Notice ID: W81MR8-24-AQTC
Department of the Army is in the process of determining the acquisition strategy for Army Workforce Qualification and Training Compliance System(s). The Government anticipates awarding a Basic contract with two (2) option periods, under PSC code: DA10 and NAICS Code 541511. The size standard associated with this; NAICS code is $30M. The Government is considering a Firm Fixed Price. Additionally, the Government is considering a sixty (36) month contract for this service that may include, a base period of twelve (12) months and four (2) twelve (12) month option periods.
The contractor shall review existing security policies and procedures, whether formal or informal. The contractor shall work closely with System Owner and Information System Security Manager and staff to develop formal policies and procedures to facilitate the protection of U.S. Government sensitive unclassified information. The contractor shall review existing policies, procedures and guidelines and shall draft appropriate policy documents for the operation of the product in determining Cybersecurity requirements, aid in the development of policies and procedures for implementation and provide support in implementing these mechanisms and processes to ensure that the policies can be enforced. This includes Information Assurance Vulnerability Alert (IAVA) tracking, CS awareness training, System Administrator certification, and all other activities that contribute to the successful implementation of the full range of CS policies, procedures, and guidelines. Task 1: Cybersecurity/Risk Management Framework 2.0 Management: The contractor shall:
- Provide technical support to the System Owner and ISSM.
- Prepare weekly highlights, monthly and ad-hoc reports to management
- Upon request provide information security analysis services to the government System Owner and ISSM.
- Utilize standard software tools to conduct vulnerability scans of all equipment and application code on the network for vulnerabilities to ensure sound security configurations when applicable.
- Assist the on-premises cloud cybersecurity staff in implementing corrective actions required because of vulnerabilities uncovered during system scans.
- Manage the Enterprise Mission Assurance Support System (eMass) record and ensure all controls are mitigated, monitor, and corrected.
- Complete all required eMass training and request account activation in the eMass system to perform all eMASS revisions, updates, modifications, etc. The Contractor will manage all network inheritance through eMass, update and revise all supporting documents.
- Complete, update, and revise the Privacy Impact Assessment documentation (DD Form 2930).
- Ensure the application has a current dataflow diagram. A thorough review of the Plan of Action & Milestones (POA&M) will occur, with any additions, closures, and revisions made as necessary.
- Conduct annual RMF self-assessment which will then be submitted through the eMass validation…
Not Yet a Premium Partner/Sponsor? Learn more about the OS AI Premium Corporate and Individual Plans here. Plans start at $250 annually.