Notice ID:\u00a0 140D0424Q0573<\/p>\n
The Department of the Interior (DOI), Interior Business Center (IBC), Acquisition Services Directorate (AQD) is issuing this RFI\/Sources Sought on behalf of the Department of Health and Human Services (HHS), Office of the Inspector General (OIG), Office of Audit of Services (OAS) for the HHS\/OIG Cyber Range Managed Cloud Services.<\/p>\n
The Office of Audit Services (OAS), Cybersecurity and Information Technology Audit Division (CITAD) within the HHS-OIG is tasked with auditing the information technology (IT) programs and resources developed and maintained by HHS Operating Divisions (OpDivs) and health care providers. Their work is crucial in detecting and correcting vulnerabilities and weaknesses in computer systems, ensuring an efficient and secure IT environment. To facilitate CITAD\u2019s work, a cloud hosted \u201cCyber Range\u201d is used for audit support, penetration tests, research, and training.<\/p>\n
The objective of this contract action is to procure a Managed Cloud Service Provider (CSP) for proactive and on-demand operations, maintenance, monitoring, cost optimization, and support of the public cloud hosted Cyber Range.\u00a0 Specifically, the CSP will manage an existing Cyber Range hosted within the Amazon Web Services (AWS) Cloud Environment, and if optional task 10 is executed on, expansion into Microsoft Azure.<\/p>\n
Hosting Requirements<\/p>\n
The Government requires a Contractor with AWS and Azure certifications and partnerships to effectively manage and monitor OAS CITAD\u2019s Cyber Range using Cloud Managed Service models as necessary. Offerors for the OAS CITAD\u2019s Cyber Range must strictly adhere to all published AWS Service Level Agreements (SLAs) and provide these SLAs to the OIG as appropriate.<\/p>\n
For any cloud service solution (e.g., but not limited to: Infrastructure as a Service, Platform as a Service, Software as a Service) deployed or utilized by the Contractor as part of its proposed solution to support the HHS OIG Cyber Range, it must be Federal Risk and Authorization Management Program (FedRAMP) authorized.\u00a0 The Contractor is obligated to make sure that their proposed solution meets all relevant FedRAMP, Federal Information Security Modernization Act (FISMA), White House, and Cybersecurity and Infrastructure Security Agency (CISA) mandates.<\/p>\n
Specifically, the Contractor\u2019s responsibilities encompass comprehensive cloud management services, including provisioning, monitoring, scaling, and maintenance of the HHS OIG Cyber range cloud infrastructure, including but not limited to EC2, S3 Storage, Subnets and network components, Virtual Firewalls, load balancers, etc.; ensuring high availability, security, and compliance \u2026<\/p>\n
The anticipated period of Performance of this contract is a base year and nine (9) option years.<\/p>\n