Opportunity
Massachusetts COMMBUYS #BD-26-1060-ITD00-ITD00-126648
Massachusetts EOTSS Vulnerability Management and Penetration Testing Services Solicitation
Posted
March 16, 2026
Respond By
April 08, 2026
Identifier
BD-26-1060-ITD00-ITD00-126648
NAICS
541512
This opportunity seeks support for the State of Massachusetts' cybersecurity initiatives: - Government Buyer: - Executive Office of Technology Services and Security (EOTSS), State of Massachusetts - Services Requested: - Vulnerability Management Program Support - Application Security Program Support - Penetration Testing Services - All services are consolidated under a single line item; no specific OEMs or product part numbers are mentioned - Eligibility and Collaboration: - Only vendors currently awarded under Statewide Contract ITS78 may respond directly - Non-ITS78 vendors may participate only if collaborating with an ITS78 vendor, with roles and relationships clearly defined in the bid - Notable Requirements: - Strict eligibility limited to ITS78 contract holders - Mandatory inclusion of collaboration agreements for non-ITS78 vendor participation - Attachments include statement of work, data management/confidentiality agreement, MOU for criminal justice information, and safeguarding contract language - No physical products or hardware are being procured; focus is on professional cybersecurity services - Place of Performance: - Services to be performed for the State of Massachusetts, likely at or coordinated through EOTSS offices in Boston, Suffolk County
Description
This solicitation seeks bids for Vulnerability Management Program Support, Application Security Program Support, and Penetration Testing Services. Only vendors currently awarded under Statewide Contract ITS78 may respond, though non-ITS78 vendors may collaborate with ITS78 vendors if the ITS78 vendor submits the bid and clearly defines the relationship and duties. The procurement is managed by the Executive Office of Technology Services and Security in Massachusetts, with bids due by April 8, 2026. The solicitation includes multiple attachments detailing the statement of work, confidentiality agreements, and safeguarding contract language.