DA10-- Enterprise Vulnerability Management Maintenance and Support (VA-26-00048094)
Overview
Buyer
Place of Performance
NAICS
PSC
Set Aside
Original Source
Timeline
Qualification Details
Fit reasons
- NAICS alignment with historical contract wins in similar service areas.
- Scope strongly matches core technical capabilities and delivery model.
Risks
- Past performance thresholds may require one additional teaming partner.
- Potential clarification needed on staffing minimums before bid/no-bid.
Next steps
Validate eligibility requirements, assign capture owner, and schedule partner outreach to confirm teaming strategy before submission planning.
Quick Summary
The Department of Veterans Affairs (VA) is conducting market research through a Request for Information (RFI) for Enterprise Vulnerability Management Maintenance and Support. This RFI aims to gather information to develop an acquisition strategy for a proposed Firm Fixed Priced Task Order. Responses are due June 4, 2026, by 11:00 AM ET.
Purpose
This RFI is for market research only and does not constitute a Request for Quote (RFQ) or a guarantee of a future solicitation. The VA Technology Acquisition Center (TAC) seeks industry input to refine its acquisition strategy and Product Description (PD) for an enterprise vulnerability management capability.
Scope of Potential Work
The future requirement involves maintaining the existing Tenable Security Center product family or implementing a new commercial vulnerability management solution. This capability must support approximately 1.8 million IPs and associated assets, as well as 675,000 FedRAMP Moderate agents for authenticated endpoint visibility across distributed VA environments. Key functions include centralized management, distributed scanning, role-based administration, dashboarding, reporting, and data export, crucial for the VA Cybersecurity Operations Center (CSOC) Vulnerability Scanning Services (VSS). Continuity of operations is critical, with no gaps in scanning or reporting capabilities accepted.
Information Requested
Respondents should provide:
- General Company Information: Company name, CAGE/DUNS, address, point of contact, phone, email, GWAC contract number (if applicable), and socio-economic size under NAICS Code 541519. SDVOSB/VOSB concerns should confirm VIP database certification.
- Feedback on Draft PD: Questions or recommended changes to the attached draft Product Description.
- Capability Statement: A brief statement detailing the company's ability to meet the draft PD requirements, including confirmation of Section 508 compliance, a current VPAT/ACR, and any accessibility gaps with planned remediation timelines.
Contract & Timeline
- Type: Request for Information (RFI)
- Anticipated Contract Type: Firm Fixed Priced Task Order (future)
- Anticipated Duration: Base year (July 1, 2026 - June 30, 2027) plus four option years.
- Set-Aside: None specified for this RFI; market research includes interest in SDVOSB/VOSB.
- Response Due: June 4, 2026, 11:00 AM ET
- Published: May 28, 2026
Submission Instructions
Responses must be no more than 10 pages and 5 MB. Mark any business-sensitive information as "Proprietary Information." No marketing materials are allowed. Submit responses via email to Contract Specialist Joshua McGarry at Joshua.McGarry@va.gov.