Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF MAY 25, 2024 SAM #8215
SOURCES SOUGHT

D -- RFI - Cybersecurity Fraud Analytics and Monitoring

Notice Date
5/23/2024 7:28:46 AM
 
Notice Type
Sources Sought
 
NAICS
541512 — Computer Systems Design Services
 
Contracting Office
NATIONAL OFFICE - PROCUREMENT OITA NEW CARROLLTON MD 20706 USA
 
ZIP Code
20706
 
Solicitation Number
2024-AMP-APMI-OITA-001
 
Response Due
5/31/2024 2:00:00 PM
 
Archive Date
06/15/2024
 
Point of Contact
Bruce Weaver, Vanessa Coleman
 
E-Mail Address
bruce.o.weaver@irs.gov, vanessa.a.coleman@irs.gov
(bruce.o.weaver@irs.gov, vanessa.a.coleman@irs.gov)
 
Description
Amended 5/23/2024: The purpose of this amendment is to 1) publish RFI Questions and Answers; 2) change the secondary point of contact for RFI responses, 3) revise the Description of Contemplated Services section and�Part II: Capability to provide clarification regarding different sections based on the questions and answers received in response to the RFI.�� This is a Request for Information (RFI) -- hereinafter Notice. This is NOT a solicitation for proposals, proposal abstracts, request for bids or quotations, nor a promise to issue a solicitation in the future. The purpose of this RFI is for the Government to obtain knowledge and information for project planning purposes only. No proprietary, classified, confidential, or sensitive information should be included in responses to this Notice, unless otherwise appropriately marked by the Respondent. The Government reserves the right to use any non-proprietary technical information received in response to this Notice in any resultant solicitation(s). Do Not Submit any Proposals / Offers / Quotes in response to this Notice. At a summary level, the Government has interest in and is seeking information regarding the capability of firms who can provide services pertaining to comprehensive fraud analytics and 24x7 monitoring solutions tailored to the IRS information technology ecosystem; specific tools include web technologies, databases, data analytics, data management, cloud computing, security and privacy regulations such as FedRamp, FISMA, zero trust, security information and event management (SIEM), DevOps, Machine Learning Ops, Agile, Scrum, SAFe, Six Sigma, Kanban, CRISP-DM, SDLC, API, splunk, java, jquery, elasticsearch, kibana and apache drill. These services include computer science, forensic analytics, predictive analytics, continuous enhancement of analytical models, and coordination with internal and external stakeholders to detect, prevent, and respond to evolving cybersecurity threats in the IRS information technology ecosystem. Request for Information Number:�2024-AMP-APMI-OITA-001� Project Title / Short Description: Cybersecurity Fraud Analytics and Monitoring PSC or FSC Code: DA01 IT and Telecom � Business Application/ Application Development Services (Labor) NAICS Codes: 541512 � Computer Systems Design Services Release Date: May 10, 2024 Questions Due Date: May 17, 2024 Estimated Date for Government to post Answers: May 21, 2024 Response Due Date: May 31, 2024, at 5:00pm EST ***Please email Primary and Secondary POC to submit your RFI Questions and RFI Response. Primary Point of Contact and Contact Information: Name:� Bruce Weaver Title:� Information Technology Specialist (INFOSEC) Email:� bruce.o.weaver@irs.gov Secondary Point of Contact and Contact Information: Name:� Vanessa Coleman Title:� Contracting Officer Email:� vanessa.a.coleman@irs.gov Project Title IRS Cybersecurity Fraud Analytics and Monitoring. Along with the growth of Taxpayer and Tax Professional interactions with IRS online applications fraudsters continuously probe and develop new schemes to use stolen identity information to access taxpayer Personally Identifiable Information (PII) and file fraudulent tax returns. Cyber related fraud and the misuse of government systems have presented an increasing threat to taxpayer information safeguarded by IRS systems, applications, and databases. The IRS requires continued investment in technology and human capital to process the ever-growing transaction volumes and mitigate the evolving fraud risks. The IRS is looking for vendors who can provide a group of subject matter experts (SMEs) to make a detailed technical assessment of the quality of existing IRS technical tax training materials, create and deliver technical tax training and job resources, as well as serve as strategic ad hoc advisors to new and existing IRS enforcement personnel (Revenue Agents and Economists) to engage more broadly and successfully in complex areas of tax enforcement (large partnerships, large corporations, high income and high wealth). Description of Contemplated Services The IRS will increase maintain a robust fraud detection posture requires cybersecurity Fraud Analytics and Monitoring (CFAM) to develop a sound strategy and initiate and manage several high visibility initiatives simultaneously to advance its� analytics and meet the demands of IRS�s digital services initiatives. RFI Instructions Responses to this RFI are requested in two (2) parts and must be submitted using Attachment 2 RFI Response Template. Part I Company Profile Information - IRS seeks company profile information about the firms that provide services positioned to address the requirements discussed above. Part II Capability - IRS seeks Industry responses to specific questions. Do not include any support documentation for any company other than your own.� This is an analysis of your company�s abilities. Part I: Company Profile Information Responders to this Notice must provide the following company information: Company Name and Address Company technical Point of Contact (POC) information to include name, title, telephone number, and email address. Applicable NAICS (North American Industry Classification System) Code� List active governmentwide contracts that your company has been awarded (GWACs, IDIQs, and BPAs � include applicable SIN) Business Classification / Socio-Economic Status (e.g., large, small, 8(a), women owned, hub-zone, SDB, Service-Disabled Veteran Owned) Subcontracting / partnering / teaming possibilities. Part II: Capability Responses to this Notice must include the following: Have you executed a contract greater than $10 million in annual value for an integrated system of fraud analytics, including near real-time monitoring and predictive analytics within a large federal agency, where you were solely accountable for detecting and mitigating cyber threats? If the answer to Question 1 is yes, please describe the fraud analytics program, including the number of applications monitored, the number of users covered, and the number of contractors you