Notice ID: 36C10B22Q0304
“SCOPE OF WORK
…The Contractor shall enable the VA to comply with 44 U.S. Code § 3554, NIST 800-37 RMF, and FISMA to assess, review and validate that security and privacy controls are being implemented properly, operating as intended or producing the desired results thus minimizing exposure to VA systems and information to high risk of security incidents that seriously impact VA networks and information. These support activities for assessment, review and implementation and assessments, will assist Information System Security Officers (ISSOs), System Owners (SOs), Authorizing Officials Designated Representative (AODRs), Authorizing Officials (AOs) and senior leadership and other relevant personnel to have detailed assessments, reviews, validations, prior to issuing Authorization To Operate (ATOs).”
“This requirement will also meet the mission of the organization to effectively conduct continuous monitoring through controls assessment reports listing every control that did not comply with NIST and VA requirements, including a comprehensive listing of the full spectrum of federally mandated controls the Department of Veteran Affairs must satisfy in accordance with FISCAM and FISMA audit. These reports are vital to helping System Owners create corresponding POA&Ms to remediate control risks or accept them, as required by FISMA law. In addition, Contractor will provide the VA support for risk management framework pre-assessment, assessment, and post-assessment activities through site visits to VA and non-VA sites hosting VA information systems, as well as direct support during FISCAM/FISMA audits.”
“APPLICABILITY
This Task Order (TO) effort PWS is within the following scope of paragraph(s) of the T4NG Basic PWS:
- 1 4.1 Technical Functional Areas,
- 4.2 Program Management, Strategy, Enterprise Architecture and Planning
- Support
- 4.3 Systems/Software Engineering
- 4.4 Software Technology Demonstration And Transition
- 4.5 Test & Evaluation (T&E)
- 4.6 Independent Verification And Validation (Iv&V)
- 4.7 Enterprise Network
- 4.8 Enterprise Management Framework
- 4.9 Operations And Maintenance (O&M)
- 4.10 Cyber Security
- 4.11 Training
- 4.12 Information Technology Facilities”
