Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF MAY 08, 2022 SAM #7464
SOURCES SOUGHT

D -- ISRM 3554 Periodic Assessment of Risk Support

Notice Date
5/6/2022 10:22:28 AM
 
Notice Type
Sources Sought
 
Contracting Office
TECHNOLOGY ACQUISITION CENTER NJ (36C10B) EATONTOWN NJ 07724 USA
 
ZIP Code
07724
 
Solicitation Number
36C10B22Q0304
 
Response Due
5/16/2022 10:00:00 AM
 
Archive Date
08/15/2022
 
Point of Contact
Christine Keen-Deputy, Phone: 8483775192
 
E-Mail Address
Christine.Keen-Deputy@va.gov
(Christine.Keen-Deputy@va.gov)
 
Description
The Contractors shall assist VA with its compliance with 44 U.S. Code � 3554 - Federal agency responsibilities in accordance with (b) Agency Program (1) periodic assessments of the risk and magnitude of the harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the agency, which may include using automated tools consistent with standards and guidelines promulgated under section 11331 of title 40.� This requirement will help VA fulfill its obligations directed in NIST 800-37 Risk Management Framework (RMF) which provides guidelines for applying the RMF to information systems and organizations. The RMF provides a disciplined, structured, and flexible process for managing security and privacy risk that includes information security categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring.� Additionally, all these activities are mandated by Federal law (the Federal Information Security Modernization Act (FISMA) The Contractor shall enable the VA to comply with 44 U.S. Code � 3554, NIST 800-37 RMF, and FISMA to assess, review and validate that security and privacy controls are being implemented properly, operating as intended or producing the desired results thus minimizing exposure to VA systems and information to high risk of security incidents that seriously impact VA networks and information. These support activities for assessment, review and implementation and assessments, will assist Information System Security Officers (ISSOs), System Owners (SOs), Authorizing Officials Designated Representative (AODRs), Authorizing Officials (AOs) and senior leadership and other relevant personnel to have detailed assessments, reviews, validations, prior to issuing Authorization To Operate (ATOs).� This requirement will also meet the mission of the organization to effectively conduct continuous monitoring through controls assessment reports listing every control that did not comply with NIST and VA requirements, including a comprehensive listing of the full spectrum of federally-mandated controls the Department of Veteran Affairs must satisfy in accordance with FISCAM and FISMA audit. These reports are vital to helping System Owners create corresponding POA&Ms to remediate control risks or accept them, as required by FISMA law. In addition, Contractor will provide the VA support for risk management framework pre-assessment, assessment, and post-assessment activities through site visits to VA and non-VA sites hosting VA information systems, as well as direct support during FISCAM/FISMA audits.
 
Web Link
SAM.gov Permalink
(https://sam.gov/opp/5786099207834c0ea046cfb03976535a/view)
 
Place of Performance
Address: USA
Country: USA
 
Record
SN06320309-F 20220508/220506230059 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.