Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF MARCH 07, 2008 FBO #2293
SOURCES SOUGHT

D -- Sources Sought - Chief Information Security Officer Program Support

Notice Date
3/5/2008
 
Notice Type
Sources Sought
 
NAICS
541611 — Administrative Management and General Management Consulting Services
 
Contracting Office
Department of Health and Human Services, Program Support Center, Division of Acquisition Management, Parklawn Building Room 5-101 5600 Fishers Lane, Rockville, MD, 20857, UNITED STATES
 
ZIP Code
00000
 
Solicitation Number
Reference-Number-HHS-SS-CISO2008
 
Response Due
3/20/2008
 
Archive Date
4/4/2008
 
Point of Contact
Jonathan Hamlet, Contract Specialist, Phone 301-443-4919, Fax 301-443-2761, - Jackie Jones, Contracting Officer, Phone 301-443-6413, Fax 301-443-2761
 
E-Mail Address
JONATHAN.HAMLET@PSC.HHS.GOV, JACKIE.JONES@PSC.HHS.GOV
 
Description
THIS IS NOT A SOLICITATION, REQUEST FOR QUOTE (RFQ), REQUEST FOR PROPOSAL (RFP), OR INVITATION FOR BID (IFB). This is a SOURCES SOUGHT NOTICE FOR MARKET RESEARCH PURPOSES ONLY to determine the availability of potential small businesses (e.g; 8(a), service-disabled veteran owned small business, HUBZone small business, small disadvantaged business, veteran-owned small business, and women-owned small business) that can provide assistance in continue to maintain a mature, highly functioning Department-wide Information Technology security program. The support of this program is necessary to ensure the protection of information and information systems categorized as National Critical Infrastructure, National Security Information, HHS Mission Critical, and all other sensitive assets. Protection of these assets is required in accordance with Presidential Decision Directive 63 (PDD 63), Public Law 100-235 (Computer Security Act of 1987), OMB Circular A-130, Federal information Security Management Act (FISMA), Federal regulations, and Executive Branch directions. The Department of Health and Human Services (HHS) Office of the Secretary, under the direction of the Chief Information Security Officer (CISO), has the responsibility for acquiring administrative, professional, and technical services in the execution of the agency?s broad and diverse mission to facilitate continuous monitoring, evaluation and improvement of its information technology security program. The scope of this work is to provide security support and implementation services to the CISO, as well as, obtain contracted services to maintain and improve of the established agency-wide security program that follows the CISO and IT Security Strategic Plan goals. The continued operation and improvement of the IT Security Program will be based on the following security reports: OMB?s FISMA guidance, President?s Management Agenda Score Card, Office of the Inspector General?s Findings and Responding to the Findings, and agency identified information technology (IT) security weaknesses. In addition, support will be based on the following prioritization of assets: National Critical Infrastructure, National Security Information, HHS Mission Critical, and then all other sensitive assets. The overall scope of initiatives to support will include but not limited to: A) Support the vision of a unified HHS IT security program including planning, policy and controls, training and awareness, oversight and evaluation and outreach. B) Continue to support the implementation of an aggressive and changing IT security program plan including review and revision of policies and procedures governing IT security, re-evaluating and reprioritizing Critical Infrastructure Protection (CIP) assets, and establishing the HHS Security Compliance Assurance Program C) Develop and implement mechanisms to minimize the challenges of effective communication and oversight posed by decentralized management. Contracted services are required to provide HHS with responsive, reliable capabilities and help desk support to assist in the agency?s programmatic on-going implementation of its IT Security Program in the below listed areas: D) Initial level of effort required to support the HHS IT Security Program may include but is not limited to the following: Program Planning, Policy and Controls, Training and Awareness, Oversight and Evaluation, Outreach, and Help Desk Support. The overall scope of the effort will include A) Assistance with continuing the implementation guidance from HHS-specific and vendor-neutral standards, B) Transformation of practical implementation guidance into functioning operating capabilities C) Development of costing models to assist the agency and its components with determining necessary resource levels to meet its IT security requirements. The contractor shall be responsible for employing technically qualified personnel to perform the work specified in this SOURCES SOUGHT NOTICE. The contractor shall maintain the personnel, organization, and administrative control necessary to ensure that the work delivered meets the contract specification and requirements. The work history of each contractor employee must contain experience directly related to the task and functions he/she is intended to perform under this contract. All critical personnel must be Certified Information Systems Security Specialists (CISSP?s) and/or Certified Information Systems Security Auditors (CISA?s) from a authorized and recognized certification organization. All personnel must be U.S. Citizens. The Government reserves the right, during the life of this contract, to request work histories on any contractor employee for the purposes of verifying compliance with the above requirements; additionally, the government reserves the right to review resumes of contractor personnel proposed to be assigned. Personnel assigned to, or utilized by, the contractor in performance of work shall be fully capable of performing the contemplated functions of the respective labor categories in an efficient, reliable and professional manner. Interested sources must successfully demonstrate extensive knowledge, understanding, and expertise in ALL of the following capabilities: 1) Maintaining and implementing a complex entity-wide information security (IS) program. 2) Developing entity-wide IT security policies and procedures. 3) Implementing and maintaining a IT security awareness training and outreach program for a large Federal agency and/or entity. 4) Implementing and maintaining procedures governing Critical Infrastructure Protection (CIP) assets and establishing a Security Compliance Assurance Program. 5) Responding to and assisting with implementing safeguards due to audit findings and material weakness in a entity-wide program. 6) Developing, Implementing and maintaining an incident response program (including help desk) assistance and monitoring.7) Developing and implementing entity-wide common security architecture that crosses a multi-diverse and complicated operational infrastructure. Potential sources possessing the capabilities necessary to perform the stated requirements may submit capabilities statements via e-mail to PSCACQUISITIONS@PSC.GOV by 12:00 PM EASTERN TIME MARCH 20 and should include the Reference Number of this Sources Sought notice in the subject header of their email. CAPABILITY STATEMENTS MUST DEMONSTRATE THE MINIMUM REQUIREMENTS OUTLINES ABOVE. Please address each in order listed above. The Government encourages submissions of proposed teaming arrangements or joint ventures in response to this announcement if potential sources deem such an approach to be most advantageous, but any proposed arrangement of this kind must address all of the above and clearly explain which teaming partner provides which of the above capabilities. SIMPLY REFERRING TO THE TEAMING ARRANGEMENT/JOINT VENTURE AS A WHOLE AS "THE TEAM" AND DISCUSSING COLLECTIVE CAPABILITIES WITHOUT DISCUSSION OF THE INDIVIDUAL TEAM MEMBERS' CAPABILITIES WILL NOT BE CONSIDERED SUFFICIENT BY THE GOVERNMENT. Capability statements shall also include the following information: company name, address, point of contact, phone/fax/e-mail, DUNS number, and business size and status (e.g; small business, 8(a), veteran-owned small business, service-disables veteran owned small business, HUBZone small business, small disadvantaged business and women owned small business) including any letters, certificates, or similar documentation indicating such status; corporate structure (corporation, LLC sole proprietorship, partnership, limited liability partnership, profession corporation, etc). and tax identification number. Capability Statements shall be limited to (10 pages) and shall include explanation of any/all potential teaming arrangements.
 
Place of Performance
Address: 5600 Fishers Lane, Rockville, MD
Zip Code: 20857
Country: UNITED STATES
 
Record
SN01524569-W 20080307/080305223637 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.