DOJ OCIO has issued an RFI for FISMA AND FISCAM Continuous Monitoring and Assessment of Cyber Security Controls for the Federal Prison Industries. The office of CIO and Information Security Officer (ISO) provides guidelines for applying the Risk Management Framework to information systems to include conducting the activities of security categorization, security control selection and implementation, security control assessment, information system authorization, and security control monitoring.
The contractor work required includes an assessment of NIST’s SP800-53 Rev IV Controls and the contractors shall assist UNICOR with assessment of NIST’ SP800-53 Rev IV Controls for Moderate Systems. This solicitation is for five systems. Contractor shall perform assessment of Management, Operational and Technical security controls prescribed for an information system to protect the confidentiality, integrity and availability of the system.
With regard to Continuous Monitoring, the contractor shall assist with a strategy and implementation of a program for the continuous monitoring of security control effectiveness including the potential need to change or supplement the control set, taking into account any proposed/actual changes to the information system or its environment of operation.
- Security impact analyses on proposed or actual changes to organizational information Systems and environments of operation;
- Assessment of selected security controls (including system- specific, hybrid, and common controls) based on the organization-defined continuous monitoring strategy; Security status reporting to appropriate organizational officials;
- Active involvement with authorizing officials in the ongoing management of information System-related security risks;
- Assessment of Security controls in…”
The Contract Period of performance will be from date of Award 2,080 hours or 1 year at the discretion of FPI, to include 4 option years or equivalent hours at the discretion of FPI. Offers are solicited only from small concerns.