Application Security Platform
USCIS has a requirement for Application Security Platform testing. Application Security Platform (ASP) Static Application Security Testing. USCIS requires a cloud native unified application security platform which can be hosted within USCIS’s Amazon Virtual Private Cloud. USCIS’s applications are made up of many different components (e.g., custom source code, Infrastructure as Code, APIs, Open-source libraries). This poses a challenge for USCIS as the attack surface has expanded and become more complex. USCIS needs a solution that will automatically show how the different components of the application interact with each other and where/how they are deployed. Software Composition Analysis. USCIS requires a Software Composition Analysis solution that provides real time threat intelligence on malicious packages, in addition to traditional vulnerability assessments of open-source libraries and applications. The threat landscape has evolved and in recent years there has been a rise in adversaries imbedding malicious code into popular open-source libraries as a backdoor into the enterprise. To stay ahead of this threat, a unified application security platform that encompasses SAST and SCA will allow USCIS to quickly visualize how an application operates, and where lateral movement could occur. Without this capability, USCIS will be unable to understand the context of identified vulnerabilities and will struggle to prioritize remediation efforts.This requirement would normally be announced as a FIRSTSOURCE opportunity. Due to FIRSTSOURCE II expiring and FIRSTSOURCE III not available to use, USCIS is establishing this record for industry’s awareness with uncertainties as to which acquisition vehicle will be used. USCIS will update this record when the appropriate vehicle is determined.
Solicitation in a Nutshell
Item |
Details |
|---|---|
| Agency | Department of Homeland Security |
| Solicitation Number | F2024068148 |
| Status | Pre-RFP |
| Solicitation Date | 07/29/2025 (Estimate) |
| Award Date | Q4 2025 |
| Contract Ceiling Value | $2,000,000 to 5,000,000 |
| Contract Vehicle | GWAC (GWAC) |
| Competition Type | Small Bus Set-Aside |
| Type of Award | N/A |
| Primary Requirement | Computer Programming Services |
| Duration | 09/27/2026 |
| Contract Type | TBD |
| No. of Expected Awards | N/A |
| NAICS Code(s): | 541511 Custom Computer Programming Services |
| Place of Performance: |
|
| Opportunity Website: | https://sam.gov/opp/708ab5144746498c876a7b6471a01ec8/view |
How can GDIC Help?
As a consulting firm that specializes in helping companies prepare winning proposals for government contracts, GDIC can provide a wide range of services to help offerors prepare their C2E proposal, including capture management, proposal writing, proposal management, and proposal review. GDIC can also provide training and support to help offerors understand the technical and administrative requirements outlined in the solicitation, and can provide guidance on how to structure the proposal to maximize its chances of success.
Our business development and proposal professionals have several decades of experience and expertise in construction proposals and contracts for government. By working with GDIC, offerors can increase their chances of winning the C2E contract and can position themselves for long-term success in the federal marketplace.