TSA seeks input on automated testing platform for airport screening

Summary points: 

• TSA Seeks Cybersecurity Input: The Transportation Security Administration has issued a Request for Information (RFI) to gather industry input on a standalone, self-contained platform capable of automated penetration testing and vulnerability assessment for airport screening environments.
• Offline, Integrated Solution Required: The proposed system must operate without internet or cloud access and integrate commercial and open-source tools like Nessus, Burp Suite, and AppDetective Pro to test IT, OT, and embedded systems in airport environments.
• Responses Due by 8 July: Interested companies must submit their response outlining their capabilities by 8 July 2025.

WASHINGTON - The Transportation Security Administration (TSA) has issued a Request for Information (RFI) seeking industry input on a commercial off-the-shelf (COTS) platform capable of performing automated penetration testing and vulnerability assessments within airport security environments.

The envisioned platform would assist TSA in developing and implementing advanced cybersecurity capabilities for people, processes, and technologies in airport screening lanes. The solution must be deployable as a standalone, hardened laptop configured with a mission-specific, customized operating system, fully self-contained with no reliance on internet connectivity, cloud services, or external infrastructure.

The market research notice aims to gauge interest and capability among a broad range of business types, including small and disadvantaged businesses. TSA officials emphasized that this RFI does not constitute a Request for Proposal (RFP) and will not result in a contract award based on responses.

TSA asks industry for information on stationary boarding pass scanner tech and support

TSA is looking for platforms that can automate a range of assessments, including IT and operational technology (OT) environments, credentialed security audits, exploitation techniques, vendor-specific vulnerability discovery, and lateral movement simulations. The system should integrate widely used vulnerability testing tools, such as Nessus, Burp Suite, HCL AppScan, AppDetective Pro, and Nipper Studio, and allow assessments to run concurrently via a single interface action.

Other required features include support for risk-based remediation guidance, detailed reporting, and the ability to run non-disruptive assessments on air-gapped or cloud environments. A comprehensive support package - covering troubleshooting, configuration assistance, software updates, and technical documentation - is also part of the expected solution.

Submissions, which are due by 6 p.m. EDT on 8 July 2025, should be sent via email to [email protected] and [email protected]. Responses must include company details, relevant experience, business size and classification, and a self-certification of U.S. business operations and domestic data storage. Additional information is available at https://sam.gov/opp/0e8ce6bd0fa64770b73d97fd2a1f327d/view.