Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF SEPTEMBER 22, 2016 FBO #5417
SOURCES SOUGHT

70 -- RFI: IT Security Managed Services - Attachment

Notice Date
9/20/2016
 
Notice Type
Sources Sought
 
NAICS
518210 — Data Processing, Hosting, and Related Services
 
Contracting Office
National Gallery of Art;Office of Procurement and Contracts;2000B South Club Drive;Landover MD 20785
 
ZIP Code
20785
 
Solicitation Number
NGA16RFI0064MB
 
Response Due
10/14/2016
 
Archive Date
12/13/2016
 
Point of Contact
Nabil Ghadiali
 
E-Mail Address
South
 
Small Business Set-Aside
N/A
 
Description
NGA-16-RFI-0064MB NGA-16-RFI-0064MB.docx 1.OVERVIEW The Mission of the National Gallery of Art (Gallery) is to serve the United States of America in a national role by preserving, collecting, exhibiting, and fostering the understanding of works of art, at the highest possible museum and scholarly standards. Like all modern businesses, the Gallery uses information technology (IT) throughout the organization in the execution of its mission which is managed through the Office of the Chief Information Officer (OCIO). The OCIO maintain central control over the IT budget and is responsible for defining and implementing a common and unified IT strategy throughout the Gallery that meets the requirements of its user community. The IT Security department within the OCIO is responsible for developing policies and procedures and with the aid of security tools ensures that Gallery IT systems and services are secured, follows federal IT security requirements and operates within a risk acceptable to the Gallery. 2.USER POPULATION To support its mission, the Gallery has a staff of approximately 1,000 employees who do everything from guard and maintain the facilities to planning exhibitions and conducting scientific research. In addition, several hundred volunteers and numerous contractors support the Gallery. Throughout the year, the staff is augmented with visiting Fellows and Interns who work and study at the Gallery for short periods of time. There is a substantial amount of coming and going, but at any given time, there are about 1,000 active users of Gallery information technology (IT) services. 3.IT ENVIRONMENT The NGA server and networking environment is typical for a mid-sized organization which operates a complex IT infrastructure and compartmentalizes its valuable assets into different networks. The Gallery currently operates two segregated networks. The first network (administrative) provides connectivity to all workstations, servers, applications and mobile devices internally and externally to the Internet. Part of this administrative network extends into the Smithsonian Institution's (SI) Data Center in Herndon, VA. The second network (security) is a closed-loop, isolated network that interconnects physical security systems, electronic (RFID and Retina) sensors and systems, cameras, and physical security management workstations to provide access control and real-time information to ensure the safety of visitors, staff and the valuable works of art stored within the Gallery. The Gallery has 11 enterprise-wide systems and another 50+ systems used by various departments/divisions to execute their business function. Out of these, about 1/3rd are hosted in the Cloud and the remaining distributed between the administrative (either at the Gallery or SI data centers) and security network. For those systems that are managed by the Gallery or SI, the operating environment is a combination of physical and virtualized servers (hosted on ESXi). Applications which are not virtualized are predominately systems with operational or functional restrictions. Similar to other organizations, the Gallery continues to assess and implement the "Cloud First" strategy wherever possible - especially for commodity services (e.g., e-mail, help desk management, intern and Fellowship applications, etc.). At the heart of the Gallery's cloud presence, Active Directory Federation Services (ADFS) have been implemented in the Microsoft Azure Cloud for authenticating to Microsoft's Office 365 and ServiceNow. It is anticipated that this identify management infrastructure will be used to support new cloud-based Software-as-a-Service (SaaS) applications that the Gallery subscribes to in the future. The operating systems comprises of servers that run either Windows 2008, 2008R2 or 2012 along with a few Linux v5, v6 and v7 servers as well. The Windows and Linux servers are hardened using baselines from Center for Internet Security (CIS) that are tailored to meet Gallery needs. The IT Security department operates several applications that are used for monitoring and maintaining a secure operating environment at the Gallery. More tools are anticipated to be added as the IT security program matures. oTenable Security Center and Nessus -Used to scan systems on both the Administrative Network and the Security Network to identify vulnerabilities and determine patch status. oHP WebInspect - Used to scan web applications for vulnerabilities. oFireEye - The FireEye appliances support in maintaining an Advanced Persistent Threat (APT)-free and malware-free IT environment with the Gallery. They include endpoints and network monitoring appliances that monitor malware on the network and changes made to systems based on any malicious infection. oMcAfee Antivirus - McAfee Antivirus is the traditional A/V solution deployed at the Gallery to protect its computing environments from commodity virus, worm and trojan infections. oCyberArk Privileged Account Security - Used to manage administrative credentials used for privileged access. 