Vulnerability Disclosure Program (VDP) Enterprise Management System (EMS)
ID: FA701425RVDPEType: Combined Synopsis/Solicitation
Overview

Buyer

DEPT OF DEFENSEDEPT OF THE AIR FORCEFA7014 AFDW PKANDREWS AFB, MD, 20762-6604, USA

NAICS

Other Computer Related Services (541519)

PSC

IT AND TELECOM - BUSINESS APPLICATION SOFTWARE (PERPETUAL LICENSE SOFTWARE) (7A21)

Original Source

https://sam.gov/workspace/contract/opp/ce0a3ccd33f24d15b88cf887cea9c881/view
Timeline
    Description

    The Department of Defense, specifically the Department of the Air Force, is seeking proposals for a Vulnerability Disclosure Program (VDP) Enterprise Management System (EMS) to support its Cyber Crime Center (DC3). The procurement aims to secure a commercial solution that includes vulnerability submission workflows, researcher engagement tools, and advanced reporting capabilities for both the DoD and Defense Industrial Base (DIB) VDPs. This initiative is crucial for enhancing the security of the DoD Information Network and leveraging crowdsourced cybersecurity expertise. Proposals are due by January 9, 2026, at 1600 EST, and interested parties should direct inquiries to Phelicha Silva at phelicha.silva@us.af.mil or Ryan Amos at ryan.amos.5.ctr@us.af.mil. Please note that funding for this contract is contingent upon the availability of appropriated funds.

