Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF JULY 15, 2017 FBO #5713
SOURCES SOUGHT

R -- Crowd-sourced Pentesting

Notice Date
7/13/2017
 
Notice Type
Sources Sought
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
General Services Administration, Federal Acquisition Service (FAS), Assisted Acquisitions Services (WQA), 301 7th St SW Rm 6109, Washington, District of Columbia, 20407, United States
 
ZIP Code
20407
 
Solicitation Number
TTS-CROWDPEN
 
Archive Date
8/8/2017
 
Point of Contact
Al Munoz, Phone: 2027344226
 
E-Mail Address
alberto.munoz@gsa.gov
(alberto.munoz@gsa.gov)
 
Small Business Set-Aside
N/A
 
Description
<img style="border-width: initial; border-style: none; transform: rotate(0rad);" src="https://lh4.googleusercontent.com/E9i-t_-ccuNE5_JYXiblZG5W-ldz3Jl8KGp1ClcODK4RLxtDDHDQkt2Hj9ODnEA4LlWmMpa-c3TIoQl73V7LkcTfGajy0HUBjY48wsVDndyY9r-qI00v1VQxGu8EcQbBBJgwV4wo" alt="" width="123" height="124" /> SOURCES SOUGHT NOTICE Crowdsourced Penetration Testing Services for LOGIN.GOV THIS IS NOT A SOLICITATION FOR PROPOSALS. THIS IS A SOURCES SOUGHT NOTICE ONLY for planning and information purposes. It shall not be considered as a request for proposal or as an obligation on the part of the Government to acquire any products or services. No entitlement to payment of direct or indirect costs or charges by the Government will arise as a result of responses to this notice or the Government's use of such information. No contract will be awarded as a result of this notice. Data submitted in response to this notice will not be returned. All submissions become Government property and will not be returned. The Government reserves the right to use information provided by respondents for any purpose deemed necessary and legally appropriate. The information provided in this notice is subject to change and is not binding on the Government. I. PURPOSE The General Services Administration is issuing this Sources Sought Notice on behalf of 18F to identify potential crowd sourced penetration testing providers who can support 18F’s login.gov product. Login.gov provides simple and secure access to public-facing federal consumer services and information, while protecting consumer privacy. Login.gov is an open source, single sign on service for government that provides the public with a better customer experience and improved security, while offering the government cross-agency integration at lower costs. Login.gov encrypts the personal information of each user separately, using a unique value generated from each user’s password. Login.gov implements the latest National Institute of Standards and Technology (NIST) standards for secure authentication and verification. Our plans for ongoing security include regular penetration testing and external security reviews. Individual accounts get two layers of security. Login.gov requires two-factor authentication as well as strong passwords that meet NIST requirements. Login.gov evaluates and implements new authentication methods as they become widely available to make sure that login.gov remains accessible and secure. Encrypting personal data separately means that login.gov cannot share any information with other government entities without users’ permission. Database administrators cannot decrypt a user’s personal information without the user’s password. Additional information can be found at www.login.gov, and in login.gov’s open source repository: https://github.com/18F/identity-idp. The 18F identity playbook, with additional information about the login.gov methodology, can be found at: https://pages.18f.gov/identity-playbook/. An overview of login.gov’s security approach can be found at: https://pages.18f.gov/identity-pii-management/. The login.gov team follows the Digital Services Playbook: https://playbook.cio.gov/. The intended period of performance will be for a two to four week period beginning approximately August 2017. II. MANDATORY CRITERIA Information is being requested to identify potential sources that meet the following criteria: Evidence of previous and repeated performance providing penetration testing and red team services for one or more top 50 technology companies, as currently defined by alexa.com. A brief description of crowdsourced penetration testing methodology and approach employed by your company. A description of a standard crowd of researchers and security experts makeup with their background, experience and vetting criteria engaged in a similar project. A proposed timeline of services, including expected needs for preparation, execution, and reporting. A description of any outcomes, assessments, recommendation, or other documentation your company would provide. III. DESCRIPTION OF SERVICES See attached Crowdsourced Pen Test - SOW Draft for description of services to be performed. IV. INSTRUCTIONS FOR RESPONDING TO THIS RFI This is an information gathering exercise to identify potential sources and to help develop the requirements and the acquisition strategy for required services. CONFIDENTIALITY: No proprietary, classified, confidential, or sensitive information should be included in your response. The Government reserves the right to use any non-proprietary technical information in any resultant solicitation(s). Response Format/Page Limitations: The overall total page limit for responses to this RFI is two (2) double-sided pages; or a total of four (4) single-sided pages. Responses should be submitted in Microsoft Word or PDF format. Responses should be complete and sufficiently detailed. Please do not submit marketing material. Responses should include the following information: A - GENERAL INFORMATION A1. Company Name/Address/Contact Information and DUNS number; A2. Business size/classification; and A3. Identify any GSA schedules or other existing contract vehicles your firm holds that supports the work described in this RFI. B - CAPABILITY AND EXPERIENCE INFORMATION B1. Describe your firm's level of experience and qualifications, or potential to acquire capability, to support Login.gov’s crowdsourced penetration testing needs. B2. Describe your firm's ability to meet the mandatory criteria in Section II above; and B3. Provide examples of your firm's experience in vetting and engaging security researchers and experts in similar projects. C - COMMENTS AND FEEDBACK C1. Identify small business contracting and subcontracting opportunities. C2. Based on your review of the Draft SOW, please provide estimated cost of requested services, type of contract type you would recommend and why. C3. Provide comments/suggestions and/or insights you may want the government to consider.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/notices/31967548478cc547d706fdf752f7abf9)
 
Record
SN04579338-W 20170715/170714000238-31967548478cc547d706fdf752f7abf9 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.