4.SCOPE OF WORK OMB Memorandum M-14-03, titled Enhancing the Security of Federal Information and Information Systems, issued on November 18, 2013 provides guidance for managing information security risk on a continuous basis and builds upon efforts towards achieving the government's cybersecurity goals. Although not an Executive Agency, the Gallery has adapted M-14-03 as a best practice and the Gallery's Information Systems Security Officer (ISSO) has developed an Information Security Continuous Monitoring (ISCM) program consistent with existing statutes, OMB policy, and NIST guidelines that provides a clear understanding of organizational risk and helps officials set priorities and manage such risk consistently throughout the agency. The Gallery's ICSM program incorporates 10 different security areas as explained briefly below. #Security AreaDescription 1Account ManagementEnsure network and application accounts for all users are based on job responsibilities and follow policy w.r.t. to suspension and termination. 2Asset ManagementEnsure no unauthorized devices are present on the network. 3Configuration ManagementEnsure all devices implement hardened baselines and approved configurations. 4Continuity of OperationsEnsure all systems have business continuity and system recovery plans that are documented and tested routinely 5Documentation ManagementEnsure Security Assessment and Authorization (SAA) packages are complete for all 11 enterprise Gallery IT systems 6Event and Incident ManagementRecording, reviewing, notifying and responding to alerts based on key auditable events 7Malware ManagementEnsure no malware exists on the Gallery IT network 8Security TrainingEnsure Gallery network users are made aware of current IT security threats and best practices. 9Sensitive Information ManagementAbility to detect, track and manage sensitive data stored on the Gallery systems and on the network. 10Vulnerability and Patch ManagementEnsure that Gallery IT systems are devoid of vulnerabilities that can be exploited. The Gallery is looking for a qualified IT security contractor who will support the Gallery ISSO in developing, implementing, and managing a program that ensures that the security controls within each of the above-mentioned security areas are performing to the standards established for each area. The contractor shall also provide the appropriate IT security toolset/environment to support the automation of required security activities. Work can be done on-site as well as remotely. 5.GEOGRAPHIC AREA The National Gallery of Art is physically located on Constitution Ave. between 3rd and 9th Streets NW in Washington, D.C. NGA staff is located in the East Building, West Building, the Connecting Link and Sculpture Garden. Staff is also located in swing space at 601 Pennsylvania Ave. NW (North and South Buildings), Washington DC; and at NGA's warehouse in Landover, Maryland. 6.REQUEST FOR INFORMATION/QUALIFICATIONS Interested firms should send a short write-up (15 pages maximum) that describes their ability to provide the requested managed security services. Information to be provided should include: Point of Contact: name, title, e-mail address, phone number of individual to contact for follow-up discussion Company Information: year established; location; number of employees; products/services that are germane to this request and what percent they represent of your annual revenue; sample clients for products/services requested herein; key subcontractors if typically a part of your engagements. Product/Services: Describe your offering as related to the 10 security areas listed above in our ISCM program. How products/services are provided: as a cloud service? onsite/remote? hybrid? How are the tools priced/licensed? Describe your management approach to overseeing the success of your offering to meeting the ISCM program goals. Describe reporting on the management of your service: what types of reports are provided, what frequency, and to what level in the organization. Sample Projects (3 max): Short description of contracts that are equivalent to the services requested herein; value of contract, period of performance/duration, type of contract (fixed price, time and materials, fixed price labor categories, etc.). Describe specifics about support provided and how the services was managed. Be specific about toolsets and skills of staff that supported the engagement.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/NGA/AOPC/WashingtonDC/NGA16RFI0064MB/listing.html)
 
Place of Performance
Address: National Gallery of Art;2000B South Club Drive;Landover, MD 20785
Zip Code: 20785
 
Record
SN04279692-W 20160922/160920235126-d09ec8cfd89feb88ca0d5e6ceadcd3cf (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.