RFQ 26-04668 for Vulnerability Management Program Support and Penetration Testing Services

Solicitation: Not available

Notice ID: ma_commbuys_c6c7a9ef8c3a48f0cfd5

NAICS • 80, 11, 18Set-Aside • SBPP Eligible: NO Department • Executive Office of Technology Services and Security Agency • ITD0001 - Executive Office of Technology Services and Security State • MAPosted • —Due • Apr 08, 2026, 03:00 PM UTC• Closes in 0 days

Federal opportunity from ITD0001 - Executive Office of Technology Services and Security • Executive Office of Technology Services and Security. Place of performance: MA. Response deadline: Apr 08, 2026. Industry: NAICS 80, 11, 18.

Department hub Agency hub State hub NAICS search Set-aside hub

Market snapshot

Baseline awarded-market signal across all contracting (sample of 400 recent awards; refreshed periodically).

Market trends →Awards →

12-month awarded value

$1,752,134,213

Sector total $1,752,134,213 • Share 100.0%

Live

Median

$85,800

P10–P90

$27,155–$802,160

Volatility

Volatile200%

Market composition

NAICS share of sector

A simple concentration signal, not a forecast.

100.0%

Momentum (last 3 vs prior 3 buckets)

+100%($1,752,134,213)

Deal sizing

$85,800 median

Use as a pricing centerline.

Live signal is computed from awarded notices already observed in the system.

NAICS 80 trends Sector 80 trends Department Agency MA state hub All trends

Signals shown are descriptive of observed awards; not a forecast.

Related hubs & trends

Navigate the lattice: hubs for browsing, trends for pricing signals.

State MA NAICS 80 search Sector 80 trends Set-aside Set-aside trends Department Department trends Agency Agency trends

We write these bids →

Open on official portal →

Live POP

Place of performance

1 No Address See Item Section for specific information Vendors need to check the Items section of the PO for ship to information Boston, MA 02108 US Email: seeitemsssection@xxx.com Phone: (617) 626-4400

State: MA

Contracting office

Not listed

Applicable Wage Determinations

SAM WDOL references matched to this opportunity's location and scope language.

WD Directory →

Best fit for this contractDavis-Bacon

MA20260010 (Rev 0)

Match signal: state matchOpen WD

Published Jan 02, 2026Massachusetts • Berkshire, Franklin, Hampden +1

Rate

BOILERMAKER

Base $50.62Fringe $28.82

Rate

BRICKLAYER BRICKLAYERS; CEMENT MASONS; PLASTERERS; STONE MASONS; MARBLE, TILE & TERRAZZO WORKERS

Base $50.81Fringe $32.27

+64 more occupation rates available in the full WD.

View more for this contract

3 more WD matches and 64 more rate previews.

↓

Davis-BaconBest fitstate match

MA20260010 (Rev 0)

Open WD

Published Jan 02, 2026Massachusetts • Berkshire, Franklin, Hampden +1

Rate

BOILERMAKER

Base $50.62Fringe $28.82

Rate

BRICKLAYER BRICKLAYERS; CEMENT MASONS; PLASTERERS; STONE MASONS; MARBLE, TILE & TERRAZZO WORKERS

Base $50.81Fringe $32.27

Rate

DIVER TENDER

Base $61.70Fringe $35.47

+63 more occupation rates in this WD

Davis-Baconstate match

MA20260004 (Rev 0)

Open WD

Published Jan 02, 2026Massachusetts • Barnstable, Berkshire, Bristol +8

Rate

Bricklayer, Plasterer, Stonemason

Base $62.40Fringe $34.40

Rate

Bricklayer, Plasterers, Stonemasons, Tile Layers

Base $50.81Fringe $32.27

Rate

BRICKLAYER

Base $62.40Fringe $34.40

+43 more occupation rates in this WD

Davis-Baconstate match

MA20260020 (Rev 0)

