This announcement is a Market Survey / Request for Information for the purpose of soliciting feedback regarding existing capabilities to meet cybersecurity risk assessment and testing needs. Responses to this announcement will be used for informational purposes only to support the development of an acquisition strategy for the contemplated Cybersecurity Testing Team. The information will not be released, except as required under the Freedom of Information Act (FOIA); proprietary information will be protected if appropriately marked. This is not a Screening Information Request or Request for Proposal. FAA intends for this work to be set-aside for performance by a Service-Disabled Veteran Owned Small Business (SDVOSB). The sustainment of Independent Risk Assessment capabilities, Information Systems Security (ISS) Assurance and the performance of penetration testing are key components in meeting Office of Management and Budget’s (OMB) continuous monitoring requirement, Federal Information Security Management Act (FISMA), and Executive Order 13636 and its implementation through Presidential Policy Directive (PPD-21) and the ATO Cyber Security Strategic Plan. The objectives of this SOW are to provide the FAA support to accomplish the following: • Identify and research the use of advanced tools, tactics, techniques, and processes in order to enhance and advance current FAA NAS cyber mitigation, assessment, and testing capabilities for ATO systems • Baseline and assess current capabilities including simulation environments, mitigation tool sets, procedures, and testing capabilities • Minimize the impact of cyber security events and incidents in support of availability and restoration requirements for NAS critical and essential services • Identify risks to organizational operations (e.g., mission, functions, image, and reputation), organizational assets, and individuals and incorporate threat and vulnerability analyses to support development of Courses of Action (CoA) The FAA Cybersecurity Testing team will provide two critical FAA needs: 1. Independent ATO System Risk Assessments 2. Cybersecurity Testing • Penetration Testing • Red Teaming • Blue Teaming • Sandbox Simulation • Aircraft Cyber Testing Support • Vulnerability Assessments Included as Attachment A to this announcement is the draft Statement of Work (SOW) for the Cybersecurity Testing acquisition. The FAA requests responses from industry to include the following: 1) Describe your firm’s understanding of and capability to perform the full range of work described in Attachment A. 2) Describe your experience performing the full range of work described in Attachment A. The description must demonstrate your capability to perform work of similar size, scope, and complexity. 3) Describe your firm’s ability to support Independent Risk Assessments and Cybersecurity testing, at locations nationwide, on short notice. 4) Describe your firm’s ability to identify technologies, areas for development of new technologies, and analyze risks associated with each in order to mitigate vulnerabilities found in each risk assessment. 5) Performance Management: describe your firm’s process for ensuring successful performance of the contract requirements This Market Survey must not be construed as an obligation on the part of the FAA to acquire these items. Since this is not a Screening Information Request or Request for Proposal, no results will be issued to the responding firms. No solicitation for these items exists currently. If a solicitation is issued, it will be announced on the FAA Contract Opportunities website. It is the vendor’s responsibility to monitor the website for release of the solicitation. The FAA will not entertain or accept unsolicited proposals for this work. The FAA will not be liable for any costs associated with the preparation of responses to this Market Survey, nor reimburse or otherwise pay any costs incurred by any party responding to this announcement. Any costs associated with the Market Survey submissions will be solely at the interested party’s expense. The FAA may request that one, some, all, or none of the respondents to the Market Survey/Request for Information provide additional information. No evaluation of vendors will occur based on this additional information, and vendor participation in any informational session is not a promise for future business with the FAA. Interested vendors’ responses must be submitted by email no later than 5:00 P.M. Eastern Time on November 6, 2019. Responses to this Market Survey are limited to 15 pages, must be in writing, on company letterhead, and must include respondent point of contact information including name, telephone number, e-mail address, and mailing address. Any proprietary information submitted must be properly identified. Information from vendor submissions may be used in future acquisition activities on a non-vendor specific basis. Any questions must be submitted by email to the point-of-contact noted below no later than 5:00 P.M. Eastern Time on October 24, October, 2019. Submit responses to: Leslie Fisher Contracting Officer Email: [email protected] NOTES: The electronic submission should be in either Microsoft Word format or portable document format (PDF). Please note that the FAA e-mail server restricts file size to 10MB per email message, therefore, responses may have to be submitted in more than one e-mail in order to be received. If you're viewing this announcement from a source other than Federal Aviation Administration Contract Opportunities (FAACO), visit https://faaco.faa.gov/index.cfm/announcement/view/34910 to view the original announcement.

Bid Protests Not Available