JustificationActive47QFRA20Q0048
Justification and Approval - Vulnerability Disclosure Policy Platform (VDP) Platform
GENERAL SERVICES ADMINISTRATION / FEDERAL ACQUISITION SERVICE / GSA GAS AAS REGION 6Key dates?
- Posted?
- Jul 16, 2026
- Response deadline?
- —
- Archive date?
- —
- Archive type?
- auto30
Classification?
- Notice type?
- Justification
- Base type?
- Justification
- Set-aside?
- —
- Set-aside code?
- —
- PSC?
- DJ01
NAICS?
Issuing office?
- Department?
- GENERAL SERVICES ADMINISTRATION
- Sub-tier?
- FEDERAL ACQUISITION SERVICE
- Office?
- GSA GAS AAS REGION 6
- Office code?
- 047.4732.47QFHA
- Organization type?
- OFFICE
- Office address?
- KANSAS CITY, MO, 64108, USA
Place of performance?
- Street?
- —
- Street 2?
- —
- City?
- Arlington
- State?
- Virginia
- Zip?
- 22203
- Country?
- UNITED STATES
Contacts?
- Adrienne Davisprimary
- Matthew Schupbachsecondary
Description?
The Cybersecurity and Infrastructure Security Agency (CISA) partners with Federal agencies, industry, and other stakeholders to strengthen the security and resilience of the Nation's critical infrastructure and Federal information systems. As part of this mission, CISA supports ongoing efforts to reduce cybersecurity risk by identifying, assessing, and facilitating the remediation of vulnerabilities affecting Federal Civilian Executive Branch (FCEB) systems. These efforts support the implementation of Binding Operational Directive (BOD) 20-01, which requires FCEB agencies to establish and maintain Vulnerability Disclosure Policies (VDPs) to receive and address vulnerability reports submitted by external security researchers. This requirement provides CISA and participating FCEB agencies with continued access to a secure, commercially available Software-as-a-Service (SaaS) Vulnerability Disclosure Policy (VDP) platform that enables the centralized submission, validation, routing, tracking, and reporting of cybersecurity vulnerabilities identified in internet-accessible Federal systems. The platform supports secure collaboration between security researchers and participating agencies, provides configurable reporting and metrics, role-based user management, application programming interface (API) integration capabilities, and optional functionality to support agency-managed bug bounty programs. The contractor shall configure, operate, secure, and administer the platform; maintain the platform's Authority to Operate (ATO) and support applicable Federal cybersecurity authorization requirements; provide technical support and user onboarding; perform vulnerability triage, validation, routing, and tracking services; generate operational reporting; and support agencies that elect to implement bug bounty programs. The platform is designed to scale as agency participation changes while ensuring the confidentiality, integrity, and availability of vulnerability information and supporting the Government's continued ability to receive and manage coordinated vulnerability disclosures. This modification extends the period of performance for the existing contract to ensure continuity of the enterprise Vulnerability Disclosure Policy (VDP) platform and associated support services. The modification continues uninterrupted support for participating Federal Civilian Executive Branch agencies and maintains the Government's capability to receive, triage, track, and manage vulnerability disclosures during the transition period.
Attachments (1)?
- Download📎 47QFRA20C0012_P00048_VDP_Justification+and+Approval__20260318_Redacted.pdfapplication/pdf · 131 KB
Award?
- Number?
- 47QFRA20C0012
- Amount?
- —
- Date?
- —
- Awardee?
- —
- UEI?
- —
- Awardee address?
- —
Similar open contracts
Metadata?
- Notice ID?
- 9981c687df274f82add5e698356e33d4
- Full path?
- GENERAL SERVICES ADMINISTRATION.FEDERAL ACQUISITION SERVICE.GSA GAS AAS REGION 6
- Office code?
- 047.4732.47QFHA
- Ingested?
- Jul 17, 2026
- Updated?
- Jul 17, 2026