United States Transportation Command

(USTRANSCOM)
Senior Information Security Officer (SISO)
Request for Information Number: TRANSCOM-25-D014
Proposal Due Date: October 17th, 2025 at 10:00 AM CT
Request for Information Response

SUBMITTED TO:
TCAQ-DS Mailbox at [email protected]

SUBMITTED BY:
Company Name: Trust Consulting Services
Address: 1250 Connecticut Ave NW,
Washington, DC
Phone: 202-888-4567
Fax: 202-888-1305
Web: tcsservices.net
UEI: RCAAJWT92AF6
Point of Contact
CAGE: 7GU61
James Radford
NAICS: 541519
President/CEO – Trust Consulting Services
Socio Economic Status: SB, 8a, SDVOSB,
Phone: 202-888-4567
SDB
Email: [email protected]
GSA Schedule Number: 47QSWA20D000Y

RFI No: TRANSCOM-25-D014 Due Date: Oct 17th, 2025 Page

This response Use
includes data that shall
or disclosure notcontained
of data be disclosed outside
on this of isthe
sheet Government
subject and shall not
to the restriction on be
theduplicated, used,
title page of thisor disclosed in whole or
proposal
in part for any purpose other than to evaluate this response.orThis restriction does not limit the Government's right to use information
quotation.
contained in this data if it is obtained from other sources without restriction. The data subject to this restriction are contained in this entire
response.
 United States Transportation Command (USTRANSCOM)
Senior Information Security Officer (SISO)
Response to RFI

Cover Letter

RFI No: TRANSCOM-25-D014 Due Date: Oct 17th, 2025 Page i

Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this proposal
s
or quotation.
 United States Transportation Command (USTRANSCOM)
Senior Information Security Officer (SISO)
Response to RFI

Table of Contents
Table of Contents............................................................................................................................ii
1. Industry Questions (NTE 5 pages)...............................................................................................I
1.1 Company Information................................................................................................................I
1.2 Business Size..............................................................................................................................I
1.3 Industry Insight...........................................................................................................................I
1.4 Innovative Approaches to Enhance SISO Requirement Efficiency........................................III
2. Chief Information Security........................................................................................................VI
3. Technical Capability Virtual Meetings.......................................................................................X
Any suggestions or recommendations...........................................................................................XI

RFI No: TRANSCOM-25-D014 Due Date: Oct 17th, 2025 Page ii

Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this proposal
or quotation.
 Senior Information Security Officer (SISO)
United States Transportation Command (USTRANSCOM)
Response to RFI

1. Industry Questions (NTE 5 pages)

We request interested parties to submit the following information in the format of a White Paper as
outlined below. Again, this information will support market research activities within USTRANSCOM.
The White Paper should be concise (no more than 5 pages), 12 pt Times New Roman font, and address
only the information requested below (title pages, cover letter, etc., will not count against the page limit).
1.1 Company Information
Company Name Trust Consultancy Services
CAGE Code 7GU61
Name: James Radford
POC Details Email: [email protected]
Contact: 202-888-4567

Company Website https://trustconsultingservices.com/

Facility Clearance Yes

Contract Vehicles All contract vehicles under which you hold contracts (e.g., OASIS, FABS, etc.).
<Fill the table above>
1.2 Business Size
A. Based on the NAICS code (541519 – Other Computer Related Services), please indicate your
business size
Small ✘ Large
B. If small business, please check all that apply to your firm:
HUBZone Small Business
Service-Disabled Veteran-Owned Small Business ✘
Veteran-Owned Small Business
Small Disadvantaged Business
Woman-Owned Small Business
Economically Disadvantaged Woman-Owned Small Business
1.3 Industry Insight
Bring us your ideas.

