The Technology Transformation Service (TTS) has issued a solicitation for an incident response, notification, and resolution service which can receive alert information from cloud.gov, login.gov, and other projects within TTS. This application should aggregate the information into incidents, and send the appropriate notifications, provide contextual information on these incidents, automatically manage scheduling and escalation, and provide reporting functionality.
The vendor must provide a SaaS that meets the following requirements:
- The ability to send alerts via email, text message, phone, and mobile app push notifications to team members.
- Uptime measure that meets or exceeds 99.99% in the last six months.
- Must be on the GSA IT Standards Profile, or must commit to going through and passing the GSA IT Standards Profile process before award.
- The ability to support multi-factor authentication, with priority for support for Single Sign-On integration that would support GSA Google SSO or GSA SecureAuth SSO.
- Customer data must be stored in FedRAMP Authorized infrastructure, with priority for FedRAMP JAB Moderate or High P-ATO. This requirement can be fulfilled in various ways, for example:
- A SaaS that does not have its own FedRAMP Authorization, but it stores data in FedRAMP Authorized IaaS or PaaS services.
- A SaaS that has its own FedRAMP Authorization for the SaaS.
- The ability to integrate the SaaS alerting features via API with external monitoring tools including Prometheus, CloudWatch, and New Relic.
- Cybersecurity practices such as a vulnerability disclosure program, responsible disclosure policy, or bug bounty program.
The period of performance is one year, with 4 option one-year periods.
Responses are due by August 31, 2018.