Accelerated GSA Approval Allows Government Agencies to Purchase Leading Continuous Security Validation Solutions

SANTA CLARA, Calif., AttackIQ, the leading independent vendor in the breach and attack simulation market, today announced their platform has been approved by the U.S. General Services Administration (GSA) and is now available for purchase via RockITek’s GSA Federal Supply Schedule. RockITek, a distributor specializing in building and managing purpose-built consortiums that accelerate the adoption of emerging technology into government space, holds the AttackIQ GSA Letter of Supply.

AttackIQ enables government agencies to follow best business practices by continuously validating the state of their systems, comparing what they expect their security posture to be versus reality. With AttackIQ, government agencies can map cyber defenses to real-world threats and continuously test security controls, maximizing their cybersecurity investments while providing high quality data to security teams to prioritize remediation to protect critical infrastructure and data. Making this solution available on GSA will enable AttackIQ to deliver cybersecurity solutions to clients throughout the federal government in a more timely and cost-effective manner.

“AttackIQ’s ability to continuously validate security controls against the MITRE ATT&CK framework provides government agencies the ability to proactively align to NIST 800-53 directives and emerging threat-based methodologies such as govCAR and DoDCAR,” said John Sobczak, RockITek’s CEO. “The escalating and emerging threats we see and hear about from our customers highlights the pervasive need for this capability throughout the federal government. The success that AttackIQ has had to date in the commercial sector is indicative of the positive impact this platform will have for the federal government. Adding these products to our GSA Schedule is an exciting first step to making that happen. We have also submitted AttackIQ to the Department of Homeland Security’s Continuous Diagnostic and Mitigation (CDM) Program for inclusion on the Approved Product List (APL). We were just notified that they were approved and are now able to be ordered via the CDM contract.”

One of the key cybersecurity challenges faced by government agencies today is receiving quality, timely, and accurate risk data. According to GAO’s July 2019 Cybersecurity Report to Congress (GAO-19-384), less than one-third of the 23 civilian CFO Act Agencies had fully developed a cybersecurity risk management strategy. Furthermore, the federal government is a large global enterprise with varied and diverse mission sets, so developing a standardized strategy has proven problematic.

AttackIQ enables both large and small government agencies to make real-time strategic risk decisions. AttackIQ’s platform is vendor neutral and can be deployed non-disruptively to support each agency’s cybersecurity goals. AttackIQ’s standardized assessments and fully customizable reporting provides security teams and executives a clear picture of their overarching security posture, as well as generates notifications of risk to their infrastructure. Its interactive dashboard provides comprehensive visualization of events to prioritize actions with credible, real-time information on the impact to the agency’s mission.

“Technology has evolved to be the critical business enabler of almost every government agency,” said Stacey Meyer, AttackIQ’s VP of Federal Operations. “However, the complexity of technology management makes security very difficult. On average, government agencies have hundreds of security tools and security platforms to manage. They are spending over $10B annually for cybersecurity and yet breaches still happen. The 2018 Verizon DBIR reported that 82% of global incidents analyzed indicated that they had all the enabling technology they needed, it just wasn’t configured, or operationally exercised well to test the end-to-end effectiveness. AttackIQ’s platform empowers organizations to take a proactive approach to cybersecurity by finding and addressing vulnerabilities before adversaries can exploit them. By continuously testing security controls, processes and people from disparate sources with an automated validation platform like AttackIQ, government agencies can be assured they are in the best position possible to defend against actual security threats.”

About AttackIQ

AttackIQ, a leader in the emerging market of breach and attack simulation, built the industry’s first platform that enables red and blue teams to test and measure the effectiveness of their security controls and staff. With an open platform, AttackIQ supports the MITRE ATT&CK framework, a curated knowledge base and model for cyber adversary behavior used for planning security improvements and verifying defenses work as expected. AttackIQ’s platform is trusted by leading companies around the world. For more information visit Follow AttackIQ on TwitterFacebookLinkedInVimeo, and YouTube.

About RockITek

Since 2017, RockITek is a distributor specializing in building and managing purpose-built consortiums that accelerate the adoption of emerging technology into government space. We collaborate with organizations to create alignment and work together to create mutual success. Our existing consortiums—Data Protection, Authentication & Access, and Security Validation—create success for our partners such as approval to DHS’ CDM APL and GSA Schedule in 30 days or less, increase the average deal size by 150%, and helping our partners see 200% growth. For more information on RockITek, visit us at