1. In your experience, what has worked well for other comments or commercial entities?

Organizations that successfully support DoD cybersecurity initiatives especially those following
the Risk Management Framework (RMF) and Zero Trust principles have achieved the best
outcomes by combining integrated governance, ongoing collaboration, and automation-based
oversight. A major factor in their success has been incorporating cybersecurity governance
directly into everyday operational processes instead of treating it as a separate compliance task.
Companies that developed advanced RMF workflows utilizing eMASS automation, vulnerability

RFI No: TRANSCOM-25-D014 Due Date: Oct 17th, 2025 Page I

Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this proposal
s
or quotation.
 Senior Information Security Officer (SISO)
United States Transportation Command (USTRANSCOM)
Response to RFI
scanning, and continuous monitoring dashboards were able to accelerate Authority to Operate
(ATO) approvals and enhance mission readiness. Another effective strategy has been fostering
early collaboration among security engineers, software developers, and authorizing officials
during system design. This DevSecOps-aligned method minimized rework and enabled real-time
security validation, as demonstrated by DLA’s Cyber-Integrated Planning Element (C-IPE) and
USTRANSCOM’s focus on secure software assurance and SCAR support.

Furthermore, the use of data-driven reporting and metrics has proven highly valuable.
Organizations that standardized cyber risk indicators such as Key Risk Indicators, RMF control
maturity scores, and vulnerability remediation timelines were better able to show accountability
and continuous improvement to senior leaders and oversight entities.

2. What were the challenges or issues encountered?

When implementing and maintaining enterprise-level cybersecurity and risk management

programs within the Department of Defense (DoD) environment, several common challenges
arise across the industry. One ongoing issue is the uneven maturity of Risk Management
Framework (RMF) implementation among mission systems and program offices. Differences in
documentation standards, methods for inheriting controls, and the quality of system security
artifacts often cause delays in triage and authorization processes. These inconsistencies require
extra coordination and quality checks to meet DoD and USTRANSCOM standards.

Another major challenge is balancing mission execution with security compliance. The need for
continuous monitoring, vulnerability management, and control validation can sometimes conflict
with operational requirements, especially for systems in classified or high-tempo mission
settings. Leading contractors have addressed this by adopting risk-based prioritization
approaches that align remediation efforts with the criticality of the mission and acceptable
operational risk levels.

Incorporating Zero Trust principles into hybrid environments adds further complexity. The
combination of on-premises infrastructure, commercial cloud services, and legacy systems
demands significant engineering coordination and governance alignment to ensure
interoperability while complying with the evolving DoD Zero Trust architecture guidelines.
Additionally, maintaining personnel continuity and securing a specialized workforce remain
persistent challenges. Hiring and retaining cleared professionals skilled in RMF, Security
Control Assessor Representative (SCAR) roles, and secure software engineering is difficult in a
competitive job market. Successful organizations tackle this through structured knowledge
management, cross-training initiatives, and proactive succession planning to preserve
institutional knowledge and sustain consistent performance.

Finally, adapting to changing cybersecurity policies and reporting requirements including

updates to DoD directives, NIST standards, and compliance tools like eMASS requires
contractors to keep their processes flexible and foster a culture of continuous improvement to
stay responsive and aligned with Government priorities.
RFI No: TRANSCOM-25-D014 Due Date: Oct 17th, 2025 Page II
Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this proposal
s
or quotation.
 Senior Information Security Officer (SISO)
United States Transportation Command (USTRANSCOM)
Response to RFI

What Innovative acquisition strategies and contract vehicles were used?

