Universal Service Administrative Company

Buyer seeks a contractor to implement and operate a Vulnerability Disclosure Program. The platform must be structured based on NIST SP 800-53 Revision 5 and be flexible for customizations. The contractor will provide report validation, duplicate-detection, and an ISO 3011 compliance vulnerability handling workflow. The project includes platform implementation, ongoing operations, and dedicated customer success team support.

• 12/2/2024 - Solicitation Issue Date
• 12/17/2024 - Question Due Date
• 1/6/2025 - Proposal Due Date

• Implement and operate a Vulnerability Disclosure Program
• Configure platform based on NIST SP 800-53 Revision 5
• Perform intake validation of vulnerability reports
• Communicate validation results to USAC
• Provide reporting and analytics on vulnerability assessments
• Offer dedicated customer success team support
• Ensure compliance with legal and regulatory requirements
• Deliver comprehensive documentation and training materials
• Integrate with Active Directory and Okta for user access
• Support communication channels between reporters and USAC's security team