provided to support this effort, along with methodologies employed for detecting anomalous user behavior and continuous monitoring. If the answer to Question 1 is yes, please describe the externally facing customer programs and systems monitored, third-party data integrations/analytics conducted, number of customers covered by the analytics, and any significant incidents that were publicly reported which you were responsible for detecting and resolving. �Describe examples of how your company has successfully implemented a scalable 24x7x365 fraud monitoring capability staffed by at least four analysts per shift. �Have you successfully participated in audits from GAO, CIA, NSA, etc., for fraud analytics capabilities for large government agencies? If so, for which agencies and when, and by whom was the audit conducted? �Describe your company's process for continuous improvement and innovation in fraud analytics and monitoring. How do you stay updated with evolving threats and incorporate the latest technologies? �Please address experience and provide a transition plan where your company successfully staffed and assumed operations of large-scale fraud analytics programs without disruption in service from a prior provider within the first 90 days. �Provide details of any proprietary technologies or algorithms your company has developed for fraud detection. How do these innovations set you apart from competitors? �Have you successfully advocated for constructive improvements to an agency's policies, governance, and infrastructure within a fraud analytics ecosystem that were adopted, enhancing the agency's fraud prevention posture? If yes, please describe the improvements. �If you have mainly performed as a subcontractor for a fraud detection and prevention project, do you currently possess the skills and resources to manage the contract as a prime contractor? �Describe your company's experience with data protection laws and regulations as they pertain to fraud detection. How do you ensure compliance when operating globally? �Do you have the ability to perform a 45-day transition upon award of this contract, ensuring key personnel are successfully cleared and onboard by the transition deadline? �How does your company ensure compliance with privacy laws and regulations while performing fraud detection and analytics? Describe any challenges faced and how they were overcome. �Data Handling and Processing: Can you describe a project where you had to manage and process extremely large datasets? What were the main challenges, and how did you optimize data processing and storage for efficiency? �How do you measure the effectiveness of your fraud detection programs? Provide examples of metrics used and how these have informed program improvements. �High Availability and Disaster Recovery: Describe your approach to ensuring high availability and disaster recovery for critical data engineering projects. Have you ever had to execute a disaster recovery plan, and what were the outcomes? �Explain and provide a contingency plan for how your company would continue to provide project support and meet project deadlines in case of a natural disaster or any other event causing a power outage in one geographic location. �Machine Learning Deployment: Discuss a scenario where you implemented a machine learning model in a production environment. What steps did you take to ensure the model's performance and reliability over time? How did you handle model updates and retraining? �How does your company manage data security and protect sensitive information while conducting fraud analysis? Describe any certifications, standards, or audits you adhere to. �Describe examples of how your company has successfully implemented near real-time fraud and predictive analytics on big data platforms across a wide range of IT systems (e.g., mainframes, servers, and network devices) on government networks, handling both structured and unstructured datasets to produce analytic views of correlated activities. Part III: Questions and Comments Open questions and comments relevant to this RFI should be provided for consideration.�� Please email Primary and Secondary POC to submit your Questions and Comments using Tab 3. The Government will post all Questions and Answers (Q&A) to Industry via SAM.gov | Home Other Attachments Attachment 1 � Draft PWS Attachment 2 � RFI Response Template Terms and Conditions Regarding this Notice This Notice does not obligate the Government to award a contract or otherwise pay for the information provided in response.� All costs associated with responding to this Notice are solely at the responding party's expense. The Government reserves the right to use information provided by respondents for any purpose deemed necessary and legally appropriate.� Further, the Government may contact the vendor for additional information regarding the information submitted as part of this market research effort.� Any organization responding to this notice should ensure that its response is complete and sufficiently detailed to allow the Government to determine the organization�s qualifications to perform the work.� Respondents are advised that the Government is under no obligation to acknowledge receipt of the information received or provide feedback to respondents with respect to any information submitted.� After a review of the responses received, a pre-solicitation synopsis and solicitation may be published in Government Point of Entry or other similar source (e.g., GSA E-buy).� However, responses to this notice will not be considered adequate responses to a solicitation. Responses to this notice are not offers and cannot be accepted by the Government to form a binding contract or agreement.� The Government will not be obligated to pursue any particular acquisition alternative as a result of this notice.� Responses to the notice will not be returned.� Not responding to this notice does not preclude participation in any future solicitation if one is issued. No proprietary, classified, confidential, or sensitive information should be included in responses to this Notice, unless otherwise appropriately marked by the Respondent.� The Government reserves the right to use any non-proprietary technical information received in response to this Notice in any resultant solicitation(s).� Do Not Submit any Proposals/Offers in response to this Notice. Thank you for your response to this Request for Information.
 
Web Link
SAM.gov Permalink
(https://sam.gov/opp/26d88110d9194b43a41d98179ce8b34c/view)
 
Place of Performance
Address: Lanham, MD 20706, USA
Zip Code: 20706
Country: USA
 
Record
SN07075914-F 20240525/240523230104 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.