Risk Management Framework (RMF) Services

expired opportunity(Expired)
From: Federal Government(Federal)
NB1810002101730

Basic Details

started - 28 Jun, 2021 (about 2 years ago)

Start Date

28 Jun, 2021 (about 2 years ago)
due - 06 Jul, 2021 (about 2 years ago)

Due Date

06 Jul, 2021 (about 2 years ago)
Bid Notification

Type

Bid Notification
NB1810002101730

Identifier

NB1810002101730
COMMERCE, DEPARTMENT OF

Customer / Agency

COMMERCE, DEPARTMENT OF (13217)NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (4424)DEPT OF COMMERCE NIST (4345)
unlockUnlock the best of InstantMarkets.

Please Sign In to see more out of InstantMarkets such as history, intelligent business alerts and many more.

Don't have an account yet? Create a free account now.

The National Institute of Standards and Technology (NIST) seeks information on commercial vendors that are capable of maintaining and maturing NIST’s Risk Management Framework (RMF) and Information Security Continuous Monitoring (ISCM) program, software solution, and technical services to enable more automation of assessment processes, increased mission/business context to maintain ongoing awareness of information security and privacy to support organizational risk management decisions.The target audience at NIST includes, but not be limited to, Authorizing Officials, Information System Owners, Information System Security Officers, Operating Unit Security Officers, and Security Control Assessors. The primary goal of this sources is to find vendors that are capable of providing the technical services that meet the following requirements:Implement a risk scoring methodology that meets the following criteria:Risk scores are derived from business and technical attributes of systems and
components, as well as assessment results of management, operational, and technical NIST Special Publication 800-53 Revision 5 security and privacy controls.Risk scores are provided at the control, component, system, and organizational levels and take into account system-specific and inherited risk.Risk scores aid in prioritizing weakness mitigation to the highest risk areas first.Security controls are scored based on Confidentiality, Integrity, and Availability; privacy controls are scored based on Predictability, Manageability, and Disassociability.  The solution meets the following criteria:Utilizes Archer product modules and Tableau.Integrated solution includes security and privacy control descriptions, automated and manual assessment results, risk scoring, and drill-down reporting capability.FIPS 199 impact rating, control responsibility designation, and control tailoring is automated through risk profiling capability.Seamless technical and programmatic integration with DHS CDM.The integrator meets the following criteria:Experience implementing enterprise risk scoring methodologies and solutions to Federal agencies effective for cybersecurity & privacy assessments and continuous monitoring.Experience with Archer and Tableau tools (the existing vendor tools for NIST’s Cyber Risk Scoring (CRS) Solution)Experience implementing an enterprise and local inheritance model and integrating business/mission context into risk metrics.Experience managing a vulnerability management program using AWARE scoring.Deep knowledge of the NIST Risk Management Framework (RMF), the NIST Cybersecurity Framework (CSF), and the Continuous Diagnostics and Mitigation (CDM) program and how a risk scoring approach could integrate with these frameworks.Experience conducting security & privacy assessments that comply with FISMA, SP 800-37, and SP 800-53 (latest versions).In addition to the software and services described above, NIST also seeks training available to NIST staff regarding the proposed methodology and associated software solutions.     After results of this market research are obtained and analyzed, NIST may conduct a competitive procurement and subsequently award a purchase order or task order.  If at least two qualified small businesses are identified during this market research stage, then any resulting competitive procurement would be conducted as a small business set-aside.  NIST is seeking responses from all responsible sources, including large, foreign, and small businesses. Small businesses are defined under the associated NAICS code for this effort, 541512, Computer Systems Design Services as those domestic sources earning $30.0M or less annually. Please include your company’s size classification and socio-economic status in any response to this notice.  Instructions to Responders: Interested parties that have the capabilities to meet the Government’s basic requirements are requested to email a detailed report describing their abilities to meet all requirements to Monica H. Brown at monica.brown@nist.gov no later than the response date of July 5, 2021, 12:00pm for this sources sought notice.The report should include relevant information to your capabilities including the following:Name of company(ies), their addresses, and a point of contact for the company (name, phone number, fax number and email address) that provide the services for which specifications are provided.Indication if the company(ies) are small business and social economic category(ies).Indication of whether the services required are currently on one or more GSA Schedule (i.e. Multiple Award Schedules [MAS]) contracts and, if so, the GSA MAS contract number(s).Indication if the company(ies) can provide all, or some, of the services.Indication of number of days, after receipt of order that is typical for delivery of such services.Any other relevant information that is not listed above which the Government should consider in developing its minimum specifications and finalizing its market research.

Gaithersburg ,
 MD  20899  USALocation

Place Of Performance : N/A

Country : United StatesState : MarylandCity : Gaithersburg

You may also like

NHLBI CYBERSECURITY RISK MANAGEMENT FRAMEWORK SERVICES TASKS 1, 3 AND 4

Due: 26 Sep, 2026 (in about 2 years)Agency: NATIONAL INSTITUTES OF HEALTH

Test Management Tool Financial and Corporate Services

Due: 12 Apr, 2024 (in 14 days)Agency: Government of Quebec

USDA/OCE RISK MANAGEMENT FRAMEWORK (RMF) SECURITY ASSESSMENT POP: JULY 8, 2019 - JULY 7, 2024

Due: 07 Jul, 2024 (in 3 months)Agency: USDA, OFFICE OF THE CHIEF FINANCIAL OFFICER

Please Sign In to see more like these.

Don't have an account yet? Create a free account now.

Classification

naicsCode 541512Computer Systems Design Services
pscCode DF01IT AND TELECOM - IT MANAGEMENT SUPPORT SERVICES (LABOR)