The U.S. Patent and Trademark Office (USPTO) is looking for a contractor to perform red team penetration testing on USPTO systems as the organization looks to continue improving its cybersecurity posture and protect its data, according to a Jan. 4 request for information (RFI).
The eight-page RFI highlights the need by USPTO’s CIO Office for red team penetration testing services (RTPTS) to simulate attacks on its networks “utilizing current threat actor methods and resources to evaluate mitigation effectiveness all the way up to advanced persistent threat, nation state, and non-governmental organization threat actors.”
RTPTS services are complex, thorough exercises that test an organization’s response to an adversary. The exercises involve an outside team attempting to uncover vulnerable information, like a cybercriminal would, and testing how the organization’s security and IT teams react.
“The USPTO is at the cutting edge of the nation’s technological progress and achievement,” the agency wrote. “[USPTO] faces some of the most advanced and persistent threat actors in the world.”
The RFI states that the agency is seeking information about industry partners with the necessary “capabilities, experience, people, technology, and drive” to join the agency in “helping to defend against this ever-evolving challenge.”
USPTO is looking to award the contract in the fourth quarter of fiscal year 2023.
Interested parties must first respond to the RFI attesting that they are a U.S.-based company and sign a non-disclosure agreement by 12 p.m. EST on Jan. 11. Upon verification of eligibility, USPTO will send vendors additional RFI materials to be submitted no later than 11:00 a.m. EST on Feb. 27.