What are the acceptable "transit agencies" that can participate in Phase I?
24-FT2: Mitigation of Cybersecurity Failures "requires working with a transit agency" to collect data and analyze the most common failure points.
There are many, many organizations that could claim to be a "transit agency." What is considered a valid "transit agency" for this topic (for 24-FT2: Mitigation of Cybersecurity Failures)?
There are non-transit agency organizations such as CharIN (https://www.charin.global/) that are working with National Labs to catalog and classify "the most common [cybersecurity] failure points;" however, this organization is not a "transit agency."
Is it acceptable for a potential offeror to work with a National Lab or with a non-transit agency organization (e.g., CharIN) to " collect data and analyze the most common failure points?"
Crick Waters
shared this idea
-
Raj Wagley
commented
It is acceptable for a potential organization to work with National Lab or a non-transit agency organization (e.g., CharIN) but it is preferable if the offeror also works with a public transit agency to collect additional data. Vulnerable points in a Transit agency system (IT system, Charging system, Farecard, Kiosk, etc.) provide some real-world data.
-
24-FT2: Mitigation of Cybersecurity Failures "requires working with a transit agency" to collect data and analyze the most common failure points.
There are many, many organizations that could claim to be a "transit agency." What is considered a valid "transit agency" for this topic (for 24-FT2: Mitigation of Cybersecurity Failures)?
There are non-transit agency organizations such as CharIN (https://www.charin.global/) that are working with National Labs to catalog and classify "the most common [cybersecurity] failure points;" however, this organization is not a "transit agency."
Is it acceptable for a potential offeror to work with a National Lab or with a non-transit agency organization (e.g., CharIN) to " collect data and analyze the most common failure points?"