Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF JULY 22, 2018 FBO #6085
SPECIAL NOTICE

70 -- Cybersecurity Costs General - Table 1

Notice Date
7/20/2018
 
Notice Type
Special Notice
 
NAICS
541330 — Engineering Services
 
Contracting Office
Other Defense Agencies, Washington Headquarters Services, WHS, Acquisition Directorate, 4800 Mark Center Drive, Suite 09F09, Arlington, Virginia, 22350-3400, United States
 
ZIP Code
22350-3400
 
Solicitation Number
WHSOSBP-EATL-001
 
Archive Date
10/5/2018
 
Point of Contact
Tequilla N. Wheeler,
 
E-Mail Address
WHS.OSBP@mail.mil
(WHS.OSBP@mail.mil)
 
Small Business Set-Aside
N/A
 
Description
Table 1 The Washington Headquarters Services (WHS) Office of Small Business Programs (OSBP) on behalf of the Department of Defense, Office of the Deputy Assistant Secretary of Defense for Energy [DASD(E)] invites feedback from Industry, in particular Control Systems vendors and integrators, on general cybersecurity implementation costs and cybersecurity compliance cost estimation methodologies for operational technology (OT), platform information technology (PIT), industrial control systems (ICS), and/or Facility-Related Control Systems (FRCS). NAICS Codes: 541-Professional, Scientific and Technical Services 541330 Engineering Services 541350 Building Inspection Services 541511 Custom Computer Programming Services 541512 Computer Systems Design Services 541513 Computer Facilities Management Services 541519 Other Computer Related Services 541611 Administrative Management Consulting Services 541618 Other Management Consulting Services 541620 Environmental Consulting Services 541690 Other Scientific and Technical Consulting Services 541990 All Other Professional, Scientific, and Technical Services 561210 Facilities Support Services During the past 24 months, increased cybersecurity policy issuances to the DoD Facility-Related Control Systems community has resulted in increased cybersecurity activity by DoD Components and Services, as well as the FRCS community within the Defense Industrial Base. For reference, these policy issuances include, but are not limited to: • DoDI 8500.01, DoD Cybersecurity, March 14, 2014; • DoDI 8510.01, Risk Management Framework for DoD IT, Incorporating Change 2, dated July 28, 2017 • Unified Facilities Criteria (UFC) Cybersecurity of Facility-Related Control Systems (FRCS) 4-010-06, Incorporating Change 1 Effective January 18, 2017 • Assistant Secretary of Defense for Energy, Installations, and Environment Memorandum, Managing Cyber Risks to Facility-Related Control Systems, March 31, 2016 • DoD Risk Management and National Security Systems Response to Presidential Executive Order (EO) 13800 on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, November 1, 2017 • The DFARS 252-204.7012 regulations that require contractors to plan, implement, and document their own cybersecurity (December, 2017). DASD(E) seeks information from industry that supports OT, PIT, ICS and FRCS on cybersecurity costs to the Defense Industrial Base. This call for information is widely scoped and includes OEM, Integrators, FFRDC, other non-profit, industry advocacy groups, academia, and related service-sector disciplines such as law and contracting. DASD(E) seeks information in two areas: 1) General Cybersecurity Implementation Costs. Specifically, a. What costs has industry incurred for applying and implementing cybersecurity to FRCS and FRCS-related cybersecurity goods and services in accordance with RMF? b. How did your entity become aware of OT/PIT/ICS/FRCS cybersecurity requirements under RMF? c. Information Technology (IT) and OT/PIT/ICS/FRCS costing distinctions. What critical distinctions or dependencies exist between Information Technology (IT) and OT/PIT/ICS/FRCS for purposes of costs incurred for implementation? d. How is your organization or your industry baselining and tracking these costs? e. Does OT/PIT/ICS/FRCS cybersecurity budgeting come from a general IT budget, an operations budget, or some other budget? f. Other factors. What other factors, processes, or regulatory requirement pertaining to cost of cybersecurity requirements implementation are relevant to scoping cybersecurity implementation? g. What is your entity's business size, based on its primary NAICS code? h. Have you determined the increased cost of implementing cybersecurity capabilities / requirements to specific OT/PIT/ICS/FRCS devices, systems, networks, enclaves? What factors were used to make the calculation? i. Has your organization built or supported the build of an Authority to Operate (ATO) package for a control system network for a DoD client? Are there vendor-client dependencies, throughputs or lessons-learned that would be useful to consider with respect to RMF cybersecurity implementation requirements? j. Within the 14 compliance areas covered in NIST SP800-171, are you able to detail costs incurred within specific areas, as-described in Table 1, attached? 2) Cybersecurity Implementation Cost Estimation Methodologies. Specifically, a. Sector-specific practice standards. What cost estimation methodologies are used in your specific sector? b. Industry standards. What cost estimation methodologies are used, industry-wide? c. IT and OT/PIT/ICS/FRCS distinctions. What critical distinctions or dependencies exist between Information Technology (IT) and OT/PIT/ICS/FRCS in cost estimation methodologies or practices? d. Have you determined the increased cost of implementing cybersecurity capabilities / requirements to specific OT/PIT/ICS/FRCS devices, systems, networks, enclaves? What factors were used to make the calculation? e. Other factors. What other factors, processes, or regulatory requirement pertaining to cost estimation methodologies of cybersecurity requirements implementation are relevant to regulatory implementation? f. What is your entity's business size, based on its primary NAICS code? Customer Office Address: Office of the Deputy Assistant Secretary of Defense for Energy 4800 Mark Center Drive Suite 16F18 Alexandria, VA 22350-3605 Customer Point of Contact: Mr. Daryl Haegley (571) 372-6857 Contractors who wish to respond to this announcement should send responses via email with Subject Line: RFI- Cybersecurity Costs General no later than Thursday, September 20, 2018 at 3:00 PM EASTERN to WHS.OSBP@mail.mil. Proprietary information and trade secrets shall NOT be submitted as part of a response. Please be advised that all submissions become Government property and will not be returned. All government and contractor personal reviewing RFI responses will have signed non-disclosure agreements and understand their responsibility for proper use and protection from unauthorized disclosure of proprietary information as described in 41 USC 423. The Government shall not be held liable for any damages incurred if proprietary information is submitted, as it is clearly stated this type of information shall NOT be submitted.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/ODA/WHS/REF/WHSOSBP-EATL-001/listing.html)
 
Record
SN05000943-W 20180722/180720230835-a25e0014e0595b7153b754574d996e23 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.