FDIC Sources Sought: Security and Privacy Professional Services (SPPS)

Solicitation: 20-00088

“THIS IS A SOURCES SOUGHT NOTICE (SSN) ONLY.  This SSN is issued solely for information and planning purposes – it does not constitute a Request for Proposal (RFP) or a promise to issue a RFP in the future.  This request does not commit the Government to contract for any supply or service whatsoever.  Responders are advised that the U.S. Government will not pay for any information or administrative costs incurred in response to this SSN; all costs associated with responding to this SSN will be solely at the interested party’s expense.

  1. Purpose

The Federal Deposit Insurance Corporation (FDIC) is seeking to establish a bidders list for a potential upcoming acquisition, Security and Privacy Professional Services (SPPS). FDIC is an invitation to bid agency and as such will establish a bidders list of highly qualified companies identified during market research to solicit.  The FDIC strongly encourages the participation of minority-owned and women-owned businesses in all the business and contracting activities of the FDIC. This notice is intended to enhance that market research and potentially reach a broader segment of the marketplace. The FDIC reserves the right to issue an RFP to those firms that, in its sole discretion, appear to have the technical capabilities required. In the interest of efficiency FDIC may limit the bidders list to ten to sixteen highly qualified firms. This request does not obligate the FDIC to issue a solicitation or RFP to contract for services or to guarantee inclusion of your firm on any potential solicitation list.

  1. Background

The SPPS services will provide FDIC Security and Privacy Professional Services based on a multiple award Basic Order Agreement (BOA) with multiple task orders using a Time and Material pricing schedule. The Security and Privacy Professional services assists FDIC developing and updating Security Authorization Packages for FDIC Information Systems; assessing the implementation of NIST SP 800-53 security controls for those Information Systems; conducting independent verification and validation of the documentation contained in Security Authorization Packages; providing privacy program support for the Privacy Impact Analyses and System of Record Notices determinations; assisting in policy analyses and development; supporting Security Operations first tier response and Insider Threat operations; administering a range of security applications and systems; supporting security engineering in the System Development Lifecycle (SDLC); and supporting security project management. Through the Security and Privacy Professional Services the FDIC will:

  • Implement the processes of the NIST Risk Management Framework throughout the system development life cycle (SDLC) within FDIC.
  • Draft and maintain security system documentation for systems, subsystems and components (General Support Systems (GSS), Major Applications (MAs) and applicable Minor Applications (MNs)).
  • Expand and maintain FDIC’s security documentation methodology as NIST guidance evolves.
  • Augment security and privacy control mechanisms and strategies consistent with emerging threats and technology, and the enterprise security architecture.
  • Achieve privacy protections for individuals and security protections for information and information systems through the implementation of appropriate risk response strategies.
  • Monitor, evaluate, and communicate the implementation of information security and privacy policies and practices across the FDIC enterprise…”

Read more here.


This topic contains 0 replies, has 1 voice, and was last updated by  Jackie Gilbert 1 year, 4 months ago.

  • Author
  • #89324

    Replies viewable by members only


You must be logged in to reply to this topic.


Questions?. Send us an email and we'll get back to you, asap.


©2021 MileMarker10, LLC all rights reserved | Community and Member Guidelines | Privacy Policy | About G2Xchange FedCiv

Opportunities. Starting Points.

About our Data

The Vault is a listing of expiring contracts, task orders, etc. within a certain set of parameters, to include:

  • Have an initial total estimated contract value of $10 million or above
  • Federal Civilian Only – DHS, Transportation, Justice, Labor, Interior, Commerce, Energy, State, and Treasury Actions
  • NAICS codes include: 511210, 518210, 519130, 519190, 541511,
    541513, 541519, 541611, 541618,
    541690, 541720, 541990
  • Were modified within the last 12 calendar months
  • The data represented is based on information provided by the government

Who has access? Please note that ALL G2Xchange FedCiv Members will receive access to all basic and much of the advanced data. G2Xchange FedCiv Corporate Members will receive access to ALL Vault content (basic and advanced).

Feedback/Suggestions? Contact us at Vault@G2Xchange.com and let us know what you think. 

G2Xchange FedCiv

Log in with your credentials for G2Xchange FedCiv

Forgot your details?