Cyber Security Engineering and Risk Management Framework Support Services

SOL #: PANAPG-26-P-0000041835Sources SoughtSole Source

Overview

Buyer

DEPT OF DEFENSE

Dept Of The Army

W6QK ACC-APG

ABERDEEN PROVING GROU, MD, 21005-5001, United States

Place of Performance

Aberdeen Proving Ground, MD

NAICS

Other Computer Related Services (541519)

PSC

Support Services Focused On Supporting Security Policies/Controls, Processes, Measuring Compliance Of Relevant Legal/Compliance Requirements, To Include Section 508, And Responding To Security Breaches. Also Provides Support For It Security Systems Providing Continuous Diagnostics And Mitigation (Cdm) For Real Time Cyber Security And Protection Such As Vulnerability Scanning, Managing Firewalls, Intrusion Prevention Systems, And Security Information And Event Management (Siem). Includes Disaster Recovery (Dr) Services To Support Dr Policy, Process And Means, Dedicated Failover Facilities And Perform Dr Testing. (DJ01)

Set Aside

8(a) Sole Source (FAR 19.8) (8AN)

Original Source

https://sam.gov/opp/f3d963413f4a4f0b868503000a24ffde/view

Timeline

Posted

May 14, 2026

Last Updated

May 14, 2026

Response Deadline

May 29, 2026, 2:00 PM

Qualification Details

Fit reasons

NAICS alignment with historical contract wins in similar service areas.
Scope strongly matches core technical capabilities and delivery model.

Risks

Past performance thresholds may require one additional teaming partner.
Potential clarification needed on staffing minimums before bid/no-bid.

Next steps

Validate eligibility requirements, assign capture owner, and schedule partner outreach to confirm teaming strategy before submission planning.

Quick Summary

The Department of the Army is seeking capabilities statements for Cyber Security Engineering and Risk Management Framework (RMF) Support Services at Aberdeen Proving Ground, MD. This Sources Sought notice is for an anticipated Firm Fixed-Price contract to provide comprehensive cybersecurity support for the Aberdeen Test Center (ATC). Responses are due May 29, 2026.

Scope of Work

The contractor will provide non-personal services for Cybersecurity Engineering and DoD RMF Support. Key responsibilities include:

RMF Lifecycle Support: Analysis, planning, execution, and maintenance of Authority to Operate (ATO) for client systems.
System Support: Cybersecurity for ATC LAN, ATC LIN, ATC STE, and ATC T&EN systems.
Engineering & Architecture: Review and analyze engineering changes, support Configuration Management (CM) processes, and provide system-wide architectural support for software baselines and emerging technologies.
Security Controls: Identify, assess, analyze, document, and audit Cybersecurity requirements through the DoD RMF for SECRET and TOP SECRET levels, including selecting, implementing, assessing, and monitoring security controls.
Authorization Activities: Support authorization activities and maintain security authorizations.

Contract & Timeline

Opportunity Type: Sources Sought
Anticipated Contract Type: Firm Fixed-Price (FFP)
Set-Aside: 8(a) Sole Source (FAR 19.8)
Period of Performance: September 1, 2026 – August 31, 2031 (1 Base Year + 4 Option Years)
Place of Performance: Aberdeen Test Center, Aberdeen Proving Ground, MD 21005
Response Due: May 29, 2026, by 2:00 PM Z
Published: May 14, 2026

Special Requirements

Security Clearances: Contractor personnel require a Secret Security Clearance at proposal submission, with one surge position requiring Top Secret. Personnel must maintain SIPRNet access.
Certifications: Employees supporting Cybersecurity/IT functions must be DoD 8570.01-M certified upon contract award.
Key Personnel: Includes an IT Sys Solutions Architect-Sr and a Contract Manager (with alternate).
Telework: A Telework Plan must be submitted for approval.
Organizational Conflict of Interest (OCI): Contractors must notify the Contracting Officer of potential OCI and submit a mitigation plan.

Submission Instructions

Only emailed responses will be accepted. Capabilities statements should detail the company's ability to meet the requirements in the attached Performance Work Statement. Ensure both primary and secondary Points of Contact are included in a single reply.