SOLICITATION NOTICE
R -- Risk Assessment for EPA Acquisition System (EAS)
- Notice Date
- 1/14/2009
- Notice Type
- Presolicitation
- Contracting Office
- Environmental Protection Agency, Office of Acquisition Management, EPA/Headquarters, Environmental Protection Agency, Information Resource Management Procurement Service Center, 1200 Pennsylvania Avenue, Nw, Washington, DC 20460
- ZIP Code
- 20460
- Solicitation Number
- RFQ-DC-09-00096
- Response Due
- 1/21/2009
- Archive Date
- 2/21/2009
- Point of Contact
- Point of Contact, Helen Britz, Purchasing Agent, Phone (202) 564-9633<br />
- Small Business Set-Aside
- N/A
- Description
- NAICS Code: 541618 The objective of this SOW is to contract a third party to perform a formal risk assessment of the EPA Acquisition System (EAS) and the General Support System (GSS) as appropriate. Risk assessments by independent, external third parties are required for major applicationsand general support systems owned and/or operated by, or on behalf of, Federal agencies at least every three years or when a major change occurs. EAS is a new application replacing the legacy systems Integrated Contract Management System (ICMS) and Small Purchase Electronic Data Interchange (SPEDI). It is a COTs package with some configurability and for which a Work Assignment module is being written to EPA's specifications. EAS requires a risk assessment as part of the pre-deployment activity leading to a Certification and Authorization to Operate (C&A). In addition, the servers which support this system are being reconfigured as part of a GSS change; the assessment of risk for the GSS shall be an optional task to be undertaken when all the hardware is in place. System boundaries are defined to identify the limits of the risks to be assessed. Infrastructure that is beyond the boundaries identified herein is outside the scope of this SOW. OAM's physical system boundaries for the purposes of this SOW include all servers and peripherals over which OAM has control and that are connected to OAM's subnet of the EPA network in the Ronald Reagan Building, Washington, D.C. Note that routers, switches and wiring connecting OAM's servers to all devices in OAM's sixth and seventh floor offices are maintained by the Office of Environmental Information and thus are outside the boundaries of the SOW. As required by the Federal Information Security management Act (FISMA) of 2002, EPA follows standards and guidelines for information security developed by the National Institute of Standards and Technology (NIST). OAM has categorized the data maintained by EAS and stored on its GSS according to NIST's Federal Information Processing Standard Publication (FIPS PUB 199), Standard for Security Categorization of Federal Information and Information Systems. Through this process, OAM has determined that the data maintained and stored on its information systems require a moderate level of protection. OAM is using NIST's Special Publication (SP 800-53), Recommended Security Controls for Federal Information Systems, Annex 2, Baseline Security Controls for Moderate-Impact Information Systems, as guidance for development and implementation of security controls for EAS. Attached to this SOW is a subset of the controls specified by SP 80-53, Annex 2 that are to be assessed under this contract. Also, NIST's SP 800-53A, Guide for Assessing the Security Controls in Federal Information Systems (Draft), is a possible resource in performing this SOW.
- Web Link
-
FedBizOpps Complete View
(https://www.fbo.gov/?s=opportunity&mode=form&id=aa8cea2660ffafecb646c09a6a7704ed&tab=core&_cview=1)
- Record
- SN01732086-W 20090116/090114215337-099ce8b5ffa121a399c0b38d81ee682b (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |