Continuous Autonomous Penetration Testing Service
ID: OIS202400148Type: Solicitation
Overview

Buyer

THE LEGISLATIVE BRANCHJOINT HOUSE AND SENATE ENTITIESUS CAPITOL POLICE PROCUREMENTWASHINGTON, DC, 20003, USA

NAICS

Other Computer Related Services (541519)

PSC

SPECIAL STUDIES/ANALYSIS- TECHNOLOGY (B544)

Original Source

https://sam.gov/opp/69a73480576c449f9d29bc8df833fecd/view
Timeline
    Description

    The US Capitol Police Procurement office is seeking proposals for a Continuous Autonomous Penetration Testing Service to enhance cybersecurity measures within the Legislative Branch. This procurement involves on-demand penetration testing capabilities, utilizing specified tools, with a requirement for quarterly scans and additional on-demand assessments, focusing on both internal and external vulnerabilities. The initiative underscores the importance of systematic cybersecurity evaluations to ensure compliance with federal IT security standards and to bolster the security posture against potential threats. Interested vendors should submit proposals on company letterhead to Brian Perry at brian.perry@uscp.gov, with a total budget of $4,000 allocated for each annual service over a contract period from September 30, 2024, through September 29, 2029, including one base year and four option years.

    Point(s) of Contact
    Brian Perry
    Brian.perry@uscp.gov
    Files
    Title
    Posted
    DESCRIPTION.docx
    The document outlines a requirement for continuous autonomous penetration testing services and Active Directory (AD) password audits as part of a government procurement initiative. The primary vendor, Oventium, is set to provide four autonomous penetration tests each year over a five-year period, generating comprehensive reports and a letter of attestation for each test. Additionally, the NodeZero AD Password Audit is scheduled to occur annually for four years. Each penetration test incurs a cost of $4,000, while each password audit is noted to occur once per year. This procurement supports governmental cybersecurity efforts, aiming to enhance the resilience and security posture of sensitive information systems against potential threats. By establishing a structured testing and auditing framework, the government aims to ensure compliance, mitigate risks, and continuously monitor cybersecurity effectiveness throughout the duration of the contract.
    DESCRIPTION 1.docx
    The government document outlines a Request for Proposals (RFP) for a Continuous Autonomous Penetration Testing service, covering a series of cybersecurity evaluations across four years. Each year entails executing four autonomous penetration tests, accompanied by comprehensive reports, findings, and letters of attestation to validate the security assessments. Additionally, separate NodeZero Active Directory Password Audits are mandated for each year, indicating a focus on securing identity management and access controls. The total budget set for each annual penetration testing service amounts to $4,000. This RFP underscores the government's commitment to enhance cybersecurity measures by ensuring regular and systematic assessments and audits of their digital infrastructure, reflecting compliance with federal standards for IT security protocols and risk management. The structured approach aims to bolster security posture against potential threats and vulnerabilities in government systems over the specified duration.
    QUESTIONS DOCUMENT.docx
    The document outlines requirements for on-demand penetration testing services aimed at assessing internal and external vulnerabilities within a governmental framework. The preferred tool for these services is the NodeZero SaaS, which allows for quarterly penetration tests within the organization's network. The contractor will need to provide licenses and support for the selected tools, including options for various types of penetration testing like network, application, wireless, and social engineering. The scope encompasses a mix of internal and external testing across several systems, with reports detailing vulnerabilities and recommended fixes as a crucial deliverable. There is flexibility regarding equivalent solutions to specified products, ensuring that vendors can propose alternatives. The solicitation starts on September 30, 2024, for a duration of one year, with options for renewal. Overall, the document emphasizes the organization’s intent to maintain robust security through regular, vendor-supported assessments without requiring physical presence for testing. This procurement initiative reflects a strategic approach to enhancing cybersecurity measures within federal systems.
    Lifecycle
    Title
    Type
    Continuous Autonomous Penetration Testing Service
    Currently viewing
    Solicitation
    Similar Opportunities
    EXPLOSIVE TRANSPORT BOX
    Active
    The Legislative Branch
    The United States Capitol Police (USCP) is seeking quotations for the procurement of a 6-foot Explosive Transportation Box, aimed at enhancing their capabilities in safely transporting hazardous materials. The solicitation specifies a requirement for one unit, reflecting the agency's commitment to maintaining stringent security protocols associated with explosives. This procurement is part of the USCP's ongoing efforts to ensure safety and regulatory compliance in the handling of specialized ammunition. Interested vendors should direct their quotes to Brian Perry at brian.perry@uscp.gov, with all submissions due by the specified deadline.
    USAC RFP: IT Security Micro-segmentation Tool
    Active
    Federal Communications Commission
    The Universal Service Administrative Company (USAC), under the direction of the Federal Communications Commission (FCC), is seeking proposals for an IT Security Micro-segmentation Tool. This Request for Proposal (RFP) aims to acquire a solution that enhances IT security through micro-segmentation, which is critical for protecting sensitive data and ensuring compliance with security protocols. Proposals must be submitted electronically by October 3, 2024, at 11:00 AM ET, and further details can be found on USAC's procurement website. For inquiries, interested parties may contact Mustafa Kamal at Mustafa.Kamal@usac.org or Noor Jalal at noor.jalal@usac.org.
    Videographer Services
    Active
    The Legislative Branch
    The United States Capitol Police (USCP) is seeking qualified contractors to provide videographer services to enhance its Public Information Office (PIO) communications. The primary objectives include producing high-quality videos for public safety campaigns, improving community engagement, and supporting media relations with timely video assets. The selected contractor will collaborate with the PIO team to create video concepts, manage logistics, and ensure high-definition audio and visual quality during production, with deliverables including a production schedule, various video formats, and performance analytics reports. The contract period is from September 30, 2024, to September 29, 2025, with services needed approximately two to three times a month. Interested parties should contact Laurina Cardoso at laurina.cardoso@uscp.gov or call 202-963-8770 for further details and to submit proposals, which must include itemized pricing and relevant video examples.
