SOURCES SOUGHT
D -- Certification and Accreditation (C&A)
- Notice Date
- 12/3/2007
- Notice Type
- Sources Sought
- NAICS
- 541513
— Computer Facilities Management Services
- Contracting Office
- Bureau of Indian Affairs; Reston, VA
- ZIP Code
- 00000
- Solicitation Number
- HP-08-05
- Response Due
- 12/24/2007
- Archive Date
- 12/28/2007
- Point of Contact
- Herb Payne, 703-390-6472
- E-Mail Address
-
Email your questions to Bureau of Indian Affairs
(703-390-6472)
- Small Business Set-Aside
- N/A
- Description
- Project Description The Bureau of Indian Affairs (BIA) intends to award a single contract to provide certification and accreditation (C&A) support to the Bureau of Indian Affairs (BIA) Support will include assistance in fulfilling obligations to comply with OMB Circular A-130, and the Department of Interior (DOI) Certification and Accreditation (C&A) Program, Federal Information Security Management Act (FISMA) and other appropriate laws, directives, policies, standards and guidelines. Under current Federal C&A requirements, an Information Technology (IT) system is required to undergo authorization to process before going into production and at least once every three years or when major modifications occurs. The DOI C&A guidance provides a standardized approach to obtaining an authorization to operate (ATO) for Department of the Interior (DOI) Sensitive But Unclassified (SBU) IT systems undergoing the C&A actions required by the Office of Management and Budget (OMB) Circular A-130, Appendix III, Security of Federal Automated Information Resources. The formal C&A process, with associated documentation, provides evidence of a risk-based methodology that complies with National Institute of Standards and Technology (NIST) Special Publications (SP) and other Federal regulations. This process will help define measures of performance used to assure all necessary IT system security controls are implemented, tested, risks are assessed, and security plans are maintained. The Contractor shall provide C&A support to meet the requirements of the DOI C&A Program as described in the DOI C&A Guideline, DOI Risk Assessment Guide, DOI POA&M Process Standard, FIPS 199, Standards for Security Categorization of Federal Information and Information Systems; FIPS 200, Minimum Security Requirements for Federal Information and Information Systems; NIST 800-12, An Introduction to Computer Security; NIST 800-18 Rev. 1, Guide for Developing Security Plans for Information Technology Systems; NIST 800-26 Rev. 1, Security Self-Assessment Guide for IT Systems; NIST 800-30, Risk Management Guide for Information Technology Systems; NIST 800-34, Contingency Planning Guide for IT Systems; NIST 800-37, Certification & Accreditation; NIST 800-47 Security Guide for Interconnecting IT Systems, NIST 800-53 Rev. 1, Recommended Security Controls for Federal Information Systems; NIST 800-53A, Guide for Assessing the Security Controls in Federal Information Systems; NIST 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories; NIST 800-64 Rev. 1, Security Considerations in the Information System Development Life Cycle; and NIST 800-65, Integrating Security into the Capital Planning and Investment Control Process. Contractor will work with IA staff and other IA contractors that have been engaged to provide similar services. IA?s Director of DISP and the C&A Project Manager will identify activities that are to be performed by the contractors and in establishing work priorities. Indian Affairs management staff will work with the contractor?s on-site point-of-contact on technical issues. This acquisition will be a 100% Buy Indian set-aside under the Buy Indian Act. The solicitation will be available on approximately January 14, 2008. The proposal due date will be included in the instructions to offerors within the solicitation. Potential contractors must register with the Central Contractor Registration (CCR) database, the primary Government repository for Contractor information required for the conduct of business with the Government. Offerors may obtain information on registration and annual confirmation requirements via the internet at http://www.ccr.gov or by calling 1-888-227-2423. The anticipated awarded period of performance shall be one base year with four option year periods for a potential five-year contract term. All responsible sources may submit a proposal, which shall be considered by the agency. All requests for the solicitation shall be in writing by sending a fax to 703-390-6582 to the attention of Herb Payne. Please list your company name, point of contract, phone number, fax number, email address and solicitation reference (HP-08-05; C&A). Telephone requests shall not be accepted. Instructions will be given within the RFQ on how to respond to the solicitation.
- Place of Performance
- Address: 2051 Mercator Drive, Reston, VA
- Zip Code: 20191
- Country: US
- Zip Code: 20191
- Record
- SN01462291-W 20071205/071203230056 (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |