Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF AUGUST 02, 2017 FBO #5731
SOURCES SOUGHT

D -- Privacy and Internal Threat Assessment

Notice Date
7/31/2017
 
Notice Type
Sources Sought
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
United States Senate, Office of the Sergeant at Arms, Finance Division, United States Senate, Washington, District of Columbia, 20510-7207, United States
 
ZIP Code
20510-7207
 
Solicitation Number
2017-S-043_Privacy_and_Internal_Threat_Assessment
 
Archive Date
9/30/2017
 
Point of Contact
Corazon R. Carag,
 
E-Mail Address
acquisitions@saa.senate.gov
(acquisitions@saa.senate.gov)
 
Small Business Set-Aside
N/A
 
Description
DESCRIPTION: MARKET SURVEY AND QUALIFIED VENDOR LIST DEVELOPMENT - SOURCES SOUGHT REQUEST FOR CYBERSECURITY SERVICES. The purpose of this Sources Sought Notice (Notice) is to gain knowledge of potential qualified industry sources for providing cybersecurity and insider threat assessments to the United States Senate Office of the Sergeant at Arms (Senate or SAA). The SAA's Office of the CIO has a broad range of responsibilities that includes providing a secure cyber environment in which to carry out Senate business with the Cybersecurity Department having the primary responsibility, which seeks to conduct an overarching cybersecurity and insider threat assessment. The effort will include Cybersecurity Resilience Assessment, Hunt Assessment, Insider Threat Assessment (Privacy Impact and Cybersecurity procedures) and the development of a Plan of Actions and Milestones (POA&M) to resolve the findings, issues and/or problems identified in the assessments. This effort and the implementation of the POA&M are intended to ensure Cybersecurity Department has established a balanced Cybersecurity and Privacy Program. All requirements listed below are mandatory unless otherwise noted. This Notice is not a request for proposal and in no way obligates the Senate to issue a solicitation for proposals nor award a contract. This sources sought synopsis contains the currently available information. REQUIREMENTS: A. The SAA is seeking information on companies that have the appropriate and desired cybersecurity and insider-threat assessment capabilities for the following required cybersecurity services. The capabilities and characteristics for each requirement and service below are stated in minimum terms. 1. INSIDER THREAT ASSESSMENT The Senate processes, stores and transmits information considered highly sensitive in nature. The SAA Cybersecurity Department desires to integrate privacy and security controls for both operators and consumers of system and networks resources. This assessment shall focus on two aspects of the insider threat: 1) protection of Senate data including, but not limited to, Personally Identifiable Information (PII), health information, personnel records, constituent data, and 2) ensuring the process and procedures used by the Cybersecurity Department are auditable to ensure the procedures are effective in protecting the data and other information related to the Senate Office/Committee without violating the Office/Committee's privacy. The assessment will also include evaluation and detection of anomalous user behavior that may represent abuse of their administrative privileges. The results of this assessment will provide the Cybersecurity Department with the requirements to build a robust insider threat program. 2. HUNT ASSESSMENT The Cybersecurity Department requires assistance to perform a traditional hunt-like assessment to detect the presence of the advanced persistent adversary. To support this effort, The SAA Cybersecurity Department requires a qualified vendor who can be agile and /or quickly react in supporting their desired hunt engagement method and who can conduct a comprehensive evaluation of network and systems resources for evidentce of unwanted activity and cyber- threat actor persistence. 3. CYBERSECURITY RESILIENCE ANALYSIS The Cybersecurity Department is looking for a qualified vendor to conduct a cybersecurity resiliency assessment, based on foundational frameworks such as NIST and ISACA, with an additional focus on resiliency to effectively identify, protect, detect, react and recover from the advanced cyber threat. The Cybersecurity Department expects relevant, comprehensive and actionable improvement recommendations to refine and continue maturing its cybersecurity defense program. 4. PLAN OF ACTION AND MILESTONES (POA&M) At the conclusion of these tasks, a mitigation plan of action and milestones must be developed and presented. The POA&M will be used in establishing a final plan for implementation of recommendations in the development of an insider threat program. The mitigation plan and milestones will also lay out a future internal schedule for review of SAA Cybersecurity policies, privacy policies, third-party agreements and contracts, and training. B. PROGRAM MANAGER : The program manager for this effort should have experience in leading combined cybersecurity/insider threat assessment teams and have a demonstrated understanding of both cyber and privacy laws and requirements as well as a deep understanding of the Legislative Branch and its functions. C. LEAD ASSESSOR : The lead assessor should be a Certified Information Privacy Professional (CIPP/US) and have extensive experience with the Department of Commerce's Privacy Shield certification process as well as a deep knowledge and understanding of data breach and notification laws. INSTRUCTIONS : To respond to this Notice, the Vendor must provide the following information: 1) Specific Information about your firm: Company Name, Address, Point of Contact with Telephone and FAX numbers and E-mail address, GSA Schedule Number (if applicable), DUNS Number, Tax ID Number; 2) Concised description, 10-page maximum, of Company's overarching cybersecurity and insider threat assessments qualifications and capabilities which specifically address Requirement A, and each of the four services/tasks, Items 1 to 4, under the preceding REQUIREMENTS section. NOTE: Responses which do not address the Requirements as instructed herein will not be considered; 3) Resumé, 3-page maximum each, for proposed Program Manager and Lead Assessor addressing specifically the requirements noted in Requirement B and C respectively, and describing the qualifications, capabilities and experience for this project; 4) At least three (3) past and/or current performance references, 2-page maximum each, in the last three (3) years that include complete and current information (customer name, address, project name/contract number, point of contact with current phone number and email) and a brief synopsis of work performed similar to this project; 5) The total number of pages for the response to this Notice shall not exceed 25 including the cover/title, table of contents, page dividers, etc. The information contained in this Notice will be the only information provided by the SAA during this vendor information gathering process. All qualified sources should respond to this Notice by submitting information in accordance with the instructions provided. Vendors responding to this Notice and deemed qualified by the SAA may be requested to submit a proposal in response to a solicitation that may be issued. Only vendors deemed qualified in this process will be permitted to submit proposals. If suitable responses are received from qualified sources, the SAA anticipates release of a solicitation during the fourth quarter of 2017. Responses to this Notice are due to the POC on August 15, 2017. They shall be submitted electronically via email only at Acquisitions@saa.senate.gov, to the attention of Cora R. Carag. The subject line of the email message shall be: SSN 2017-S-043, CYBERSECURITY ASSESSMENTS. No other method of transmittal shall be accepted. The response shall not exceed twenty-five (25) pages. Unnecessarily elaborate submissions are discouraged. Pages over the page limitation may be discarded. Access by the SAA to information in any files attached to the response is the responsibility of the submitting party. Neither the SAA nor the Senate is responsible for any failure to access vendor information. THIS IS NOT A REQUEST FOR PROPOSAL. THIS NOTICE CONSTITUTES THE ENTIRE SOURCES SOUGHT NOTICE AND IS THE ONLY INFORMATION PROVIDED BY THE SAA OR SENATE. ANY QUESTIONS OR REQUESTS FOR ADDITIONAL INFORMATION WILL NOT BE ACCEPTED.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/Senate/SAA/SAAFD/2017-S-043_Privacy_and_Internal_Threat_Assessment/listing.html)
 
Place of Performance
Address: United States Senate, Office of the Sergeant At Arms, WASHINGTON, District of Columbia, 20510, United States
Zip Code: 20510
 
Record
SN04604967-W 20170802/170731231820-7dfce48734a77930bc3087fc81fa985f (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.