Solicitation Number: CORHQ-19-R-0554
The Federal Deposit Insurance Corporation (FDIC) is seeking to establish a bidders list for a potential upcoming acquisition, Managed Security Services Provider (MSSP).
The MSSP SOC function will conduct advanced event detection, isolation, and correlation of security related events to enable rapid detection and determination of the sources of any security related incident. The MSSP Vulnerability Management function will execute proactive vulnerability scans of the entire FDIC IT environment, identify vulnerabilities, and prioritize these vulnerabilities for remediation. The MSSP will:
- monitor and respond to security threats and intrusions such as unauthorized access to FDIC data and systems, malicious activity (for example efforts initiated by criminals and nation states), and malware that disrupts FDIC systems and technology infrastructure,
- identify targeted or compromised systems leveraging automated tools for event correlation,
- deploy temporary blocks to mitigate threats while compromised systems are remediated, and…
The scope of work includes specific requirements to align the MSSP with the NIST Risk Management Framework for security controls (NIST Special Publication (SP) 800-53 Rev4 – Security and Privacy Controls for Federal Information Systems and Organizations).