GovScope GovScope

Capture Assessment

Find Evil LLC

USAC RFP: Penetration Testing as a Service

Decision

Pursue the USAC PTaaS opportunity strictly as a subcontractor.

While Find Evil LLC offers elite DFIR and multi-cloud forensics expertise, the solicitation focuses heavily on Penetration Testing as a Service. A lack of federal past performance and pending socio-economic certifications limit competitive standing for a prime bid.

Case workspace - 5 views

Share
Export

Current view

PDF documentMarkdown fileWord document

Core package

PDF package (.zip)Markdown package (.zip)Word package (.zip)

Why this call lands here

Capability Misalignment

The core requirement is Penetration Testing as a Service (PTaaS), including ethical hacking and web application testing.

Lack of Federal Past Performance

Federal past performance is typically expected to win a prime federal contract of this scope.

Geographic Mismatch

The RFP explicitly requires Contractor Staff to be on-site at USAC Headquarters in Washington, DC at least 2 days per week.

Pending Socio-Economic Status

Active certifications are required to gain set-aside or evaluation advantages.

Recommended capture actions

  1. Record No Go as Prime; pursue only as subcontractor.
  2. Identify established federal cybersecurity contractors likely to bid on USAC IT-26-027.
  3. Produce a one-page capability-to-scope map that shows where the company fits and where it does not.

Requirements that shape the proposal.

This shortlist is ranked for go / no-go relevance rather than shown in source order.

Priorities 10
Mandatory 9
Buckets 3
Open Requirements Matrix
Disqualifiers / Hard Gates3 priorities

Contractor must comply with Data Security Laws (FISMA, NIST SP 800-53 Rev 5). Any Cloud Service Offering used must be FedRAMP Authorized at a moderate risk level.

Required

Contractor must maintain ISO 27001 compliance certification and SOC 2 Type II reports for all Contractor IT used in performance of the Services, and provide them to USAC within 10 calendar days of the Effective Date.

Required

Avoid material exceptions to the RFP; material or unacceptable exceptions may render the proposal technically unacceptable or ineligible for award.

Required
Commercial / Pricing Risk2 priorities

Price the bid sheet by daily rate for the base year and all four option years.

Required

USAC intends to make award on a best-value basis considering Technical, Past Performance, and Price.

Reference
Execution / Compliance Risk5 priorities

Keep key personnel in their assigned roles for the contract term and obtain USAC’s prior written approval before changing, removing, or reducing their time commitment.

Required

Contractor Staff are required to be in the USAC office at least 2 days per week. Contractors required to report in person must reserve workspaces in advance using USAC's hoteling system.

Required

Conduct background checks on contractor staff and provide evidence of those checks to USAC upon request.

Required

Email draft details and reproduction steps for critical or high findings to the USAC product manager within one (1) business day.

Required

Contractor must notify USAC at incident@USAC.org and Privacy@USAC.org within one (1) hour of becoming aware of an actual or suspected Cybersecurity Incident or Privacy Incident.

Required

Opportunity

USAC RFP: Penetration Testing as a Service

Agency / customer
USAC (FCC-associated)
Due date
2026-03-30
Place of performance
Washington, DC 20005

Company

Find Evil LLC

Company
Find Evil LLC
Core capabilities
Digital Forensics and Incident Response (DFIR), Compromise Assessment, Cloud Forensics
Strengths
Elite DFIR capabilities, Multi-cloud forensics
Major gaps
Lack of federal past performance, No DC-based personnel, Pending socio-economic certifications