Continuous Autonomous Penetration Testing Service
ID: OIS202400148Type: Solicitation
Overview

Buyer

THE LEGISLATIVE BRANCHJOINT HOUSE AND SENATE ENTITIESUS CAPITOL POLICE PROCUREMENTWASHINGTON, DC, 20003, USA

NAICS

Other Computer Related Services (541519)

PSC

SPECIAL STUDIES/ANALYSIS- TECHNOLOGY (B544)

Original Source

https://sam.gov/opp/dc9a128b00224b3e9127900dd9618480/view
Timeline
    Description

    The US Capitol Police Procurement office is seeking proposals for a Continuous Autonomous Penetration Testing Service to enhance cybersecurity measures within the Legislative Branch. This procurement involves on-demand penetration testing capabilities, utilizing specified tools, with a requirement for quarterly scans and additional on-demand assessments, focusing on both internal and external vulnerabilities. The initiative underscores the importance of systematic cybersecurity evaluations to ensure compliance with federal IT security standards and to bolster the security posture against potential threats. Interested vendors should submit proposals on company letterhead to Brian Perry at brian.perry@uscp.gov, with a total budget of $4,000 allocated for each annual service over a contract period from September 30, 2024, through September 29, 2029, including one base year and four option years.

    Point(s) of Contact
    Brian Perry
    Brian.perry@uscp.gov
    Files
    Title
    Posted
    DESCRIPTION.docx
    The document outlines a requirement for continuous autonomous penetration testing services and Active Directory (AD) password audits as part of a government procurement initiative. The primary vendor, Oventium, is set to provide four autonomous penetration tests each year over a five-year period, generating comprehensive reports and a letter of attestation for each test. Additionally, the NodeZero AD Password Audit is scheduled to occur annually for four years. Each penetration test incurs a cost of $4,000, while each password audit is noted to occur once per year. This procurement supports governmental cybersecurity efforts, aiming to enhance the resilience and security posture of sensitive information systems against potential threats. By establishing a structured testing and auditing framework, the government aims to ensure compliance, mitigate risks, and continuously monitor cybersecurity effectiveness throughout the duration of the contract.
    DESCRIPTION 1.docx
    The government document outlines a Request for Proposals (RFP) for a Continuous Autonomous Penetration Testing service, covering a series of cybersecurity evaluations across four years. Each year entails executing four autonomous penetration tests, accompanied by comprehensive reports, findings, and letters of attestation to validate the security assessments. Additionally, separate NodeZero Active Directory Password Audits are mandated for each year, indicating a focus on securing identity management and access controls. The total budget set for each annual penetration testing service amounts to $4,000. This RFP underscores the government's commitment to enhance cybersecurity measures by ensuring regular and systematic assessments and audits of their digital infrastructure, reflecting compliance with federal standards for IT security protocols and risk management. The structured approach aims to bolster security posture against potential threats and vulnerabilities in government systems over the specified duration.
    QUESTIONS DOCUMENT.docx
    The document outlines requirements for on-demand penetration testing services aimed at assessing internal and external vulnerabilities within a governmental framework. The preferred tool for these services is the NodeZero SaaS, which allows for quarterly penetration tests within the organization's network. The contractor will need to provide licenses and support for the selected tools, including options for various types of penetration testing like network, application, wireless, and social engineering. The scope encompasses a mix of internal and external testing across several systems, with reports detailing vulnerabilities and recommended fixes as a crucial deliverable. There is flexibility regarding equivalent solutions to specified products, ensuring that vendors can propose alternatives. The solicitation starts on September 30, 2024, for a duration of one year, with options for renewal. Overall, the document emphasizes the organization’s intent to maintain robust security through regular, vendor-supported assessments without requiring physical presence for testing. This procurement initiative reflects a strategic approach to enhancing cybersecurity measures within federal systems.
    Lifecycle
    Title
    Type
    Continuous Autonomous Penetration Testing Service
    Currently viewing
    Solicitation
    Similar Opportunities
    EXPLOSIVE TRANSPORT BOX
    Active
    The Legislative Branch
    The United States Capitol Police (USCP) is seeking quotations for the procurement of a 6-foot Explosive Transportation Box, aimed at enhancing their capabilities in safely transporting hazardous materials. The solicitation specifies a requirement for one unit, reflecting the agency's commitment to maintaining stringent security protocols associated with explosives. This procurement is part of the USCP's ongoing efforts to ensure safety and regulatory compliance in the handling of specialized ammunition. Interested vendors should direct their quotes to Brian Perry at brian.perry@uscp.gov, with all submissions due by the specified deadline.
    USAC RFP: IT Security Micro-segmentation Tool
    Active
    Federal Communications Commission
    The Universal Service Administrative Company (USAC), under the direction of the Federal Communications Commission (FCC), is seeking proposals for an IT Security Micro-segmentation Tool. This Request for Proposal (RFP) aims to acquire a solution that enhances IT security through micro-segmentation, which is critical for protecting sensitive data and ensuring compliance with security protocols. Proposals must be submitted electronically by October 3, 2024, at 11:00 AM ET, and further details can be found on USAC's procurement website. For inquiries, interested parties may contact Mustafa Kamal at Mustafa.Kamal@usac.org or Noor Jalal at noor.jalal@usac.org.
    INTOXIMETER
    Active
    The Legislative Branch
    The United States Capitol Police (USCP) is seeking qualified suppliers to provide intoximeter instruments and associated components as part of their procurement initiative. The requirements include the EC/IR II device, printer units, maintenance training, 5,000 mouthpieces, and necessary cables and power supplies, with a total quantity of four for most items. This procurement is crucial for enhancing the USCP's operational efficiency and compliance in law enforcement activities. Interested suppliers should submit their quotes on company letterhead via email to Brian Perry at brian.perry@uscp.gov, with delivery directed to the USCP property in Washington, DC.
