This RFP is currently open for proposals.
Sign up for an account to get RFPs matching your business in your inbox.

Automated Penetration Test Vulnerability Platform

7/8/2025
-
Springfield, VA

Transportation Security Administration

Buyer seeks a commercial off-the-shelf platform to conduct vulnerability testing in airport environments. The solution must be a standalone, hardened laptop with customized operating system capable of performing comprehensive security assessments. Buyer requires the platform to support automated penetration testing, vulnerability assessment, and security evaluation across multiple system layers. The platform must function entirely offline without dependencies on external infrastructure.

  • 6/18/2025 - Original Published Date
  • 7/8/2025 - Proposal Due Date
  • 7/23/2025 - Original Inactive Date
  • Company must be registered in System for Award Management database
  • Must be located in the United States
  • All data must be housed in storage facilities within the United States
  • Provide COTS platform for vulnerability testing in airport environments
  • Configure standalone, hardened laptop with customized operating system
  • Integrate security assessment tools like Nessus and Burp Suite
  • Enable simultaneous execution of multiple assessment tools
  • Support asset discovery and vulnerability assessment in IT/OT environments
  • Perform automated penetration testing and exploitation
  • Conduct STIG audit checks and other credentialed assessments
  • Identify vendor-specific vulnerabilities for airport screening equipment
  • Generate risk-based criticality and remediation guidance
  • Support deployment on air-gapped laptops and cloud environments
  • Provide technical support via phone, email and web portal
  • Deliver product updates and maintenance including security patches
  • Enable interface with airport security sensors and scanning machines
  • Support non-intrusive inspection technology
  • Simulate real-life scenarios to develop security solutions
  • Conduct assessments without impacting live screening environments
  • Ensure all functionality is self-contained without external dependencies
  • Process consolidated output and compliance mapping offline
  • Facilitate information sharing between security assets
  • Perform mission-critical analysis of screening environments