DISA Sources Sought: Risk Management Technical Assessment and Support Services

Notice ID:  CSS632469668

The Defense Information Systems Agency (DISA) is seeking sources for Enterprise Integration and Innovation (EII) Risk Management Executive (RME) and the Office of the Chief Information Officer (IO)’s Technical Assessment and Support Services requirement.

Background.  This effort will provide contractor support for Defense Information Systems Agency (DISA) Enterprise Integration and Innovation (EII) Risk Management Executive (RME) and the Office of the Chief Information Officer (IO) missions.  This requirement is a continuation of tasks from previous task order HC102819F0653 and previous contract/task order HC102820D0001/HC102822F0003, which are being consolidated because of an agency re-organization.

This requirement supports DISA with Cybersecurity Assessments and Authorization (A&A), Risk Management, Information Assurance (IA) Support, and Risk Adjudication and Connection services. Fulfilling this responsibility includes developing an integrated Department of Defense (DoD)-wide protection and operational restoration capability to counter security threats to, incidents within, and attacks on DoD information technology within the DoD Information Network (DoDIN). Fulfilling this responsibility includes developing an integrated DoD-wide protection and operational restoration capability to counter security threats to, incidents within, and attacks on DoD information technology within the DoD Information Network (DoDIN).  To accomplish this, DISA must advise and assist users and operators of the DoDIN. This advice and assistance includes conducting reviews of enterprises, enclaves, networks, systems, and applications; A&A support; independent evaluation based on national and DoD level Cybersecurity/IA and Cybersecurity Service requirements; the procedures and practices as they are implemented by the combatant commands (COCOMs), including their sub-unified commands, joint task forces, component commands, and supporting organizations and agencies, to ensure their adequacy; to provide a measurement and training tool to determine the defending forces readiness; and to provide a basis for planning and programming needed improvements.

Another component is to provide IA and Cybersecurity to include assessments, compliance validations, IA training, cybersecurity policy, and Federal Information System Management Act (FISMA)/cybersecurity scorecard. As such, the mission is to assure DISA’s information systems, assets, and enclaves possess the necessary security measures to ensure their availability, protection, integrity, authentication, confidentiality, and non-repudiation to include monitoring, detection, discovery, and reaction capabilities of internal and external adversaries; and ensure a trained and effective IA workforce …

Objectives: Provide technical support for EII organizations to identify, assess, and prioritize computing risks to the enterprise, establish strategies to address risk, assure and secure the Agency’s systems, networks, programs, and data in the face of internal and external threats while appropriately balancing risk opportunity and cost.   The overarching objectives of this TO are to:

  • Ensure a consistent and compliant path leading to the authorization of computers, systems, and networks by providing and developing information system cyber security strategies, design and evaluation guidance, and measures that validate and ensure that the security requirements and standards of this common body have been met.
  • Assure DISA’s information infrastructure and DoD’s cloud information infrastructure are properly configured, protected, and monitored against vulnerabilities or threats.
  • Protect, defend, and secure DISA’s information infrastructure to ensure data assets and information are visible, accessible, understandable, and trusted by all authorized users even in the face of a cyberattack. To reduce risk to the Defense Information Systems Network (DISN) by providing enhanced IA and security through balanced risk management.

The anticipated Period of Performance is 6 June 2025 – 5 June 2030.

Read more here.

Ad



Not Yet a Premium Partner/Sponsor? Learn more about the OS AI Premium Corporate and Individual Plans here. Plans start at $250 annually.

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

LEAVE A REPLY

Please enter your comment!
Please enter your name here