Cyber Security Engineering and Risk Management Framework Support Services
Overview
Buyer
Place of Performance
NAICS
PSC
Set Aside
Original Source
Timeline
Qualification Details
Fit reasons
- NAICS alignment with historical contract wins in similar service areas.
- Scope strongly matches core technical capabilities and delivery model.
Risks
- Past performance thresholds may require one additional teaming partner.
- Potential clarification needed on staffing minimums before bid/no-bid.
Next steps
Validate eligibility requirements, assign capture owner, and schedule partner outreach to confirm teaming strategy before submission planning.
Quick Summary
The Department of the Army (W6QK ACC-APG) is conducting a Sources Sought to identify qualified contractors for Cyber Security Engineering and DoD Risk Management Framework (RMF) Support Services at Aberdeen Proving Ground, MD. This opportunity is set aside for 8(a) Sole Source (FAR 19.8). Responses are due by May 29, 2026.
Scope of Work
The contractor will provide non-personal services for Cybersecurity Engineering and DoD RMF Support to the Aberdeen Test Center (ATC). This includes RMF analysis, planning, execution, and maintenance of client system Authority to Operate (ATO) for ATC LAN, LIN, STE, and T&EN systems. Key tasks involve reviewing engineering changes, supporting Configuration Management (CM) processes, providing system-wide architectural support, and identifying, assessing, analyzing, documenting, and auditing Cybersecurity requirements through the DoD RMF for SECRET and TOP SECRET levels. The contractor will also select, implement, assess, and monitor security controls and support authorization activities.
Contract & Timeline
- Type: Sources Sought
- Set-Aside: 8(a) Sole Source (FAR 19.8)
- Anticipated Contract Type: Firm Fixed-Price (FFP)
- Anticipated Period of Performance: September 1, 2026 – August 31, 2031 (1 Base Year + 4 Option Years)
- Response Due: May 29, 2026, 2:00 PM ET
- Published: May 14, 2026
Key Requirements & Personnel
- IT Solutions Architect Sr (Key Personnel): Must possess a CISSP certification and a minimum of 5 years of experience managing RMF lifecycle reporting, network expansion, and cloud/enclave requirements.
- Other IT Certified Professionals: Must have Security+ or CASP/SecurityX certification and a minimum of 3 years of experience supporting RMF lifecycle reporting and software/hardware reconciliation.
- Top Secret Surge Position: Requires a minimum of 3 years of experience supporting lifecycle documentation for Top Secret environments.
- General Experience: All positions require experience managing across different platforms (Windows/Linux/Apple) and various security classification environments (Unclassified/Classified).
- Certifications: Contractor employees supporting Cybersecurity/IT functions must be appropriately certified per DoD 8570.01-M upon contract award.
- Security Clearances: Contractor personnel require a Secret Security Clearance at the time of proposal submission; one surge position requires a Top Secret Clearance. Personnel must maintain access to SIPRNet accounts.
Additional Notes
Contractor must develop a Quality Control Program (QCP) and report manpower via CMRA. A Telework Plan must be submitted for approval. The Government will have unlimited rights to all documents/material produced. Contractors must notify the Contracting Officer of any potential Organizational Conflict of Interest (OCI) and submit a mitigation plan.
Contact Information
- Primary: Pasqulita N. Jackson (pasqulita.n.jackson.civ@army.mil)
- Secondary: Todd Strasavich (todd.m.strasavich.civ@army.mil)