G2X TAKE: Three awardees – Deloitte Consulting, Coalfire (formerly Veris Group) and Booz Allen Hamilton – have all been identified for this 6 ½ year BPA to provide a range of Cybersecurity and Risk Management Support Services to the Social Security Administration. This BPA was competed on IT-70. There will be no protests as there were only three bidders.
This excerpt out of a 2016 RFI released by SSA details some of the Cybersecurity and Risk Management Support Services the Agency requires:
“… The SSA has an existing mission-critical need to provide Cybersecurity and Risk Management services to ensure the security of its programs and systems. The Office of Management and Budget (OMB) Circular A-130 and the Federal Information Security Management Act of 2014 (FISMA) require SSA to ensure that federal security regulations are enforced and to develop, document and implement an agency-wide information security program (ISP)for information systems used by SSA or operated by contractors on behalf of SSA. The SSA ISP must ensure the protection of sensitive data as it traverses the IT infrastructure. To meet this requirement, SSA must address security controls at the program level, in addition to securing major applications, general support systems, IT resources and data.”
“Cybersecurity and Risk Management services contemplated by SSA include support in the following areas:
- Continuous Diagnostic Monitoring (CDM) and Ongoing Authorization program activities;
- Risk assessments to maintain software assurance for system development lifecycle projects;
- Data gathering and analysis activities required for external reporting and Cybersecurity Cross Agency Priority (CAP) activities;
- System Security Engineering and Architecture activities;
- Cloud security assessment;
- Security Assessment and Authorization (SA&A)
- Security Test & Evaluation (ST&E) support.
- Audit mitigation support…” Read the full RFI here.