McLean, Virginia-based consulting services provider EnDyna has secured a potential five-year, $13.5M contract to help the Cybersecurity and Infrastructure Security Agency deploy and manage a platform for processing reports of security flaws in the federal government's executive branch networks.
The Vulnerability Disclosure Platform contract has a one-year base period of performance along with four one-year option periods, the agency said Friday.
CISA aims to roll out the system early next year to comply with the Binding Operational Directive 20-01 requiring government agencies to authorize "good faith" security research and respond to vulnerability reports.
Bryan Ware, assistant director for cybersecurity at CISA, said the agency will establish a marketplace for industry services intended to help secure federal civilian systems and processes.
EnDyna is a woman-owned company that assists public sector customers in areas such cybersecurity and information technology, emergency management and environmental and occupational safety.