Senate Offices Want New System to Track Website Vulnerabilities

While Congress is preparing for what are sure to be noisy debates about cybersecurity legislation, Capitol Hill administrators are quietly beefing up their own network defenses.

A solicitation posted on FedBizOpps by the Office of the Senate Sergeant at Arms seeks a new system to scan for vulnerabilities across public-facing Senate websites and services.

The Senate wants commercial, off-the-shelf software to scan, identify and help resolve vulnerabilities across 140 different Senate office websites, including members’ offices and committee and support offices.

“A vulnerability assessment is an automated scan conducted against networked devices to reveal vulnerabilities associated with each device, such as missing security updates or misconfigured applications,” the solicitation states. “The list of vulnerabilities is then used to identify required patches or other fixes.”

The Senate currently uses a vulnerability assessment tool managed by Tripwire IP360, primarily to scan internal networks. The contractor selected will be responsible for installing and running the software and providing patches and updates to scan for  

Proposals are due by March 25 and the award anticipated in June.

Contractor personnel must be U.S. citizens and have to pass a background check and will be privy to some pretty sensitive data.

“Senate information is privileged material and must be protected from loss, disclosure, and electronic penetration,” the solicitation states.

(Image via Brandon Bourdages / Shutterstock.com)