Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF AUGUST 16, 2020 SAM #6835
SOLICITATION NOTICE

D -- SYNOPSIS: FDA Cybersecurity Capabilities Projects

Notice Date
8/14/2020 1:02:38 PM
 
Notice Type
Presolicitation
 
NAICS
541512 — Computer Systems Design Services
 
Contracting Office
FDA OFFICE OF ACQ GRANT SVCS ROCKVILLE MD 20857 USA
 
ZIP Code
20857
 
Solicitation Number
S-20-FDA-SOL-1211384
 
Response Due
8/21/2020 7:00:00 AM
 
Archive Date
08/21/2020
 
Point of Contact
Michelle Dacanay, Phillip Frame
 
E-Mail Address
michelle.dacanay@fda.hhs.gov, phillip.frame@fda.hhs.gov
(michelle.dacanay@fda.hhs.gov, phillip.frame@fda.hhs.gov)
 
Small Business Set-Aside
8A 8(a) Set-Aside (FAR 19.8)
 
Description
This is a synopsis for the U.S. Food and Drug Adminstration's requirement for Cybersecurity Capabilities Projects Indefinite Delivery Indefinite Quantity (IDIQ) contract. This requirement�will be�solicited as a competitive 8(a) set-aside; only those companies certified by the U.S. Small Business Administration as an 8(a) business that have not graduated from the program are eligible for award. The associated North American Industry Classification System (NAICS) Code is 541512�Computer Systems Design Services; Small Business Size Standard is $30 million. The U.S. Food and Drug Administration (FDA) intends to award only one (1) Indefinite Delivery Indefinite Quantity (IDIQ) contract resulting from the solicitation. The�FDA will conduct the evaluation and selection process in TWO (2) PHASES. PHASE 1 - This phase will be a request for qualifications. The FDA anticipates the response time frame to be only five (5) business days. � PHASE 2 - This phase will be a request for proposal. Background Information To protect the FDA�s business mission, the FDA Cybersecurity, Counterintelligence and Insider Threat Program implements and operate new cyber technologies to reduce the cyber threats against the FDA�s information resources while adhering to applicable public laws, federal standards, and executive regulations. The Cybersecurity, Counterintelligence and Insider Threat Program analyzes and advises OIMT on security risks against FDA Information Technology and requires that effective, risk-based security controls are employed to maintain the confidentiality, integrity, and availability of FDA data and systems throughout the entire system lifecycle.� The FDA Chief Information Security Officer (CISO) is responsible for assuring enterprise-based cybersecurity solutions are implemented and has an active role in addressing identified cyber security risks. The FDA Cybersecurity, Counterintelligence and Insider Threat Program continuously looks to improve the cybersecurity posture at FDA by ensuring the network and business applications are monitored 24 hours a day, 7 days a week by the FDA System Management Center (SMC).� The SMC staff utilize cybersecurity tools such as Intrusion Detection Systems, firewalls, vulnerability scanning applications.� The FDA seeks expertise to support the SMC and the supporting cybersecurity capabilities. The FDA Cybersecurity Capabilities projects are typically centered around the defined areas within the DHS CDM program �and will likely meet one of the 15 Tool Functional Areas and 11 Service Task Areas as defined by DHS in pages 4-10 of http://www.gsa.gov/portal/mediaId/189495/fileName/CDM_CMaas_BPA_Ordering_Guide_70_Sept_2015.action.� The technologies that are implemented will need to integrate, support and protect with all FISMA reportable systems and the key technologies. Objectives As a direct result of contract performance, the Chief Information Security Officer and his staff within FDA Office of Information Security (OIS) and the Office of Information Technology and Management (OIMT) expects to maintain the FDA�s Cybersecurity posture against advancing cyber threats via the following outcomes: Develop, implement, integrate, operate and support cybersecurity capabilities that align with the National Institutes of Standards and Technology�s (NIST) Cybersecurity Framework and the Department of Homeland Security�s (DHS) Continuous Diagnostic and Mitigation (CDM) Program Acquire the necessary hardware, software, services and training required to implement and operate technology solutions in support of the FDA cybersecurity mission Ensure that the Information Technology FDA acquires and implements meet current