Across the Department of Defense (DoD) and federal cybersecurity landscape, agencies have
increasingly adopted innovative acquisition strategies and flexible contracting mechanisms
to accelerate delivery, improve mission alignment, and promote competition among both
traditional and non-traditional contractors. Several successful programs have leveraged Agile
and modular acquisition approaches to enable rapid capability development and deployment.
Rather than using long acquisition cycles, agencies have implemented incremental task order
structures under Indefinite Delivery/Indefinite Quantity (IDIQ) and Blanket Purchase Agreement
(BPA) frameworks. This structure allows for iterative delivery, early validation of cybersecurity
solutions, and the ability to pivot as mission or threat landscapes evolve.
Contracting vehicles such as Alliant 2, GSA MAS, CIO-SP3, and DoD-specific IDIQs (e.g.,
JETS 2.0, AAMAC, and EITaaS) have proven particularly effective. These vehicles provide
flexible ordering capabilities, streamlined evaluation procedures, and access to prequalified
vendors with proven technical maturity. Multi-award IDIQs have supported rapid procurement of
specialized expertise in cybersecurity, Zero Trust engineering, and Risk Management
Framework (RMF) compliance.
Agencies have also adopted performance-based contracting strategies, shifting the focus from
level-of-effort to outcome-driven results. This model ties contractor performance to measurable
metrics such as ATO approval timelines, vulnerability reduction rates, and cyber hygiene scores.
Performance-based incentives have motivated contractors to employ automation, analytics, and
AI-enabled monitoring tools to meet or exceed service-level objectives.

1.4 Innovative Approaches to Enhance SISO Requirement Efficiency

Opportunities for innovation related to the SISO requirement. Respondents are encouraged to provide
recommendations on how innovative technologies, processes, or approaches could enhance the
Government’s ability to meet this requirement effectively and efficiently. Specifically, the Government is
interested in:
Emerging Technologies
Suggestions for leveraging cutting-edge technologies or methodologies to address the requirement.
To enhance the effectiveness and efficiency of the Senior Information Security Officer (SISO)
requirement, several emerging technologies and innovative approaches can be strategically
applied to strengthen cybersecurity governance, streamline RMF execution, and improve risk
visibility across the enterprise.
1. Leveraging Artificial Intelligence (AI) and Machine Learning (ML) for Continuous
Risk Assessment

RFI No: TRANSCOM-25-D014 Due Date: Oct 17th, 2025 Page III
Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this proposal
s
or quotation.
 Senior Information Security Officer (SISO)
United States Transportation Command (USTRANSCOM)
Response to RFI
AI and ML-powered analytics can automate the detection of risks, correlation of anomalies,
and prioritization of vulnerabilities throughout USTRANSCOM’s mixed environment. These
tools enable predictive threat modeling that spots potential control weaknesses before they
become exploitable. ML-based solutions can also continuously improve RMF control scoring
and automatically create risk dashboards, greatly cutting down manual assessment time and
enhancing situational awareness for the Authorizing Official (AO) and Security Control
Assessors (SCAs).
2. Implementing Zero Trust–Aligned Security Orchestration and Automation
Integrating Security Orchestration, Automation, and Response (SOAR) platforms can
streamline continuous monitoring, incident response, and compliance validation. These
solutions can automate vulnerability remediation workflows, synchronize IAVM tracking
with CMRS dashboards, and orchestrate cross-domain data correlation in alignment with
DoD Zero Trust architecture pillars—Identity, Device, Network, Application, and Data.
3. Deploying RMF-as-Code and DevSecOps Integration
Embedding RMF controls directly into the software development lifecycle through “RMF-as-
Code” techniques ensures security controls are automatically tested and validated during
build and deployment. Integrating with containerized CI/CD pipelines allows for automated
generation of compliance evidence within eMASS, enhancing audit readiness and
significantly shortening Authorization to Operate (ATO) timelines.
4. Enhancing Cyber Readiness through Data Visualization and Advanced Analytics
Utilizing advanced data visualization tools (e.g., Qlik, Power BI, or Tableau) and analytics
frameworks such as Databricks can support dynamic Key Risk Indicator (KRI) and Key
Performance Indicator (KPI) dashboards. These dashboards provide leadership with real-time
insights into cyber posture, RMF control maturity, and vulnerability trends, facilitating data-
driven decision-making and resource prioritization.
5. Utilizing Blockchain for Data Integrity and Configuration Assurance
Blockchain-based ledger technology can provide immutable audit trails for configuration
changes, vulnerability reports, and security authorizations. Such an approach enhances
transparency and non-repudiation within configuration and change management processes,
particularly for systems with multiple contributors or distributed environments.

