/tts-buy-crowdsourced-pentest

Solicitation documents for the crowdsourced security and pentest procurement being undertaken by TTS.

OtherNOASSERTION

TTS Crowdsourced Security and Pentest

This is the GitHub repository for TTS_CROWDSOURCE, posted on FedBizOpps.gov. Please submit any questions as an Issue in this repository by November 17, 2017 at 5:00pm EST. The Contracting Officer will only be responding to questions submitted using the Issue Template. Comments from other parties or in other formats will still be considered but we cannot commit to responding to them.

Proposals are due by November 27, 2017 at 4:00pm EST.

Background

GSA TTS is designing and developing a Shared Authentication Platform to answer and meet recent federal directives and action plans released by the Executive Office of the President to provide citizens with secure singular digital accounts that can be used government-wide to access participating federal agencies. Congress saw the need for citizens to securely access federal agencies and passed the Cybersecurity Act (CISA) in October 2015 to strengthen the Nation’s Cybersecurity. The Executive Office of the President defined actions federal agencies can follow to meet CISA in the Cybersecurity National Action Plan in February 2016.

Armed with knowledge gained from an initial operational capability utilizing third-party credentials and with valuable Government, industry, and customer input, GSA TTS will operationalize a shared authentication platform titled Login.gov that provides citizens with government-provided digital identities established at National Institute of Standards and Technology (NIST) Level of Assurance LOA1 and LOA3 in 800-63-2 with remote proofing, in a simple, elegant manner from a technical environment that is built on experiences, processes, and infrastructure that will use the latest available technology to safeguard all user data.

What we're hoping to end up with

Additional information is provided in Sections A and B of the RFQ, but in short:

GSA requires the following products and services:

Crowdsourced Security & Penetration Testing focusing on the login.gov platform running in Amazon Web Services using a pre-vetted and private pool of researches. Assessment will focus on both LOA1 and LOA3 integrations.

  • Currently Login.gov's code repository contains 50,000 lines of code

At the time of testing login.gov will have 500K or more active LOA1 users and 500 active LOA3 users.

How to respond

Additional information is provided in the clause 52.212-1: Instructions to Offerors, but in short:

Submit signed and dated offers to the office specified in this solicitation at or before the exact time specified in this solicitation. Offers may be submitted on the SF 1449, letterhead stationery, or as otherwise specified in the solicitation.

Period of performance

Additional information is provided in Section A of the RFQ under Schedule and Milestones, but in short:

The following are the schedule / milestones for this procurement. The full period of performance is 90 days from the date of award. The final engagement timeframe will be mutually agreed to after consultation between the Government and the Contractor.

Contents

  1. Request for Quotation (RFQ)

Contributing

See CONTRIBUTING for additional information.

Public domain

This project is in the worldwide public domain. As stated in CONTRIBUTING:

This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.