Request for Information (RFI) -- DAST Tool
| Location: | Federal |
|---|---|
| Posted: | May 5, 2026 |
| Due: | May 19, 2026 |
| Agency: | SOCIAL SECURITY ADMINISTRATION |
| Type of Government: | Federal |
| Category: | |
| Solicitation No: | 28321326RI0000019 |
| Publication URL: | To access bid details, please log in. |
APEX Accelerators are an official government contracting resource for small businesses. Find your local APEX Accelerator (opens in new window) for free government expertise related to contract opportunities.
APEX Accelerators are funded in part through a cooperative agreement with the Department of Defense.
The APEX Accelerators program was formerly known as the Procurement Technical Assistance Program (opens in new window) (PTAP).
- Contract Opportunity Type: Solicitation (Original)
- Original Published Date: May 05, 2026 03:16 pm EDT
- Original Date Offers Due: May 19, 2026 02:00 pm EDT
- Inactive Policy: 15 days after date offers due
- Original Inactive Date: Jun 03, 2026
-
Initiative:
- None
- Original Set Aside:
- Product Service Code: 7A21 - IT AND TELECOM - BUSINESS APPLICATION SOFTWARE (PERPETUAL LICENSE SOFTWARE)
-
NAICS Code:
- 513210 - Software Publishers
-
Place of Performance:
The Web Application Security Team (WAST) performs static code scanning of all SSA applications as part of the Office of Information Security’s (OIS) cybersecurity program. This is accomplished with the static application security testing (SAST) tool called Checkmarx and the software composition analysis (SCA) tool called Black Duck. Both of these solutions are white box testing tools that analyze the application’s code as it's being built. WAST is looking to procure a Dynamic Application Security Testing (DAST) solution to better analyze SSA applications, to bolster FISMA metrics, and to satisfy the requirements from multiple external audits and assessments. The DAST tool would scan applications as they are executed to identify exploits that can only be detected from black box testing. This funding is required immediately to better support the workload of multiple federal mandates and to provide black box testing early in the development lifecycle to stop exploits before they go to Production and potentially cause a security breach. This will also support a new requirement to perform penetration testing on all Tier 1 applications and all information systems going through the Authority to Operate (ATO) process.
- 1540 ROBERT M. BAIL BUILDING 6401 SECURITY BLVD 21235
- BALTIMORE , MD 21235
- USA
- Keelin McGrath
- keelin.mcgrath@ssa.gov
- May 05, 2026 03:16 pm EDTSolicitation (Original)
With GovernmentContracts, you can:
- Find more opportunities and win more business
- Receive daily alerts for all new bid opportunities
- Get contract opportunities matched to your business
See also
...Quality Assessment Review of Internal Audit Department Solicitation No. R-26-001-MM Status... Assessment Review ...
San Antonio Water System
Bid Due: 6/05/2026
...compensation time requests. Support audits by preparing documentation and responding to payroll-related...
TREASURY, DEPARTMENT OF THE
Bid Due: 6/30/2026
...of these elements including: Budget formulation Budget execution Accounting, reporting, and audit Treasury...
TREASURY, DEPARTMENT OF THE
Bid Due: 6/30/2026
...lending); internal audit; accounting and International Financial Reporting Standards (IFRS); and other...
TREASURY, DEPARTMENT OF THE
Bid Due: 6/30/2026