Location Tracking Services Utilizing GPS and Related Technologies
COURT SERVICES AND OFFENDER SUPERVISION AGENCY
Notice type
Solicitation
Solicitation #
9594CS26Q0016
NAICS
334290
PSC
7E21
Set-aside
Total Small Business Set-Aside (FAR 19.5)
Posted
June 3, 2026
Response due
June 17, 2026
Place of performance
Washington, DC
What this opportunity is
The Court Services and Offender Supervision Agency is seeking Location Tracking Services utilizing GPS and related technologies, with a total small business set-aside under NAICS 334290. This solicitation requires compliance with various federal security standards, including FISMA and NIST guidelines, making it suitable for small businesses with expertise in cybersecurity and technology services. Interested vendors should note that this is a solicitation notice, indicating the need to prepare a bid rather than simply track the opportunity.
Analysis by Mindy, grounded in the SAM.gov notice.
Description
SOW Section
Requirement Summary
Offeror Response (Y/N)
C.13.1
Complies with FISMA, OMB A-130, DHS directives, NIST FIPS/SPs
C.13.2.b
Implements NIST SP 800-53 Moderate baseline (CSOSA-selected controls)
C.13.3.a
Prepares Security Authorization Package per SP 800-37 (FedRAMP templates where available)
C.13.3.b
Continuous Monitoring meets/exceeds SP 800-37 App G
C.13.4.a
Supports CSOSA penetration testing & assessments
C.13.4.b
Tracks gaps in POA&M
C.13.4.c
Mitigation timelines: High (≤30 days); Moderate (≤90 days)
C.13.4.d
Provides access; personnel available; documentation on request
C.13.4.e(1)
No disclosure of safeguards without CO consent
C.13.4.e(2)
Affords access within 72 hours for scans/audits
C.13.4.e(2)(i–iv)
OS/network/web/db scans (auth/unauth); gov tools accepted
C.13.4.f
If the contractor runs scans, provide full results; tools approved.
C.13.4.g
Acknowledges cancellation for convenience if authorization is revoked beyond risk tolerance
C.13.4.h
Complies with CSOSA security/privacy; provides access & docs
C.13.4.i
Properly protects all information used/collected.
C.13.4.j
Treats all information as CUI; off-site protection equivalent
C.13.4.k
CSOSA retains data ownership; full copies on request
C.13.4.l
Physical security of facilities; data available within 1 business day
C.13.4.m
No data release without written CO consent
C.13.4.n
Full access & cooperation for incident response; artifacts provided
C.13.4.o
Contractor bears all incident response costs.
C.13.5.a
Implements FedRAMP baseline & ConMon strategy
C.13.5.b
Follows FedRAMP guidelines or industry best practices
C.13.5.c–d
Prepares FedRAMP Security Authorization Package (SAF/workbook)
C.13.5.e–f
Uses FedRAMP templates; provides documentation/access
C.13.5.g
Engages accredited 3PAO for significant changes
C.13.5.h–i
Affords access; promptly reports new threats/hazards.
Note: Quoter must provide an accurate and truthful response to the requirement summary certification above. Failure to provide accurate responses could result in the quoter’s quote being determined unacceptable or contract termination after award should the quoter initially provide a successful quote.
Source: SAM.gov, as posted. Verify the current solicitation before responding.
Pursue this opportunity with Mindy
See who holds it now, who else is bidding, and draft your response — grounded in real government data, not generic AI.