“THIS IS A SOURCES SOUGHT NOTICE (SSN) ONLY. This SSN is issued solely for information and planning purposes – it does not constitute a Request for Proposal (RFP) or a promise to issue a RFP in the future. This request does not commit the Government to contract for any supply or service whatsoever. Responders are advised that the U.S. Government will not pay for any information or administrative costs incurred in response to this SSN; all costs associated with responding to this SSN will be solely at the interested party’s expense.
The Federal Deposit Insurance Corporation (FDIC) is seeking to establish a bidders list for a potential upcoming acquisition, Security and Privacy Professional Services (SPPS). FDIC is an invitation to bid agency and as such will establish a bidders list of highly qualified companies identified during market research to solicit. The FDIC strongly encourages the participation of minority-owned and women-owned businesses in all the business and contracting activities of the FDIC. This notice is intended to enhance that market research and potentially reach a broader segment of the marketplace. The FDIC reserves the right to issue an RFP to those firms that, in its sole discretion, appear to have the technical capabilities required. In the interest of efficiency FDIC may limit the bidders list to ten to sixteen highly qualified firms. This request does not obligate the FDIC to issue a solicitation or RFP to contract for services or to guarantee inclusion of your firm on any potential solicitation list.
The SPPS services will provide FDIC Security and Privacy Professional Services based on a multiple award Basic Order Agreement (BOA) with multiple task orders using a Time and Material pricing schedule. The Security and Privacy Professional services assists FDIC developing and updating Security Authorization Packages for FDIC Information Systems; assessing the implementation of NIST SP 800-53 security controls for those Information Systems; conducting independent verification and validation of the documentation contained in Security Authorization Packages; providing privacy program support for the Privacy Impact Analyses and System of Record Notices determinations; assisting in policy analyses and development; supporting Security Operations first tier response and Insider Threat operations; administering a range of security applications and systems; supporting security engineering in the System Development Lifecycle (SDLC); and supporting security project management. Through the Security and Privacy Professional Services the FDIC will:
- Implement the processes of the NIST Risk Management Framework throughout the system development life cycle (SDLC) within FDIC.
- Draft and maintain security system documentation for systems, subsystems and components (General Support Systems (GSS), Major Applications (MAs) and applicable Minor Applications (MNs)).
- Expand and maintain FDIC’s security documentation methodology as NIST guidance evolves.
- Augment security and privacy control mechanisms and strategies consistent with emerging threats and technology, and the enterprise security architecture.
- Achieve privacy protections for individuals and security protections for information and information systems through the implementation of appropriate risk response strategies.
- Monitor, evaluate, and communicate the implementation of information security and privacy policies and practices across the FDIC enterprise…”