top of page

General Services Administration 

GSA Highly Adaptive Cyber Security (HACS)

Contract Number: GS-35F-292GA (SIN 54151HACS)


Period of Performance: March 15, 2017- March 14, 2022


Contract Type: Firm Fixed Price (FFP), Cost Plus Fix Fee (CPFF), Time & Materials (T&M)


Award Date: February 23, 2018


Contract Description


Obsidian can provide cybersecurity services to all federal agencies. These HACS SINs provide federal agencies quicker and more reliable access to pre-vetted companies that have proven experience delivering cybersecurity support services that rapidly address potential vulnerabilities and stop cyber adversaries.


Obsidian underwent a lengthy and rigorous evaluation, which included submission of numerous written proposals as well as oral technical evaluations. GSA performed a comprehensive review of Obsidian’s cybersecurity services and thoroughly vetted our capabilities to deliver quick and reliable services in all five (5) HACS Sub-SINs:

High Value Asset (HVA) Assessments - Includes Security Architecture Review (SAR) to evaluate a subset of the HVA security posture to determine whether the agency has properly architected its cybersecurity solutions. The SAR process utilizes in-person interviews, documentation reviews, and leading practice evaluations of the HVA environment and supporting systems. Also includes Systems Security Engineering (SSE) to identify security vulnerabilities and minimizes or contain risks associated with these vulnerabilities spanning the Systems Development Life Cycle. SSE focuses on the following security areas: perimeter security, network security, endpoint security, application security, physical security, and data security.

Penetration Testing – Security testing in which assessors mimic real-world attacks to identify methods for circumventing the security features of an application, system, or network.


Incident Response – Helps organizations impacted by a cybersecurity compromise determine the extent of the incident, remove the adversary from their systems, and restore their networks to a more secure state.


Cyber Hunt - Responding to crises or urgent situations to mitigate immediate and potential threats. Cyber Hunts start with the premise that threat actors known to target some organizations in a specific industry or with specific systems are likely to also target other organizations in the same industry or with the same systems. 

Risk and Vulnerability Assessments (RVA) – Conducts assessments of threats and vulnerabilities; determines deviations from acceptable configurations, enterprise, or local policy; assesses the level of risk; and develops and/or recommends appropriate mitigation countermeasures.


This positions Obsidian to provide rapid cybersecurity services to all federal agencies

Point of Contact


Kane Kanagawa
Vice President of Business Development

bottom of page