Archived Content

In an effort to keep current, the archive contains outdated information that may not reflect current policy or programs.
Press Release

CISA Quality Services Management Office Vulnerability Disclosure Platform Contract Awarded


WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), with the General Services Administration (GSA), awarded a contract to Endyna, Inc. of McLean, Va., on Sept. 25, to provide the Vulnerability Disclosure Platform and associated services to help protect Federal civilian Executive Branch networks.

The Platform will promote good-faith security research, ultimately resulting in improved security and coordinated disclosure across the federal civilian enterprise. Using a centrally-managed system, the Platform will intake vulnerability information and use that information to protect critical cyber infrastructure.

“CISA, designated by the White House as the Cybersecurity Quality Services Management Office in April, will build on its current cybersecurity offerings to provide a marketplace of services to agencies to protect and defend systems and operations and deliver cybersecurity solutions that continuously leverage industry innovation, in alignment with the National Cybersecurity Strategy,” said Bryan Ware, CISA’s Assistant Director for Cybersecurity.

The Platform is scheduled for launch in early 2021 in alignment with requirements in Binding Operational Directive 20-01, Develop and Publish a Vulnerability Disclosure Policy.

The award duration is a one-year base contract period of performance with the potential for exercising four one-year options. The maximum contract value is $13,474,025.12 over the five-year period.