Vulnerability Disclosure Program Enterprise Management System (VDP EMS)
ID: FA701425X000XType: Sources Sought
Overview

Buyer

DEPT OF DEFENSEDEPT OF THE AIR FORCEFA7014 AFDW PKANDREWS AFB, MD, 20762-6604, USA

NAICS

Other Computer Related Services (541519)

PSC

IT AND TELECOM - BUSINESS APPLICATION SOFTWARE (PERPETUAL LICENSE SOFTWARE) (7A21)

Original Source

https://sam.gov/opp/371b62b8f6d44b3ea84ad642a77616cb/view
Timeline
    Description

    The Department of Defense, specifically the Department of the Air Force, is seeking vendors for an Enterprise Management System to enhance its Vulnerability Disclosure Program (VDP) and Defense Industrial Base (DIB) VDP. The primary objective is to procure an enterprise-grade platform that facilitates vulnerability submission, management workflows, and integration with existing systems, while also providing advanced analytics and community engagement features. This initiative is crucial for improving cybersecurity measures within the DoD and ensuring effective collaboration with the cybersecurity community to address vulnerabilities. Interested vendors should review the draft Performance Work Statement (PWS) and submit their capabilities by July 10, 2025, to the primary contact, Phelicha Silva, at phelicha.silva@us.af.mil, or the secondary contact, Ryan Amos, at ryan.amos.5.ctr@us.af.mil.

