Notice ID: RFQ8380
White Paper Request:
Interested parties are requested to submit a capabilities statement in the format of a White Paper as outlined below. The White Paper should be concise (no more than 5 pages) and address only the information requested below (title pages, cover letter, etc., will not count against the 5-page limit). Again, this information will support market research activities within the Department of Treasury.
The primary objective of this requirement is to support the Agency’s initiative to expand on the current Enterprise Data Management (EDM) Microsoft/Azure implementation of Sensitivity Labels with the development of enterprise-wide IRS Cybersecurity data security management strategy and solutions throughout its complex environment of on premises, hybrid and clouds/cloud app systems that are non-Microsoft/Azure based.
The EDM – Strategy & Solutions project will consider how best to identify, protect, and control data within the current hybrid environment, including the following:
- Evaluation of the current and roadmapped EDM business rules and capabilities within the Microsoft M365 GovCloud G5 suite of cloud-based tools for data protection limitations/gaps.
- Research of CIPEC integration capabilities with other non-Microsoft on premises, hybrid, and cloud systems, applications, and capabilities.
- Research and develop of stop gaps and alternative solutions to architect a hybrid EDM approach where necessary to protect data outside of the IRS-managed Microsoft cloud environment.
- Research of alternate solutions and hybrid frameworks for sensitive data protection to scale across multiple common enterprise use cases to meet its specific needs, such as:
- Data classification and tagging capabilities without access controls to share unrestricted sensitive data with other trusted organizations.
- Access controls on sensitive data without data classification and tagging to prevent unauthorized access, copying, or distribution.
- A comprehensive approach to data protection with data classification, tagging, and access controls.
- Support the Commissioner’s priority FY24 Cybersecurity Milestones, including:
- Streamline and optimize enterprise-wide encryption methodologies to reduce DLP monitoring visibility gaps.
- Develop a CIPEC Program EDM Strategic Plan for expanding Microsoft/Azure EDM capabilities into non-Microsoft clouds.
- Establish a CIPEC front door service for pre/post-acquisition evaluations and requirements for EDM.
- Scaled unauthorized access (UNAX) and data exfiltration monitoring and reporting for internal and encrypted traffic.
The period of performance is a base year plus two option years.
Not Yet a Premium Partner/Sponsor? Learn more about the OS AI Premium Corporate and Individual Plans here. Plans start at $250 annually.