DA01--Enterprise Cybersecurity Program Audit Support (VA-26-00036760)

SOL #: 36C10B26Q0155Sources Sought

Overview

Buyer

Veterans Affairs
Veterans Affairs, Department Of
TECHNOLOGY ACQUISITION CENTER NJ (36C10B)
EATONTOWN, NJ, 07724, United States

Place of Performance

Place of performance not available

NAICS

Computer Systems Design Services (541512)

PSC

Support Services For Activities Involved With Application Development And Support To Include Analysis, Design, Development, Coding, Testing, And Release Packaging, As Well As Support Of Off The Shelf Business Applications. (DA01)

Set Aside

No set aside specified

Timeline

1
Posted
Mar 25, 2026
2
Last Updated
May 6, 2026

Qualification Details

Fit reasons
  • NAICS alignment with historical contract wins in similar service areas.
  • Scope strongly matches core technical capabilities and delivery model.
Risks
  • Past performance thresholds may require one additional teaming partner.
  • Potential clarification needed on staffing minimums before bid/no-bid.
Next steps

Validate eligibility requirements, assign capture owner, and schedule partner outreach to confirm teaming strategy before submission planning.

Quick Summary

The Department of Veterans Affairs (VA), specifically the Office of Information & Technology (OIT), is conducting a Sources Sought / Request for Information (RFI) for Enterprise Cybersecurity Program Audit Support. This RFI aims to gather information from potential sources to inform the acquisition strategy for comprehensive audit cycle support, including the management and continuous improvement of the VA's Audit Portal. Responses are due by April 7, 2026, at 3:00 PM ET.

Scope of Work

The anticipated scope of work, outlined in the draft Performance Work Statement (PWS), requires comprehensive support for VA audit cycle processes. This includes:

  • Audit Cycle Support: Preparation, follow-up, stakeholder and schedule management, tracking audit findings and recommendations, trend analysis, data modeling, and reporting.
  • OIT Audit Portal Management: User support, data quality control, documentation, and portal improvements.
  • Business Intelligence (BI) Artifact Development: Creating data visualizations and dashboards using tools like Power BI.
  • SharePoint Support: Development, maintenance, and integration recommendations.
  • Special Requirements: Compliance with VA cybersecurity directives (e.g., Zero Trust, FICAM, PIV), IT frameworks (VA TRM, IPv6, TIC), and strict guidelines for Generative AI use, prohibiting sensitive VA data in unapproved public AI services. Personnel will require background investigations.

Contract & Timeline

  • Opportunity Type: Sources Sought / Request for Information (RFI)
  • Anticipated Period of Performance: 12 months base period with three 12-month option periods, plus a 60-day optional transition period, not to exceed 50 months.
  • Place of Performance: Contractor facilities.
  • Set-Aside: None specified (this is a market research phase).
  • Response Due: April 7, 2026, 3:00 PM ET
  • Published Date: May 6, 2026 (Initial notice published)

Additional Notes

This RFI is for planning purposes only and does not constitute a solicitation for proposals. The acquisition strategy is still being determined, and technical questions are still being formulated. Interested parties should review the attached draft PWS for detailed requirements. Point of Contact: Nicole Bestreski, Contract Specialist, at nicole.bestreski@va.gov or 848-377-5144. Product Service Code (PSC): DA01 (Support Services for Application Development and Support) NAICS Code: 541512 (Computer Systems Design Services)

People

Points of Contact

Nicole BestreskiContract SpecialistPRIMARY
nicole.bestreski@va.gov
848-377-5144

Files

Files

Download
Download
Download
Download

Versions

Version 2Viewing
Sources Sought
Posted: May 6, 2026
Version 1
Sources Sought
Posted: Mar 25, 2026
View
DA01--Enterprise Cybersecurity Program Audit Support (VA-26-00036760) | GovScope