THIS IS NOT A REQUEST FOR PROPOSALS, AN INVITATION FOR BIDS, OR A REQUEST FOR QUOTATIONS. FURTHER, IT DOES NOT REPRESENT A COMMITMENT BY THE GOVERNMENT TO PAY FOR COSTS INCURRED IN PREPARATION AND SUBMISSION OF DATA OR ANY OTHER COSTS INCURRED IN RESPONSE TO THIS ANNOUNCEMENT.
This is a Source Sought Notice (PUR250130) with the intent to award a sole source purchase order to Diligent Corporation (DILIGENT), under the authority of FAR 13.106-1 based on their unique technical qualifications as the only known provider of the brand name “HighBond Compliance Risk Management Software”. The National Transportation Safety Board (NTSB) knows of no other sources for this requirement. Notice is provided as information to the marketplace, market research, and is an invitation for any other qualified companies to express their interest in and demonstrate their capability to provide the required software.
The NTSB is an independent Federal agency with the primary missions of investigating civil aviation accidents in the United States and significant accidents in the other modes of transportation -- railroad, highway, marine and pipeline -- and issuing safety recommendations aimed at preventing future accidents.
The NTSB has a requirement to subscribe to HighBond Compliance Risk Management Software and support as a key component in the agency’s information security and risk management programs. The NTSB requires FEDRAMP compliant risk management and audit software to facilitate the management of the annual Federal Information Security Modernization Act (FISMA) review process. The period of performance is from 9/27/2025 – 9/26/2026.
HighBond cloud software product assists the OCIO staff with managing systems risks and preparing for assessments and audits to facilitate the implementation of the Federal Information Security Management Act (FISMA) requirements Agency wide. It is the only known risk management software product that does not require a development process prior to use which allows immediate use by the NTSB. HighBond provides a governance, risk and compliance platform that is unique to the NTSB environment.
In addition, this product is FedRamp-authorized Cloud compliant. NTSB, like all federal agencies, must use cloud-based products authorized by FedRamp. The HighBond product is-FedRamp Moderate meaning it’s already approved to handle (CUI) or Controlled Unclassified information. The NTSB has Moderate systems that contain (CUI) Controlled Unclassified Information.
This is the only known FedRamp authorized product that maps directly to NIST SP 800-53 r5 controls and FISMA reporting requirements that are assessed annually by the Third-Party Assessor. The NTSB is required each year to manage and maintain the following documentation: Security Assessment Reports, System Security Plans (SSP) and the Plan of Action & Milestones (POA&M). These documents are critical for NTSB to meet FISMA annual reporting requirements such as completing and submitting CIO and System Privacy reports to DHS and OMB and completing the annual IG audit report that is submitted to OMB and Congress.
Sources capable of fully satisfying the above requirements are invited to submit capability statements/expressions of interest providing the government the necessary information to determine actual capability. At a minimum, this information, which must be prepared specifically in response to this notice should, must include: (1) identification of company or organization; (2) an assertion of existing, full capability to meet proposed requirements; (3) business/contracts/marketing office point(s) of contact; (4) notification of business size and /or special status; and (5) any additional information that may be useful to the successful procurement of the requirements, if solicited. These expressions of interest shall adhere to a five (5)-page submission limit plus web links and any specialized product descriptions. The statement of qualifications should include only information that clearly demonstrates the respondent's capabilities, expertise, and experience to provide the requirements described in this notice. General marketing material should not be included. The NTSB prefers that companies do not submit proprietary material. However, the government recognizes that proprietary data may be a part of your submittal. If so, clearly mark such restricted or proprietary data and present it as an addendum to the non-restricted/non-proprietary information. Information received will be considered solely for the purpose of determining whether to conduct a competitive procurement. A determination by the government not to compete the proposed purchase order based upon responses to this notice is solely within the discretion of the government. All responsible sources may submit a capability statement, which shall be considered by NTSB. Parties must submit information within three (3) days of publication of this notice. NTSB will not return capability statements and the supporting documentation submitted in response to this notice. Telephone responses and inquiries will not be accepted. You may email questions regarding this notice to the issuing office to Bryan J. Moy via email at: bryan.moy@ntsb.gov.