By thoughtfully adopting these advanced technologies and methods, the Government can boost
cyber resilience, shorten RMF processing times, enhance cross-domain data accuracy, and
establish a more proactive and adaptable cybersecurity stance supporting USTRANSCOM’s
mission to maintain secure and dependable global mobility operations.
Process Improvements
Recommendations for streamlining or optimizing current processes to improve outcomes.
To enhance efficiency and consistency in the Senior Information Security Officer (SISO)
program, process improvements should emphasize standardization, automation, and proactive
coordination. One important area to address is simplifying the Risk Management Framework
(RMF) documentation and review processes. By automating parts of RMF data entry, validation,
and reporting through integration with tools like eMASS and CMRS, manual work can be
minimized, redundant tasks eliminated, and the accuracy of authorization packages improved.
This allows Security Control Assessor Representatives (SCARs) and Authorizing Officials
(AOs) to concentrate on assessing risk and mission impact instead of administrative duties,
RFI No: TRANSCOM-25-D014 Due Date: Oct 17th, 2025 Page IV
Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this proposal
s
or quotation.
 Senior Information Security Officer (SISO)
United States Transportation Command (USTRANSCOM)
Response to RFI
thereby speeding up Authority to Operate (ATO) approvals.

Another opportunity for improvement lies in unifying performance monitoring and reporting.
Creating integrated dashboards that combine continuous monitoring results, vulnerability
management information, and key performance indicators would offer real-time insights into
system health and compliance. This would enhance decision-making and enable the SISO to
allocate resources more efficiently based on actionable data. Furthermore, developing
standardized communication procedures and centralized knowledge repositories would boost
collaboration among USTRANSCOM, its component commands, and external partners, ensuring
consistent implementation and traceability across all cybersecurity activities.
Best Practices
Insights into industry best practices that could be applied to this effort.
The following industry best practices can be applied to enhance the effectiveness and efficiency
of the Senior Information Security Officer (SISO) requirement:
 Adopt Continuous Authorization (cATO) Principles: Transition from static, periodic
RMF authorizations to continuous authorization models that leverage automation and real-
time monitoring to maintain security posture awareness and compliance across systems.
 Integrate Security into DevSecOps Pipelines: Embed RMF and security controls directly
into software development lifecycles through CI/CD pipelines to ensure that compliance and
security validation occur continuously rather than post-deployment.
 Leverage Data-Driven Decision-Making: Utilize dashboards and advanced analytics to
visualize cybersecurity metrics, trends, and key risk indicators, enabling leadership to make
informed, proactive decisions.
 Implement Zero Trust Architecture (ZTA): Align network and application security
controls with DoD Zero Trust principles—verifying every user, device, and connection
before granting access—to enhance defense-in-depth and minimize lateral threats.
 Automate Vulnerability and Configuration Management: Deploy Security Orchestration,
Automation, and Response (SOAR) tools and automated scanning to accelerate remediation
timelines and reduce manual dependency.
 Establish Centralized Knowledge Management: Create a digital repository for RMF
templates, policies, lessons learned, and audit artifacts to ensure consistency, accelerate
onboarding, and preserve institutional knowledge.
 Promote Workforce Development and Certification Maintenance: Invest in continuous
training, cross-certification, and cybersecurity skill advancement to maintain a workforce
aligned with DoD 8140 and emerging technology standards.
 Apply Risk-Based Prioritization: Focus mitigation and resource allocation based on
mission impact and threat criticality rather than solely on technical severity, ensuring optimal
operational resilience.
 Enhance Collaboration through Governance Alignment: Foster routine coordination
among SISO staff, component commands, and system owners to synchronize compliance
activities, share intelligence, and align cybersecurity priorities.
RFI No: TRANSCOM-25-D014 Due Date: Oct 17th, 2025 Page V
Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this proposal
s
or quotation.
 Senior Information Security Officer (SISO)
United States Transportation Command (USTRANSCOM)
Response to RFI
These practices collectively strengthen governance, streamline compliance, and support a
proactive, resilient cybersecurity posture consistent with DoD and USTRANSCOM operational
standards.
Potential Risks and Mitigations
Identification of potential risks associated with innovative approaches and strategies to mitigate them.
Introducing innovative technologies and modernization efforts within the SISO framework
brings both technical and operational risks that require careful planning, governance, and gradual
implementation to manage effectively. One risk involves the complexity of integrating AI/ML-
based analytics, Zero Trust tools, or RMF automation into existing legacy systems and hybrid
environments. To address this, a phased rollout should be adopted starting with pilot projects in
controlled settings to test interoperability, then progressively expanding to full enterprise
deployment.
Close collaboration with USTRANSCOM’s Configuration Control Board and following DoD
DevSecOps guidelines will help ensure system alignment and stability .Another concern is the
quality and reliability of data used in automated risk scoring and continuous monitoring.
Inaccurate or incomplete data could produce misleading risk signals. To mitigate this, strong data
validation processes, regular audits of data sources, and cross-checking between automated and
manual evaluations should be implemented to maintain trust in the system’s outputs.

