FDA Cybersecurity Risk Management and Compliance Services
ID: SS-75F40126Q00036Type: Sources Sought
Overview

Buyer

HEALTH AND HUMAN SERVICES, DEPARTMENT OFFOOD AND DRUG ADMINISTRATIONFDA OFFICE OF ACQ GRANT SVCSBeltsville, MD, 20705, USA

Original Source

https://sam.gov/workspace/contract/opp/9d90dd0e471445e88e988bd545f8e427/view
Timeline
    Description

    The U.S. Food and Drug Administration (FDA) is seeking qualified small businesses, specifically SBA certified 8(a) vendors, to provide Cybersecurity Risk Management and Compliance Services as part of a market research initiative. The primary objective is to enhance the FDA's cybersecurity posture and ensure compliance with federal mandates, including FISMA and Executive Order 14028, by addressing evolving threats to its extensive IT infrastructure. The scope of services includes security authorization support, policy development, Enterprise Governance Risk and Compliance (eGRC) support, and cybersecurity risk management documentation, with the potential for various task order types such as Firm Fixed Price and Labor Hour. Interested parties must submit their responses by February 4, 2026, at 2:00 PM ET, detailing their qualifications and experience, and can contact Michelle Dacanay at michelle.dacanay@fda.hhs.gov for further information.

