VA RFI: Office of Information Security Assessment and Authorization and Compliance Support Services

The Contractor shall provide technical support services to include development, maintenance and reporting of applicable information security compliance and associated vulnerability data as well as associated software and hardware asset management data. This data supports VA Cybersecurity Operation Center (CSOC) Cyber Threat Intelligence (CTI) Program, VA OCS Assessment and Authorization (A&A) Program, the Department of Homeland Security’s (DHS) Continuous Diagnostics and Mitigation (CDM) Program, and many functions within VA’s Information Technology Operations and Services (ITOPS). These programs require device, system and accreditation boundary visibility into all assets to ensure appropriate technical security is deployed and maintains current, required security compliance. This work includes the capability to report exceptions to information security requirements and strategies to identify non-compliant assets and systems that could expose VA to unnecessary or unauthorized risk.

Read more here.