USCG RFP: Information Assurance (IA) Risk Management Framework (RMF) Support Services IDIQ

Notice ID: 70Z04424RESDIAB01

Related Notice: 70Z04423IESDIAB01

This is a combined synopsis/solicitation for commercial services prepared in accordance with the format in Subpart 12.6, as supplemented with additional information included in this notice, to award a single-award Indefinite Delivery/Indefinite Quantity (IDIQ) contract.

The Contractor must provide Information System Security Officer (ISSO) and Alternate ISSO (AISSO) services, Information System Security Engineer (ISSE) services, Security Control Assessor (SCA) services, and Cybersecurity Compliance and Readiness Services as described below to meet the requirements of the USCG Cybersecurity RMF process and cybersecurity of USCG Information Systems. The Contractor must furnish all the necessary personnel, materials, equipment, facilities, travel and other services required to satisfy all task order requirements unless otherwise specified.

Task Area One: Information System Security Officer (ISSO) Services

Serve as the designated ISSO for assigned systems.
Lead the RMF process for assigned programs, organizations, systems, or enclaves.
Generate as appropriate, or gather, assess, and maintain the RMF documentation package that meets all Department of Defense (DoD) requirements and is tailored to a specific system. Documentation may include but is not limited to: Security Categorization Determination, Implementation Plan, System Security Plan (SSP), Configuration Management Plan (CMP), Incident Response Plans (IRP), Contingency Plans (CP), Authorization documentation, IT Security Plans of Action & Milestones (POA&Ms), Scorecards, Security Assessment Reports (SAR), Continuous Monitoring Strategy, Vulnerability Scans, Hardware/Software lists, Threat Models, Cybersecurity Strategy, Network Topology, Network Cybersecurity Boundary Diagrams, and Data Flow Diagrams using Government prescribed tracking and processing tools.
Ensure that all DoD Information System (IS) cybersecurity-related documentation is current and accessible to properly authorized individuals.
Interpret system designs and diagrams for the purposes of identifying data interconnections, interfaces, protocols, and data types in order to select appropriate controls to remediate or minimize Cybersecurity risk exposure to the Coast Guard.
Provide support and develop a connection approval package such as an Interconnection Security Agreement (ISA), Memorandum of Understanding (MOU), Service Level Agreement (SLA), and so forth, for systems that require connectivity to any type of USCG Local Area Network (LAN) (i.e. DoD Information Network (DoDIN), CGOne, SIPRNet) …

Task Area Two: Information Systems Security Engineer (ISSE) Services

Serve as the Information Systems Security Engineer (ISSE) providing technical input, recommendations, and assistance with the implementation of both higher and granular-level cyber security approaches, methods and solutions that incorporate and maintain compliance to requirements resulting from laws, regulations, and other pertinent guidance.
Participate in acquisition meetings (PMR, PDR, CDR, etc.), concept of operation (CONOP) working groups, change boards, technical exchange meetings and other similar activities. Design and develop security requirements that drive down risk while maintaining operational capability.
Work between architecture-level and implementation-level engineering meetings to maintain a system-wide view of security functions and apply risk mitigation strategies at the appropriate level.
Provide guidance on work against program requirements and goals. This includes participating in technical discussions, trade studies and working groups, and conducting research on industry best practices for potential implementation …

Task Area Three: Security Control Assessor (SCA) Support Services

Support the development, and review of any plan that includes control assessment and implementation including Security Assessment Plans, System Security Plans, and any other security-developed document referring to security and/or privacy controls.
Assess the security and privacy controls in accordance with the assessment procedures defined in the security assessment plan.
Prepare the security assessment report documenting the issues, findings, and recommendations from the control assessment.
Assess a selected subset of the technical, management, and operational controls employed within and inherited by the information system in accordance with the organization-defined monitoring strategy …

Contract Ordering Period: Five (5) years.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

OrangeSlices AI

Discover More Today

USCG RFP: Information Assurance (IA) Risk Management Framework (RMF) Support Services IDIQ

Leave a Reply

Cancel reply

USCG RFP: Information Assurance (IA) Risk Management Framework (RMF) Support Services IDIQ

Leave a Reply

Cancel reply

User Agreement

Login