Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF SEPTEMBER 20, 2024 SAM #8333
SOURCES SOUGHT

D -- AI Tools for Application Security Scanning and Testing

Notice Date
9/18/2024 7:33:48 PM
 
Notice Type
Sources Sought
 
NAICS
541512 — Computer Systems Design Services
 
Contracting Office
NATIONAL OFFICE - PROCUREMENT OITA NEW CARROLLTON MD 20706 USA
 
ZIP Code
20706
 
Solicitation Number
24-68-A-PMO-OITA
 
Response Due
10/2/2024 2:00:00 PM
 
Archive Date
10/17/2024
 
Point of Contact
Tanya Outland
 
E-Mail Address
Tanya.E.Outland@irs.gov
(Tanya.E.Outland@irs.gov)
 
Description
Internal Revenue Service (IRS) AI Tools for Application Security Scanning and Testing Request for Information (RFI) Introduction This is a Request for Information (RFI) -- hereinafter Notice. This is NOT a solicitation for proposals, proposal abstracts, request for bids or quotations, nor a promise to issue a solicitation in the future. The purpose of this RFI is for the Government to obtain knowledge and information for project planning purposes only. No proprietary, classified, confidential, or sensitive information should be included in responses to this Notice, unless otherwise appropriately marked by the Respondent. The Government reserves the right to use any non-proprietary technical information received in response to this Notice in any resultant solicitation(s). Do Not Submit any Proposals / Offers / Quotes in response to this Notice. At a summary level, the Government has interest in and is seeking information regarding the capabilities of firms who can provide Artificial Intelligence (AI)-based and/or Machine Learning (MI)-based application security testing tools, e.g., SAST, DAST, IAST, MAST, RASP, and similar. Request for Information Number:� 24-68-A-PMO-OITA Project Title / Short Description:� Request for Information (RFI) on AI- and/or ML-Based Application Security Testing Tools� Capabilities PSC or FSC Code: DA01 IT AND TELECOM - BUSINESS APPLICATION/APPLICATION DEVELOPMENT SUPPORT SERVICES (LABOR) NAICS Codes: 541512 Computer Systems Design Services Release Date:� 09/18/2024. Questions Due: 09/23/2024 by 5:00PM EDT (Please email Tanya.E.Outland@irs.gov) Response Date:� 10/02/2024 by 5:00PM EDT (Please email Tanya.E.Outland@irs.gov) Primary Point of Contact and Contact Information: Name:� Tanya Outland Title:� A-PMO Government Facilitator Email:� Tanya.E.Outland@irs.gov Project Title The IRS is seeking information on AI- and/or ML-based application security testing tools� functionalities and capabilities, including these and more: Provide just-in-time identification of vulnerabilities and easy-to-understand remediation assistance to developers during coding and unit testing. Recommend secure coding practices and strategies for mitigating identified vulnerabilities. Produce real-time, actionable, and trusted findings. Automate and perform rapid testing. Identify potential security threats and automate security policy enforcement. Automate risk analysis and threat modeling. Support Continuous Authorization to Operate (cATO) process. Scalable and easy to integrate, deploy, and maintain. Description of Contemplated Services The IRS performs application security testing of mission-critical IRS applications.� This RFI is being issued with a goal of enabling cATO process by identifying AI- and/or ML-based application security testing capabilities that are available now or have a defined General Availability (GA) date within the next year.� These capabilities must improve upon legacy application security testing tools, such as Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). Significant AI or ML improvement on Interactive Application Security Testing (IAST) and/or Software Composition Analysis (SCA) tools also is desired. The IRS must comply with Federal legislative mandates, such as OMB M-22-18, OMB M-22-09, and Executive Order 14028, which require agencies to leverage automated application-layer security testing tools that produce actionable and trusted findings. The IRS employs SAST, DAST, and IAST to perform application security testing. The current capabilities of SAST & DAST are very hands-on, not lending themselves to the goal of cATO. RFI Instructions Responses to this RFI are requested in two (2) parts and must be submitted using Attachment 3 RFI Response Template. Part I Company Profile Information - IRS seeks company profile information about the firms that provide services positioned to address the requirements discussed above. Part II Capability - IRS seeks Industry responses to specific questions. Do not include any support documentation for any company other than your own.� This is an analysis of your company�s abilities. Part I: Company Profile Information Responders to this Notice must provide the following company information: Company Name and Address Company technical Point of Contact (POC) information to include name, title, telephone number, and email address. Applicable NAICS (North American Industry Classification System) Code� List active governmentwide contracts that your company has been awarded (GWACs, IDIQs, and BPAs � include applicable SIN) Business Classification / Socio-Economic Status (e.g., large, small, 8(a), women owned, hub-zone, SDB, Service-Disabled Veteran Owned) Subcontracting / partnering / teaming possibilities. Part II: Capability Provide a company overview. A brief description of your company, to include company size and overarching value proposition, i.e., solutions provider, value-added reseller, hardware, etc. Company capabilities. Are you currently providing, or have you recently provided, similar tools in scope, size, and complexity to any government or commercial entity?� If yes, please provide the agency�s name, contract number, and contract value with a description of the tool and support provided. Please respond to the request for information on capabilities of AI- and/or ML-based tools pertaining to the requirements stated in Sections �Project Title� and �Description of Contemplated Services�.� Please note the application security testing class, such as SAST, DAST, IAST, MAST, RASP, or other classes, to which a capability belongs. What are the system requirements of your AI- and/or ML-based tool or the associated software and services? How is your AI- and/or ML-based tool licensed? Please provide any additional insights that would help the IRS define the requirement(s) to implement cATO process. Terms and Conditions regarding this Notice This Notice does not obligate the Government to award a contract or otherwise pay for the information provided in response.� All costs associated with responding to this Notice are solely at the responding party's expense.� The Government reserves the right to use information provided by respondents for any purpose deemed necessary and legally appropriate.� Further, the Government may contact the vendor for additional information regarding the information submitted as part of this market research effort.� Any organization responding to this notice should ensure that its response is complete and sufficiently detailed to allow the Government to determine the organization�s qualifications to perform the work.� Respondents are advised that the Government is under no obligation to acknowledge receipt of the information received or provide feedback to respondents with respect to any information submitted.� After a review of the responses received, a pre-solicitation synopsis and solicitation may be published in Government Point of Entry or other similar source (e.g., GSA E-buy).� However, responses to this notice will not be considered adequate responses to a solicitation. Responses to this notice are not offers and cannot be accepted by the Government to form a binding contract or agreement.� The Government will not be obligated to pursue any particular acquisition alternative as a result of this notice.� Responses to the notice will not be returned.� Not responding to this notice does not preclude participation in any future solicitation if one is issued. No proprietary, classified, confidential, or sensitive information should be included in responses to this Notice, unless otherwise appropriately marked by the Respondent.� The Government reserves the right to use any non-proprietary technical information received in response to this Notice in any resultant solicitation(s).� Do Not Submit any Proposals/Offers in response to this Notice. Thank you for your response to this Request for Information.
 
Web Link
SAM.gov Permalink
(https://sam.gov/opp/df363d9bf6c64f128faa4986f5fa59e5/view)
 
Place of Performance
Address: Washington, DC 20224, USA
Zip Code: 20224
Country: USA
 
Record
SN07216685-F 20240920/240918230121 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.