There is also a cybersecurity risk associated with adopting new tools and cloud-native solutions,
which may create additional attack surfaces. To minimize this risk, all new technologies must
undergo security testing and authorization before deployment, comply with relevant DISA
STIGs, and be operated under least-privilege and zero-trust security models. We also perceive
that workforce adaptation poses a risk as new technologies require advanced skills and changes
in procedures. This can be managed through focused training programs, change management
strategies, and structured knowledge transfer to ensure staff are prepared to effectively operate
and maintain the new capabilities.
2. Chief Information Security
Capabilities: Generally, describe your company’s abilities and interest in fulfilling USTRANSCOM’s
SISO requirement. Specifically address the information in subparagraphs 1-6 below.

1. Experience with instructions, standards, and public laws supporting works such as, DoD
Instruction 8500.01, Cybersecurity; DoD Instruction 8510.01, Risk Management Framework for
DoD Systems; DoDI 8551.01, Ports, Protocols, Services Management (PPSM); DoD Cloud
Security Playbook, DoD Software Modernization Strategy, DoD DevSecOps, Security Technical
Implementation Guides (STIGs), Federal Information Security Management/Modernization Act
(FISMA), Clinger Cohen Act, National Institute of Standards and Technology (NIST), Committee
on National Security Systems (CNSS), National Security Agency, etc.

Trust Consulting Services possesses extensive experience applying and adhering to key
cybersecurity and information assurance frameworks, including DoDI 8500.01, 8510.01, and
RFI No: TRANSCOM-25-D014 Due Date: Oct 17th, 2025 Page VI
Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this proposal
s
or quotation.
 Senior Information Security Officer (SISO)
United States Transportation Command (USTRANSCOM)
Response to RFI
8551.01, as well as the DoD Cloud Security Playbook, DoD Software Modernization
Strategy, and DevSecOps reference architectures. Our personnel routinely implement NIST
SP 800-series controls, CNSS policies, and DISA STIG compliance in alignment with the
Federal Information Security Modernization Act (FISMA) and the Clinger-Cohen Act.
Trust’s teams have successfully executed RMF-based authorizations, PPSM reviews, and secure
software assurance activities under multiple DoD programs ensuring all cybersecurity solutions
meet or exceed DoD, NSA, and NIST standards for confidentiality, integrity, and availability.