    Point(s) of Contact
    Phelicha Silva
    phelicha.silva@us.af.mil
    Ryan Amos
    ryan.amos.5.ctr@us.af.mil
    Files
    Title
    Posted
    PWS_VDP Enterprise Management System_v2_27 Jun 25.pdf
    The Department of Defense (DoD) is seeking a contractor for an enterprise management system to enhance its Vulnerability Disclosure Program (VDP), which identifies and mitigates cybersecurity threats to the DoD Information Network and Defense Industrial Base. The initiative, rooted in crowdsourcing, aims to leverage innovative cybersecurity expertise to address vulnerabilities effectively. The contractor will provide licenses for both the DoD and Defense Industrial Base VDPs, ensuring compliance and collaboration in vulnerability management. Key deliverables include an enterprise-grade platform for vulnerability submission, management workflows, advanced analytics, and community engagement features. Additionally, the system must integrate with existing IT frameworks and facilitate effective communication between researchers and the DoD. The contract spans from February 2026 to January 2031, including multiple option years, emphasizing the program's long-term commitment to cybersecurity improvement. This project underscores the DoD's dedication to maintaining the integrity and security of its networks in a rapidly evolving cyber landscape.
    VDP Follow On RFI.pdf
    The document is a Request for Information (RFI) issued by the Department of Defense (DoD) to gather market research for an Enterprise Management System to support its Vulnerability Disclosure Program (VDP). The purpose of the RFI is to assess the availability and capabilities of potential vendors without committing to a contract. The DoD emphasizes the importance of securing its networks, which necessitates a comprehensive VDP managed by the DoD Cyber Crime Center. Interested parties are invited to submit their company details and demonstrate their capabilities in line with a draft Performance Work Statement (PWS). Key requirements include seamless integration with existing systems, handling various data formats, lifecycle management of vulnerability reports, and providing analytics. Respondents are also asked to provide feedback on the draft PWS and engage with the proposed North American Industry Classification System (NAICS) code. Submissions must adhere to specified guidelines and will not incur costs for the government. Responses are due by July 10, 2025. This initiative underscores the DoD’s commitment to engaging with the cybersecurity industry to bolster its vulnerability management strategies while enhancing collaboration and compliance.
    Lifecycle
    Title
    Type
    Vulnerability Disclosure Program Enterprise Management System (VDP EMS)
    Currently viewing
    Sources Sought
    Similar Opportunities
    Protecting Army Modernization and Supply Chains- Commercial Solutions Opening (CSO)
    Dept Of Defense
    The Department of Defense, through the Army Contracting Command, is seeking innovative solutions to enhance cybersecurity within the Defense Industrial Base (DIB) as part of the Protecting Army Modernization and Supply Chains initiative. This opportunity invites proposals for automated cybersecurity measures that comply with critical standards such as NIST controls and Cybersecurity Maturity Model Certification (CMMC), aimed at supporting small businesses in mitigating cyber threats while ensuring the protection of intellectual property and secure access. The initiative is crucial for safeguarding defense technologies and ensuring the rapid delivery of military capabilities, with submissions accepted until March 6, 2030. Interested parties can contact the Army NCODE Team at usarmy.apg.acc.mbx.dc3oe-ncode-cso@army.mil for further information.
    Platform One Solutions Marketplace (P1SM)/Commercial Solutions Opening (CSO)
    Dept Of Defense
    The Department of Defense, specifically the Department of the Air Force, is initiating the Platform One Solutions Marketplace (P1SM), an open call for innovative hardware, software, and service solutions aimed at enhancing the delivery of secure software within the DoD. This initiative seeks to address capability gaps and foster technological advancements by allowing participants to submit five-minute unclassified video pitches that align with strategic focus areas such as Agile Training, Application Development, Cybersecurity, and DevSecOps. The P1SM serves as a digital marketplace for vetted solutions, facilitating rapid acquisition pathways and reducing barriers for small businesses and non-traditional defense contractors. Interested parties can reach out to Steven Groenheim at steven.groenheim.6.ctr@us.af.mil or Maj. Jamail Walker at jamail.walker.1@us.af.mil for further information.
    Falcon X Crowdstrike
    Dept Of Defense
    The Department of Defense, specifically the Department of the Air Force, is seeking to procure the CrowdStrike Falcon Elite package to enhance its threat intelligence capabilities. This procurement aims to provide comprehensive reporting on Advanced Persistent Threat (APT) activity in gray space, leveraging a network of over 14 million endpoint sensors across 176 countries. The services are critical for maintaining cybersecurity and protecting sensitive information within the military infrastructure. Interested vendors can reach out to Stephen Planer at stephen.planer.1@us.af.mil or call 405-734-9922 for further details regarding this opportunity.
    Mission Video Distribution System (MVDS) Services
    Dept Of Defense
    The Department of Defense, specifically the Air Combat Command (ACC), is seeking industry sources for the Mission Video Distribution System (MVDS) Services, with a focus on providing engineering and technical support for the HQ 9th Air Force (Air Forces Central). The procurement aims to ensure the availability and operational support of the MVDS, which is critical for military operations within the United States Central Command (USCENTCOM) Area of Responsibility, including on-site support at Shaw Air Force Base in South Carolina and Al Udeid Air Base in Qatar. Interested parties must demonstrate their capability to meet the requirements, including software development, system engineering, and compliance with security standards, while adhering to government regulations. Responses are due by January 6, 2026, at 2:00 PM EST, and inquiries should be directed to Scott D. Bedford or Nicholas Bachman via email.
