SOLICITATION NOTICE
70 -- Request for Information (RFI) -- DAST Tool
- Notice Date
- 5/5/2026 12:16:04 PM
- Notice Type
- Solicitation
- NAICS
- 513210
—
- Contracting Office
- SSA OFC OF ACQUISITION GRANTS BALTIMORE MD 21235 USA
- ZIP Code
- 21235
- Solicitation Number
- 28321326RI0000019
- Response Due
- 5/19/2026 11:00:00 AM
- Archive Date
- 06/03/2026
- Point of Contact
- Keelin McGrath
- E-Mail Address
-
keelin.mcgrath@ssa.gov
(keelin.mcgrath@ssa.gov)
- Description
- The Web Application Security Team (WAST) performs static code scanning of all SSA applications as part of the Office of Information Security�s (OIS) cybersecurity program. This is accomplished with the static application security testing (SAST) tool called Checkmarx and the software composition analysis (SCA) tool called Black Duck. Both of these solutions are white box testing tools that analyze the application�s code as it's being built. WAST is looking to procure a Dynamic Application Security Testing (DAST) solution to better analyze SSA applications, to bolster FISMA metrics, and to satisfy the requirements from multiple external audits and assessments. The DAST tool would scan applications as they are executed to identify exploits that can only be detected from black box testing. This funding is required immediately to better support the workload of multiple federal mandates and to provide black box testing early in the development lifecycle to stop exploits before they go to Production and potentially cause a security breach. This will also support a new requirement to perform penetration testing on all Tier 1 applications and all information systems going through the Authority to Operate (ATO) process.
- Web Link
-
SAM.gov Permalink
(https://sam.gov/workspace/contract/opp/3eb2e19333c74290a09fb24d29c3a8b3/view)
- Record
- SN07803743-F 20260507/260505230049 (samdaily.us)
- Source
-
SAM.gov Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's SAM Daily Index Page |