SamSearch

    Closed Solicitation · DEPARTMENT OF COMMERCE

    NATO BUSINESS OPPORTUNITY: WEB ASSET SECURITY ASSESSMENT GREY BOX WEB PENETRATION TESTING

    Issued by BUREAU OF INDUSTRY AND SECURITY · BUREAU OF INDUSTRY AND SECURITY
    Sol. RFQ-CO-424225-PENSpecial Notice
    Closed
    STATUS
    Closed
    closed Feb 6, 2025
    POSTED
    Jan 22, 2025
    Publication date
    NAICS CODE
    541519
    Primary industry classification
    PSC CODE
    1316
    Product & service classification

    AI Summary

    The NATO Communications and Information Agency seeks U.S. contractors for a Web Asset Security Assessment Grey Box Web Penetration Testing project. Bidders must have a U.S. facility, be pre-approved for NATO ICB, possess a Declaration of Eligibility from the Department of Commerce, and register with the NCI Agency's eProcurement tool. The project aims to identify and mitigate security vulnerabilities in NATO web assets over a nine-month period, with potential extensions.

    Contract details

    Solicitation No.
    RFQ-CO-424225-PEN
    Notice Type
    Special Notice
    Posted Date
    January 22, 2025
    Response Deadline
    February 6, 2025
    NAICS Code
    541519AI guide
    PSC / Class Code
    1316
    Contract Code
    1316
    Issuing Office
    BUREAU OF INDUSTRY AND SECURITY
    Sub-Agency
    BUREAU OF INDUSTRY AND SECURITY
    Agency
    DEPARTMENT OF COMMERCE
    Primary Contact
    Lee Ann Carpenter

    Description

    The NATO Communications and Information Agency (NCIA) intends to issue a Request for Quotation (RFQ) for Web Asset Security Assessment Grey Box Web Penetration Testing. Potential U.S. prime contractors must 1) maintain a professionally active facility (office, factory, laboratory, etc.) within the United States, 2) be pre-approved for participation in NATO International Competitive Bidding (ICB), 3) be issued a Declaration of Eligibility (DOE) by the Department of Commerce (DOC), and 4) register with the NCI Agency’s eProcurement tool, Neo: https://www.ncia.nato.int/business/procurement/neo-eprocurement In addition, contractor personnel will be required to work unescorted in Class II Security areas. Therefore, access can only be permitted to cleared individuals. Only companies maintaining the appropriate personnel clearances will be able to perform the resulting contract. The reference for the RFQ is RFQ-CO-424225-PEN and all correspondence concerning the RFQ should include this reference. SUMMARY OF REQUIREMENTS Please note that these requirements are being refined and will be included in further details as part of the RFQ. Project Objective To assess the security vulnerabilities and risks associated with NATO web assets. The security audit will be conducted using a greybox approach and following OWASP Application Security Verification Standard. Scope of Work 1. Conduct manual penetration testing following a grey box approach for i) web assets exposed to the internet and ii) web assets not exposed to the internet. 2. Assess the security vulnerabilities and risks associated with the web assets. 3. Provide recommendations to mitigate the identified risks. Period of Performance A nine month basic period, followed by two 12-month optional periods. The basic period is anticipated to start in April 2025 and end on 31 December 2025. This timeline represents the anticipated duration of the project, and adjustments may be made as per the requirements of the solicitation process and subsequent contractual agreement BECOMING ELIGIBLE TO BID NATO ICB requires that the U.S. Government issue a DOE for potential U.S. prime contractors interested in this project. Before the U.S. Government can do so, however, the U.S. Government must approve the U.S. firm for participation in NATO ICB. U.S. firms are approved for NATO ICB on a facility-by-facility basis. The U.S. NATO ICB application is a one-time application. The application requires supporting documentation in the form of 1) a company resume or capability statement indicating contracts completed as a prime contractor and 2) an annual report or set of financial documents indicating compilation, review, or audit by an independent CPA. U.S. firms can download a copy of the U.S. NATO ICB application from the following website: https://www.bis.doc.gov/index.php/other-areas/strategic-industries-and-economic-security-sies/nato-related-business-opportunities DOC is the U.S. Government agency that approves NATO ICB applications. Please submit to the email address provided your application and supporting documentation (as attachments). If your firm is interested in a specific NATO ICB project at this time, please also include the following in the TEXT of your email: - the title and/or solicitation number of the project - the name/phone/email of the company employee who should receive the bid documents After approval of your one-time NATO ICB application, DOC will then know to follow up by issuing a DOE for the project. DOC will transmit the DOE to the NATO contracting agency. IMPORTANT DATES: Request a DOE (and, for firms new to NATO ICB, submit the completed one-time NATO ICB application): 06 February 2025 NCIA distributes the RFQ (planned): 14 February 2025 Bid closing (anticipated): 28 February 2025 Contract Award (estimated): 01 April 2025

    Key dates

    1. January 22, 2025Posted Date
    2. February 6, 2025Proposals / Responses Due

    Frequently asked questions

    NATO BUSINESS OPPORTUNITY: WEB ASSET SECURITY ASSESSMENT GREY BOX WEB PENETRATION TESTING is a federal acquisition solicitation issued by DEPARTMENT OF COMMERCE. Review the full description, attachments, and submission requirements on SamSearch before the response deadline.

    SamSearch Platform

    Stop searching. Start winning.

    AI-powered intelligence for the right opportunities, the right leads, and the right time.

    Book a Demo