NATO Request for Information: White Box Vulnerability Assessment (VA) Services
ID: MS-424262-VAType: Special Notice
Overview

Buyer

COMMERCE, DEPARTMENT OFBUREAU OF INDUSTRY AND SECURITY

NAICS

Other Computer Related Services (541519)

Original Source

https://sam.gov/opp/73868d0351ca42b0859ad962272b54e3/view
Timeline
    Description

    The NATO Communications and Information Agency (NCIA) is seeking information from industry sources regarding the provision of White Box Vulnerability Assessment (VA) services to support NATO networks. The objective is to identify capable suppliers who can conduct in-depth, credentialed assessments of enterprise systems, including configuration reviews and threat reporting, with a requirement for on-site deployment across NATO's 32 member nations. This RFI is part of a broader initiative to enhance NATO's cybersecurity posture and will inform future contracting frameworks. Interested parties must submit their responses by May 16, 2025, to the NCIA, referencing the RFI number MS-424262-VA, and are encouraged to include relevant organizational experience and qualifications in their submissions.

    Point(s) of Contact
    No information provided.
    Files
    Title
    Posted
    MS-424262-VA.pdf
    The NCI Agency is conducting a Request for Information (RFI) to assess the availability and technical capability of NATO businesses able to provide White Box Vulnerability Assessment (VA) services for NATO networks. This initiative, identified as MS-424262-VA, aims to determine potential suppliers who can deliver in-depth evaluations on-site across NATO nations. Key requirements include the capability to conduct assessments, produce detailed reports, and address vulnerabilities related to network configurations and Active Directory control paths. Responses to the RFI should include organizational experience, security certifications, staff qualifications, and pricing models. Interested parties are expected to submit their responses by May 16, 2025. The goal of this market survey is to refine the NCI Agency’s acquisition strategy while ensuring that proposals align with NATO regulations and standards. The results will inform future contracting frameworks, emphasizing collaboration across NATO's 32 member nations. The process is part of a broader commitment to enhance NATO's cybersecurity posture.
    Lifecycle
    Title
    Type
    NATO Request for Information: White Box Vulnerability Assessment (VA) Services
    Currently viewing
    Special Notice
    Similar Opportunities
    NATO Request for Information: NATO Public Key Infrastructure – Third Party Trust
    Commerce, Department Of
    The NATO Communications and Information Agency (NCIA) is seeking information from industry partners regarding capabilities to support the issuance of publicly trusted certificates for document signing, email signing, and Transport Layer Security (TLS). This Request for Information (RFI), designated RFI-424314-NPKI-TPT, aims to gather insights on potential solutions for qualified electronic signatures under EU eIDAS regulations, as well as public-facing TLS certificates and client authentication certificates for enterprise use. The information collected will assist NCIA in understanding the marketplace and developing future acquisition strategies, with responses due by 12:00 hours CET on January 5, 2026. Interested vendors from NATO member countries should submit their responses directly to the designated RFI Point of Contact, as submissions to the Department of Commerce will not be accepted.
    7A21--Audit and Change Monitoring Solution - RFI only
    Veterans Affairs, Department Of
    The Department of Veterans Affairs (VA) is seeking vendors for an enterprise-level Audit and Change Monitoring Solution through a Request for Information (RFI). The objective is to identify capable partners who can deploy, operate, and manage a comprehensive system that monitors and audits changes across the VA's diverse IT environment, ensuring compliance with regulations such as FISMA, HIPAA, and NIST. This solution is critical for enhancing security and operational efficiency within the VA's IT infrastructure, providing real-time detection, centralized audit logging, and 24/7 support. Responses to the RFI are due by December 19, 2025, at 4 PM EDT, and interested parties should contact Contract Specialist Elena Juliano at Elena.Juliano@va.gov or 848-377-5246 for further information.
    NATO Business Opportunity: Procurement of Ultra High Frequency (UHF) Tactical Satellite (TACSAT) Radios – Ancillaries and Installation for Static UHF TACSAT Sites
    Commerce, Department Of
    The Department of Commerce, specifically the Bureau of Industry and Security, is preparing to issue an Invitation for Bid (IFB) for the procurement of Ultra High Frequency (UHF) Tactical Satellite (TACSAT) Radios, including ancillaries and installation for static UHF TACSAT sites, as part of a NATO initiative. The project entails the design, procurement, installation, and testing of equipment for nine NATO static installations, ensuring the delivery of a fully integrated UHF communication system that is interoperable with existing NATO radio elements and meets stringent environmental and security compliance standards. This procurement is critical for enhancing NATO's communication capabilities, with the anticipated period of performance spanning from Q4 2024 to Q2 2025, and a one-year warranty and in-service support included. Interested U.S. contractors must maintain a facility in the U.S., be pre-approved for NATO International Competitive Bidding, and submit a Declaration of Eligibility by January 7, 2026, with the IFB expected to be distributed in Q1 2026. For further inquiries, contact Lee Ann Carpenter at LeeAnn.Carpenter@bis.doc.gov.
    RFQ: Start a commercially provided Virtual Private Network Service (VPNS) in Europe.
    Dept Of Defense
