Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF JANUARY 24, 2025 SAM #8459
SPECIAL NOTICE

99 -- NATO Business Opportunity: Web Asset Security Assessment Grey Box Web Penetration Testing

Notice Date
1/22/2025 6:09:18 AM
 
Notice Type
Special Notice
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
BUREAU OF INDUSTRY AND SECURITY
 
ZIP Code
00000
 
Solicitation Number
RFQ-CO-424225-PEN
 
Response Due
2/6/2025 2:00:00 PM
 
Archive Date
02/12/2025
 
Point of Contact
Lee Ann Carpenter
 
E-Mail Address
LeeAnn.Carpenter@bis.doc.gov
(LeeAnn.Carpenter@bis.doc.gov)
 
Description
The NATO Communications and Information Agency (NCIA) intends to issue a Request for Quotation (RFQ) for Web Asset Security Assessment Grey Box Web Penetration Testing. Potential U.S. prime contractors must 1) maintain a professionally active facility (office, factory, laboratory, etc.) within the United States, 2) be pre-approved for participation in NATO International Competitive Bidding (ICB), 3) be issued a Declaration of Eligibility (DOE) by the Department of Commerce (DOC), and 4) register with the NCI Agency�s eProcurement tool, Neo: https://www.ncia.nato.int/business/procurement/neo-eprocurement In addition, contractor personnel will be required to work unescorted in Class II Security areas. Therefore, access can only be permitted to cleared individuals. Only companies maintaining the appropriate personnel clearances will be able to perform the resulting contract. The reference for the RFQ is RFQ-CO-424225-PEN and all correspondence concerning the RFQ should include this reference. SUMMARY OF REQUIREMENTS Please note that these requirements are being refined and will be included in further details as part of the RFQ. Project Objective To assess the security vulnerabilities and risks associated with NATO web assets. The security audit will be conducted using a greybox approach and following OWASP Application Security Verification Standard. Scope of Work 1. Conduct manual penetration testing following a grey box approach for i) web assets exposed to the internet and ii) web assets not exposed to the internet. 2. Assess the security vulnerabilities and risks associated with the web assets. 3. Provide recommendations to mitigate the identified risks. Period of Performance A nine month basic period, followed by two 12-month optional periods. The basic period is anticipated to start in April 2025 and end on 31 December 2025. This timeline represents the anticipated duration of the project, and adjustments may be made as per the requirements of the solicitation process and subsequent contractual agreement BECOMING ELIGIBLE TO BID NATO ICB requires that the U.S. Government issue a DOE for potential U.S. prime contractors interested in this project. Before the U.S. Government can do so, however, the U.S. Government must approve the U.S. firm for participation in NATO ICB. U.S. firms are approved for NATO ICB on a facility-by-facility basis. The U.S. NATO ICB application is a one-time application. The application requires supporting documentation in the form of 1) a company resume or capability statement indicating contracts completed as a prime contractor and 2) an annual report or set of financial documents indicating compilation, review, or audit by an independent CPA. U.S. firms can download a copy of the U.S. NATO ICB application from the following website: https://www.bis.doc.gov/index.php/other-areas/strategic-industries-and-economic-security-sies/nato-related-business-opportunities DOC is the U.S. Government agency that approves NATO ICB applications. Please submit to the email address provided your application and supporting documentation (as attachments). If your firm is interested in a specific NATO ICB project at this time, please also include the following in the TEXT of your email: - the title and/or solicitation number of the project - the name/phone/email of the company employee who should receive the bid documents After approval of your one-time NATO ICB application, DOC will then know to follow up by issuing a DOE for the project. DOC will transmit the DOE to the NATO contracting agency. IMPORTANT DATES: Request a DOE (and, for firms new to NATO ICB, submit the completed one-time NATO ICB application): 06 February 2025 NCIA distributes the RFQ (planned): 14 February 2025 Bid closing (anticipated): 28 February 2025 Contract Award (estimated): 01 April 2025
 
Web Link
SAM.gov Permalink
(https://sam.gov/opp/e786a0b3871e46f88e388aa6be786523/view)
 
Place of Performance
Address: BEL
Country: BEL
 
Record
SN07319325-F 20250124/250122230059 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.