    ForeScout Counteract
    Active
    International Trade Commission, United States (duns # 02-1877998)
    The United States International Trade Commission (USITC) is seeking quotations for the procurement of ForeScout Counteract virtual security appliance software, specifically targeting small businesses under NAICS Code 423430. The procurement includes requirements for ActiveCare Advanced support for a two-device configuration over a one-year period and mandates that only certified ForeScout resellers may submit quotations. This software is crucial for maintaining the cybersecurity of the Commission's internal networks, ensuring continuity and protection against potential threats. Interested parties must submit their bids by 10:00 p.m. E.T. on September 19, 2024, with inquiries due by September 16, 2024; for further information, contact Meaghann Peak at meaghann.peak@usitc.gov.
    Cyber Security Tools
    Active
    Dept Of Defense
    The Department of Defense, specifically the Department of the Army, is seeking proposals for the procurement of Cyber Security Tools through a combined synopsis/solicitation. This opportunity is aimed at acquiring commercial products or services that enhance IT and telecom security and compliance, as outlined under the NAICS code 517810 and PSC code 7J20. The tools are critical for ensuring robust cybersecurity measures within military operations, emphasizing the importance of safeguarding sensitive information and infrastructure. Interested small businesses are encouraged to submit their proposals, with inquiries directed to Marketplace Support at marketplacesupport@unisonglobal.com, as this contract is set aside for total small business participation.
    Integrated Productivity, Collaboration, and Security Software for On-Premises, Mobile, and Cloud-Based Environments Services
    Active
    State, Department Of
    The U.S. Department of State is seeking industry input for the procurement of an Integrated Productivity, Collaboration, and Security Software suite that operates across on-premises, mobile, and cloud environments. The objective is to identify a Commercial-off-the-Shelf (COTS) software solution that meets federal security requirements while being user-friendly, flexible, and scalable to accommodate specific State needs. This initiative is part of the Department's broader strategy to modernize its IT infrastructure, enhancing global operations and collaboration capabilities. Interested vendors should submit their company information, functional capabilities, and examples of past performance to John Warner at WarnerJ1@state.gov, as participation in this Request for Information does not guarantee a contract award.
    5G Capable Cellular Drive Test Scanner
    Active
    Homeland Security, Department Of
    The Department of Homeland Security, through the United States Secret Service (USSS), is seeking information from qualified vendors regarding the procurement of a 5G capable cellular drive test scanner and associated analytical software. This initiative aims to enhance the USSS's capabilities in investigating financial crimes by enabling the collection and analysis of cellular data across various generations, from 2G to 5G, while ensuring compliance with the Communications Assistance for Law Enforcement Act (CALEA). The project underscores the importance of modernizing investigative tools to adapt to evolving crime and technology, with requirements for interoperability with existing equipment, comprehensive training for personnel, and ongoing maintenance support. Interested parties are encouraged to submit their capability statements and feedback on the draft Statement of Work to the designated contacts, Stephen Kenny and Matthew Sutton, with the understanding that this notice is for information gathering only and does not constitute a commitment to award a contract.
    Penetration and Conduit Deployment in US Mission premises
    Active
    State, Department Of
    The U.S. Department of State is seeking contractors for a fixed-price contract to perform penetration and conduit deployment work at two U.S. mission premises in Paris, France. The project involves the installation of conduits and penetration sleeves at the U.S. Chancery and Raphael Building, requiring completion within 90 days post-award while ensuring minimal disruption to the facilities' occupants. This work is critical for enhancing operational functionality and connectivity within these government buildings, which must maintain their historic integrity. Interested contractors must submit their proposals electronically by September 19, 2024, and are required to be registered in the System for Award Management (SAM) prior to submission. For further inquiries, potential offerors can contact Craig N. Deatrick at deatrickcn@state.gov or Jean-Charles Royer at royerjc@state.gov.
    VERIFICATION OF WINGARD EVALUATION AND TESTING (WET) at REDUCED SETBACKS
    Active
    State, Department Of
    The U.S. Department of State is seeking proposals for the verification of Wingard Evaluation and Testing (WET) at reduced setbacks, focusing on forced entry and blast-resistant glazing designs. The objective is to ensure that these designs meet performance standards under various loading conditions that differ from historical data, which is critical for enhancing physical security infrastructure. This procurement is significant as it involves testing and validating glazing systems to protect government facilities against explosive threats. Interested offerors must submit their proposals by October 3, 2024, and should direct any inquiries to Lisa Pizarro at PizarroL1@state.gov or Amber Gray at GrayAL@state.gov. Note that funding is not currently available, and awards will only be made once funds are secured.
    Physical Fitness Test Administration
    Active
    Homeland Security, Department Of
    The Department of Homeland Security, specifically the U.S. Secret Service, is seeking contractor support for the administration of the Applicant Physical Abilities Test (APAT) used in the selection of law enforcement personnel. The contractor will be responsible for maintaining, hosting, and scoring the physical ability assessments, which include components such as push-ups, sit-ups, agility runs, and a 1.5-mile run, conducted at pre-approved facilities. This initiative is critical for ensuring that applicants meet the physical standards necessary for the demanding roles within the Secret Service. Interested parties should contact John Akin at john.akin@usss.dhs.gov or 407-212-0577 for further details, with the formal solicitation expected to be posted by COB on Monday, the 16th, and the contract potentially spanning 12 months with four optional renewals.