SOURCES SOUGHT
D -- Certification and Accreditation (C&A) Phase II Support - Draft PWS
- Notice Date
- 6/23/2009
- Notice Type
- Sources Sought
- NAICS
- 541519
— Other Computer Related Services
- Contracting Office
- Department of Education, Contracts & Acquisitions Management, Contracts (All ED Components), 550 12th Street, SW, 7th Floor, Washington, District of Columbia, 20202
- ZIP Code
- 20202
- Solicitation Number
- eio-090007
- Point of Contact
- Gabriella I. McDonald, Phone: (202) 245-6188, Michele Thompson, Phone: 202-245-6193
- E-Mail Address
-
gabriella.mcdonald@ed.gov, michele.thompson@ed.gov
(gabriella.mcdonald@ed.gov, michele.thompson@ed.gov)
- Small Business Set-Aside
- Total HUB-Zone
- Description
- Draft Performance Work Statement (PWS) The pupose of this announcement is to seek ONLY Historically Underutilized Business Zone (HUBZone) concerns to provide Certification and Accreditation (C&A) services for the U.S. Department of Education (ED). ED currently has 145 systems and applications in its FISMA reportable inventory. This number can fluctuate as older systems are retired and new systems are added. These systems and applications have also been categorized as ‘High', ‘Moderate', and ‘Low' risk per guidance in NIST FIPS-199. The attached Draft Performance Work Statement (PWS) addresses the need for C&A services for new systems, systems which have been recently added to ED's inventory, systems that have experienced a significant change since the last C&A activity, and systems scheduled for recertification based on the ED's C&A cycle. The scope of this draft PWS covers the portion of the responsibilities and activities of the Security Certification Phase, and all of the responsibilities and activities of the Security Accreditation Phase, of the C&A process. The contractor shall perform the independent risk assessment of certain systems as they finalize preparation for the Continuous Monitoring Phase. The contractor shall perform technical certification activities on behalf of the Certifier for the systems ordered. The contractor shall be responsible for: • Providing management support for the entire C&A program, • Conducting independent risk assessment activities and incorporating results in the Preliminary Security Assessment Report (PSAR), • Reviewing and evaluating the General Support System (GSS) or Major Application (MA) system security documentation to ensure it is complete and complies with Department policies and guidelines and documenting review results, • Validating remediation of Risk Assessment findings, • Developing, revising, or finalizing the Security Test and Evaluation plans for selected systems, • Executing Security Test and Evaluation (ST&E) plans, vulnerability scanning and documenting test results for selected systems, • Providing Documentation of all test results, • Completing Risk Analysis Forms (RAFs) for all findings, • Writing a Preliminary Security Assessment Report (PSAR), • Providing System Manager/Owner out-briefs, • Presenting findings and verification of remediation (if applicable) to IV&V Management Committee, • Writing a Final Security Assessment Report (FSAR) of certification activities performed and their results, as well as justifying a certification recommendation, • Briefing the Certifier and Accreditor on the review findings and the certification recommendation.
- Web Link
-
FBO.gov Permalink
(https://www.fbo.gov/spg/ED/OCFO/CPO/eio-090007/listing.html)
- Place of Performance
- Address: 550 12th Street S.W., Washington, District of Columbia, 20202, United States
- Zip Code: 20202
- Zip Code: 20202
- Record
- SN01854277-W 20090625/090624001234-4026e3fcae071145a80253ef1f3387f5 (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |