The Department of the Treasury’s Bureau of the Fiscal Service (BFS) is looking for new technological capabilities for automated testing for the department’s software applications that have routinely been done manually.
The request for information (RFI) – published on April 7 – looks to identify possible testing solutions for commercial off the shelf (COTS) products.
“Our technology divisions in ARC currently perform all patch and upgrade testing through manually performed test scripts. We are aiming to put some applications in place to enable automated testing for highly reusable scripts, and then track the status of all involved tests through a lifecycle management tool,” said the agency.
The RFI is requesting that suggested tools must be able to pass a SAML assertion, which is an open standard for authentication used for data between two different parties, as well as being able to “perform automated testing through JAVA forms,” according to the agency.
BFS also provides real-world scenarios in which these tools would be used. The agency describes some of these use cases, saying:
- “A GS-12 testing analyst is required to use SSO to login to our Oracle instance. We currently use PIV cards for all SSO operations. The application must be able to utilize a SAML assertion to login to applications also to meet presidential memos on Zero Trust Architecture;”
- “An external contracted developer needs to be able to quickly access and understand all the documentation and required controls & tools for the changes they are developing. Tooling should include end user training to prevent custom creation of knowledgebase content;”
- “An IT specialist supervisor wants to work with the test teams to identify and remediate any database-related issues that arise during testing, so that we can deliver a quality product to production;” and
- “A branch manager wants to establish a secure development lifecycle (SDL) process, so that he can ensure that security is integrated into every stage of the software development process and that his databases are protected against cyber threats and meets all required controls.”
All responses to the RFI are due by May 5.