Notice ID: 24-IRA-023-OITA
The Internal Revenue Service (IRS) has a requirement for Cloud Service Provider Continuous Monitoring Automation.
The Request for Information will be available April 10, 2024, and will be distributed through GSA e-buy and through the Government Wide Point of Entry (GPE) SAM.gov.
IRS requires a comprehensive tool to manage the security posture of FedRAMP and Agency Authorized Cloud Service Providers. This capability must provide the full suite of monitoring functions on day one and be operationalized on an accelerated timeline to meet the cloud services demands of the IRS, including, but not limited to:
Ingest and processing of monthly compliance artifacts (vulnerability scans, asset inventory, POA&M, significant changes, deviations) in a digital workflow empowering analyst to quickly correlate data against historical records for cloud assets.
Automating and streamlining the analyst review and workload, and communications of findings, remediations, and evidence, artifacts, approvals, and timelines associated with all Plan of Action and Milestones.
Providing full visibility and insights through dashboards and reports, informing agency’s accurate risk analysis, oversight, lessons learned, and future budgetary investment strategies.
Cloud Computing Essential Characteristics:
- On-demand self-service – A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.
- Broad network access – Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations).
- Resource pooling – The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, and network bandwidth.
- Rapid elasticity – Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time …
Cloud Service Models:
- Software as a Service (SaaS) – The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible Deviation of limited user-specific application configuration settings.
- Platform as a Service (PaaS) – The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers …
The period of performance for this Task Order is 12 months from the effective date of the Task Order award with one (1) 12-month option period.
Not Yet a Premium Partner/Sponsor? Learn more about the OS AI Premium Corporate and Individual Plans here. Plans start at $250 annually.