The Department of the Navy’s Naval Information Warfare Center Atlantic (NIWC Atlantic), part of Naval Information Warfare Systems Command (NAVWAR), is planning to release a task order on SeaPort NxG, that will be a Small Business Multiple Award Contract (MAC). Large businesses and non-SeaPort NxG holders will not be considered.
The requirement centers on Defensive Cyber Operations and A&A activities across a large, geographically dispersed set of DoD and federal network sites, CONUS and OCONUS:
- Testing, validating, and supporting cybersecurity-enabled systems, with a significant focus on Assessment and Authorization aligned to the RMF and DoD cybersecurity directives—across sites ranging from 1,500 to more than 60,000 servers and workstations and over 400 Programs of Record
Interested firms should confirm their SeaPort NxG small business status, register in PIEE, to plan a strong, capabilities-focused response ahead of the anticipated RFP.
OPPORTUNITY SNAPSHOT
- Opportunity: Cybersecurity Assessment and Authorization (A&A) Support for NIWC Atlantic
- Agency: Department of the Navy—Naval Information Warfare Center Atlantic (NIWC Atlantic), NAVWAR
- Estimated Value: TBD
- Period of Performance: Base year + four 1-year options + 6-month extension
- NAICS: 541330 – Engineering Services ($25.5M small business size standard)
- Contract Type: Anticipated task order under SeaPort NxG
- Vehicle: SeaPort NxG Small Business MAC (PIEE registration required)
- Competition: Restricted to SeaPort NxG Small Business MAC holders; set-aside determination pending market research
- Place of Performance: DoD and federal network sites, CONUS and OCONUS
- Security: Cyber work on DoD networks will require cleared personnel and DoD 8140/8570-aligned certifications; specific clearance levels and facility requirements
WHY THIS OPPORTUNITY MATTERS
NIWC Atlantic is one of the Navy’s principal information warfare commands, delivering cyber, C5ISR, and enterprise IT capabilities across naval, joint, and national missions. Cybersecurity A&A is foundational: before a system operates on a DoD network, it must be assessed and authorized under the RMF. This requirement puts a contractor at the center of keeping cybersecurity-enabled systems compliant and operational across an enormous, distributed footprint, from small sites to enclaves exceeding 60,000 endpoints and 400+ Programs of Record.
The multi-year period of performance points to a stable, long-horizon requirement that will focus on depth across the disciplines A&A work demands:
- RMF/A&A analysts and validators, ISSEs and ISSOs, security control assessors, vulnerability and compliance analysts, and defensive cyber operations specialists—supported by cleared personnel with current DoD cybersecurity certifications
WHO SHOULD CONSIDER THIS OPPORTUNITY
This opportunity is built for SeaPort NxG Small Business MAC holders experienced in cybersecurity A&A for DoD networks, that area ideally with the Navy. Firms with the following capabilities should assess their fit now:
- RMF Assessment and Authorization—security control assessment, eMASS/package development, ATO/continuous authorization support, and POA&M management
- Defensive Cyber Operations—network defense, monitoring, incident response, and threat/vulnerability management
- Security testing and validation—vulnerability scanning (ACAS), STIG implementation, SCAP, and independent security control testing
- DoD cybersecurity policy fluency—RMF (NIST SP 800-37/800-53), DoD 8140/8570 workforce requirements, and Navy/DON cybersecurity directives
- Enterprise-scale delivery—supporting large, heterogeneous environments (up to 60,000+ endpoints) across many programs and operating systems
- Cleared workforce—ability to staff and retain personnel with the required security clearances and DoD cybersecurity certifications for CONUS/OCONUS sites
- Active SeaPort NxG Small Business MAC holders with a PIEE account (or the ability to establish one promptly to receive market survey requests and future solicitations)
HOW OST CAN HELP
With the potential RFP release occurring this year, moving now positions your company before the requirement firms up. OST supports SeaPort NxG and DoD cybersecurity contractors with:
- Bid/no-bid assessment: Evaluating your RMF/A&A and DCO capabilities, SeaPort NxG status, cleared-workforce depth, and past performance against the draft PWS
- Capture planning: Crafting a market survey response that showcases relevant capability and helps shape scope, evaluation criteria, and set-aside strategy
- Teaming strategy: Identifying complementary partners and subcontractors to round out A&A, DCO, and CONUS/OCONUS site coverage
- Past performance strategy: Curating relevant cybersecurity/A&A project examples and assembling past performance references mapped to the requirement’s scale and scope
- Proposal development: Proposal readiness—technical approach, staffing and clearance plans, and a compliant response for the anticipated RFP once it is released
If you are evaluating whether NIWC Atlantic’s Cybersecurity A&A Support opportunity aligns with your firm’s capabilities or need support responding to the market survey, we are happy to help you assess your fit and position for the anticipated RFP. If this interests you, please book a call with OST Partner and President Bill Schalik via the button below.
Schedule a discussion today.
