Information Systems Cyber Security and Privacy Services - Bridge
Agency: Immediate Office of the Administrator
Location: Maryland
NAICS: Not Provided
Request for Information (RFI) -- DAST Tool
Overview
| Agency | SSA Office of Acquisition and Grants |
|---|---|
| Deadline | 05/19/26 |
| Posted | 05/05/26 |
| Estimated Value | Not Provided |
| Set Aside | None |
| NAICS | 513210 - Software Publishers |
| PSC | 7A21 - IT And Telecom - Business Application Software (Perpetual License Software) |
| Location | 6401 Security Blvd Baltimore, MD 21235 USA |
Description
The Web Application Security Team (WAST) performs static code scanning of all SSA applications as part of the Office of Information Security's (OIS) cybersecurity program. This is accomplished with the static application security testing (SAST) tool called Checkmarx and the software composition analysis (SCA) tool called Black Duck. Both of these solutions are white box testing tools that analyze the application's code as it's being built. WAST is looking to procure a Dynamic Application Security Testing (DAST) solution to better analyze SSA applications, to bolster FISMA metrics, and to satisfy the requirements from multiple external audits and assessments. The DAST tool would scan applications as they are executed to identify exploits that can only be detected from black box testing. This funding is required immediately to better support the workload of multiple federal mandates and to provide black box testing early in the development lifecycle to stop exploits before they go to Production and potentially cause a security breach. This will also support a new requirement to perform penetration testing on all Tier 1 applications and all information systems going through the Authority to Operate (ATO) process.
Summary (Newest Update)
Background The Social Security Administration (SSA) is seeking to enhance its cybersecurity measures through the procurement of a Dynamic Application Security Testing (DAST) tool. This initiative is part of the Office of Information Security's (OIS) cybersecurity program, which currently utilizes static application security testing (SAST) and software composition analysis (SCA) tools. The goal of acquiring a DAST solution is to improve the analysis of SSA applications, meet federal mandates, and address requirements from external audits and assessments. Work Details The SSA is looking for a DAST tool that will scan applications during execution to identify vulnerabilities that can only be detected through black box testing. This tool will support penetration testing for all Tier 1 applications and information systems undergoing the Authority to Operate (ATO) process. The RFI seeks information on various DAST tools available in the market to better understand options for fulfilling these needs. Period of Performance 1 Day After Award Place of Performance Social Security Administration, Robert M. Ball Bldg Loading Dock, 6401 Security Blvd, Baltimore, MD 21235-0001
Contacts
| Contact name | Keelin McGrath |
|---|---|
| Contact email | keelin.mcgrath@ssa.gov |
| Contact phone | None |
Same Region Opportunities
Cryogenic-free Dilution Refrigerator Test for Characterization of Superconducting Detectors and Devices
Agency: Goddard Space Center
Location: Maryland
NAICS: 334516
MD NP GWMP 6(2)
Agency: Federal Highway Administration
Location: Maryland
NAICS: 237310
Marketplace for Acquisition of Professional Services (MAPS)
Agency: ACC Aberdeen Proving Ground
Location: Maryland
NAICS: 541330