Opportunity: Request for Information (RFI) -- DAST Tool

Description 

The Web Application Security Team (WAST) performs static code scanning of all SSA applications as part of the Office of Information Security’s (OIS) cybersecurity program. This is accomplished with the static application security testing (SAST) tool called Checkmarx and the software composition analysis (SCA) tool called Black Duck. Both of these solutions are white box testing tools that analyze the application’s code as it's being built. WAST is looking to procure a Dynamic Application Security Testing (DAST) solution to better analyze SSA applications, to bolster FISMA metrics, and to satisfy the requirements from multiple external audits and assessments. The DAST tool would scan applications as they are executed to identify exploits that can only be detected from black box testing. This funding is required immediately to better support the workload of multiple federal mandates and to provide black box testing early in the development lifecycle to stop exploits before they go to Production and potentially cause a security breach. This will also support a new requirement to perform penetration testing on all Tier 1 applications and all information systems going through the Authority to Operate (ATO) process.

Overview 
Reference number: 28321326RI0000019
Issue date: 05/05/2026
Response due: 05/19/2026 02:00 PM US/Eastern
Set Aside:
NAICS: 513210-Software Publishers
PSC / FSC: 7A21-IT AND TELECOM - BUSINESS APPLICATION SOFTWARE (PE
Agency: Social Security Administration
Contracting office:

Social Security Administration
Office of Acquisition and Grants
00000

Place of Performance:



Contact: KEELIN MCGRATH
Phone:
Fax:
Email: KEELIN.MCGRATH@SSA.GOV
Vendors conference:

Location:



Details:



What do I do now?
This is the opportunity summary page. To the left you will see a description and an overview of this opportunity. To the right you will see a list of the attached documentation. To view any of the attachments, simply click the attachment name.



Registered Users
To register interest in this opportunity or to electronically respond, you must first sign in. Click the Sign In button below.





Non Registered Users
You can view this or any other public opportunity. However, registered users have numerous added benefits including the ability to submit questions to the agency, receive emails concerning updates and amendments, create and manage a response team and submit responses directly through this site.

Becoming a registered user is fast, free and takes only a few minutes. To get started, click the Register Now button below.

  



Documentation 
© 2026 Unison Software, Inc. All rights reserved. Terms of Service and Use About FedConnect