systems. SAR provides a holistic analysis of how an HVA’s individual security components integrate and operate, including how data is protected during operations. Systems Security Engineering (SSE) identifies security vulnerabilities and minimizes or contains risks associated with these vulnerabilities spanning the Systems Development Life Cycle. SSE focuses on, but is not limited to the following security areas: perimeter security, network security, endpoint security, application security, physical security, and data security.
Extra Tab #3
Health IT Services SIN 132-56 (legacy) / 54151HEAL (new)
GSA MAS SIN for all Health IT services includes:
- Connected health
- Electronic health records
- Emerging research
- Health analytics
- Health informatics
- Health information exchanges
- Innovative solutions
- Personal health information management
- Other health IT services
Extra Tab #4
Cloud and Cloud-Related IT Professional Services SIN 132-40 (legacy) / 518210C (new)
The Cloud SIN has been expanded to include Cloud-related IT professional services. These include Cloud-related IT professional labor categories and/or services required to:
- Assess, prepare, refactor, migrate, integrate, develop new native cloud applications (DevOps), or
- Govern a cloud implementation.
The Cloud Services SIN is for all cloud services groups cloud technology offerings within GSA MAS and makes it easier for agencies to acquire cloud services.