SSA Cybersecurity

The US Social Security Administration has a continuing requirement for Cybersecurity and Risk Management Services.

Solicitation Summary

The US Social Security Administration has a continuing requirement for Cybersecurity and Risk Management Services.

Solicitation in a Nutshell

Item

Details
Agency US Social Security Administration
Solicitation Number RFQ1677162
Status Pre-RFP
Solicitation Date 06/03/2024
Award Date 10/2024 (Estimate)
Contract Ceiling Value $135,000,000
Competition Type Undetermined
Type of Award  Task / Delivery Order
Primary Requirement Information Technology
Duration N/A
Contract Type Blanket Purchase Agreement
No. of Expected Awards N/A
NAICS Code(s):
541512

Computer Systems Design Services
Size Standard: $34 million annual receipts
Place of Performance:
  • United States
Opportunity Website: www.sam.gov

Background

The Office of Management and Budget (OMB) Circular A-130 and the Federal Information Security Modernization Act of 2014 (FISMA) requires federal agencies to develop, document and implement an Agency-wide information security program. To execute this requirement, the Social Security Administration (SSA) must address security controls at the program level in addition to securing major applications, general support systems, IT resources and data. SSA implements a “continuous monitoring” environment for our information systems, with annual security assessments for re-affirmation of system authorization for each system. Changing technology and the threat environment require SSA to improve the effectiveness of its IT security program and its long-term strategy for a continuous monitoring. In order to meet these challenges SSA requires new tools and processes to provide more frequent and more comprehensive enterprise and system-level cyber security risk information to SSA management, system owners, authorizing officials, and IT security staff. Furthermore, OMB has issued recent new guidance in the area of Continuous Diagnostics and Mitigation (CDM) designed to increase agencies’ abilities to detect and mitigate threats in near real-time. OMB Memorandum 14-3 mandates agencies transition from static 3-year security authorizations to Ongoing Authorization and defines the Information Security Continuous Monitoring (ISCM) requirements and milestones agencies must meet. NIST SP 800-137, Information Security Continuous Monitoring (ISCM) for Federal Information Systems provides guidance for agencies to develop comprehensive CDM solutions that collect information in accordance with federal security performance metrics. SSA must report the results of the assessment and authorization work in the Annual and Quarterly FISMA Program reports to OMB and Congress at the end of each fiscal year.

Requirements

  • SSA has identified the following functional areas as core to this support:
    • Functional Area 1: Continuous Monitoring and Ongoing Authorization (OA) support
    • Functional Area 2: Continuous Diagnostic Monitoring (CDM) support
    • Functional Area 3: Security Assessment and Authorization
    • Functional Area 4: Risk Management Framework Support
    • Functional Area 5: Risk Scoring
    • Functional Area 6: Data Gathering and Analysis for External Reporting
    • Functional Area 7: System Security Engineering and Architecture activities
    • Functional Area 8: Cloud Security Assessment
    • Functional Area 9: Security Test & Evaluation (ST&E) support
    • Functional Area 10: Software Development Security
    • Functional Area 11: Penetration Tests
    • Functional Area 12: Threat, Vulnerability & Remediation
    • Functional Area 13: Security, Monitoring & Response
    • Functional Area 14: Vulnerability Management
    • Functional Area 15: Operational Testing
    • Functional Area 16: Incident Response Retainer
    • Functional Area 17: Audit Mitigation Support
    • Functional Area 18: Security Assessment and Authorization (SA&A) Tool Support
    • Functional Area 19: Insider Threat Program Support
    • Functional Area 20: Information Security Policy
    • Functional Area 21: Information Security Training
    • Functional Area 22: Information System Security Engineer (ISSE) Security Risk Management Framework Support Task
    • Functional Area 23: Data Loss Prevention

How can GDIC Help?

As a consulting firm that specializes in helping companies prepare winning proposals for government contracts, GDIC can provide a wide range of services to help offerors prepare their C2E proposal, including capture management, proposal writing, proposal management, and proposal review. GDIC can also provide training and support to help offerors understand the technical and administrative requirements outlined in the solicitation, and can provide guidance on how to structure the proposal to maximize its chances of success.

Our business development and proposal professionals have several decades of experience and expertise in construction proposals and contracts for government. By working with GDIC, offerors can increase their chances of winning the C2E contract and can position themselves for long-term success in the federal marketplace.

Make an Appointment