2. Experience with security requirements, testing, assessment and validation procedures, and best
practices applicable to physical, virtual, and cloud (Infrastructure as a Service [IaaS], Platform
as a Service [PaaS], Software as a Service [SaaS]) based environments to include host-based
security devices (i.e., Intrusion Prevention Systems [IPS], Intrusion Detection Systems [IDS],
firewall, proxy servers, sensors, switches, routers, hubs) and their role in moving packets
securely from source to destination.

Trust Consulting Services possesses deep experience implementing and managing security
requirements, testing, and validation across physical, virtual, and cloud-based environments
(IaaS, PaaS, and SaaS). Our cybersecurity engineers and assessors have conducted RMF control
testing, vulnerability scanning, penetration assessments, and compliance validation within both
on-premises and hybrid DoD infrastructures. This includes the deployment and optimization of
host-based security systems (HBSS), Intrusion Prevention and Detection Systems (IPS/IDS),
firewalls, proxy servers, routers, and network sensors to ensure secure and compliant data
transmission. Trust’s teams routinely perform configuration auditing, boundary protection, and
continuous monitoring activities to validate that systems maintain Defense-in-Depth and Zero
Trust principles, effectively safeguarding data in transit and at rest across classified and
unclassified environments.

3. Experience with information technology and software engineering principles, concepts, and
techniques including software languages, design concepts, test methods, and integration
practices to include security implications and methodologies within centralized and decentralized
environments across the enterprise’s computer systems in software development.

Trust Consulting Services brings proven expertise in information technology and secure software
engineering, grounded in a deep understanding of system design, coding standards, and
integration across enterprise-level centralized and decentralized environments. Our engineers
apply modern software development principles including secure architecture design, modular
coding, automated testing, and CI/CD integration to deliver resilient and compliant solutions. We
leverage multiple programming languages such as Python, Java, C#, and JavaScript, alongside
DevSecOps practices, to embed security at every phase of the development lifecycle.
This capability has been successfully demonstrated under Trust’s support to the Defense
Logistics Agency (DLA) Cybersecurity Contract, where our team provided secure software

RFI No: TRANSCOM-25-D014 Due Date: Oct 17th, 2025 Page VII
Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this proposal
s
or quotation.
 Senior Information Security Officer (SISO)
United States Transportation Command (USTRANSCOM)
Response to RFI
engineering and documentation aligned with DoD cyber and mission assurance standards. In that
effort, Trust implemented code scanning, risk mitigation, and compliance automation practices
consistent with NIST SP 800-218 and DISA STIGs, ensuring software and systems achieved
authorization without delays. These same disciplined practices and frameworks will be applied to
the SISO requirement to maintain compliance, enhance cyber resilience, and ensure
interoperability across DoD networks.

4. Experience with Enterprise Mission Assurance Support Service (eMASS) system with emphasis
on leveraging automation and completing routine SCAR tasks (e.g., control Independent
Verification and Validation (IV&V).

Trust Consulting Services has substantial experience utilizing the Enterprise Mission Assurance
Support Service (eMASS) to manage, document, and monitor Risk Management Framework
(RMF) activities in support of DoD cybersecurity programs. Our team routinely performs
Security Control Assessor Representative (SCAR) functions within eMASS, including the
Independent Verification and Validation (IV&V) of security controls, package triage, and artifact
review to ensure compliance with DoDI 8510.01 and NIST SP 800-53 requirements.
Leveraging automation capabilities within eMASS, Trust streamlines recurring tasks such as
control assessments, POA&M updates, and metrics reporting, reducing administrative effort
while improving accuracy and timeliness. During performance on the Defense Logistics Agency
(DLA) Cybersecurity Contract, our cybersecurity analysts used eMASS workflows to coordinate
ATO packages, validate inherited controls, and generate automated compliance reports, enabling
efficient collaboration with Authorizing Officials (AOs) and Information System Security
Managers (ISSMs). This hands-on experience demonstrates Trust’s ability to employ eMASS as
both a compliance and operational risk management tool, ensuring continuous authorization and
mission assurance for DoD systems.