    The Department of Defense, through the Defense Information Systems Agency (DISA), is seeking proposals for the establishment of a commercially provided Virtual Private Network Service (VPNS) in Europe. This procurement aims to secure telecommunication services that comply with specific commercial item terms and conditions, as outlined in the solicitation. The selected provider will be responsible for delivering services that include monthly recurring charges and any applicable tier pricing, with the evaluation based on a lowest price technically acceptable (LPTA) source selection process. Interested vendors must ensure they are registered under the appropriate NAICS code (517111) and submit their quotes, including their UEI or CAGE code for verification, to the primary contact, Susana Suber, at susana.m.suber.civ@mail.mil, or the secondary contact, Brett Kaufman, at brett.m.kaufman.civ@mail.mil.
    RFQ: Start a commercially provided Virtual Private Network Service (VPNS) in Europe.
    Dept Of Defense
    The Department of Defense, through the Defense Information Systems Agency (DISA), is seeking proposals for a commercially provided Virtual Private Network Service (VPNS) in Europe. This procurement aims to establish a reliable telecommunications service that meets specific operational requirements, with a focus on compliance with commercial item terms and conditions as outlined in the solicitation. The selected provider will be evaluated based on the lowest price technically acceptable (LPTA) criteria, and all quotations must detail monthly recurring charges, non-recurring charges, and any applicable tier pricing. Interested vendors must contact Susana Suber or Brett Kaufman for further information and must ensure they are registered under the appropriate NAICS code (517111) to access the solicitation documents.
    NCIA SSP for Athena and Magellan 2026
    State, Department Of
    The U.S. Department of State, through the U.S. Embassy in Brussels, is preparing to issue a presolicitation for a firm-fixed-price contract to provide access to NATO’s telecommunications infrastructure via the Athena and Magellan circuit lines. This procurement is critical for ensuring secure and dedicated communication channels for U.S. personnel working with NATO, as these connections are vital for operational requirements and maintaining connectivity with NATO Headquarters and allies. Interested vendors must register on the System for Award Management (SAM) website, as registration is mandatory for contracts exceeding $40,000, and electronic submissions will be accepted once the solicitation is officially released. For further inquiries, potential bidders can contact Andrew Malandrino or Michael Abrahams at BrusselsBids@state.gov.
    RFQ: Start a commercially provided Virtual Private Network Service (VPNS) in Europe.
    Dept Of Defense
    The Department of Defense, through the Defense Information Systems Agency (DISA), is seeking quotes for the establishment of a commercially provided Virtual Private Network Service (VPNS) in Europe. This procurement aims to secure telecommunications services that comply with specific commercial item terms and conditions, as outlined in the solicitation. The selected provider will be responsible for delivering services that include monthly recurring charges and any applicable non-recurring charges, with a focus on meeting the outlined acceptance criteria. Interested vendors must ensure they are registered under the appropriate NAICS code (517111) and submit their quotes in accordance with the lowest price technically acceptable (LPTA) evaluation process. For further inquiries, potential bidders can contact Susana Suber or Brett Kaufman via their respective emails.
    RFQ: Start a commercially provided Virtual Private Network Service (VPNS) in Europe.
    Dept Of Defense
    The Department of Defense, through the Defense Information Systems Agency (DISA), is seeking proposals for a commercially provided Virtual Private Network Service (VPNS) in Europe. This procurement aims to establish a reliable telecommunications service that meets specific operational requirements, with an emphasis on compliance with commercial item terms and conditions as outlined in the solicitation. The selected provider will be evaluated based on the lowest price technically acceptable (LPTA) criteria, and all quotations must detail monthly recurring charges, non-recurring charges, and any tier pricing for additional service months. Interested vendors must contact Susana Suber or Brett Kaufman for further information and must ensure they are registered under the appropriate NAICS code (517111) to access the solicitation documents.
    Industry Feedback on NGC2 Emerging Architecture
    Dept Of Defense
    The Department of Defense, specifically the Army Contracting Command at Aberdeen Proving Ground, is seeking industry feedback on the Next Generation Command and Control (NGC2) Emerging Architecture. This request for information (RFI) aims to gather insights on a multi-layer technology stack that supports Army operations, focusing on composability, data layer design patterns, and software deployment readiness within the NGC2 ecosystem. The initiative is critical for enhancing decision-making capabilities on the modern battlefield, emphasizing the need for innovative technical and business approaches. Interested parties must submit their responses via a designated form by December 22, 2025, and can contact MAJ Quentin Sica or William Wimbury for further information.
    Capacity as A Service (CaaS)
    Dept Of Defense
    The Department of Defense, specifically the Marine Corps Installations National Capital Region – Regional Contracting Office (MCINCR-RCO), is conducting market research to identify small business vendors capable of providing Capacity as a Service (CaaS) to support its Research, Development, Testing, and Evaluation (RDT&E) core infrastructure, laboratory environments, and data centers. The CaaS solution will involve the provision, installation, and maintenance of compute, networking, and storage hardware at designated government facilities, with a focus on modular, enterprise-grade performance and compliance with DoD security requirements. Interested vendors are invited to submit their responses to the Request for Information (RFI) by January 16, 2025, at 08:00 AM EST, and should direct their submissions to Kellie Holley and Kevin Guertin via email. This RFI is for informational purposes only and does not constitute a solicitation for offers.