Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF JULY 11, 2015 FBO #4978
SPECIAL NOTICE

D -- Continuous Monitoring/Risk Scoring Pilot

Notice Date
7/9/2015
 
Notice Type
Special Notice
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
Department of Commerce, National Institute of Standards and Technology (NIST), Acquisition Management Division, 100 Bureau Drive, Building 301, Room B130, Gaithersburg, Maryland, 20899-1410, United States
 
ZIP Code
20899-1410
 
Solicitation Number
SB1341-15-RQ-0623
 
Point of Contact
Richard Kim, Phone: 3019756219
 
E-Mail Address
Richard.kim@nist.gov
(Richard.kim@nist.gov)
 
Small Business Set-Aside
N/A
 
Description
FEDBIZOPPS.GOV ANNOUNCEMENT: SPECIAL NOTICE CLASSIFICATION CODE: D - Automatic Data Processing and Telecommunications Services SUBJECT: Sole Source Justification, Continuous Monitoring / Risk Scoring Pilot SOLICITATION NUMBER: SB1341-15-RQ-0623 CONTACT POINTS: RICHARD KIM, Contract Specialist (301) 975-6219; KEITH BUBAR, Contracting Officer (301) 975-8329 DESCRIPTION: The National Institute of Standards and Technology (NIST) Acquisition Management Division, on behalf of the NIST Office of Information Systems Management (OISM), intends to negotiate directly with Deloitte Consulting LLP, on a sole source basis under the authority of FAR 6.302-1 "Only one responsible source and no other supplies or services will satisfy agency requirements," for contractor services to provide support and software services for a Continuous Monitoring/Risk Scoring Pilot for the NIST OISM. The US Department of Commerce (DOC), NIST has a requirement to provide support and software services for a Continuous Monitoring/Risk Scoring Pilot for the OISM. The effort is to pilot two NIST systems through a tested, proven risk scoring methodology in RSA Archer to evaluate the effectiveness and benefits of a risk scoring process at NIST and that will support NIST in the development of a long-term strategy and enterprise solution for a robust, real-time continuous monitoring and on-going authorization program. ***** Sole Source Justification is based on the following: Deloitte is uniquely qualified to meet these requirements and provide these services to OISM. Based on Market Research and Sources Sought Responses, Deloitte is the only vendor able to provide the following to NIST: • A proven, risk scoring methodology that has shown to be a success at the Bureau of Census, which meets NIST's risk scoring requirements and allows for interoperability between NIST and Census Security Programs. NIST is now required to implement the Census Risk Scoring model internally. • A risk scoring methodology and software capability that is inherently built to score manual and automated control assessment input across the full suite of SP800-53s Rev4 control steps through a Risk Profiling questionnaire capability. • A software solution, built using RSA Archer, which enables NIST to immediately pilot systems using their proven methodology in the COTS program chosen for the Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) program. DHS is implementing RSA Archer, a COTS product, for all Department/Agency and Federal CDM Dashboards. OISM has five main requirements of a proposed risk scoring solution approach: 1) Produce IT system Assessment and Authorization (A&A) packages, in a NIST acceptable format using automated and manual inputs 2) Use electronic Governance, Risk, and Compliance (eGRC) tool RSA Archer 3) Develop system Risk Profiles based on technical and organizational considerations which are compatible with, and can be directly compared to the Risk Profiles of other systems within the DOC 4) Integrate A&A with DHS CDM program 5) Employ the NIST Risk Management Framework (RMF), and report risk scoring and security posture based on the NIST RMF and the National Cybersecurity Framework (CSF) DHS is implementing RSA Archer, a COTS product, for all CDM dashboards. Deloitte, who developed Census Bureau's Risk Scoring process that NIST is moving to, has built the Census-based Risk Scoring capability into the RSA Archer product so that A&A and CDM can be integrated. Therefore, since NIST is required to use Archer for CDM dashboards (by DHS), and required to implement the Census Risk Scoring model, and the Deloitte/Archer solution is the only product that integrates both, Deloitte is the only responsible source that can supply the services required by NIST. Moreover, Deloitte has personnel already approved to work on contracts within the DOC, thereby reducing time required to implement the effort immediately. Because of these unique capabilities across all five requirements, Deloitte is the only vendor who can meet OISM's needs for this procurement. Using a vendor other than Deloitte will introduce undue uncertainty and risk as a new methodology will have to be developed, with unknown timeframes and outcomes. As OISM is looking to move forward quickly to establish a standard for itself and potentially the entire DOC, a vendor other than Deloitte will significantly delay targets for implementation, as well as substantially increase implementation costs for NIST. *****The North American Industry Classification System (NAICS) code for this acquisition is 541519, Other Computer Related Services. Any prospective contractor must be registered in the System for Award Management (SAM) in order to be eligible for award. Information concerning SAM registered requirements may be viewed via the Internet at http://sam.gov. Interested parties that believe they could satisfy the requirements listed above for NIST may clearly and unambiguously identify their capability to do so in writing on or before the response date for this notice. This notice of intent is not a solicitation. Any questions regarding this notice must be submitted in writing via email to Richard Kim at Richard.kim@nist.gov. All responses to this notice of intent must be submitted so that they are received at Richard.kim@nist.gov no later than July 17 at 2:00 PM Eastern Time.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DOC/NIST/AcAsD/SB1341-15-RQ-0623/listing.html)
 
Record
SN03791668-W 20150711/150709235950-e7d8e4a8beb35222f50bf4bd3ba6e560 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.