Patent Office seeks penetration testing services

USPTO is looking for a red-team vendor that can simulate attacks on its networks using methods employed by some of the world's most sophisticated cybercriminals.
USPTO CIO Jamie Holcombe speaks at the 2022 Cloud Together Summit. (FedScoop)

The U.S. Patent and Trademark Office is looking for a partner to perform red-team, penetration testing services to help bolster its cyberdefenses.

USPTO’s Office of the Chief Information Officer seeks a red-team vendor that can simulate attacks on its networks “utilizing current threat actor methods and resources to evaluate mitigation effectiveness all the way up to Advanced Persistent Threat (APT), Nation State (NS), and Non-Governmental Organization (NGO) threat actors,” according to a request for information the agency issued this week.

“[T]he United States Patent & Trademark Office faces some of the most advanced and persistent threat actors in the world,” the RFI says. “Therefore, USPTO is seeking market research information about partners with the necessary capabilities, experience, people, technology, and drive to join our team as a partner in helping to defend against this ever-evolving challenge.”

The Patent Office plans to use what it calls the alternative competition method under its agency acquisition guidelines. As such, the agency is searching for large and small businesses that can meet its pen-testing needs, and if it deems there is an adequate market, it will create a pool of eligible vendors and invite them to bid for the contract.


Because of the sensitivity of the work, USPTO will limit competition of the contract to only domestic U.S. companies. “For security purposes, due to the sensitive nature of the materials, the RTPTS RFI materials shall be disseminated only to verified domestic United States of America contract entities (NO-FORN) only after execution of the attached Non-Disclosure Agreement (NDA) by responding contract entities,” the RFI says.

After companies attest that they are U.S.-based by Jan. 11, they will be sent a more thorough package of RFI materials through which they can detail their services and past performance.

This RFI comes as Patent Office CIO Jamie Holcombe is pursuing a sweeping move to a zero-trust security architecture. In November, Holcombe told FedScoop his office is considering the adoption of encryption-in-use technology to protect data as it builds out its zero-trust security architecture.

Billy Mitchell

Written by Billy Mitchell

Billy Mitchell is Senior Vice President and Executive Editor of Scoop News Group's editorial brands. He oversees operations, strategy and growth of SNG's award-winning tech publications, FedScoop, StateScoop, CyberScoop, EdScoop and DefenseScoop. After earning his journalism degree at Virginia Tech and winning the school's Excellence in Print Journalism award, Billy received his master's degree from New York University in magazine writing while interning at publications like Rolling Stone.

Latest Podcasts