Health Care Financing Administration, Acquisition and Grants Group, C2-21-15, 7500 Security Boulevard, Baltimore, MD., 21244-1850

D -- HCFA ENTERPRISE SYSTEMS SECURITY INITIATIVE SOL RFP-HCFA-00-0040 DUE 032400 POC Mr. Donald Bolster, 410-786-5156, M.K. Markman 410-786-8916 The Health Care Financing Administration (HCFA) intends to award multiple Indefinite Delivery Indefinite Quantity (IDIQ) contracts for professional technical services in the area of systems security. Contractor services may be required from technically qualified Contractors who will assist the Government in the following functional areas: Functional Area 1- Security Policy and Procedures- Develop the capability to create security policies, and maintain policies/procedures current and consistent with HCFAs business and IT environments. Functional Area 2-Training, Awareness, and Security Administration Support-Develop and implement a results-based security training and awareness program. Correct unsafe computing practices; provide staff with skills needed to conduct HCFA systems security management activities. Review structure and responsibilities of information systems security specialists. Improve administration through segregation of duties; establish internal controls for updates to production data. Review the adequacy of data access controls; deploy technical solutions to improve control/monitoring. Functional Area 3- Systems Engineering- Complete and maintain security architecture in close coordination with HCFAs information technology architecture planning. Develop technical capabilities to devise security mechanisms that keep pace with HCFAs changing business and IT environments. Implement change control mechanisms for applications/systems software. Review adequacy of HCFA policies/standards for physical security, conduct reviews, correct deficiencies. Functional Area 4-Oversight and Management- Develop Risk Assessment and System Security Plans per OMB Circular A-130, and regularly update security plans for general support systems and major applications. Conduct risk assessment and associated security planning along the lines of HCFA's major business applications and infrastructure services. Continually assess HCFAs security posture and implement corrective actions. Develop and Maintain Incident Detection & Response Capability per PDD 63, to protect HCFA's critical infrastructure against natural disasters and hostile attacks. Ensure that critical operations, both internal and external, continue without interruption when catastrophic events occur. HCFA will solicit offers with the intent of awarding multiple IDIQ contracts for a base year plus four option years. The base contracts may have fixed-price, time and material and cost-reimbursement pricing mechanisms available to allow for each Task Order to be negotiated as appropriate. This procurement will be a Total Small Business Set-Aside (See Note 1). The Standard Industrial Classification (SIC) is 7379, Computer Related Services with a small business size standard not to exceed $18 million. Vendors should send requests to be included on the bidder's list to the address listed above or fax their request to (410) 786-9643, Attn: Donald T. Bolster. Telephone requests for the RFP will not be accepted . An electronic copy of the solicitation will be available on or about March 24, 2000 via the Internet at http://www.hcfa.gov/contracts. In an effort to reduce copying costs hardcopies will only be made available upon request to those vendors who do not have internet access, or for some other reason cannot download the RFP. For technical assistance in downloading from the Internet contact Jeff Stedding at (410) 786-0754. Procurement questions can be directed to Donald T. Bolster, Contract Specialist, via E-mail: dbolster@hcfa.gov. Posted 03/07/00 (W-SN432021). (0067)

Loren Data Corp. http://www.ld.com (SYN# 0017 20000309\D-0002.SOL)