GSA - IT Schedule 70


IT Schedule 70 is an Indefinite Delivery/Indefinite Quantity (IDIQ), Multiple Award Schedule (MAS), which offers innovative solutions to meet federal, state, and local governments’ IT needs. IT Schedule 70 is the largest, most widely used acquisition vehicle in the federal government and includes over 7.5 million innovative IT products, services, and solutions.

  • Contract number: 
  • 47QTCA18D006H
  • DUNS number:

Program Management Office

More Information

Special Item Numbers (SINs):



SIN: 132-40 Cloud and Cloud-Related IT Professional Services

Includes commercially available cloud computing services such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) and emerging cloud services. IT professional services that are focused on providing the types of services that support the Government's adoption of, migration to or governance/management of Cloud computing. Specific labor categories and/or fixed price solutions (e.g. migration services, etc.) that support activities associated with assessing Cloud solutions, refactoring workloads for Cloud solutions, migrating legacy or other systems to Cloud solutions, providing management/governance of Cloud solutions, DevOps, developing cloud native applications or other Cloud oriented activities.


  • Software as a Service (SaaS) - Consumer uses provider’s applications on cloud infrastructure. Does not manage/control platform or infrastructure. Limited application level configuration may be available.
  • Platform as a Service (PaaS) - Consumer deploys applications onto cloud platform service using provider-supplied tools. Has control over deployed applications and some limited platform configuration but does not manage the platform or infrastructure.
  • Infrastructure as a Service (IaaS) - Consumer provisions computing resources. Has control over OS, storage, platform, deployed applications and some limited infrastructure configuration, but does not manage the infrastructure.


SIN 132-44 Continuous Diagnostics and Mitigation Tools

Includes Continuous Diagnostics and Mitigation (CDM) Approved Products List (APL) hardware and software products/tools and associated services. The full complement of CDM subcategories includes tools, associated maintenance, and other related activities such as training.

The 5 subcategories CDM capabilities specified under this SIN are:

  • Manage “What is on the network?”: Identifies the existence of hardware, software, configuration characteristics and known security vulnerabilities.
  • Manage “Who is on the network?”: Identifies and determines the users or systems with access authorization, authenticated permissions and granted resource rights.
  • Manage “How is the network protected?”: Determines the user/system actions and behavior at the network boundaries and within the computing infrastructure.
  • Manage “What is happening on the network?”: Prepares for events/incidents, gathers data from appropriate sources; and identifies incidents through analysis of data."


SIN: 132-45 Highly Adaptive Cybersecurity Services (HACS)

The scope of this category encompasses a wide range of fields that include, but are not limited to, Risk Management Framework (RMF) services, information assurance (IA), virus detection, network management, situational awareness and incident response, secure web hosting, and backup and security services. The scope of this category also includes Security Operations Center (SOC) services. HACS vendors are able to identify and protect a customer's information resources, detect and respond to cybersecurity events or incidents, and recover capabilities or services impaired by any incidents that emerge.



SIN: 132-51 Information Technology (IT) Professional Services

Includes resources and facilities management, database planning and design, systems analysis and design, network services, programming, conversion and implementation support, network services project management, data/records management, and other IT services



SIN: 132-56 Health Information Technology (IT) Services

Includes a wide range of Health IT services to include connected health, electronic health records, health information exchanges, health analytics, personal health information management, innovative Health IT solutions, health informatics, emerging Health IT research, and other Health IT services.


SIN: 70-500 Order-Level Materials (OLMs)

OLMs are supplies and/or services acquired in direct support of an individual task or delivery order placed against a Federal Supply Schedule (FSS) contract or FSS blanket purchase agreement (BPA). OLMs are not defined, priced, or awarded at the FSS contract level. They are unknown before a task or delivery order is placed against the FSS contract or FSS BPA. OLMs include direct materials, subcontracts for supplies and incidental services for which there is not a labor category specified in the FSS contract, other direct costs (separate from those under ODC SINs), and indirect costs. OLMs are purchased under the authority of the FSS Program and are not "open market items."


Ordering agencies may purchase services from the SINs listed in SAIC’s Price Catalog on a firm-fixed price or labor-hours delivery/task order basis. Note that cost type contracts are not permitted under the GSA MAS Program. The firm-fixed or not-to-exceed price will be based upon the labor categories and hourly rates (which may be discounted) awarded on the contract.


SAIC Capabilities

    • Risk and Vulnerability Assessments (RVA) - assesses threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.
      • Network Mapping - identifying assets on an agreed upon IP address space or network range(s)
      • Vulnerability Scanning - comprehensively identifies IT vulnerabilities associated with agency systems that are potentially exploitable by attackers
      • Phishing Assessment - activities to evaluate the level of awareness of the agency workforce with regard to digital forms of social engineering
      • Wireless Assessment - wireless access point (WAP) detection, penetration testing or both and is performed while onsite at a customer’s facility
      • Web Application Assessment - scanning, testing or both of outward facing web applications for defects in Web service implementation that may lead to exploitable vulnerabilities
      • Operating System Security Assessment (OSSA) and Database Assessment
    • Cyber Hunt - activities respond to crises or urgent situations within the pertinent domain to mitigate immediate and potential threats. Cyber Hunts start with the premise that threat actors known to target some organizations in a specific industry or with specific systems are likely to also target other organizations in the same industry or with the same systems.
      • Collect intrusion artifacts, such as source code, malware, and Trojans, and use discovered
      • Coordinate with and provide expert technical support to enterprise-wide Computer Network Defense technicians to resolve incidents
      • Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation
    • Incident Response - services help organizations impacted by a cybersecurity compromise determine the extent of the incident, remove the adversary from their systems, and restore their networks to a more secure state.
      • Collect intrusion artifacts, such as source code, malware, and Trojans, and use discovered data to enable mitigation of potential Computer Network Defense incidents within the enterprise
      • Perform command and control functions in response to incidents
      • Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation
    • Penetration Testing - security testing in which assessors mimic real-world attacks to identify methods for circumventing the security features of an application, system, or network.
      • Conduct and/or support authorized penetration testing on enterprise network assets
      • Analyze site/enterprise Computer Network Defense policies and configurations and evaluate compliance with regulations and enterprise directives
      • Assist with the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems, and processes)
    • Automated Information System Design and Integration
    • Automated News, Data and Other Information Services
    • Computer Aided Design/Computer Aided Manufacturing(CAD/CAM) Services
    • Desktop Management
    • IT Backup and Security Services
    • IT Data Conversion Services
    • IT Facility Operations and Maintenance
    • IT Network Management Services
    • IT Systems Analysis Services
    • IT Systems Development Services
    • Information Assurance
    • Programming Services
    • OLMs are only authorized for inclusion at the order level under a Time-and-Materials (T&M) or Labor-Hour (LH) Contract Line Item Number (CLIN) and are subject to a Not To Exceed (NTE) ceiling price.
    • The OLM SIN is only authorized for use in direct support of another awarded SIN.
    • Prices for items provided under the OLM SIN must be inclusive of the Industrial Funding Fee (IFF).
    • The value of OLMs in a task or delivery order, or the cumulative value of OLMs in orders against a BPA awarded under an FSS contract, cannot exceed 33.33%.
    • Enterprise IT
    • Software
    • Cyber
    • Advanced Analytics and Simulation
    • Engineering, Integration, and Logistics
    • Training and Mission Solutions