Trusted Operations, Maintenance, Cybersecurity, Assurance, and Technology (TOMCAT)

SOL #: 70T03026_VRR_TOMCATPre-Solicitation

Overview

Buyer

Homeland Security

Transportation Security Administration

ENTERPRISE INFORMATION TECHNOLOGY

Springfield, VA, 20598, United States

Place of Performance

Springfield, VA

NAICS

No NAICS code specified

PSC

No PSC code specified

Set Aside

No set aside specified

Original Source

https://sam.gov/opp/3db475342f24436cbbe286c6719b88a3/view

Timeline

Posted

Dec 10, 2025

Last Updated

Jan 23, 2026

Response Deadline

Dec 16, 2025, 10:00 PM

Qualification Details

Fit reasons

NAICS alignment with historical contract wins in similar service areas.
Scope strongly matches core technical capabilities and delivery model.

Risks

Past performance thresholds may require one additional teaming partner.
Potential clarification needed on staffing minimums before bid/no-bid.

Next steps

Validate eligibility requirements, assign capture owner, and schedule partner outreach to confirm teaming strategy before submission planning.

Quick Summary

The Transportation Security Administration (TSA) has issued a pre-solicitation notice for the Trusted Operations, Maintenance, Cybersecurity, Assurance, and Technology (TOMCAT) program. This initiative seeks to establish an IT services Blanket Purchase Agreement (BPA) under the GSA Multiple Award Schedule (MAS) to acquire robust engineering and technical IT services. Interested GSA MAS vendors must request access to a Virtual Reading Room (VRR), which will contain Sensitive Security Information (SSI) pertinent to the upcoming solicitation. Requests for VRR access, including lists of individuals for security assessment, are due by December 16, 2025, at 08:00 AM EST.

Purpose & Scope

TSA's IT office requires world-class IT services for the development, implementation, and administration of critical services and core Operations & Maintenance (O&M) functions, including IT security alignment. The TOMCAT BPA will support the TSA IT Enterprise, which serves approximately 85,000 employees and contractors across various locations, including HQ, 440 airports, and international sites. This effort builds upon the existing IMPACT II task order.

Contract Details & VRR Access

Contract Type: Blanket Purchase Agreement (BPA) under GSA Multiple Award Schedule (MAS).
Set-Aside: None specified.
VRR Access Requirements: Access to the VRR is restricted due to SSI. Vendors must:
- Designate a Senior Corporate Official as the single point of contact for sensitive information, responsible for certifying protection protocols every 60 days.
- Submit the company's CAGE code, Unique Entity ID, and address.
- Provide a password-protected Data Protection Plan for safeguarding SSI.
- Submit a password-protected Microsoft Excel spreadsheet with detailed personal information (Full Name, Email, Phone, Sex, Birth Date, Citizenship, SSN, previous TSA suitability, federal background investigation, or security clearance) for up to three individuals (from Prime, subcontractor, and/or team members) who require SSI access. These individuals will undergo a Security Threat Assessment.
- Each individual granted access must execute a Non-Disclosure Agreement (DHS Form 11000-6).
SSI Usage: SSI is provided solely for proposal preparation and must be returned to the Government before proposal evaluations.