Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF DECEMBER 03, 2004 FBO #1103
SOURCES SOUGHT

D -- Sources Sought-Security Assurance and Vulnerability Assessment Support

Notice Date
12/1/2004
 
Notice Type
Sources Sought
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
Securities and Exchange Commission, Procurement and Contracts Branch, Operations Center, 6432 General Green Way, MS 0-20, Alexandria, VA, 22312-2413
 
ZIP Code
22312-2413
 
Solicitation Number
SECHQ1-05-RFI-IM01
 
Response Due
1/4/2005
 
Archive Date
1/19/2005
 
Description
This is a sources sought synopsis for all qualified sources for acquisition planning purposes and no formal solicitation exists at this time. Capability statements received will be reviewed to determine the technical, administrative, management, and financial capability of such offerors to perform this type of work which will be used to determine appropriate procurement strategy. Respondents should address each of these capabilities. The U. S. Securities and Exchange Commission (SEC) requires support services to assist in determining the adequacy and integrity of information and physical security implemented and operated by entities regulated by the SEC and/or their contract service providers. Regulated entities, as defined by the Securities Act of 1934 (ACT) and rules promulgated under it, include self-regulatory organizations, national securities exchanges, securities information processors, clearing agencies, electronic communication networks (ECNs), and alternative trading systems (ATSs). Other regulated entities defined in the ACT are excluded from the support described in this Request for Information (RFI). Qualified organizations would provide support to (1) evaluate management assertions that categorize and describe information, information systems, inherent risks, external risks, and controls to mitigate risks; (2) identify and evaluate the logical and physical security architecture and test the security controls for physical perimeters and information systems (processing platforms, operating systems, and application systems) and their associated private and public networks (extranets, Internet, web services, public-key infrastructure, firewalls, routers, switches, and other network-enabling equipment and servers); (3) verify the effectiveness of security controls and determine the existence of vulnerabilities without compensating controls to minimize risk; and (4) evaluate management assertions regarding operational authorization for processing (security accreditation) of information systems and their associated networks. The SEC envisions at least annual assessment of regulated entities and indeterminate (ad hoc) additional assessments. SEC is requesting input in the form of capability statements. Interested parties must submit brief but complete capability statements that address their qualifications, national business locations, certifications, federal security clearances, and licenses to perform the support services described in this RFI. Each respondent must identify the geographical areas and cities in which they currently perform such work within the United States. The SEC may require the use of standards published by other financial regulatory agencies, but respondents may suggest the use of financial industry standards and best practices in use in the United States for identifying their approach to baseline and benchmark evaluations. Capability statements are to be submitted not later than January 4, 2005. The capability statement shall address each of the areas identified above, demonstrate the company?s capability to perform these tasks, and identify and describe previous service contracts with financial organizations for security-related assessments, and the standards it used as the basis for the work performed. Additionally, all responses to this sources sought shall include company name and address, business size and type, and point of contact to include e-mail address and telephone number. Capability statements shall not exceed five pages in length. This information will be used to assist the Contracting Officer in developing the procurement strategy. All responses to this sources sought notice shall be provided to Linda Sudhoff. If it is determined that a formal solicitation will be issued, a pre-solicitation notice will be issued via Federal Business Opportunities.
 
Place of Performance
Address: N/A
Country: US
 
Record
SN00715423-W 20041203/041201212208 (fbodaily.com)
 
Source
FedBizOpps.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.