    Point(s) of Contact
    Michelle Dacanay
    michelle.dacanay@fda.hhs.gov
    Files
    Title
    Posted
    SS_75F40126Q00036 Attachment Draft SOW.pdf
    The FDA is seeking cybersecurity risk management services through a Blanket Purchase Agreement (BPA) to enhance its cybersecurity posture and comply with federal mandates. The services will address evolving threats to the FDA's extensive IT infrastructure, which includes 111 FISMA-reportable systems and various cloud environments. Key objectives include improving security controls, strengthening information security against threats, expanding awareness and collaboration, mitigating IT enterprise weaknesses, and developing IT security policies. The scope covers technical and management services, and subscriptions/licenses. Task areas include security authorization support, policy and data call support, Enterprise Governance Risk and Compliance (eGRC) support, cybersecurity risk management documentation, and transition services. The contract type allows for Firm Fixed Price, Labor Hour, or Time and Material task orders. Personnel must be adequately trained and certified, with specific requirements for Program Managers and Technical Writers. The place of performance is primarily the Washington, D.C. metropolitan area, with remote work options available. The contractor must adhere to stringent security and privacy requirements, including safeguarding sensitive information, mandatory training, incident response protocols, and compliance with federal regulations such as FISMA, NIST, and the Privacy Act.
    SS_75F40126Q00036 Cybersecurity Compliance.pdf
    The U.S. Food and Drug Administration (FDA) has issued a Sources Sought Notice (SS-75F40126Q00036) for Cybersecurity Risk Management and Compliance Services. This notice is for market research to identify small businesses, specifically SBA certified 8(a) vendors, under GSA Multiple Award Schedule (MAS) categories 54151S and 54151HACS. The FDA seeks professional services to enhance its cybersecurity posture, aligning with federal mandates like FISMA and EO 14028. The scope includes ongoing security authorization, LMS support, security policy, eGRC support, risk management documentation, and transition services. Responses, due by February 4, 2026, at 2:00 PM ET, should detail contact information, socio-economic status, GSA contract numbers, and experience in security authorizations, FedRAMP, and audit activities.
    Lifecycle
    Title
    Type
    FDA Cybersecurity Risk Management and Compliance Services
    Currently viewing
    Sources Sought
    Similar Opportunities
    Request for Information (RFI) Advanced Mass Spectrometry Systems
    Health And Human Services, Department Of
    The U.S. Food and Drug Administration (FDA) is issuing a Request for Information (RFI) to gather insights from potential vendors regarding advanced mass spectrometry systems to support its laboratories. The FDA aims to assess market capabilities, vendor interest, and inform future acquisition planning for various mass spectrometry systems, including LC-MS/MS, high-resolution mass spectrometry, and triple quadrupole ICP-MS systems. These advanced instruments are critical for the FDA's mission to conduct chemical analyses of foods, drugs, and other products to ensure compliance with federal regulations. Interested vendors should submit their responses by February 2, 2026, at 10:00 AM EST to Warren Jackson at warren.jackson@fda.hhs.gov, with the subject line "FDA-RFI-75F40126Q00041 – Spectrometry Systems."
    FY26 FDA Broad Agency Announcement (BAA) for Advanced Research and Development of Regulatory Science
    Health And Human Services, Department Of
    The Department of Health and Human Services, specifically the Food and Drug Administration (FDA), is soliciting proposals through the FY26 Broad Agency Announcement (BAA) for advanced research and development in regulatory science. This opportunity aims to acquire innovative research that supports the modernization of FDA-regulated product development, enhances post-market surveillance, and strengthens public health preparedness. The FDA encourages submissions from all responsible sources, including private sector entities, federally funded research and development centers, and academic institutions, with a focus on projects that advance regulatory science to ensure product safety and efficacy across diverse populations. Interested parties must submit a checklist, concept paper, and full proposal by February 24, 2026, with early applications encouraged, and can direct inquiries to Ian Weiss at Ian.Weiss@fda.hhs.gov or by phone at 301-796-5728.
    FDA Data Dashboard Bridge Order
    Health And Human Services, Department Of
    The Department of Health and Human Services, specifically the Food and Drug Administration (FDA), is issuing a sole source bridge order to Salient CRGT, Inc. for the FDA Data Dashboard project. This procurement aims to support the FDA’s Division of Enforcement Systems Solutions through a limited source justification in accordance with FAR 8.405-6 requirements, utilizing the GSA MAS Schedule 54151S for Information Technology Professional Services. The services provided are critical for maintaining and enhancing the FDA's data management capabilities, ensuring effective enforcement and regulatory compliance. Interested parties can reach out to Michelle Dacanay at michelle.dacanay@fda.hhs.gov for further details regarding this opportunity.
    Clinical Research Products Management Center (CRPMC)
    Health And Human Services, Department Of
    The Department of Health and Human Services, specifically the National Institutes of Health (NIH) through the National Institute of Allergy and Infectious Diseases (NIAID), is seeking qualified small business sources for the Clinical Research Products Management Center (CRPMC) contract. This contract aims to provide comprehensive management and oversight of investigational study products for clinical trials, ensuring compliance with federal regulations and supporting critical research in HIV/AIDS and related areas. The anticipated contract will span seven years, beginning approximately March 16, 2027, and will require the delivery of 27 full-time equivalents (FTEs) annually, with options for increased labor as needed. Interested parties must submit a capability statement by January 23, 2026, to Shawnice Williams at shawnice.williams@nih.gov, adhering to specified formatting guidelines.
