Cybersecurity Information Assurance Support

DESCRIPTION:   Sources Sought Notice for Qualified Bidders forSenate Cybersecurity Information Assurance Support NOTICE OF EXTENSION FOR SUBMISSION OF RESPONSES ONLYThe purpose of this Sources Sought Notice (SSN) is to identify qualified industry sources that can provide support on Cybersecurity information assurance.THIS IS A SOURCES SOUGHT NOTIFICATION ONLY. This SSN is solely for information and planning purposes and does not constitute a Request for Proposal (RFP) or a promise to issue an RFP or Solicitation in the future. This SSN does not commit the SAA to contract for any product or service whatsoever.  Further, neither the Senate nor SAA seek proposals at this time; will not accept unsolicited proposals; and will not pay for any information or administrative costs incurred in response to this SSN.  All costs associated with responding to this SSN will be solely at the interested party’s expense.  This synopsis contains the currently available information. A.   REQUIREMENTSAll

requirements listed below are mandatory unless otherwise noted.  Each requirement requires a response.The Cybersecurity Information Assurance (IA) team provides security-related awareness, audit functions, governance, risk management, and compliance activities for information technology used by the Senate community.  The IA team uses National Institutes of Standards and Technology (NIST) Special Publication 800 Series to serve as the guideline for the work that the IA team performs to protect Senate information assets and systems.The key functional requirements under consideration for Information Assurance support include, but are not limited to, the following areas:Penetration Testing/Red Team Assessments using NIST Special Publication 800-115.Information systems audits using General Accountability Office (GAO) standards, NIST 800-53, or other industry best practices identified in the response.Cybersecurity Policies, Procedures, and System Security Plans (SSP).System Assessment and Authorization (A&A) documentation using SAA templates developed in accordance with NIST. Vulnerability assessments based on industry best practices and standards identified in your response.B.   INSTRUCTIONSTo respond to this Notice, the Vendor must provide the following information:Brief company description and specific information about your firm:  Company Name, Address, Point of Contact with Telephone and FAX numbers and E-mail address, GSA Schedule Number (if applicable), SAM Registration Number, DUNS Number, Tax ID Number;Technical Summary.  Concise description of Company’s overarching cybersecurity and insider threat assessments capabilities and experience in each key functional requirement listed under Section A. REQUIREMENTS above.  Also, for each key functional requirement, Vendor shall identify the standards and industry best practices they have used or are using in performing their work.   NOTE:  For each paragraph or section in in this Technical Summary, Vendor must identify the key functional requirement addressed.  Responses will be screened and those that do not comply as instructed herein will not be considered;Qualifications of key personnel Program Manager and Team Lead the company shall propose for this project, including formal education, cyber security training and certifications in CISSP, CISA, and in any other DoD Approved 8570 Certifications (see https://public.cyber.mil/cw/cwmp/dod-approved-8570-baseline-certifications/); description of actual work experience specifically in the  key functional requirements under consideration (see Section A. REQUIREMENTS above); and government security clearance, (6-page maximum);Three (3) past and/or current performance references relevant and similar to the work involved in this project, 2-page maximum each, in the last three (3) years that include complete and current information (customer name, address, project name/contract number, point of contact with current phone number and email) and a brief synopsis of work performed;The total number of pages for the response to this Notice shall not exceed 30 including the cover/title, table of contents, page dividers, and others, if any.The information contained in this Notice will be the only information provided by the SAA during this vendor information gathering process.  All qualified sources should respond to this Notice by submitting information in accordance with the instructions provided on Section B. INSTRUCTIONS.  Vendors responding to this Notice and deemed qualified by the SAA may be requested to submit a proposal in response to a solicitation that may be issued afterwards.  Vendors deemed qualified by the SAA will be permitted to submit proposals to the solicitation if issued.  The SAA will not provide any debriefing.  Responses to this Notice are due to the SAA no later than April 23, 2020. They shall be emailed to Cora R. Carag at acquisitions@saa.senate.gov.  The subject line of the email message shall be SSN 2020-S-00008, CYBERSECURITY INFORMATION ASSURANCE.  No other method of transmittal shall be accepted.  The response shall not exceed thirty (30) pages. Unnecessarily elaborate submissions are discouraged.  Responses that exceed the page limitation will be eliminated from further consideration.  Access by the SAA to information in any files attached to the response is the responsibility of the submitting party.  Neither the SAA nor the Senate will be responsible for any failure to access vendor information.    THIS IS NOT A REQUEST FOR PROPOSAL.  THIS NOTICE CONSTITUTES THE ENTIRE SOURCES SOUGHT NOTICE AND IS THE ONLY INFORMATION PROVIDED BY THE SAA OR SENATE.  ANY QUESTIONS OR REQUESTS FOR ADDITIONAL INFORMATION WILL NOT BE ACCEPTED.