Government Services

Armed with cyber subject matter experts, engineers, and technicians from the U.S. Air Force, U.S. Navy, and the National Security Agency, the SandTech Solutions team is made up of analysts and operators experienced on our country’s most sensitive networking systems.


Develop and Execute Defensive Cyber Capabilities

We built our reputation supporting the creation of the Air Force’s CVA/H Cyber Weapon System and employing the platform on initial AF Cyber Protection Team missions. Our ability to develop and execute defensive cyber capability grows from our solid foundation in the Cyber Weapon Systems, mission employment from the tactical to the strategic, Information Technology & Assurance, Network & Host Security, Systems Engineering, and Telecom Engineering and Security.  SandTech has exceptional depth in Vulnerability Assessment and Adversary Hunt planning and Execution, with background in the development and maturation of the Air Force’s enclave defense methodology.

GSA’s Streamlined Technology Application Resource for Services (STARS) III is a small business set-aside Government-Wide Acquisition Contract (GWAC) to provide flexible access to customized IT solutions from a large, diverse pool of 8(a) industry partners.  A GWAC is a pre-competed, multiple-award, indefinite delivery, indefinite quantity (IDIQ) contract that agencies can use to buy total IT solutions.  The 8(a) STARS III GWAC ordering period is a five year base with one three-year option, with the ordering period beginning on July 2, 2021.  The ceiling for 8(a) STARS III is $50 billion.  8(a) STARS III allows for fixed price, time and materials, labor-hour or a hybrid blend of these task order types.

The GSA Schedule 70 is by far one of the most-used and largest acquisition vehicle in the US federal government. Like other GSA Schedules, Schedule 70 is a multiple-award schedule that allows government agencies to have direct access to the products, solutions, and services that are offered by the partners on the schedule. SandTech’s inclusion on the GSA IT Schedule 70 greatly increases its availability to prospective customers and increases the predictability and transparency of rates as well. Additionally, because negotiation has been done up front, prospective clients save the time of negotiating and seeking out the best rates.

Under the GSA award are included the Highly Adaptive Cybersecurity Services (HACS) Special Item Numbers (SIN).  These awards, under the GSA IT Schedule 70 program, denote superior capability, skill, and experience. The HACS SIN program was established in support of the President’s 2016 Cybersecurity National Action Plan*. As of December 2019, SandTech is one of only nine SBA 8(a) companies nationally that earned all five of the GSA’s Highly Adaptive Cybersecurity Special Item Number (HACS SIN) subcategories.


  • Listed on GSA’s STARS III, SandTech is a small business, emerging technology, IT service provider.

STARS III Contract Number: 47QTCB21D0166

Period of Performance:  2 Jul 2021 – 1 Jul 2026

  • Listed on GSA’s IT Schedule 70, SandTech is an SBA 8(a) program participant, a Small Disadvantaged Business, and a Service Disabled Veteran-Owned Small Business. SandTech corporate experience spans the spectrum from Prime Contractor, to Subcontractor and Joint Venture Partner, to Academic Scientific R&D Partner.

GSA IT Schedule 70 Contract Number: 47QTCA18D00LD
DUNS: 078652601

Sandtech Solutions Capability Summary



SandTech provides operations and system analysis for the full spectrum of cyberspace operations, Information Assurance, cybersecurity compliance, and Information Technology engineering. We support Federal, DOD, Air Force, and commercial customer needs. Our experience identifying key elements of cyberspace terrain, and then establishing enhanced protection around that terrain, has become a hallmark of the SandTech story.

  • Cyber Protection Teams
  • Mission Defense Teams
  • Space & Mission System Assurance
  • Assessment and Hunt Operations
  • Security Engineering
  • Security Architecture
  • Solutions Implementation
  • Disaster Recovery & COOP
  • Security Operations Center (SOC)

From compliance reviews to solutions development and integration, SandTech Enablers have the experience and expertise to create technology and security solutions that are fully compliant – and fully effective. Our team member backgrounds include Risk Management Framework (RMF), DIACAP, and DITSCAP cybersecurity services for new and legacy capabilities alike.

  • Telecommunications
  • Network Design
  • IMplementation & Transition
  • Network Management
  • VoIP/Telephony
  • Wireless Networking

SandTech Enablers have a passion for assembling top-quality innovators, focusing their energies, and fusing talents into achievable goals. Our successful experiences supporting Air Force Program Management Offices highlights our winning track record in this area, and our deep history with the evolution of the AF Cyber Weapon System construct gives us unique insight and understanding into PMO activities and processes.

  • Cyber Operations
  • Strategic & Mission Planning
  • Schedule Management
  • NetOps and Security Centers

SandTech delivers capability across all hardware platforms and standard operating systems, including Microsoft, Linux, iOS, and Solaris, leveraging Agile methodologies to manage projects effectively, on time, and on or under budget.Our experience spans validation/verification, code maintenance and development, and integration support.

  • COTS Integration
  • Database Design
  • GOTS Development
  • Test Development/Execution

The Risk Management Framework (RMF) is associated with the NIST SP 800-37 guide which every agency of the U.S. government must now integrate into their processes. RMF describes the process that must be followed to secure, authorize, and manage IT systems. RMF defines a process cycle that is used for initially securing the protection of systems through an Authorization to Operate (ATO) and integrating ongoing risk management. SandTech can help you through the technical aspects for compliance.

  • Administrative Support
  • Artifact Development
  • DISA STIG Application, Validation, Verification
  • Weapon System Program Protection Support
  • CMMC Consulting

SandTech designs, creates, delivers, analyzes, and evaluates technical training following the Instructional Systems Design educational methodology. We’ve delivered education and training at the AF squadron level in the areas of defensive cyberspace operations and tactical mission planning. From courseware to evaluation instruments and visual aids, our Enablers have the experience to achieve your team’s training objectives.

We provide a strong staffing approach coupled with the agility and responsiveness that only a small business leader can provide. SandTech understands the Government’s cybersecurity mission and goals and usually exceeds them through innovation, integration, and continuous process improvement.

– Ron Comeau, Chief Information Officer

Company Certifications

Beyond ISO 9001:2015 compliance, SandTech observes a variety of compliance and regulatory regimes by nature of our federal contracting relationships. SandTech’s operations support services are provided in accordance with NIST Special Publication 800-53 revision 4, Recommended Security Controls for Federal Information Systems, NIST Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems, NIST Special Publication 800-37 revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems, NIST Special Publication 800-115, Technical Guide to Information Security Testing and Assessment, AFI 33-115 Network Operations.

Staff Certifications

SandTech’s cybersecurity team adheres to DoD Directive 8570.01 M Information Assurance Workforce Improvement Program, and DoD Directive 8140, Cyberspace Workforce Management, which prescribes the highest standards of technical certification currency, reinforcing our workforce with professionalism and proficiency.