DIU posts RFQ for cyber penetration testing
On August 26, Washington Headquarters Services posted a request for quotes for DIU Cyber Penetration Testing. Quotes are due by 12:00 p.m. Eastern on September 16.
Washington Headquarters Services (WHS), Acquisition Directorate (AD) is issuing this request for quote to a capable small business vendor through Federal Business Opportunities (FedBizOpps). This will be competed as a small business set-aside to a capable small business vendor.
DIUx has a unique mission of leveraging commercial solutions to rapidly improve national security. This requires annual penetration testing, red teaming, team training and active defense on DIU systems and personnel to make sure proper secured measures are in place.
Phase 1 – Penetration testing will cover a review of the key technologies deployed at DIU, an assessment of the initial state of defensive readiness, a vulnerability scan, an audit of systems, a series of attacks against the systems to thoroughly test them, and a comprehensive report on the findings.
Phase 2 – Red teaming exercise allows the highest level of real-world attacks to be simulated and used to expose the potential weak points of DIU’s total Information Security (IS) program including providing evidence of potential compromises such as screenshots, video of physical and electronic entry, physical evidence of gaining access to sensitive and secured areas as well as other evidence defined by DIU.
Phase 3 – Team training and active defense revolves around leveraging the data gathered in the first two phases (Penetration Testing and Red Team Testing and Adversarial Attack Modelling) and using the knowledge gained to enhance defensive capabilities and mitigation of vulnerabilities.
DIU will incorporate annual penetration testing, red teaming, team training and active defense to stay current with industry best practices. Since the mission of DIUx is to operate at “commercial speed” and startup innovation to bring technology into the DoD, it is critical to have the security expertise and security services that will allow DIUx to be compliant with industry standards and DoD CIO/DISA compliant.
Full information is available here.