Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF SEPTEMBER 03, 2016 FBO #5398
SOURCES SOUGHT

D -- Cyber Security Support Services

Notice Date
9/1/2016
 
Notice Type
Sources Sought
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
Department of Justice, Offices/Boards/Divisions, Procurement Services Staff (PSS), Two Constitution Square, 145 N Street, N.E., Suite 8E.300, Washington, District of Columbia, 20530, United States
 
ZIP Code
20530
 
Solicitation Number
DJJU-16-RFI-1006
 
Archive Date
9/13/2016
 
Point of Contact
Gregory L Newsom, Phone: 2023071962
 
E-Mail Address
gregory.l.newsom@usdoj.gov
(gregory.l.newsom@usdoj.gov)
 
Small Business Set-Aside
N/A
 
Description
This Sources Sought is released pursuant to the Federal Acquisition Regulations (FAR) Part 10 Market Research. The information collected through the process is considered to be market research as described by FAR 2.101 and in accordance with FAR 10.002. This is NOT a Request for Proposal (RFP), and nothing shall be construed herein or through the Sources Sought process to commit or obligate the Government to further action. In addition, vendors responding to this request for information shall bear all risks and expenses of any resources used to provide the requested information. The submission of capability information in response to this market survey is purely voluntary. The Department of Justice (DOJ), is issuing this Sources Sought to identify qualified and responsible vendors who possess the experience and resources to provide program management support services and technical cyber security operations support to the Department of Justice. BACKGROUND The DOJ provides Cybersecurity Program Component support for the Executive Office for United States Attorney's Information Systems Security Staff (ISS) program initiatives: Insider Threat Prevention & Detection Program (ITPDP) hereinafter referred to as "USAthreat"; Governance, Policy & Compliance Enterprise Audit Program hereinafter referred to as "USAaudit"; Governance, Policy & Compliance Vulnerability Assessment & Penetration Test Team hereinafter referred to as "USAvapt"; and Risk Management Security Assessment & Authorization Program referred to as "USAsaa." PROJECTED SCOPE OF WORK OF KEY REQUIREMENTS The contractor shall provide personnel to provide program management expertise and support services in support of this requirement, ISS requires Cybersecurity Professional Services support aligned within the following areas: 1. Risk Management Program Support "USAsaa". The Risk Management Group is responsible for implementing the Risk Management Program (RMP) embodying the National Institutes for Standards (NIST) Risk Management Framework (RMF), the Departments Security Assessment & Authorization (SA&A) Plan and EOUSA's Risk Management Framework Practice. ISS Risk Management Group is also responsible for liaising with Information System Security Officers (ISSOs) and managing project integration into the Department's Cyber Security Assessment & Management (CSAM) automated workflow tool. ISS coordinates with System Owners and supporting ISSOs insuring completion of all phases of the Risk Management Framework workflow are transitioned into EOUSA's Information Security & Continuous Monitoring (ISCM) Program. 2. Insider Threat Prevention and Detection Program Support "USAthreat": The Insider Threat Group is responsible for implementing and sustaining a formal Insider Threat Program in accordance with Executive Order 13587 and DOJ Order 0901. This program initiative implements key components to the Insider Threat Program including implementation of technical "triggers", governance, policy support, insider threat monitoring, analytics and detection (USAthreat hybrid system), and insider threat reporting/case management. In executing the USAthreat program, ISS will leverage the enterprise tools and expertise from DOJ ITPDP and the JMD while integrating unique knowledge of the USAO to ensure that USA insiders do not pose a threat to national security. Four (4) fundamental Insider Threat Program principles will be implemented to support the development and deployment of USAthreat: a. Insider Threat Prevention. b. Insider Threat Detection c. Insider Threat d. Insider Threat Oversight and Governance. 3. Enterprise Audit Program Support "USAaudit": The Governance, Policy & Compliance Group is responsible for implementing and sustaining an Enterprise Auditing capability in accordance with the Federal Information Security Modernization Act (FISMA) of 2014 and DOJ Order 2640.2f and replacement order DOJ Order 0904. This program initiative supports mandatory requirements for audit log review and analysis and insures baseline auditing events are being recorded, monitored, and acted on in response to any anomalous activity. In executing the USAaudit program, ISS will establish a security audit function providing centralized audit log review, analytics and compliance dashboard views incorporating all EOUSA/USAO systems regardless of system type or location, with the goal of collaboratively facilitating security alerting, investigations and response across the various ISS functions. 4. Vulnerability Assessment & Penetration Testing Team "USAvapt": The Governance, Policy & Compliance Group is responsible for implementing and sustaining a security compliance capability insuring both mandatory and effective security control and risk mitigation measures. In executing the USAvapt program, ISS will conduct security control assessment and penetration testing to effectively counter the current cyber threat environment and support EOUSA FISMA/SA&A compliance responsibilities. The USAvapt program will employ ethical hacking Tools, Techniques, and Procedures (TTPs). USAvapt will conduct network reconnaissance and map the EOUSA and USAO networked environments to establish a current baseline. USAvapt may employ both Blue Team and Red Team assessments, testing may include White, Grey, and Black Box testing. Instructions for Submission of Responses. Interested firms who consider themselves qualified to perform the above-listed services are invited to submit a response to this Sources Sought Notice by Monday September 12, 2016 at 10:00 AM. All responses under this Sources Sought Notice must be emailed to Gregory.Newsom@usdoj.gov. The submission shall be in Microsoft word-- No PDF files please. Total pages shall not exceed 10 pages. Page limitations are based on one side of 8.5" by 11" paper, not less than 12-point font size. Please provide: 1. Vendor background summary including, contractor name, address, DUNS, point of contact information, email, phone and website address. The DOJ is particularly interested in the business size and any socio-economic factors identified in The Federal Acquisition Regulation Section 19. Finally for GSA Schedule holders, please provide the applicable schedule number. 2. Tailored capability statements addressing the particulars of this effort, with appropriate documentation supporting claims of organizational and staff capability. If subcontracting or teaming is anticipated in order to deliver technical capability, organizations should address the administrative and management structure of such arrangements. Capability statement shall address: • The Contractors knowledge of the requirements detailed in the projected scope of work. In particular address knowledge of SPLUNK Enterprise Application and Insider Threat Training and Certification. • The Contractors ability to provide skilled personnel with the knowledge and expereience to accomplish the projected scope of work, and • Provide a list of previous contracts where federal and/or DoD similar services were provided within the last 3 years. Provide customer/Government Agency contact information where these services were provided including: contact name and organization, telephone number, and email address. Include a short synopsis of the contract scope. Provide the dollar value of the work and in the case of performing as a subcontractor provide the dollar value of your contribution to the project. The Government will evaluate market information to ascertain potential market capacity to provide services consistent in scope described in this notice and otherwise anticipated. Telephone inquiries will not be accepted or acknowledged, and no feedback or evaluations will be provided to companies regarding their submissions.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DOJ/JMD/PSS/DJJU-16-RFI-1006/listing.html)
 
Record
SN04251940-W 20160903/160901235539-6b15a7c7d83f771ab840253eec42af78 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.