GSA RFP: DHS CISA Vulnerability Disclosure Platform (VDP)

Solicitation: ID08200031

“The scope of this contract is to provide CISA and participating FCEB agencies access to an existing, commercially available SaaS platform, which will to facilitate the submission and tracking of vulnerabilities discovered in internet-accessible information systems, termed FCEB systems, of the FCEB agencies, including Independent Agencies and all Boards, Commissions, and Committees (Chief Financial Officers (CFO) ACT and Non-CFO Act Agencies).  In addition, as an optional functionality, the Platform shall provide agencies the ability to provide financial incentives (termed “bug bounties”) for valid submissions. Participation in the Platform will be voluntary for FCEB agencies, and therefore the platform needs to scale to support a potentially varying number of agencies at any time.  FCEB agencies currently participating in the Platform are captured in the FCEB Agencies List (Attachment A).  The FCEB Agencies List will be updated throughout the period of performance of this contract.

The Platform service provider, termed “Service Provider”, shall provide the Government with project management support services including robust platform reporting, effectively securing the platform, and managing the administration and operation of the platform, including its security.  The service provider shall provide triage services that ensure submitted vulnerability reports are valid and provided to the impacted FCEB agency. The service provider shall assist agencies that desire a bug bounty program with the means to facilitate financial payment to vulnerability reporters who submit valid reports for FCEB agency systems.

Remediation of identified vulnerabilities on FCEB systems is the responsibility of the appropriate FCEB agency, and not the service provider or CISA.”

“The service provider shall perform the following tasks:

Task 1: Manage, Operate, and Administer the Platform

Task 2: Triage, Route, and Track Vulnerability Reports

Task 3: Facilitate Bug Bounty Program…”

Read more here.


This topic contains 0 replies, has 1 voice, and was last updated by  Jackie Gilbert 1 year, 1 month ago.

  • Author
  • #104556

    Replies viewable by members only


You must be logged in to reply to this topic.


Questions?. Send us an email and we'll get back to you, asap.


©2021 MileMarker10, LLC all rights reserved | Community and Member Guidelines | Privacy Policy | About G2Xchange FedCiv

Opportunities. Starting Points.

About our Data

The Vault is a listing of expiring contracts, task orders, etc. within a certain set of parameters, to include:

  • Have an initial total estimated contract value of $10 million or above
  • Federal Civilian Only – DHS, Transportation, Justice, Labor, Interior, Commerce, Energy, State, and Treasury Actions
  • NAICS codes include: 511210, 518210, 519130, 519190, 541511,
    541513, 541519, 541611, 541618,
    541690, 541720, 541990
  • Were modified within the last 12 calendar months
  • The data represented is based on information provided by the government

Who has access? Please note that ALL G2Xchange FedCiv Members will receive access to all basic and much of the advanced data. G2Xchange FedCiv Corporate Members will receive access to ALL Vault content (basic and advanced).

Feedback/Suggestions? Contact us at and let us know what you think. 

G2Xchange FedCiv

Log in with your credentials for G2Xchange FedCiv

Forgot your details?