Assured Compliance Assessment Solution (ACAS) for the Program Acquisition Executive (PAE) Cyber Sensing Portfolio Management Office
Overview
Buyer
Place of Performance
NAICS
PSC
Set Aside
Original Source
Timeline
Qualification Details
Fit reasons
- NAICS alignment with historical contract wins in similar service areas.
- Scope strongly matches core technical capabilities and delivery model.
Risks
- Past performance thresholds may require one additional teaming partner.
- Potential clarification needed on staffing minimums before bid/no-bid.
Next steps
Validate eligibility requirements, assign capture owner, and schedule partner outreach to confirm teaming strategy before submission planning.
Quick Summary
The Defense Information Systems Agency (DISA) is conducting a Sources Sought to identify potential sources for the next-generation Assured Compliance Assessment Solution (ACAS) for the Program Acquisition Executive (PAE) Cyber Sensing Portfolio Management Office. This market research aims to determine the availability and capability of small businesses and their subsets to provide the required products and/or services. Responses are due by June 4, 2026.
Scope of Work
DISA is seeking a comprehensive scanning solution for approximately 11 million Department of War (DoW) devices. Key capabilities include:
- Network-based, host-based agent, and agentless scanning.
- Assessment of compliance with security controls, configuration best practices, and patch management.
- Support for various operating systems (Windows, UNIX/Linux, macOS, Cisco IOS, etc.) and device types.
- Support for cloud deployment (FedRAMP high with IL5) and scanning of cloud assets (AWS, Azure, OCI, GCP).
- Scanning capabilities for IoT, OT (including sensitive networks), and container assets (Docker, Kubernetes).
- Scanning capabilities for web applications (e.g., ServiceNow).
- Enterprise license management.
- Adherence to standards like SCAP, CVE, CPE, XCCDF, and OVAL.
- Automating network discovery, asset identification, and vulnerability scanning.
- Scalable architecture to support the entire Department.
Contract & Timeline
- Contract Type: Sources Sought (for market research only)
- Anticipated Period of Performance: January 1, 2029 – October 31, 2033 (Base Year + 4 Option Years).
- Anticipated Place of Performance: CONUS and OCONUS.
- Previous Contract: NNG15SC71B/HC108426F0066 (NASA SEWP V).
- Incumbent: FCN, INC (Women-Owned Small Business).
- Previous Acquisition Method: Small Business Set-Aside (SBSA).
- Response Due: June 4, 2026, 4:00 PM EDT.
- Published Date: May 21, 2026.
Eligibility / Set-Aside
This sources sought is specifically to determine the availability and capability of small businesses and their subsets (SDBs, HUBZone, 8(a), SDVOSBs, WOSBs). Two or more qualified and capable small businesses must respond to demonstrate qualifications for a small business set-aside. Applicable NAICS Codes are 541519 (IT Value Added Resellers) or 513210 (Software Publishers).
Submission & Evaluation
This is NOT a Request for Proposal. Interested businesses must submit a brief capabilities statement package (no more than five pages) addressing specific questions regarding experience with cybersecurity tools, DoW/US Government customer services, cloud migration, vulnerability management transitions, federal standards, and support processes. Responses must demonstrate the ability to perform in accordance with FAR clause 52.219-14, Limitations on Subcontracting. Information regarding joint ventures (JVs) or partnering is requested.
Special Requirements
Personnel may require up to TS/SCI clearances. Offerors must provide their current Facility Clearance Level (FCL). Personnel supporting cybersecurity functions must have appropriate IA certification per DoDD 8140.03-M.
Submission Details
Submit responses via email to Adam Venhaus (adam.m.venhaus.civ@mail.mil) and LTC Rhett Zietlow (rhett.c.zietlow.mil@mail.mil). Include business name, address, representative, title, socio-economic status, CAGE Code, and prime contract vehicles. Proprietary information must be clearly marked.