    ForeScout Counteract
    Active
    International Trade Commission, United States (duns # 02-1877998)
    The United States International Trade Commission (USITC) is seeking quotations for the procurement of ForeScout Counteract virtual security appliance software, specifically targeting small businesses under NAICS Code 423430. The procurement includes requirements for ActiveCare Advanced support for a two-device configuration over a one-year period and mandates that only certified ForeScout resellers may submit quotations. This software is crucial for maintaining the cybersecurity of the Commission's internal networks, ensuring continuity and protection against potential threats. Interested parties must submit their bids by 10:00 p.m. E.T. on September 19, 2024, with inquiries due by September 16, 2024; for further information, contact Meaghann Peak at meaghann.peak@usitc.gov.
    Cybersecurity, Architecture & Implementation, Technical Operations, Ops Projects & Cloud Svcs
    Active
    Treasury, Department Of The
    The Department of the Treasury, specifically the Internal Revenue Service (IRS), is seeking qualified vendors to provide commercial software licenses and maintenance services, focusing on advanced cybersecurity solutions. The procurement aims to enhance the IRS's IT infrastructure through the acquisition of Brand Name or Equal COTS software, including HPE Ezmeral, Ciphertrust, Elastic Search, and One Identity, to bolster data protection and analysis capabilities against cyber threats. This initiative is critical for ensuring compliance with federal standards and safeguarding sensitive information, with the contract performance period commencing on September 28, 2024, and extending through September 27, 2029. Interested parties must submit their quotes by 10:00 AM EST on September 19, 2024, and direct any inquiries to Vanessa Rodgers at vanessa.rodgers@irs.gov or JW Terry at jw.r.terry@irs.gov.
    Integrated Productivity, Collaboration, and Security Software for On-Premises, Mobile, and Cloud-Based Environments Services
    Active
    State, Department Of
    The U.S. Department of State is seeking industry input for the procurement of an Integrated Productivity, Collaboration, and Security Software suite that operates across on-premises, mobile, and cloud environments. The objective is to identify a Commercial-off-the-Shelf (COTS) software solution that meets federal security requirements while being user-friendly, flexible, and scalable to accommodate specific State needs. This initiative is part of the Department's broader strategy to modernize its IT infrastructure, enhancing global operations and collaboration capabilities. Interested vendors should submit their company information, functional capabilities, and examples of past performance to John Warner at WarnerJ1@state.gov, as participation in this Request for Information does not guarantee a contract award.
    5G Capable Cellular Drive Test Scanner
    Active
    Homeland Security, Department Of
    The Department of Homeland Security, through the United States Secret Service (USSS), is seeking information from qualified vendors regarding the procurement of a 5G capable cellular drive test scanner and associated analytical software. This initiative aims to enhance the USSS's capabilities in investigating financial crimes by enabling the collection and analysis of cellular data across various generations, from 2G to 5G, while ensuring compliance with the Communications Assistance for Law Enforcement Act (CALEA). The project underscores the importance of modernizing investigative tools to adapt to evolving crime and technology, with requirements for interoperability with existing equipment, comprehensive training for personnel, and ongoing maintenance support. Interested parties are encouraged to submit their capability statements and feedback on the draft Statement of Work to the designated contacts, Stephen Kenny and Matthew Sutton, with the understanding that this notice is for information gathering only and does not constitute a commitment to award a contract.
    Physical Fitness Test Administration
    Active
    Homeland Security, Department Of
    The Department of Homeland Security, specifically the U.S. Secret Service, is seeking contractor support for the administration of the Applicant Physical Abilities Test (APAT) used in the selection of law enforcement personnel. The contractor will be responsible for maintaining, hosting, and scoring the physical ability assessments, which include components such as push-ups, sit-ups, agility runs, and a 1.5-mile run, conducted at pre-approved facilities. This initiative is critical for ensuring that applicants meet the physical standards necessary for the demanding roles within the Secret Service. Interested parties should contact John Akin at john.akin@usss.dhs.gov or 407-212-0577 for further details, with the formal solicitation expected to be posted by COB on Monday, the 16th, and the contract potentially spanning 12 months with four optional renewals.
    VERIFICATION OF WINGARD EVALUATION AND TESTING (WET) at REDUCED SETBACKS
    Active
    State, Department Of
    The U.S. Department of State is seeking proposals for the verification of Wingard Evaluation and Testing (WET) at reduced setbacks, focusing on forced entry and blast-resistant glazing designs. The objective is to ensure that these designs meet performance standards under various loading conditions that differ from historical data, which is critical for enhancing physical security infrastructure. This procurement is significant as it involves testing and validating glazing systems to protect government facilities against explosive threats. Interested offerors must submit their proposals by October 3, 2024, and should direct any inquiries to Lisa Pizarro at PizarroL1@state.gov or Amber Gray at GrayAL@state.gov. Note that funding is not currently available, and awards will only be made once funds are secured.
    Field Emission Scanning Electron Microscope
    Active
    Homeland Security, Department Of
    The Department of Homeland Security, specifically the U.S. Secret Service, is seeking proposals for the procurement of a Field Emission Scanning Electron Microscope, which is essential for forensic analysis in combating counterfeiting of U.S. currency. The selected contractor will be responsible for supplying the microscope, ensuring its installation at the USSS Headquarters in Washington, D.C., and providing necessary training for users, all within a six-month timeframe post-award. This procurement is critical for enhancing the USSS's capabilities in safeguarding the U.S. economy and requires compliance with federal regulations, including accessibility standards. Interested contractors must submit their fixed-price proposals by September 18, 2024, and can direct inquiries to Jovan Bone or Matthew Sutton via their respective email addresses.