search

18F / tts-buy-bug-bounty

Solicitation and acquisition documents created for the TTS Bug Bounty program that can be reused by other government agencies and organizations.
Other
19 stars 15 forks source link

Phase 1 Technical Evaluation Platform Requirements #32

Open BKozisek7 opened 5 years ago

BKozisek7 commented 5 years ago

Question/Comment on TTS Bug Bounty RFQ

Name and affiliation

Brett Kozisek Director Synack Inc.

Section of RFQ documents

RFQ Section 5.1 - Phase 1 Technical Evaluation platform requirements - https://github.com/18F/tts-buy-bug-bounty/blob/master/2018-procurement/RFQ.md#51---phase-1-technical-evaluation it states in sub bullet two “Maintaining a reliable, secure bug bounty SaaS platform.

Question/Comment

Can the government define the requirements the solution must meet in order to be compliant with the reference of Maintaining a reliable, secure bug bounty SaaS platform”?

MichelleMcNellis commented 5 years ago

The requirement is to comply with RFQ Section 12 - Addendum - Commercial Contract Clauses, IT Security Procedural Guide 09-48, Security and Privacy Requirements for IT Acquisition Efforts, Low Impact Software as a Service (LiSaaS) – IT Security and Privacy Requirements.