GSA Multiple Award Schedule

The General Services Administration (GSA) Multiple Award Schedule (MAS) is a Government-wide Acquisition Contract (GWAC) that supports Government requirements for high-performance IT by providing state-of-the-art commercial hardware, software, services, and solutions. VariQ performs in four of its Special Item Number (SIN) areas, including IT Professional Services [SIN 54151S], Highly Adaptive Cybersecurity Services [SIN 54151HACS], Cloud [SIN 518210C], and Health IT Services [SIN 54151HEAL].

For more information, visit the GSA MAS website.

Company Contact

    Contract Info

    Contract Number


    Period of Performance


    Who is Eligible

    Federal agencies, agency contractors and certain educational institutions; State and local government entities under the authority of Cooperative Purchasing.

    Geographic Scope: Domestic Delivery within the 48 contiguous states, Alaska, Hawaii, Puerto Rico, Washington, D.C. and U.S. territories. Domestic delivery also includes a port or consolidation point within the aforementioned areas for orders received from overseas activities.

    Agency Sponsor

    General Services Administration Federal Acquisition Service

    Operational Information

    VariQ performs as prime on the GSA MAS while offering 29 labor categories in the following areas:

    • IT Facility Operation and Maintenance

    • IT Systems Development Services

    • IT Systems Analysis Services

    • Automated Information Systems Design and Integration Services

    • Programming Services

    • IT Backup and Security Services

    • IT Data Conversion Services

    • Computer Aided Design/Computer Aided Manufacturing (CAD/CAM) Services

    • IT Network Management Services

    • Creation/Retrieval of IT Related Automated News Services

    • Data Services

    • Other Information Services

    Industry Certifications

    CMMI DEV V2.0, Level 3
    CMMI SVC V2.0, Level 3
    ISO 9001:2015
    ISO/IEC 20000-1:2018
    ISO/IEC 27001:2013

    IT Professional Services

    IT Professional Services SIN 132-51 (legacy) / 54151S (new)

    GSA MAS SIN for IT Professional Services includes:

    • Agile software development
    • Big data and analytics
    • Cloud computing
    • Data center optimization
    • Digital strategy
    • Integration and migration services for IaaS, SaaS, and PaaS delivery models
    • IT modernization
    • IT systems
    • Learning management systems
    • Mobility
    • Network services
    • Operations and maintenance
    • Other services relevant to 29CFR541.400

    Company Contact

    Brian Edwards, VP, Growth Operations
    Cybersecurity HACS

    Highly Adaptive Cybersecurity Services [HACS] SIN 132-45 (legacy) / 54151HACS (new)

    GSA has established a HACS SIN on GSA MAS to provide agencies quicker access to key pre-vetted support services that will expand agencies’ capacity to test their high-priority IT systems, rapidly address potential vulnerabilities, and stop adversaries. VariQ performs in each of these five service areas:

    • Penetration Testing: Security testing in which assessors mimic real-world attacks to identify methods for circumventing the security features of an application, system, or network.

    • Incident Response: Services to help organizations impacted by a Cybersecurity compromise to determine the extent of the incident, remove the adversary from their systems, and restore their networks to a more secure state.

    • Cyber Hunt: Response to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats.

    • Risk and Vulnerability Assessment: Assessments of threats and vulnerabilities, deviations from acceptable configurations, enterprise or local policy; assessment of levels of risk, and appropriate mitigation countermeasures in operational and non-operational situations.

    • High Value Asset (HVA): Include Risk and Vulnerability Assessment (RVA) which assesses threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations. See the section below on RVA for details on those services. Security Architecture Review (SAR) evaluates a subset of the agency’s HVA security posture to determine whether the agency has properly architected its cybersecurity solutions and ensures that agency leadership fully understands the risks inherent in the implemented cybersecurity solution. The SAR process utilizes in-person interviews, documentation reviews, and leading practice evaluations of the HVA environment and supporting systems. SAR provides a holistic analysis of how an HVA’s individual security components integrate and operate, including how data is protected during operations. Systems Security Engineering (SSE) identifies security vulnerabilities and minimizes or contains risks associated with these vulnerabilities spanning the Systems Development Life Cycle. SSE focuses on, but is not limited to the following security areas: perimeter security, network security, endpoint security, application security, physical security, and data security.

    Company Contact


    Health IT Services

    Health IT Services SIN 132-56 (legacy) / 54151HEAL (new)

    GSA MAS SIN for all Health IT services includes:

    • Connected health
    • Electronic health records
    • Emerging research
    • Health analytics
    • Health informatics
    • Health information exchanges
    • Innovative solutions
    • Personal health information management
    • Other health IT services

    Company Contact

    Brian Edwards, VP, Growth Operations
    (202) 808-7336


    Cloud and Cloud-Related IT Professional Services SIN 132-40 (legacy) / 518210C (new)

    The Cloud SIN has been expanded to include Cloud-related IT professional services. These include Cloud-related IT professional labor categories and/or services required to:

    • Assess, prepare, refactor, migrate, integrate, develop new native cloud applications (DevOps), or
    • Govern a cloud implementation.

    The Cloud Services SIN is for all cloud services groups cloud technology offerings within GSA MAS and makes it easier for agencies to acquire cloud services.

    Company Contact

    Kevin Kutzavitch 
    (412) 418-2691

    More on VariQ’s capabilities and services