This repository was created in the hopes that government agencies -- from Federal to state to local municipalities -- can simplify the acquisition of vulnerability scanner licenses. We have included our internal acquisition documents as well as our public facing solicitation documents. The README file associated with the solicitation itself is also included.

To fulfill requirements for its Authority to Operate (ATO), the cloud.gov team at TTS needs access to a pre-existing, commercially available, and specific vulnerability scanner as part of continuously monitoring its infrastructure. cloud.gov previously had a license that could be purchased on a Purchase Card (p-card), but had outgrown that license. The purpose of this acquisition was to give cloud.gov a larger license that would allow it to monitor the larger number of hosts/agents now required to be scanned.

The purpose of this repository is to provide government agencies (and even private industry partners) the ability to learn from our experiences and acquire specific vulnerability scanners for themselves. By replacing this Readme file with the Solicitation Readme, an agency should be able to launch their solicitiation with minimal revisions to other files.

1. Request for Quotation (RFQ) (as had been amended to extend the response deadline)

2. Statement of Work (SOW)

3. Brand Name Justification

4. Solicitation Readme

1. Independent Government Cost Estimate

2. Market Research Report

See CONTRIBUTING for additional information.

This project is in the worldwide public domain. As stated in CONTRIBUTING:

This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.