Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF JANUARY 06, 2017 FBO #5523
SOURCES SOUGHT

D -- Risk Management Services- IDIQ

Notice Date
1/4/2017
 
Notice Type
Sources Sought
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
Department of the Interior, Bureau of Reclamation, BOR - All Offices, Denver Federal Center, Building 67, Room 380, Denver, Colorado, 80225, United States
 
ZIP Code
80225
 
Solicitation Number
R17PS00246
 
Archive Date
2/2/2017
 
Point of Contact
Christina Mohamed, Phone: (303) 445-2110
 
E-Mail Address
cmohamed@usbr.gov
(cmohamed@usbr.gov)
 
Small Business Set-Aside
N/A
 
Description
THIS IS NOT A SOLICITATION FOR PROPOSALS. THIS IS A SOURCES SOUGHT SYNOPSIS ONLY This will be a small business set aside. This Request for information (RFI) is for the purpose of identifying contractors that possess the capabilities outlined below. The United States Bureau of Reclamation (USBR) Risk Management Services Group is responsible for implementing and maintaining compliance with Federal cybersecurity, and related privacy, requirements. The purpose of the professional services IDIQ is to perform required work in support of risk management activities through a task order when workload either exceeds the capacity of the assigned staff or requires specialty knowledge and experience staff does not possess. This RFI shall not be considered as a request for proposal or as an obligation on the part of the Government to acquire any products or services. No entitlement to payment of direct or indirect costs or charges by the Government will arise as a result of the contractor submission of this RFI or the Government's use of such information. The Government reserves the right to reject, in whole or in part, any contractor's input resulting from this RFI. No contract will be awarded as a result of this announcement. Data submitted in response to this RFI will not be returned. The following labor capabilities may be required under this requirement: CDM: Expert level knowledge of and experience with CDM activities related to Hardware Asset Management, Software Asset Management, Configuration Setting Management, Vulnerability Management and Operational Security Management. Mastery of and skill in applying the configuration, implementation, managing and monitoring of security event correlation tools (e.g., IEM, SIEM, Splunk etc.), performing data reduction and assessing the robustness of security systems and designs. Expert knowledge interpreting and incorporating data from multiple tool sources and identifying systemic security issues based on the analysis of vulnerability and configuration data. Expert knowledge of intrusion detection tools, applications and techniques for detecting host and network-based intrusions FISMA: Expert level knowledge of and experience with FISMA-related activities to include system security plans, contingency plans, incident response plans, configuration management plans, security control requirements and assessments, Plan of Action and Milestones (POA&M), and training requirements. ICS: Expert knowledge and experience with configuring and operating ICS technology components (Remote Terminal Units (RTU), Programmable Logic Controllers (PLCs), relays, sensors, switches etc.), ICS protocols (Modbus, Profibus, Common Industrial Protocol etc.) and ICS systems (Supervisory Control and Data Acquisition (SCADA), Physical Access Control Systems (PACS), Building Automation Systems (BAS) etc.) components. ISSO: Expert knowledge and experience with performing all ISSO-related tasks to include the following for all assigned systems; ensuring that the appropriate operational security posture is maintained; serving as a principal security advisor on all matters, technical and otherwise; developing security procedures; continuous monitoring of security controls to ensure that they continue to be implemented correctly, operating as intended and producing the desired outcome with respect for meeting the security requirements; developing and updating the system security plan and all relevant components; assessing the security impact of changes; conducting annual assessment activities in accordance with Mid-Year and Annual Assurance Statement requirements; managing the POA&M process; providing the required system access, information and documentation to security control assessors; and leading required A&A activities. Privacy: Expert knowledge and experience with Privacy Act-related activities to include Privacy Impact Assessments PIA, personally identifiable information (PII), PII breach procedures and recovery methods, privacy control requirements and assessments and training requirements. Network security: Expert knowledge of network security architecture concepts to include topology, protocols, components, and principles (e.g., application of Defense-in-Depth) and the common attack vectors on the network layer. Skill in network mapping and recreating network topologies, protecting a network against malware, detecting host and network-based intrusions, reading and interpreting signatures, performing packet-level analysis and network traffic analysis. Knowledge and skills to configure, use and monitor network protection components (e.g., Firewalls, VPNs, network intrusion detection systems). Vulnerability management: Expert knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, and malicious code) and malware analysis concepts and methodology. Skill in conducting vulnerability/penetration scans, recognizing vulnerabilities and preparing technical vulnerability, risk and security impact analyses. Expert knowledge of new and emerging technologies, programming language structures and logic, Unix/Windows command line, ports and services and penetration testing principles, tools, and techniques (e.g., metasploit, neosploit, etc.). Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution, etc.) and different operational threat environments (e.g., first generation [script kiddies], second generation [non-nation state sponsored], and third generation [nation state sponsored]). Knowledge of different types of network and general attack stages (e.g., footprinting and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.). System Administration: Expert knowledge of Windows, Linux and Unix system configuration and administration, anti-virus software, patch management, optimization techniques, common protocols (SNMP, HTTP, HTTPS, SMTP, NTP, LDAP, KERBEROS, RADIUS, SFTP etc.), and scripting techniques. INSTRUCTION FOR RFI SUBMISSION: After review of the attached documentation, interested parties may submit a response in an electronic format only via email to cmohamed@usbr.gov no later than 18 January 2017 12:00 pm MDT. Electronic files should be in Microsoft Office Word or PDF format. All information should be UNCLASSIFIED material only. Respondents should include as part of their submission: a. A synopsis of the company's capabilities to provide qualified personnel to include position description and classification support services/labor category (limit 10 pages) b. DUNS Number c. Company Name d.Company Address e.Business size, SDVOSB, HUBZone, or Woman owned status, as validated via the System for Award Administration (SAM). All offers must register on the SAM located at http://www.SAM.gov f.Company point of contact, phone and email address. g.Past work experience. If you have experience working with other Federal Agencies and/or commercial businesses of similar size and scope, please include agency and/or business name contract number (if applicable), amount and type of contract (e.g. FFP, T&M, Labor hour etc). Any company proprietary information must be marked as such, the RFI information should not exceed a total of 15 one-sided 8 1/2x11 pages, with one inch margins, and font no smaller than 12 point.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/notices/c73d1db51dd4c5efa7cad17349c9a99d)
 
Record
SN04363359-W 20170106/170104234807-c73d1db51dd4c5efa7cad17349c9a99d (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.