Notice ID: 75N95023R00067
Description
The purpose of this requirement is to provide the National Center for Advancing Translational Sciences (NCATS) Information Technology Resources Branch (ITRB) Cybersecurity Services (CSS) Division with day-to-day support services. The contractor will provide full-time support through a small cadre of individuals under a fixed-price task order. The individuals working under this contract are expected to have deep individual cybersecurity expertise. Discrete tasks (for example, completion of an authorization to operate (ATO) package) will be performed through fixed-price or time-andmaterials task orders structured to meet those needs (e.g. for a period of weeks or months, part-time, on-site/off-site, by subcontract, joint venture, etc.). The contractor will provide advice to the CSS division chief regarding the most advantageous and cost-effective approaches to accomplish the tasks in this Statement of Work (SOW).
Information Security and Privacy Group (ISPG)
2.2.1 Task Area 1: Information Security and Privacy Policy Support Develop and provide information security and privacy support to NCATS employees and contractors to apply on specific business needs, technical situations and policy requirements, including but not limited to:
- Provide guidance and determine the impact of new technology or policy (e.g., CDM technologies, anomaly-based tools, virtual and cloud environments, etc.) on the NCATS information security and privacy program;
- Provide expert analysis and document preparation for various analytical efforts focused on processes and procedures;
- Review various draft documents and provide timely feedback to NCATS employees and contractors;
- Develop and implement information security and privacy program strategic and tactical goals and objectives, in addition to outreach and communication plans; E. Assist with transforming the organization and governance structure to support NCATS information security and privacy initiatives…
Task Area 2a – Assessment and Authorization (A&A) Support Tasks include but are not limited to:
- Provide overall subject matter expertise to the Information Security Assessment and Authorization (A&A) program. Provide specific guidance and technical expertise in the form of standards, policies, procedures, and oversight for the NCATS A&A program;
- Create and/or review and analyze all Authorization to Operate (ATO) artifacts for accuracy and completeness in support of ATO requests;
- Conduct audits of Plan of Actions and Milestones (POA&M) for completeness and compliance;
- Develop and support the Ongoing Authorization (OA) / Continuous Monitoring process…
Task Area 2b – Privacy and Security Engineering Services Provide expertise in specific security or security-related engineering and privacy topics, which may include, but is not limited to, the following types of activities:
- Provide expertise in specific security or security-related engineering topics and privacy engineering.
- Prepare situational awareness briefings regarding information security policy and industry trends for NCATS senior management;
- Develop alternatives of system designs and/or architectures which consider trade-offs between security requirements, functional/operational requirements, cost and compliance…