5. Experience with performing risk analysis based upon program offices security artifacts that
assess the technical and functional adequacy of cyber security and information assurance while
maintaining a strong emphasis on meeting government authorization package timelines.

Trust Consulting Services possesses extensive experience conducting comprehensive risk

analysiss that evaluate the technical and functional adequacy of cybersecurity and information
assurance measures while ensuring strict adherence to government authorization package
timelines. Our teams apply a disciplined approach to reviewing security artifacts such as System
Security Plans (SSPs), POA&Ms, Security Assessment Reports (SARs), and vulnerability scan
to identify residual risks, assess control effectiveness, and develop actionable recommendations
that support timely Authority to Operate (ATO) decisions.
This capability was demonstrated under the Defense Logistics Agency (DLA) Cybersecurity
Contract, where Trust, provided cybersecurity engineering and documentation support to
strengthen DLA’s risk posture. Our team performed detailed artifact analyses, assessed system
RFI No: TRANSCOM-25-D014 Due Date: Oct 17th, 2025 Page VIII
Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this proposal
s
or quotation.
 Senior Information Security Officer (SISO)
United States Transportation Command (USTRANSCOM)
Response to RFI
vulnerabilities, and aligned mitigation strategies with DoD and NIST standards to meet mission-
critical authorization deadlines. Similarly, during our participation in the Advancing Artificial
Intelligence Multiple Award Contract (AAMAC) initiative, Trust applied advanced analytics
and AI-assisted risk modeling to evaluate cybersecurity readiness across hybrid and cloud
environments. These engagements reinforced our ability to balance rigorous technical
assessment with the timely delivery of compliant authorization packages, ensuring mission
assurance and alignment with evolving DoD cybersecurity governance.

6. Experience with the implementation and validation of DoD ZT capabilities, activities, and
desired outcomes. Provide any information on identifying and integrating solutions to meet the
associated ZT outcomes.

Trust Consulting Services brings demonstrated expertise in implementing, validating, and

advancing Department of Defense (DoD) Zero Trust (ZT) capabilities across enterprise
environments. Our approach is grounded in the DoD Zero Trust Strategy and the seven core
pillars Identity, Device, Network/Environment, Application and Workload, Data, Automation
and Orchestration, and Visibility and Analytics. We specialize in assessing existing security
architectures, identifying gaps, and integrating interoperable solutions that enable continuous
verification, least-privilege enforcement, and data-centric protection across both on-premises and
cloud environments.
Under the Defense Logistics Agency (DLA) Cybersecurity Contract, Trust and AGOVX
implemented Zero Trust aligned identity and access management, micro-segmentation, and
continuous monitoring processes that enhanced authentication, network visibility, and threat
containment. Similarly, during the Advancing Artificial Intelligence Multiple Award
Contract (AAMAC) initiative, Trust applied ZT principles to secure AI and data ecosystems by
embedding security orchestration and automation within DevSecOps pipelines. These
experiences have enabled Trust to develop a proven methodology for designing, integrating, and
validating ZT solutions that align with DoD ZT reference architectures ensuring measurable
progress toward enterprise wide Zero Trust maturity and mission assurance.

7. Provide the following project or contract information for requirements deemed similar to this
effort or capabilities described above:

