Security Operations Center and Application Monitoring Services
|Agency:||General Services Administration|
|State:||District of Columbia|
|Level of Government:||Federal|
|Posted Date:||Oct 4, 2017|
|Due Date:||Oct 13, 2017|
Solicitation Number :
Notice Type :
Added: Sep 27, 2017 7:30 am Modified: Oct 04, 2017 4:22 pm Track Changes
SOURCES SOUGHT NOTICE
Security Operations Center (SOC) & Application Monitoring Services for LOGIN.GOV
The General Services Administration is issuing this Sources Sought Notice on behalf of 18F to identify potential vendors who can provide Managed Security and IT Service in of support 18F's login.gov product. Login.gov provides simple and secure access to public-facing federal consumer services and information, while protecting consumer privacy.
Login.gov is an open source, single sign on service for government that provides the public with a better customer experience and improved security, while offering the government cross-agency integration at lower costs.
Login.gov encrypts the personal information of each user separately, using a unique value generated from each user's password.
Login.gov implements the latest National Institute of Standards and Technology (NIST) standards for secure authentication and verification. Our plans for ongoing security include regular penetration testing and external security reviews.
Individual accounts get two layers of security. Login.gov requires two-factor authentication as well as strong passwords that meet NIST requirements. Login.gov evaluates and implements new authentication methods as they become widely available to make sure that login.gov remains accessible and secure.
Encrypting personal data separately means that login.gov cannot share any information with other government entities without users' permission. Database administrators cannot decrypt a user's personal information without the user's password.
The 18F identity playbook, with additional information about the login.gov methodology, can be found at: https://pages.18f.gov/identity-playbook/ .
An overview of login.gov's security approach can be found at: https://pages.18f.gov/identity-pii-management/ .
The login.gov team follows the Digital Services Playbook: https://playbook.cio.gov/ .
Information is being requested to identify potential sources that meet the following criteria:
III. DESCRIPTION OF SERVICES
See attached Login.gov SOC SOW - DRAFT for description of services to be performed.
IV. INSTRUCTIONS FOR RESPONDING TO THIS RFI
This is an information gathering exercise to identify potential sources and to help develop the requirements and the acquisition strategy for required services.
CONFIDENTIALITY: No proprietary, classified, confidential, or sensitive information should be included in your response. The Government reserves the right to use any non-proprietary technical information in any resultant solicitation(s).
Response Format/Page Limitations:
The overall total page limit for responses to this RFI is two (5) double-sided pages; or a total of four (10) single-sided pages. Responses should be submitted in Microsoft Word or PDF format. Responses should be complete and sufficiently detailed. Please do not submit marketing material. Responses should include the following information:
A - GENERAL INFORMATION (1 Page)
A1. Company Name/Address/Contact Information and DUNS number;
A2. Business size/classification; and
A3. Identify any GSA schedules or other existing contract vehicles your firm holds that supports the work described in this RFI.
B - CAPABILITY AND EXPERIENCE INFORMATION (7 Pages)
B1. Describe your firm's past performance experience and qualifications, for a minimum of three contracts of a similar scale that are less than three years old and that involve use of capabilities and activities relevant to those necessary for meeting the Login.gov's requirements and tasks specified in attached Draft SOW, including contract number, customer name and address, brief synopsis of work performed and qualification of staff involved in providing services.
B2. Describe your firm's overall approach and ability to meet the requirements and tasks specified in attached Draft SOW. Specifically:
Describe the different deployment options are supported by your SEIM.
B4. Describe your approach to measure the effectiveness of all dimensions of the SOC including but not limited to: Network Defense, Vulnerability Management, Monitoring, Continuous Diagnostics and Mitigation, Threat Information Exchange, Incident Response and Event notifications. How would you recommend integrating metrics into overall contractual arrangements and incentives that would facilitate performance-based acquisition?
B5. Provide examples of your firm's experience in vetting and engaging security and IT professionals in similar projects.
B6. Describe your approach for Transitioning out. What approach would you recommend that will allow GSA to take over complete control of SIEM and all govt. data if needed?
C - COMMENTS AND FEEDBACK (2 Pages)
C1. Identify small business contracting and subcontracting opportunities.
C2. Based on your review of the Draft SOW, please provide estimated cost of requested services as given below, type of contract you would recommend and why.
C3. Provide comments/suggestions and/or insights you may want the government to consider.
Contracting Office Address :
301 7th St SW Rm 6109
Washington, District of Columbia 20407
Primary Point of Contact. :
|Sep 28, 2017||[Sources Sought] Security Operations Center and Application Monitoring Services|
TRY FOR FREE
Not a USAOPPS Member Yet?
Get unlimited access to thousands of active local, state and federal government bids and awards in All 50 States.