GovBidAlerts
← All opportunities

Justification and Approval - Vulnerability Disclosure Policy Platform (VDP) Platform

Key dates

Posted
Jul 16, 2026
Response deadline
Archive date
Archive type
auto30

Classification

Notice type
Justification
Base type
Justification
Set-aside
Set-aside code
PSC
DJ01

NAICS

Issuing office

Department
GENERAL SERVICES ADMINISTRATION
Sub-tier
FEDERAL ACQUISITION SERVICE
Office
GSA GAS AAS REGION 6
Office code
047.4732.47QFHA
Organization type
OFFICE
Office address
KANSAS CITY, MO, 64108, USA

Place of performance

Street
Street 2
City
Arlington
State
Virginia
Zip
22203
Country
UNITED STATES

Contacts

Description

The Cybersecurity and Infrastructure Security Agency (CISA) partners with Federal agencies, industry, and other stakeholders to strengthen the security and resilience of the Nation's critical infrastructure and Federal information systems. As part of this mission, CISA supports ongoing efforts to reduce cybersecurity risk by identifying, assessing, and facilitating the remediation of vulnerabilities affecting Federal Civilian Executive Branch (FCEB) systems. These efforts support the implementation of Binding Operational Directive (BOD) 20-01, which requires FCEB agencies to establish and maintain Vulnerability Disclosure Policies (VDPs) to receive and address vulnerability reports submitted by external security researchers. This requirement provides CISA and participating FCEB agencies with continued access to a secure, commercially available Software-as-a-Service (SaaS) Vulnerability Disclosure Policy (VDP) platform that enables the centralized submission, validation, routing, tracking, and reporting of cybersecurity vulnerabilities identified in internet-accessible Federal systems. The platform supports secure collaboration between security researchers and participating agencies, provides configurable reporting and metrics, role-based user management, application programming interface (API) integration capabilities, and optional functionality to support agency-managed bug bounty programs. The contractor shall configure, operate, secure, and administer the platform; maintain the platform's Authority to Operate (ATO) and support applicable Federal cybersecurity authorization requirements; provide technical support and user onboarding; perform vulnerability triage, validation, routing, and tracking services; generate operational reporting; and support agencies that elect to implement bug bounty programs. The platform is designed to scale as agency participation changes while ensuring the confidentiality, integrity, and availability of vulnerability information and supporting the Government's continued ability to receive and manage coordinated vulnerability disclosures. This modification extends the period of performance for the existing contract to ensure continuity of the enterprise Vulnerability Disclosure Policy (VDP) platform and associated support services. The modification continues uninterrupted support for participating Federal Civilian Executive Branch agencies and maintains the Government's capability to receive, triage, track, and manage vulnerability disclosures during the transition period.

Attachments (1)

Award

Number
47QFRA20C0012
Amount
Date
Awardee
UEI
Awardee address

Similar open contracts

Metadata

Notice ID
9981c687df274f82add5e698356e33d4
Full path
GENERAL SERVICES ADMINISTRATION.FEDERAL ACQUISITION SERVICE.GSA GAS AAS REGION 6
Office code
047.4732.47QFHA
Ingested
Jul 17, 2026
Updated
Jul 17, 2026