Description of Project

Contract Number SP4701-23-A-0007 / SP4701-23-F-0281

Period of Performance 28 September 2023 – 27 September 2026
Contract Type Task Order under a Blanket Purchase Agreement (BPA
Commercial/Non-
Non-Commercial
Commercial Requirement
RFI No: TRANSCOM-25-D014 Due Date: Oct 17th, 2025 Page IX
Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this proposal
s
or quotation.
 Senior Information Security Officer (SISO)
United States Transportation Command (USTRANSCOM)
Response to RFI
Prime/Subcontractor Prime Contractor – Trust Consulting Services, Inc.
Dollar Value $11,479,151.80
The SCAP contract provides on-demand IT, cybersecurity, and
engineering support to the DLA Systems and Cybersecurity
Directorate. Trust supports IT capability development, risk
management, system compliance, and ECM automation for
enterprise-level applications. Key support areas include
implementing risk management practices, conducting IT
rationalization assessments, developing program management
dashboards, and enhancing IT system lifecycle oversight and
cybersecurity posture across the DLA enterprise.
Scope of the work
As the prime contractor, Trust Consulting Services led the full
supported
scope of performance, including cybersecurity assurance, IT
systems engineering, program and portfolio management, ECM
automation, and compliance reporting. Trust implemented agile
project management practices, integrated AI/ML-based data
analytics into ECM evaluations, and automated reporting to
reduce analysis time by 70%. The company also ensured full
compliance with the DLA’s Quality Assurance Surveillance
Plan (QASP) and maintained 100% staffing levels throughout
contract execution.

3. Technical Capability Virtual Meetings

The Virtual Technical Capability Meetings are a scheduled one-on-one meeting with your company and
the AQ/J6 representatives. This forum will include conversations between the Government and interested
parties based on the information requested above. Please be prepared to discuss this information during
your session.
A request for a meeting will need to be submitted with your response. Only those providing a white paper
with technical responses and a request will receive a meeting.
A Microsoft TEAMS meeting will be sent to the e-mail address provided on a first come first serve basis.
Allocated meeting times are not negotiable and are a hard start and stop time. Meetings may be
forwarded to a maximum of 4 attendees from your company or venture. Tentative date for meeting will be
20 October 2025. This is subject to change.
Trust Consulting Services, Inc. respectfully requests to participate in the Virtual Technical
Capability Meeting with the AQ/J6 representatives. Our team welcomes the opportunity to
discuss our submitted white paper, technical capabilities, and innovative approaches relevant to
the SISO requirement. We will ensure the attendance of up to four key personnel representing
program management, cybersecurity engineering, and RMF compliance functions. Trust
Consulting Services will be available for the scheduled Microsoft Teams session on or around 20
October 2025 and acknowledges that meeting times will be assigned on a first-come, first-
served basis with fixed start and stop times.

RFI No: TRANSCOM-25-D014 Due Date: Oct 17th, 2025 Page X

Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this proposal
s
or quotation.
 Senior Information Security Officer (SISO)
United States Transportation Command (USTRANSCOM)
Response to RFI

Any suggestions or recommendations

(including a brief explanation “why?”) for this acquisition. These comments will be addressed when the
final PWS and Request for Quote are issued. These comments are excluded from the White Paper page
limitation. To include suggested:
A multi-award BPA or IDIQ strategy is recommended to give the Government flexibility and
speed in awarding task orders as cybersecurity priorities evolve. This approach supports agile
tasking, encourages competition, and allows scaling for emerging technologies such as Zero
Trust and RMF automation.
The Government could leverage existing vehicles like GSA MAS or Alliant 3 or establish a
dedicated USTRANSCOM SISO BPA to streamline future awards. The most appropriate
NAICS codes are 541519 and 541512, both standard for cybersecurity and IT systems
engineering work. A hybrid contract type using Firm-Fixed-Price for defined deliverables and
Labor-Hour for advisory or emergent tasks would balance flexibility and cost control.
This effort should be treated as non-commercial, though incorporating commercial security
automation tools can enhance efficiency and reduce costs. The PWS could be strengthened by
clarifying coordination among SISO, AO, and SCAR roles and by defining measurable
performance indicators such as ATO cycle time and RMF compliance rates. Finally, including a
knowledge transfer and workforce development

RFI No: TRANSCOM-25-D014 Due Date: Oct 17th, 2025 Page XI

Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this proposal
s
or quotation.