Notice ID 19AQMM21N0053
“1) Background and Purpose
The Bureau of Diplomatic Security (DS) is responsible for providing a safe and secure environment for the conduct of US foreign policy…”
“Applied Cyber Support is focused on integrating Federal, Department and DS IT security policies, standards and practices in a manner that injects analysis, review, reporting and mitigation within the earliest stages of the development of an IT solution. This is accomplished through close coordination and planning among CTO units for Applied Cyber Security (ACSU), software development units within the Systems Solutions Division (SSD), and security and operational components of the Enterprise Production Services Division (EPS)…”
Provide the DS Bureau with expertise in enterprise level cyber security policy and technical analysis, reporting and identification of mitigation solutions in support of the Bureau’s worldwide security and law enforcement missions.
The CTO has a requirement to augment the existing contract support capabilities that provide software engineering support services for the execution of IT projects. The CTO manages fifty (50) concurrent IT projects at any given time, the vast majority of which rely on software engineering. Cyber security is a primary component of all IT solutions developed by CTO, implementation of security controls in the lifecycle of an IT solution is critical to effective cyber security management and is core to meeting federal requirements as detailed within the FISMA and other IT security related regulations. CTO requires contractor expertise to support federal staff and CTO processes to better support cyber security requirements and improve the overall cyber health of CTO developed IT solutions.
3) Scope of Work
DS seeks IT support services to ensure the Bureau is applying necessary cyber security controls into IT solutions developed and maintained by CTO. Cyber security support may include requirements analysis, reporting, collaboration and the design, development, and implementation of cyber security mitigation strategies and component level controls for CTO developed and maintained IT solutions. The work, as defined below, shall be performed as a part of a matrix development team including other contractor as well as government personnel.
CTO requires cleared contractor staff that can provide analytic and technical cyber policy and software engineering support for applications in use within the DOS and specifically DS. CTO envisions that the cyber security support shall include activities throughout the systems development lifecycle including project management, requirements gathering/analysis, design and “user experience” support, software engineering, testing, and system support. Areas of focus for this order include correlating cyber policy requirements with federal standards to support defining or deployment of cyber security controls at various stages of the IT system life cycle; analysis and review of software packages during development and engineering; project management; support for the development of program related briefings and reports; and other technical analyses needed to support applied cyber security initiatives within CTO.
The work efforts conducted by the vendor shall be documented in accordance with existing CTO project management processes and summarized in regular status reporting to CTO management…”