    Vulnerability Disclosure Program (VDP) Enterprise Management System (EMS)
    Dept Of Defense
    The Department of Defense, specifically the Department of the Air Force, is seeking proposals for a Vulnerability Disclosure Program (VDP) Enterprise Management System (EMS) to support its Cyber Crime Center (DC3). The procurement aims to secure a commercial solution that includes vulnerability submission workflows, researcher engagement tools, and advanced reporting capabilities for both the DoD and Defense Industrial Base (DIB) VDPs. This initiative is crucial for enhancing the security of the DoD Information Network and leveraging crowdsourced cybersecurity expertise. Proposals are due by January 9, 2026, at 1600 EST, and interested parties should direct inquiries to Phelicha Silva at phelicha.silva@us.af.mil or Ryan Amos at ryan.amos.5.ctr@us.af.mil. Please note that funding for this contract is contingent upon the availability of appropriated funds.
    Preventive Maintenance and Repair service for the Cryo-Cooler components of a Bruker Biospec 47/40 magnetic resonance imaging (MRI) unit (base year plus two possible one-year option years)
    Health And Human Services, Department Of
    The Department of Health and Human Services, specifically the Food and Drug Administration (FDA), is seeking quotes for preventive maintenance and repair services for the Cryo-Cooler components of a Bruker Biospec 47/40 magnetic resonance imaging (MRI) unit. The procurement involves a firm-fixed-price contract for a base year with two optional one-year extensions, requiring contractors to provide annual on-site maintenance, unlimited corrective repairs within three business days, certified OEM parts, and software updates. This service is critical for ensuring the operational reliability of the MRI unit, which plays a vital role in toxicological research at the FDA's National Center for Toxicological Research (NCTR). Quotes are due by January 8, 2026, and will be evaluated based on technical capability, past performance, and price, with inquiries directed to Suzanne Martella at suzanne.martella@fda.hhs.gov or by phone at 870-543-7540.
    Defense Health Agency Data Governance Transforming the Data Landscape: A Strategic Imperative for Modern Healthcare in Support of Military Readiness
    Dept Of Defense
    The Defense Health Agency (DHA) is seeking proposals from qualified small businesses to provide contractor support for advancing enterprise data readiness and governance within the Military Health System. The primary objectives include developing a comprehensive baseline data inventory, establishing a centralized metadata repository, conducting an Analysis of Alternatives for an enterprise data catalog, and implementing automated metadata harvesting tools to enhance data accessibility and usability. This initiative is critical for improving decision-making and operational efficiency in military healthcare, aligning with the Department of Defense's data strategy principles. The contract, valued at approximately $34 million, has a performance period from January 30, 2026, to January 29, 2027, with proposals due by January 9, 2026. Interested parties should direct inquiries to Linda M. Walker or Andrea V. Rivas via the provided email addresses.
    6505--36C77026Q0061/RFI/Domestic Sources Rx_MedSurge
    Veterans Affairs, Department Of
    The Department of Veterans Affairs (VA) is seeking information from domestic pharmaceutical manufacturers through a Request for Information (RFI) designated 36C77026Q0061, aimed at supporting the Consolidated Mail Outpatient Pharmacy (CMOP) in fulfilling its Open Market (OM) purchasing needs. The RFI seeks to identify both small and large businesses capable of providing a range of pharmaceutical products and ancillary items, with a focus on those manufactured in the United States, to enhance the supply chain for approximately 450,000 prescriptions mailed daily to Veterans. Interested manufacturers are required to submit detailed company and product information, including FDA-approved NDC numbers and operational capabilities, by March 15, 2026, at 4:30 PM CT. For further inquiries, respondents can contact Michael McAlhaney at Michael.McAlhaney@va.gov or (913) 684-1976.
    Dimethyl Fumarate DR Presolicitation
    Dept Of Defense
    The Defense Logistics Agency (DLA) is planning to issue a solicitation for a national requirements contract for Dimethyl Fumarate DR capsules, specifically 120MG capsules in 14 count bottles and 240MG capsules in 60 count bottles. This procurement aims to establish a reliable national supply source for these pharmaceutical products, which are essential for Department of Defense (DoD) customers through the DLA prime vendor program. The contract will be a firm-fixed price, requirements type contract with a one-year base period and four one-year options, emphasizing compliance with federal regulations and efficient distribution of pharmaceuticals for military healthcare. Interested parties should contact Kevin Rafferty at kevin.rafferty@dla.mil or 215-737-0907 for further inquiries, and the projected solicitation date is February 2021, with an amendment extending the offer submission deadline to October 14, 2021, at 3:00 PM EST.
    Locklizard DRM
    Justice, Department Of
    The Department of Justice, specifically the Federal Bureau of Investigation (FBI), is seeking proposals for the procurement of Locklizard Digital Rights Management (DRM) software licenses and associated services. The contract includes perpetual licenses for primary and secondary servers, accommodating 1 Admin, 2 Writers, 500 Documents, and 5000 Customers each, along with add-on applications for Command Line and Ecommerce, and a version upgrade for the Safeguard Enterprise software. This procurement is crucial for ensuring secure document management and compliance within the FBI's operations. Interested vendors should note that the contract is set to begin on February 1, 2026, with a base period of one year and three optional one-year extensions, and they can reach out to Donald B. Carlston at dbcarlston@fbi.gov or by phone at 771-225-6445 for further inquiries.