industry standards while aligning with emerging capabilities Ensure that the FDA Information Technology staff that operates the technologies receives the necessary training to understand and operate newly implemented cybersecurity technologies Improve efficiencies in procedures while ensuring implementation of appropriate security controls Integrate new technology solutions into a system development life cycle (SDLC) management framework Provide operations and maintenance support for FDA Cybersecurity, Counterintelligence and Insider Threat Program Ensure all solutions have capacity planning, RACI and technology roadmaps for future growth. Scope This statement of work (SOW) conveys the current FDA Information Technology and cybersecurity objectives, constraints, applicable scope, technical requirements, and applicable task areas. Individual task orders will be issued to obtain specific services for FDA Cybersecurity Capabilities (projects). FDA Cybersecurity Capabilities projects will include the acquisition of software, hardware, vendor-certified engineering resources necessary for implementation, operations, maintenance and training. The scope of this contract encompasses the technical and management services necessary to permit the FDA and all its Offices and Centers to meet the objectives presented in section 1.2 above. The Contractor shall also provide all maintenance agreements, documentation, and training materials necessary to implement and maintain FDA�s access to its solution. �The task areas listed below follow the federal Cybersecurity Framework.� Examples of Cybersecurity Framework capabilities include: Network Penetration Testing Web Application Firewalls Dark Web services (via subscription) Intrusion Detection and Prevention Systems (On Premise and Cloud-based) Cybersecurity-related health checks Security Incident and Event Management (SIEM) Data Loss Prevention Data Encryption Hunt Team Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) Digital Forensic Vulnerability management Cloud and mobile security technologies Task Areas Some of the task areas are listed below: Task Area � Identify As tasked, the Contractor shall provide Cybersecurity Capabilities - Identify services that include, at a minimum, to Continuous Diagnostics and Mitigation (CDM), asset inventory, unauthorized or misconfigured asset discovery, tracking and mitigation activities.�� Task Area - Protect and Detect As tasked, the Contractor shall provide Cybersecurity Capabilities - Protect and Detect services defined to include firewall management, vulnerability scanning, network penetration tests, host and network intrusion detection or prevention, Security Incident and Event Management (SIEM), remote patching, compromise analysis, web vulnerability analysis and application vulnerability analysis, cloud security operations and analysis, data encryption, data loss prevention, malware mitigation and other Cybersecurity Capabilities Protect and Detect projects.� Task Area - Respond and Recover As tasked, the Contractor shall provide Cybersecurity Capabilities � Respond and Recover services that include Incident Management and Response tools capabilities, and recovery tools capabilities that support the FDA Cybersecurity, Counterintelligence and Insider Threat Program.�� Task Area - Capabilities and Integration / Innovative Cybersecurity Business Projects As tasked, the Contractor shall provide project support for Cybersecurity Capabilities and Integration/Innovative Cybersecurity Business Projects is defined to include �cybersecurity-related Mobility and Cloud solutions, Cloud IDS solutions, the Internet of Things, Security and Incident Event Management (SIEM), Web Application Firewalls (WAF) and other technologies that FDA must adopt and secure to maintain and improve business activities.� These technologies are active emerging or disruptive technologies introduced into the FDA environment. Task Area - Penetration Testing As tasked, the Contractor shall provide Penetration Testing for FDA Cybersecurity, Counterintelligence and Insider Threat Program.
 
Web Link
SAM.gov Permalink
(https://beta.sam.gov/opp/e5e3c6961fe34b5294573a229507c068/view)
 
Place of Performance
Address: Rockville, MD 20852, USA
Zip Code: 20852
Country: USA
 
Record
SN05758231-F 20200816/200814230151 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  © 1994-2020, Loren Data Corp.