DHS RFI: CISA Vulnerability Disclosure Platform (VDP)

Solicitation: ID08200VDP

“The intent of the vulnerability disclosure platform is to provide a CISA managed central platform to facilitate the submission and tracking of vulnerabilities discovered in internet-accessible information systems of the FCEB agencies, including Independent Agencies and all Boards, Commissions, and Committees. Participation in the vulnerability disclosure platform is envisioned to be voluntary for FECB agencies, and therefore the platform needs to scale to support a potentially varying number of agencies at any time. The government desires that the vulnerability disclosure platform be a software-as-a-service web application that serves as the primary point of entry for vulnerability reporters to alert the government of potential issues on federal information systems for those agencies that participate in the platform. Remediation of identified vulnerabilities on federal information systems is intended to be the responsibility of the appropriate hosting agencies, not CISA or the vulnerability disclosure platform service provider.”

“The vulnerability disclosure platform should provide the following interfaces:

Web application

  • Provides users (vulnerability reporters, agencies, CISA) direct access to the platform feature set.
  • Allows reporters to submit vulnerabilities, track submissions and their status, and maintain communication (as they choose).
  • Allows agencies to manage submissions and view summary statistics.
  • Allows CISA to adjudicate submissions where the agency is unknown (or has been unresponsive), view statistical data and trends, run reports, export data, and view agency submissions.


  • Notifications and alerts of submissions and updates can be emailed to the userbase from the platform (submission details are not included in the email) …”

Read more here.


This topic contains 0 replies, has 1 voice, and was last updated by  Jackie Gilbert 7 months, 2 weeks ago.

  • Author
  • #86070

    Replies viewable by members only


You must be logged in to reply to this topic.


Questions?. Send us an email and we'll get back to you, asap.


©2020 G2Xchange all rights reserved | Community and Member Guidelines | Privacy Policy | About G2Xchange FedCiv

Opportunities. Starting Points.

About our Data

The Vault is a listing of expiring contracts, task orders, etc. within a certain set of parameters, to include:

  • Have an initial total estimated contract value of $10 million or above
  • Federal Civilian Only – DHS, Transportation, Justice, Labor, Interior, Commerce, Energy, State, and Treasury Actions
  • NAICS codes include: 511210, 518210, 519130, 519190, 541511,
    541513, 541519, 541611, 541618,
    541690, 541720, 541990
  • Were modified within the last 12 calendar months
  • The data represented is based on information provided by the government

Who has access? Please note that ALL G2Xchange FedCiv Members will receive access to all basic and much of the advanced data. G2Xchange FedCiv Corporate Members will receive access to ALL Vault content (basic and advanced).

Feedback/Suggestions? Contact us at Vault@G2Xchange.com and let us know what you think. 

G2Xchange FedCiv

Log in with your credentials for G2Xchange FedCiv

Forgot your details?