Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF APRIL 22, 2020 SAM #6719
SOURCES SOUGHT

99 -- Cybersecurity Internal Threat and Privacy Assessments

Notice Date
4/20/2020 6:30:35 AM
 
Notice Type
Sources Sought
 
NAICS
519190 — All Other Information Services
 
Contracting Office
SENATE SERGEANT AT ARMS Washington DC 20510 USA
 
ZIP Code
20510
 
Solicitation Number
2020-S-00010
 
Response Due
4/30/2020 8:59:00 PM
 
Archive Date
07/31/2020
 
Point of Contact
Cora R. Carag
 
E-Mail Address
cora_carag@saa.senate.gov
(cora_carag@saa.senate.gov)
 
Description
DESCRIPTION: �MARKET SURVEY AND QUALIFIED VENDOR LIST DEVELOPMENT - EXTENDED SOURCES SOUGHT REQUEST FOR CYBERSECURITY SERVICES. The purpose of this Sources Sought Notice (Notice) is to gain knowledge of potential qualified industry sources for providing cybersecurity and insider threat assessments to the United States Senate Office of the Sergeant at Arms (Senate or SAA). The SAA�s Office of the CIO has a broad range of responsibilities that includes providing a secure cyber environment in which to carry out Senate business with the Cybersecurity Department having the primary responsibility, which seeks to conduct an overarching cybersecurity and insider threat assessment.� The effort will include Insider Threat Assessment (Privacy Impact and Cybersecurity procedures), Cybersecurity Resilience Assessment, Hunt Assessment, and the development of a Plan of Actions and Milestones (POA&M) to resolve the findings, issues and/or problems identified in the assessments. This effort and the implementation of the POA&M are intended to ensure Cybersecurity Department has established a balanced Cybersecurity and Privacy Program. All requirements listed below are mandatory unless otherwise noted.� This Notice is not a request for proposal and in no way obligates the Senate to issue a solicitation for proposals nor award a contract. This sources sought synopsis contains the currently available information.� REQUIREMENTS:��� The SAA is seeking information on companies that have the appropriate and desired cybersecurity and insider-threat assessment capabilities for the following required cybersecurity services. The capabilities and characteristics for each requirement and service below are stated in minimum terms. 1 - INSIDER THREAT ASSESSMENT � The Senate processes, stores and transmits information considered highly sensitive in nature. The SAA Cybersecurity Department desires to integrate privacy and security controls for both operators and consumers of system and networks resources. This assessment shall focus on two aspects of the insider threat: 1) protection of Senate data including, but not limited to, Personally Identifiable Information (PII), health information, personnel records, constituent data, and 2) ensuring the process and procedures used by the Cybersecurity Department are auditable to ensure the procedures are effective in protecting the data and other information related to the Senate Office/Committee without violating the Office/Committee�s privacy. The assessment will also include evaluation and detection of anomalous user behavior that may represent abuse of their administrative privileges. The results of this assessment will provide the Cybersecurity Department with the requirements to build a robust insider threat program. 2 - HUNT ASSESSMENT The Cybersecurity Department requires assistance to perform a traditional hunt-like assessment to detect the presence of the advanced persistent adversary.� The Cybersecurity Department requires a qualified vendor who can be agile and /or quickly react in supporting the Cybersecurity Department�s desired hunt engagement method and who can conduct a comprehensive evaluation of network and systems resources for evidence of unwanted activity and cyber-threat actor persistence. 3 - CYBERSECURITY RESILIENCE ANALYSIS The Cybersecurity Department is looking for a qualified vendor to conduct a cybersecurity resiliency assessment, based on foundational frameworks such as NIST and ISACA, with an additional focus on resiliency to effectively identify, protect, detect, react and recover from the advanced cyber threat. The Cybersecurity Department expects relevant, comprehensive and actionable improvement recommendations to refine and continue maturing its cybersecurity defense program. 4 - PLAN OF ACTION AND MILESTONES (POA&M) The Cybersecurity Department is looking for a qualified vendor with the experience to develop and present a mitigation plan of action and milestones.� The POA&M will be used in establishing a final plan for implementation of recommendations in the development of an insider threat program. The mitigation plan and milestones will also lay out a future internal schedule for review of SAA Cybersecurity policies, privacy policies, third-party agreements and contracts, and training. A.� PROGRAM MANAGER: The program manager should have experience in leading combined cybersecurity/insider threat assessment teams and have a demonstrated understanding of both cyber and privacy laws and requirements as well as a deep understanding of the Legislative Branch and its functions.� B.� LEAD ASSESSOR: The lead assessor should be a Certified Information Privacy Professional (CIPP/US) and have extensive experience with the Department of Commerce�s Privacy Shield certification process as well as a deep knowledge and understanding of data breach and notification laws.� INSTRUCTIONS:� To respond to this Notice, the Vendor must provide the following information: a. Specific Information about your firm:� Company Name, Address, Point of Contact with Telephone and FAX numbers and E-mail address, GSA Schedule Number (if applicable), DUNS Number, Tax ID Number, and SAM Registration Number; b. Concise description, 10-page maximum, of Company�s overarching cybersecurity and insider threat assessments qualifications and capabilities which specifically address each area, numbers 1 to 4, under the preceding REQUIREMENTS section. NOTE: Responses which do not address the Requirements as instructed herein will not be considered; c. Resum�, 3-page maximum each, for proposed Program Manager and Lead Assessor addressing specifically the requirements noted for each one (A.) and (B.) respectively, and describing the qualifications, capabilities and actual work experience specifically in the� key areas, numbers 1 to 4, under� consideration for this project; d. Three (3) past or current performance references relevant and similar to the work in this project, 2-page maximum each, in the last three (3) years that include complete and current information (customer name, address, project name/contract number, point of contact with current phone number and email) and a brief synopsis of work performed similar to this project; e. The total number of pages for the response to this Notice shall not exceed 25 including the cover/title, table of contents, page dividers, etc. The information contained in this Notice will be the only information provided by the SAA during this vendor information gathering process. �All qualified sources should respond to this Notice by submitting information in accordance with the instructions provided.� Vendors responding to this Notice and deemed qualified by the SAA may be requested to submit a proposal in response to a solicitation that may be issued afterwards.� Only vendors deemed qualified by the SAA will be permitted to submit proposals to the solicitation if issued.� The SAA will not provide any debriefing. Responses to this Notice are due to the SAA on April 30, 2020. They shall be submitted electronically via email only to Acquisitions@saa.senate.gov, attention of Cora R. Carag.�The subject line of the email message shall be SSN 2020-S-00010, Cybersecurity Internal Threat and Privacy Assessments.� No other method of transmittal shall be accepted. The response shall not exceed twenty-five (25) pages. Unnecessarily elaborate submissions are discouraged. Pages over the page limitation may be discarded. Access by the SAA to information in any files attached to the response is the responsibility of the submitting party. Neither the SAA nor the Senate is responsible for any failure to access vendor information.���� THIS IS NOT A REQUEST FOR PROPOSAL. THIS NOTICE CONSTITUTES THE ENTIRE SOURCES SOUGHT NOTICE AND IS THE ONLY INFORMATION PROVIDED BY THE SAA. ANY QUESTIONS OR REQUESTS FOR ADDITIONAL INFORMATION OR NOTICE EXTENSION WILL NOT BE ACCEPTED.
 
Web Link
SAM.gov Permalink
(https://beta.sam.gov/opp/385bb821fd9f4730b9a510e01daf1822/view)
 
Place of Performance
Address: Washington, DC 20510, USA
Zip Code: 20510
Country: USA
 
Record
SN05627022-F 20200422/200420230148 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.