Cyber Security Engineering and Risk Management Framework Support Services
Overview
Buyer
Place of Performance
NAICS
PSC
Set Aside
Original Source
Timeline
Qualification Details
Fit reasons
- NAICS alignment with historical contract wins in similar service areas.
- Scope strongly matches core technical capabilities and delivery model.
Risks
- Past performance thresholds may require one additional teaming partner.
- Potential clarification needed on staffing minimums before bid/no-bid.
Next steps
Validate eligibility requirements, assign capture owner, and schedule partner outreach to confirm teaming strategy before submission planning.
Quick Summary
The Department of the Army (DEPT OF DEFENSE) is conducting a Sources Sought to identify qualified 8(a) Sole Source firms capable of providing Cybersecurity Engineering and DoD Risk Management Framework (RMF) Support Services for the Aberdeen Test Center (ATC) at Aberdeen Proving Ground, MD. This effort requires non-personal services to support critical cybersecurity functions. Responses are due May 29, 2026.
Scope of Work
The contractor shall provide all personnel, equipment, and services necessary for Cybersecurity Engineering and DoD RMF Support. Key responsibilities include:
- RMF Analysis and Support: Planning, execution, and maintenance of client system Authority to Operate (ATO) for ATC LAN, ATC LIN, ATC STE, and ATC T&EN.
- Engineering and Configuration Management: Reviewing and analyzing engineering changes to system hardware and software baselines, supporting Configuration Management (CM) processes and technical reviews.
- Architectural Support: Providing system-wide architectural support for software baselines and emerging technologies.
- Cybersecurity Requirements: Identifying, assessing, analyzing, documenting, and auditing Cybersecurity requirements through the DoD RMF for SECRET and TOP SECRET levels.
- Security Controls: Selecting, implementing, assessing, and monitoring security controls for ATC information systems.
- Authorization Activities: Supporting Authorization Activities and maintaining security authorizations.
Contract & Timeline
- Opportunity Type: Sources Sought
- Set-Aside: 8(a) Sole Source (FAR 19.8)
- Anticipated Contract Type: Firm Fixed-Price (FFP)
- Anticipated Period of Performance: September 1, 2026 – August 31, 2031 (1 Base Year + 4 Option Years).
- Place of Performance: Aberdeen Test Center, APG MD 21005.
- Response Due: May 29, 2026, 2:00 PM EDT
- Published: May 14, 2026
Special Requirements
- Security Clearances: Contractor personnel require a Secret Security Clearance at proposal submission; one surge position requires Top Secret Clearance. Personnel must maintain access to SIPRNet accounts.
- Certifications: Employees supporting Cybersecurity/IT functions must be appropriately certified per DoD 8570.01-M upon contract award.
- Key Personnel: An IT Sys Solutions Architect-Sr is considered key personnel. A Contract Manager (and alternate) is also required.
- Telework: A Telework Plan must be submitted for approval, addressing eligibility, controls, security, and tools.
- Data Rights: Government has unlimited rights to all documents/material produced.
- Organizational Conflict of Interest (OCI): Contractor must notify the Contracting Officer of any potential OCI and submit a mitigation plan.
Action Item
Interested 8(a) Sole Source firms should provide a capabilities statement demonstrating their ability to meet the requirements outlined in the attached Performance Work Statement. Contact Pasqulita N. Jackson (pasqulita.n.jackson.civ@army.mil) for inquiries.