Vulnerability Disclosure Program (VDP) Enterprise Management System (EMS)
Overview
Buyer
Place of Performance
NAICS
PSC
Set Aside
Original Source
Timeline
Qualification Details
Fit reasons
- NAICS alignment with historical contract wins in similar service areas.
- Scope strongly matches core technical capabilities and delivery model.
Risks
- Past performance thresholds may require one additional teaming partner.
- Potential clarification needed on staffing minimums before bid/no-bid.
Next steps
Validate eligibility requirements, assign capture owner, and schedule partner outreach to confirm teaming strategy before submission planning.
The Department of Defense Cyber Crime Center (DC3) is seeking a commercial enterprise management system (VDP EMS) to support its Vulnerability Disclosure Programs. Key requirements include vulnerability submission workflows, researcher engagement tools, and advanced reporting capabilities for both the DoD VDP and DIB VDP. This acquisition covers annual licenses, subscriptions, and support. See the attached Performance Work Statement (PWS).
Questions are due January 2, 2026 1600 EST
Please note: Funds are not presently available for this contract. The Government’s obligation under this contract is contingent upon the availability of appropriated funds from which payment for contract purposes can be made. No legal liability on the part of the Government for any payment may arise until funds are made available to the Contracting Officer for this contract and until the Contractor receives notice of such availability, to be confirmed in writing by the Contracting Officer.