Open WD

Published Jan 02, 2026Massachusetts • Hampshire

Rate

POWER EQUIPMENT OPERATOR Group 1

Base $57.83Fringe $33.70

Rate

Group 2

Base $57.18Fringe $33.70

Rate

POWER EQUIPMENT OPERATOR Group 1

Base $42.88Fringe $31.04

+21 more occupation rates in this WD

Davis-Baconstate match

MA20260007 (Rev 0)

Open WD

Published Jan 02, 2026Massachusetts • Franklin

Rate

CARPENTER

Base $43.33Fringe $27.82

Rate

Power equipment operators: (1) Backhoe/Excavator/Trackhoe

Base $42.88Fringe $31.04

Rate

A (1) Loader

Base $42.88Fringe $31.04

+8 more occupation rates in this WD

Point of Contact

Not available

Agency & Office

Department

Executive Office of Technology Services and Security

Agency

ITD0001 - Executive Office of Technology Services and Security

Subagency

ITD0001 - Executive Office of Technology Services and Security

Office

Shawn Johnson

Contracting Office Address

Not available

Description

The purpose of this RFQ is to solicit bids for Vulnerability Management Program Support, Application Security Program Support, and Penetration Testing Services. See RFQ for complete detail. Respondents must be current awarded bidders under Statewide Contract ITS78. Non-ITS78 vendors may collaborate with ITS78 vendors provided that the ITS78 vendor submits the bid, and that the relationship and duties are clear.

Files

Files size/type shown when available.

BidPulsar Analysis

A practical, capture-style breakdown of fit, requirements, risks, and next steps.

Updated: Mar 19, 2026

Client-ready brief

Executive summary

medium confidencegpt 4o mini

This RFQ (26-04668) seeks bids for Vulnerability Management Program Support, Application Security Program Support, and Penetration Testing Services through the Executive Office of Technology Services and Security. Interested bidders must be current awarded vendors under Statewide Contract ITS78, and non-ITS78 vendors may collaborate with ITS78 vendors, but the collaborating vendor must remain clear on roles. The response deadline is set for April 6, 2026, providing ample time for preparation.

Vulnerability ManagementPenetration TestingApplication SecurityStatewide Contract ITS78

What the buyer is trying to do

The buyer aims to enhance their cybersecurity framework by procuring comprehensive vulnerability management and penetration testing services, ensuring that their applications are secure and compliant.

Who should pursue this

Current awarded bidders under Statewide Contract ITS78
ITS78 vendors looking to partner with non-ITS78 vendors

Work breakdown

Vulnerability Management Program Support
Application Security Program Support
Penetration Testing Services

Response package checklist

Bid proposal detailing services offered
Clear delineation of roles between teaming partners
Compliance documentation for Statewide Contract ITS78

More BidPulsar strategy notesCompliance, pricing, teaming, risks, questions, and coverage notes

Compliance notes

Must comply with terms set forth in Statewide Contract ITS78

Pricing strategy

Consider competitive pricing while ensuring comprehensive service offerings

Teaming and subs

Non-ITS78 vendors should establish a partnership with an ITS78 vendor
Clear definition of responsibilities in proposals

Risks and watchouts

Potential challenges in maintaining compliance with ITS78 requirements
Coordination issues between partnered vendors

Smart questions to ask

What specific metrics will be used to assess the effectiveness of the services provided?
Are there any preferred technologies or methodologies for the penetration testing services?

Source coverage notes

Some notices publish limited source detail. Confirm these points before final bid/no-bid decisions.

Specific performance requirements or benchmarks for the services
Detailed expectations or criteria for application security
Information on past performance metrics for similar contracts
Potential budget limits or estimated dollar values for the RFQ
Any relevant cybersecurity regulations or standards to meet

Ask Us To Handle This Bid →Our Services →

FAQ

How do I use the Market Snapshot?

It summarizes awarded-contract behavior for the opportunity’s NAICS and sector, including a recent pricing band (P10–P90), momentum, and composition. Use it as context, not a guarantee.

Is the data live?

The signal updates as new awarded notices enter the system. Always validate the official award and solicitation details on SAM.gov.

What do P10 and P90 mean?

P10 is the 10th percentile award size and P90 is the 90th percentile. Together they describe the typical spread of award values.