SSA awards $45M Cybersecurity and Risk Management Support Services BPA

G2X TAKE: Three awardees – Deloitte Consulting, Coalfire (formerly Veris Group) and Booz Allen Hamilton –  have all been identified for this 6 ½ year BPA to provide a range of Cybersecurity and Risk Management Support Services to the Social Security Administration. This BPA was competed on IT-70. There will be no protests as there were only three bidders.

This excerpt out of a 2016 RFI released by SSA details some of the Cybersecurity and Risk Management Support Services the Agency requires:

“… The SSA has an existing mission-critical need to provide Cybersecurity and Risk Management services to ensure the security of its programs and systems. The Office of Management and Budget (OMB) Circular A-130 and the Federal Information Security Management Act of 2014 (FISMA) require SSA to ensure that federal security regulations are enforced and to develop, document and implement an agency-wide information security program (ISP)for information systems used by SSA or operated by contractors on behalf of SSA. The SSA ISP must ensure the protection of sensitive data as it traverses the IT infrastructure. To meet this requirement, SSA must address security controls at the program level, in addition to securing major applications, general support systems, IT resources and data.”

“Cybersecurity and Risk Management services contemplated by SSA include support in the following areas:

  • Continuous Diagnostic Monitoring (CDM) and Ongoing Authorization program activities;
  • Risk assessments to maintain software assurance for system development lifecycle projects;
  • Data gathering and analysis activities required for external reporting and Cybersecurity Cross Agency Priority (CAP) activities;
  • System Security Engineering and Architecture activities;
  • Cloud security assessment;
  • Security Assessment and Authorization (SA&A)
  • Security Test & Evaluation (ST&E) support.
  • Audit mitigation support…” Read the full RFI here.

This topic contains 1 reply, has 2 voices, and was last updated by  Anonymous 2 years, 10 months ago.

  • Author
  • #52535
     Abigail Smith
    • G2Xchange Health and ETC Online Community Manager
    • G2Xchange

    Replies viewable by members only

  • #52557
    • Anonymous

    Replies viewable by members only

  • #52558
    • Anonymous

    Replies viewable by members only


You must be logged in to reply to this topic.


Questions?. Send us an email and we'll get back to you, asap.


©2021 MileMarker10, LLC all rights reserved | Community and Member Guidelines | Privacy Policy | About G2Xchange FedCiv

Opportunities. Starting Points.

About our Data

The Vault is a listing of expiring contracts, task orders, etc. within a certain set of parameters, to include:

  • Have an initial total estimated contract value of $10 million or above
  • Federal Civilian Only – DHS, Transportation, Justice, Labor, Interior, Commerce, Energy, State, and Treasury Actions
  • NAICS codes include: 511210, 518210, 519130, 519190, 541511,
    541513, 541519, 541611, 541618,
    541690, 541720, 541990
  • Were modified within the last 12 calendar months
  • The data represented is based on information provided by the government

Who has access? Please note that ALL G2Xchange FedCiv Members will receive access to all basic and much of the advanced data. G2Xchange FedCiv Corporate Members will receive access to ALL Vault content (basic and advanced).

Feedback/Suggestions? Contact us at and let us know what you think. 

G2Xchange FedCiv

Log in with your credentials for G2Xchange FedCiv

Forgot your details?