Request for Information (RFI) -- DAST Tool

Description

The Web Application Security Team (WAST) performs static code scanning of all SSA applications as part of the Office of Information Security’s (OIS) cybersecurity program. This is accomplished with the static application security testing (SAST) tool called Checkmarx and the software composition analysis (SCA) tool called Black Duck. Both of these solutions are white box testing tools that analyze the application’s code as it's being built. WAST is looking to procure a Dynamic Application Security Testing (DAST) solution to better analyze SSA applications, to bolster FISMA metrics, and to satisfy the requirements from multiple external audits and assessments. The DAST tool would scan applications as they are executed to identify exploits that can only be detected from black box testing. This funding is required immediately to better support the workload of multiple federal mandates and to provide black box testing early in the development lifecycle to stop exploits before they go to Production and potentially cause a security breach. This will also support a new requirement to perform penetration testing on all Tier 1 applications and all information systems going through the Authority to Operate (ATO) process.

Classifications

NAICS

513210

Software Publishers

51├Information

513├Publishing Industries

5132├Software Publishers

51321├Software Publishers

513210└Software Publishers

PSC

7A21

IT AND TELECOM - BUSINESS APPLICATION SOFTWARE (PERPETUAL LICENSE SOFTWARE)

7├IT AND TELECOM - INFORMATION TECHNOLOGY AND TELECOMMUNICATIONS

7A├IT AND TELECOM - APLLICATIONS

7A21└Business Application off-the-shelf software delivered by perpetual license, which also encompasses enterprise level software enabling mission capability and business operational support.

Documents

Primary Contact