    Point(s) of Contact
    Phelicha Silva
    phelicha.silva@us.af.mil
    Ryan Amos
    ryan.amos.5.ctr@us.af.mil
    Files
    Title
    Posted
    Attachment 1 VDP EMS Performance Work Statement (PWS).pdf
    This Performance Work Statement outlines the requirements for a contractor to provide a Vulnerability Disclosure Program (VDP) Enterprise Management System for the Department of Defense (DoD) Cyber Crime Center (DC3). The VDP aims to enhance the security of the DoD Information Network and Defense Industrial Base networks by leveraging crowdsourced cybersecurity expertise. The contractor will provide two enterprise management system licenses/subscriptions, vulnerability submission and management workflows, community engagement features, integration capabilities, mediation support, and tools for vulnerability triage and resolution. Key deliverables include the licenses, workflows, kickoff meeting arrangements, and transition plans. The contract has a 12-month base period with multiple option periods, and performance will occur at both contractor and government sites. Security, compliance, and quality assurance are critical components of the contract.
    Attachment 2 CLIN Worksheet.xlsx
    The Attachment 2 CLIN Worksheet outlines the pricing structure for the Vulnerability Disclosure Program (VDP) Enterprise Management Solution (EMS). It details a base year from February 2026 to January 2027, followed by four option years, each covering the DoD and DIB VDP Software License Subscriptions. The worksheet emphasizes the offeror's responsibility to ensure accurate calculations for all line items and includes an automatic calculation for a six-month extension, in accordance with FAR 52.217-8, based on half of the final option year's proposed amount. While quantities are set at one for each subscription, the prices are currently listed as $0.00, indicating that offerors are expected to fill in their proposed unit prices to determine the total contract value over the entire period of performance.
    RFQ COMBO_VDP EMS.pdf
    The Department of the Air Force seeks a Firm-Fixed Price contract for a Vulnerability Disclosure Program (VDP) Enterprise Management Solution (EMS) to support the DoD Cyber Crime Center (DC3). This solicitation (FA701425RVDPE) aims to secure annual licenses/subscriptions for two VDP EMS instances (DoD VDP and DIB VDP). The solution must offer vulnerability submission workflows, researcher engagement tools, advanced analytics, and dedicated support. The contract includes a base year (February 2026 – January 2027) and four option years, plus a six-month extension. Proposals are due by January 9, 2026, 1600 EST. Evaluation prioritizes technical merit (technical and management approach) over cost, with technical factors being significantly more important.
    Lifecycle
    Title
    Type
    Vulnerability Disclosure Program (VDP) Enterprise Management System (EMS)
    Currently viewing
    Combined Synopsis/Solicitation
    Similar Opportunities
    Protecting Army Modernization and Supply Chains- Commercial Solutions Opening (CSO)
    Dept Of Defense
    The Department of Defense, through the Army Contracting Command, is seeking innovative solutions to enhance cybersecurity within the Defense Industrial Base (DIB) as part of the Protecting Army Modernization and Supply Chains initiative. This opportunity invites proposals for automated cybersecurity measures that comply with critical standards such as NIST controls and Cybersecurity Maturity Model Certification (CMMC), aimed at supporting small businesses in mitigating cyber threats while ensuring the protection of intellectual property and secure access. The initiative is crucial for safeguarding defense technologies and ensuring the rapid delivery of military capabilities, with submissions accepted until March 6, 2030. Interested parties can contact the Army NCODE Team at usarmy.apg.acc.mbx.dc3oe-ncode-cso@army.mil for further information.
    Department of the Air Force (DAF) Identity, Credential, and Access Management (ICAM) Enterprise III, Request For Information (RFI)
    Dept Of Defense
    The Department of the Air Force (DAF) is seeking a qualified vendor to provide comprehensive services for its Identity, Credential, and Access Management (ICAM) Enterprise III program, as outlined in a Request for Information (RFI). The procurement aims to identify a single vendor capable of managing platform operations, sustainment, and enhancement of the DAF ICAM platform, which is critical for onboarding over 3,300 applications and supporting a user base of over 750,000 personnel and millions of non-person entities. This initiative is part of a broader cybersecurity transformation to transition to a Zero Trust Architecture, aligning with the Department of Defense's Digital Modernization Strategy. Interested parties must submit their responses by January 6, 2026, and can direct inquiries to Kurtavius Brown at kurtavius.brown@us.af.mil or Darnita McBride at darnita.mcbride@us.af.mil.
    Trusted and Elastic Military Platforms and Electronic Warfare (EW) System Technologies (TEMPEST)
    Dept Of Defense
    The Department of Defense, specifically the Air Force Research Laboratory (AFRL), is seeking proposals for the Trusted and Elastic Military Platforms and Electronic Warfare (EW) System Technologies (TEMPEST) initiative. This program aims to develop methodologies and technologies to enhance the cyber security and resilience of avionics systems across various platforms, including manned, unmanned, and ISR systems, with a focus on mitigating vulnerabilities and advancing sensor technologies. The estimated program value is approximately $808.5 million, with multiple awards ranging from $1 million to $200 million, and proposals will be accepted through subsequent calls until November 1, 2025. Interested parties can reach out to Timothy Matelski at timothy.matelski@us.af.mil or Richard Bailey at richard.bailey.26@us.af.mil for further inquiries.
    Mission Video Distribution System (MVDS) Services
    Dept Of Defense
