Patent Office seeks penetration testing services
The U.S. Patent and Trademark Office is looking for a partner to perform red-team, penetration testing services to help bolster its cyberdefenses.
USPTO’s Office of the Chief Information Officer seeks a red-team vendor that can simulate attacks on its networks “utilizing current threat actor methods and resources to evaluate mitigation effectiveness all the way up to Advanced Persistent Threat (APT), Nation State (NS), and Non-Governmental Organization (NGO) threat actors,” according to a request for information the agency issued this week.
“[T]he United States Patent & Trademark Office faces some of the most advanced and persistent threat actors in the world,” the RFI says. “Therefore, USPTO is seeking market research information about partners with the necessary capabilities, experience, people, technology, and drive to join our team as a partner in helping to defend against this ever-evolving challenge.”
The Patent Office plans to use what it calls the alternative competition method under its agency acquisition guidelines. As such, the agency is searching for large and small businesses that can meet its pen-testing needs, and if it deems there is an adequate market, it will create a pool of eligible vendors and invite them to bid for the contract.
Because of the sensitivity of the work, USPTO will limit competition of the contract to only domestic U.S. companies. “For security purposes, due to the sensitive nature of the materials, the RTPTS RFI materials shall be disseminated only to verified domestic United States of America contract entities (NO-FORN) only after execution of the attached Non-Disclosure Agreement (NDA) by responding contract entities,” the RFI says.
After companies attest that they are U.S.-based by Jan. 11, they will be sent a more thorough package of RFI materials through which they can detail their services and past performance.
This RFI comes as Patent Office CIO Jamie Holcombe is pursuing a sweeping move to a zero-trust security architecture. In November, Holcombe told FedScoop his office is considering the adoption of encryption-in-use technology to protect data as it builds out its zero-trust security architecture.