The FDA is conducting market research to identify small businesses, specifically SBA-certified 8(a) vendors, capable of providing Cybersecurity Risk Management and Compliance Services. This is a sources sought notice only and is not a solicitation for bids. Interested vendors must hold a GSA Multiple Award Schedule (MAS) in either the 54151S (IT Professional Services) or 54151HACS (Highly Adaptive Cybersecurity Services) categories.