    The Department of Defense, specifically the Air Combat Command (ACC), is seeking industry sources for the Mission Video Distribution System (MVDS) Services, with a focus on providing engineering and technical support for the HQ 9th Air Force (Air Forces Central). The procurement aims to ensure the availability and operational support of the MVDS, which is critical for military operations within the United States Central Command (USCENTCOM) Area of Responsibility, including on-site support at Shaw Air Force Base in South Carolina and Al Udeid Air Base in Qatar. Interested parties must demonstrate their capability to meet the requirements, including software development, system engineering, and compliance with security standards, while adhering to government regulations. Responses are due by January 6, 2026, at 2:00 PM EST, and inquiries should be directed to Scott D. Bedford or Nicholas Bachman via email.
    Request for Information (RFI) for Passive Defense Solutions
    Dept Of Defense
    The Department of Defense, specifically the Department of the Air Force, has issued a Request for Information (RFI) for passive defense solutions aimed at countering threats posed by Group 1-3 Unmanned Aerial Systems (UAS) to USAF assets. The Air Force is seeking industry input on solutions that utilize Camouflage, Concealment, Deception, and Hardening (CC&D+H) measures, with an emphasis on low-cost, user-friendly, and rapidly deployable options that can integrate with existing systems. These solutions are critical for enhancing the protection of Air Force assets by reducing spectral and visual signatures while ensuring operational continuity. Interested vendors are required to submit a five-page response detailing their company overview, proposed solutions, technical approaches, performance data, and cost/schedule by December 22, 2025, at 1600 EST. For further inquiries, vendors may contact Timothy Overby at timothy.overby.1@us.af.mil or Jennifer Judkins at jennifer.judkins@us.af.mil.
    16th Air Force Commercial Solutions Opening
    Dept Of Defense
    The Department of Defense, specifically the 16th Air Force, is issuing a Commercial Solutions Opening (CSO) to solicit innovative solutions aimed at enhancing the Air Force Information Network (AFIN) operations and Defense Cyberspace Operations (DCO). The primary objective is to address evolving cyber threats by improving resource allocation, addressing skill gaps, and enhancing training and defensive cyber capabilities. This opportunity is crucial for acquiring advanced technologies and services that can streamline operations and bolster the Air Force's mission capabilities. Interested parties can submit proposals for Call 0005, which is open for submissions from December 12, 2025, to January 26, 2026, and should contact Carissa Heuertz or Brian Cook at 16af.cso.workflow@us.af.mil for further information.
    DARPA's Commercial Solutions Opening (DCSO) for Commercial Strategy
    Dept Of Defense
    The Defense Advanced Research Projects Agency (DARPA) is soliciting proposals under its Commercial Solutions Opening (DCSO) for transitioning and commercializing innovative solutions derived from DARPA-funded research and development efforts. The primary objective is to close military and civilian capability gaps by leveraging commercial solutions, with a particular focus on the Embedded Entrepreneur Initiative (EEI), which funds entrepreneurs to assist in commercialization efforts. This initiative is crucial for enhancing national security and economic growth by bridging the gap between innovation and practical application. Proposals are due by April 30, 2026, and must adhere to the updated solicitation requirements, including a detailed Statement of Work and pricing documentation. Interested parties can contact Melissa Ramirez at DARPACSO@darpa.mil for further information.
    Advanced Cyber Effects for Strategic Operations (ACESO)
    Dept Of Defense
    The Department of Defense, specifically the Department of the Air Force, is seeking white papers for the Advanced Cyber Effects for Strategic Operations (ACESO) program under the Advanced Research Announcement (ARA) FA8750-25-S-7005. This initiative aims to develop cyber operations prototypes that can be transitioned into operational DoD platforms to enhance superiority in the Cyber Domain, focusing on technologies such as assured and zero-trust infrastructure, Command, Control, Communications, Computers, and Intelligence (C4I), and Offensive Cyber Operations. With an estimated total funding of approximately $950 million, individual awards are expected to range from $10 million to $50 million, with the potential for awards up to $99.98 million, and the program is open for submissions until July 10, 2030. Interested parties should direct technical inquiries to Tanya Macrina at AFRL.RI.ACESO@us.af.mil and business inquiries to Amber Buckley at Amber.Buckley@us.af.mil.
    2024 Department of Homeland Security (DHS) Directorate of Science and Technology (S&T) Long Range Broad Agency Announcement (LRBAA) 24-01
    Homeland Security, Department Of
    The Department of Homeland Security (DHS) is seeking proposals through its Long Range Broad Agency Announcement (LRBAA) 24-01, aimed at funding scientific and technical projects that enhance homeland security capabilities. This five-year initiative, open until May 31, 2029, focuses on three types of research: near-term component gaps, foundational science, and future needs/emerging threats, covering key mission areas such as Counter Terrorism, Border Security, and Cyberspace Security. The submission process involves a three-step approach: Industry Engagement, Virtual Pitch, and Written Proposal, with eligibility extended to various entities, including small businesses. Interested parties can contact John Whipple at john.whipple@hq.dhs.gov or the LRBAA Program Mailbox at LRBAA.Admin@HQ.DHS.GOV for further information.
    Customer Care Prototyping - Commercial Solution Opening (Notice of Availability)
    Dept Of Defense
    The Defense Health Agency (DHA) is seeking innovative solutions through its "Customer Care Prototyping 2025-2026" initiative, aimed at enhancing customer care within the Military Health System (MHS). This opportunity invites prototype projects under the authority of 10 U.S.C. § 4022, focusing on developing a foundational platform that prioritizes agile development, self-service support, and data-driven insights to improve mission effectiveness and customer sentiment while reducing costs. Interested vendors should monitor SAM for updates regarding submission instructions and evaluation criteria, with the first "Season Notice" expected in Q1 FY26. For inquiries, contact Gabriela Hurte at gabriela.y.hurte.civ@health.mil or Sonya Edom at sonya.m.edom.civ@health.mil.