    Aerospace Readiness Enterprise System (ARES) Notional Schedule Update
    Dept Of Defense
    The Department of Defense, specifically the Department of the Air Force, is seeking proposals for the Aerospace Readiness Enterprise System (ARES) Notional Schedule Update, aimed at enhancing scheduling and training systems within the Operations Enterprise Architecture (OpsEA) Salesforce platform. Vendors are invited to develop solutions that can either utilize Salesforce-native no/low-code development or a prototype-based approach, ensuring integration with existing systems and compliance with security protocols. This initiative is critical for improving operational readiness and efficiency within the Air Force, with a prototype phase funded at $500K per team, lasting three months, and requiring development at an IL4 security level. Key deadlines include the release of the final solution solicitation on December 15, 2025, and the receipt of solutions by January 9, 2026. Interested parties can reach out to Evan Pomfret at evan.pomfret.1@us.af.mil or Lauren Cheslofska at lauren.cheslofska@us.af.mil for further inquiries.
    ESCAPE SaaS Request for Information (RFI)
    Dept Of Defense
    The Department of Defense, specifically the Department of the Air Force, is conducting a Request for Information (RFI) to identify potential sources for the Enterprise Supply Chain Analysis Planning & Execution (ESCAPE) Software as a Service (SaaS) Follow-on Contract. The primary objective is to procure a product contract that focuses on providing PTC Service Parts Management (SPM) SaaS capabilities for IL5 and IL6, along with additional services for training, analysis, configuration, and Tier 1-3 help desk support. This initiative is crucial for enhancing the Air Force's supply chain management capabilities and ensuring efficient operations. Interested parties are encouraged to respond by 4:00 PM Central Time on December 19, 2025, and should direct inquiries to Matthew Tonay at matthew.tonay.1@us.af.mil or Megan Donaghe at megan.donaghe@us.af.mil.
    Digital Engineering Services
    Dept Of Defense
    The Department of Defense, specifically the Department of the Air Force, is seeking to award a sole-source Firm Fixed Price contract for Digital Engineering Services to Dassault Systemes (DS). The procurement aims to secure comprehensive support for the 3D Experience (3DX) application, which includes configuring, customizing, training, and providing full-time equivalent support, essential for advancing digital engineering initiatives and leveraging existing software licenses. The 3DX application serves as a critical product lifecycle management tool that integrates various supporting applications, with a performance period extending from July 2022 to September 2025, funded by RDT&E resources. Interested parties can reach out to Kevin Daigle, Contract Specialist, at kevin.daigle.3@us.af.mil or Melissa Hobley, Contracting Officer, at melissa.hobley@us.af.mil for further inquiries.
    AFLCMC Cloud Productivity Suite Pilot CSO
    Dept Of Defense
    The Department of the Air Force, through the Air Force Life Cycle Management Center (AFLCMC), is seeking white papers for its Cloud Productivity Suite Pilot (CPSP) Commercial Solutions Opening (CSO). This initiative aims to identify innovative commercial solutions for an integrated productivity suite, cloud tenant, and operating system tailored for the Department of the Air Force's IT enterprise, focusing on secure collaborative platforms, IL5 accreditation, and Zero Trust security. The selected solutions will enhance the operational capabilities of Air Force personnel by ensuring access to reliable and efficient IT tools, with individual contracts expected to range from $500,000 to $4,000,000 over a period of 1-5 years. Interested vendors should submit their proposals by following the detailed instructions provided in the attached documents, and can reach out to primary contact Mason R Worsham at mason.worsham.1@us.af.mil for further inquiries. The CSO is open for submissions until November 2026.
    Trusted and Elastic Military Platforms and Electronic Warfare (EW) System Technologies (TEMPEST)
    Dept Of Defense
    The Department of Defense, specifically the Air Force Research Laboratory (AFRL), is seeking proposals for the Trusted and Elastic Military Platforms and Electronic Warfare (EW) System Technologies (TEMPEST) initiative. This program aims to develop methodologies and technologies to enhance the cyber security and resilience of avionics systems across various platforms, including manned, unmanned, and ISR systems, with a focus on mitigating vulnerabilities and advancing sensor technologies. The estimated program value is approximately $808.5 million, with multiple awards ranging from $1 million to $200 million, and proposals will be accepted through subsequent calls until November 1, 2025. Interested parties can reach out to Timothy Matelski at timothy.matelski@us.af.mil or Richard Bailey at richard.bailey.26@us.af.mil for further inquiries.
    HashiCorp Vault New Software
    Dept Of Defense
    The Department of Defense, through the Defense Health Agency (DHA), is seeking to procure HashiCorp Vault New Software, an identity-based secrets and encryption management system, to enhance its cyber readiness and support its Zero Trust Framework. This software is critical for centralized security enforcement, managing user access, and ensuring secure, auditable access to sensitive information within the Development, Security and Operations Community Cloud (DSOCC) environment. The procurement will be conducted among authorized resellers on the NASA SEWP and DoD ESI catalogs, with funding sourced from the Fiscal Year 25 Operations & Maintenance budget. Interested parties can direct inquiries to Contracting Officer Mr. Deinor A. Bolanos or Primary Contract Specialist Ms. Melissa Hearst for further details.