The U.S. Customs and Border Protection (CBP) Office of Information and Technology (OIT) is planning for a major IT contract that will support systems used by its Cargo Systems Program Directorate (CSPD).
In a recent request for information (RFI), CBP explained that CSPD is a directorate within OIT that is responsible for developing and maintaining technology solutions that “support CBP, other government agencies, and the trade community for import, export, and control of merchandise shipments.”
“CBP is the second largest revenue collector for the U.S. government and CSPD is responsible for providing the capabilities to support this revenue collection and the information exchange with the trade community, other government agencies, and foreign governments,” the RFI says. “CSPD manages the Automated Commercial Environment (ACE) system and the Advanced Trade Analytics Platform (ATAP) program.”
However, CBP said that CSPD applications have a large backlog of security vulnerabilities. According to the RFI, from January to August 2023, CSPD applications had a backlog of about 2,600 security vulnerabilities (of all severities) with an average of 392 new vulnerabilities identified each month and 343 remediated per month.
CBP is looking for a contractor who can provide a team of security specialists to support the CSPD Security Team. This team will help manage the vulnerability scan schedule, review and analyze vulnerabilities identified by scans, and assess and develop proposed remediations.
In addition to security services, the contractor will be responsible for a range of other IT work, such as data analytics, operations and maintenance, workflow automation engineering, SecDevOps, and data management, among others.
Response to the RFI are due by 5 p.m. on Oct. 30.