Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF DECEMBER 10, 2011 FBO #3668
SOURCES SOUGHT

D -- Third Party Assessment Organization (3PAO) in support of the Federal Risk and Authorization Management Program (FedRAMP) - Sources Sought

Notice Date
12/8/2011
 
Notice Type
Sources Sought
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
General Services Administration, Federal Acquisition Service (FAS), ITS Office of Acquisition Operations (QTA), 10304 Eaton Place, 4B19, Fairfax, Virginia, 22030, United States
 
ZIP Code
22030
 
Solicitation Number
QTALY001
 
Point of Contact
Ben A. Reed, Phone: 703-306-6626, Lisa Yimbo, Phone: 7033066618
 
E-Mail Address
ben.reed@gsa.gov, lisa.yimbo@gsa.gov
(ben.reed@gsa.gov, lisa.yimbo@gsa.gov)
 
Small Business Set-Aside
N/A
 
Description
FBO Announcement QTALY001 The purpose of this announcement is to invite all prospective Third Party Assessment Organizations to apply to become an accepted Third Party Assessment Organization (3PAO) in support of the Federal Risk and Authorization Management Program (FedRAMP). The Federal Risk and Authorization Management Program (FedRAMP) is a unified government-wide risk management program focused on security for cloud-based systems. FedRAMP will provide a standard approach for conducting security assessments of cloud systems based on an accepted set of security controls and consistent processes. Per OMB policy, agencies acquiring cloud services are required to use FedRAMP. The FedRAMP controls and processes have been vetted and agreed to by agencies across the Federal government. This standardized approach will allow Agencies to leverage security assessments for cloud services. This "approve once, and use many" approach will save cost, time, and staff required to conduct redundant, individual Agency security assessments. CSPs that go through FedRAMP must use 3PAOs to provide an independent verification and validation (IV&V) of the security implementations required by FedRAMP. FedRAMP provisional authorizations must include an assessment by a FedRAMP accredited 3PAO to ensure a consistent assessment process. FedRAMP will use a conformity assessment process to accredit 3PAOs. Conformity assessment is a "demonstration that specified requirements relating to a product, process, system, person or body are fulfilled." (Source: ISO/IEC 17000). Conformity assessment is built on a set of internationally recognized standards that help ensure that the program consistently supports the appropriate level of rigor and independence required. To become an accredited 3PAO under FedRAMP, 3PAOs will have to submit applications that demonstrate that they meet: •1. Demonstrated technical competence in the security assessment of cloud-based information systems; and •2. The requirements based on ISO/IEC 17020:1998 for organizations performing inspections. Initially, FedRAMP PMO will compile and publish a list of accepted 3PAO's based on a thorough review of applications submitted. Applications are initially queued in the order in which they are received. Please refer to the attachments (3PAO Application Form and FedRAMP 3PAO Program Description) to this announcement for management and technical requirements, required supporting evidence, and other general information. These attachments are also available on www.FedRAMP.gov/3PAO. Applicants that do not meet the above requirements will receive a non-conformance letter and are given the opportunity to resolve the non-conformance(s) as defined in the 3PAO Program Description. FedRAMP intends to publish the initial list of FedRAMP accredited 3PAOs in 2QFY12 or soon thereafter. This list will be updated on an on-going basis as applications are processed. A pplications for the initial list of FedRAMP 3PAOs will be accepted through 5:00pm EST January 20, 2012. FedRAMP PMO will start accepting applications beginning January 9, 2012 at App.3PAO@FedRAMP.gov. Applications received after 5:00pm EST January 20, 2012 will be reviewed on an on-going basis and accredited 3PAOs will be published to the list of FedRAMP 3PAOs as they are accredited. All questions and clarifications that should be answered for consideration of applications for the initial list of FedRAMP 3PAOs must be submitted to 3PAO@FedRAMP.gov by 5:00pm EST December 23, 2011. The FedRAMP PMO will publish answers to these questions and clarifications to FedRAMP.gov/3PAO by 5:00pm EST January 6, 2012. All questions submitted after December 23, 2011 will be answered on a continual basis and FedRAMP.gov/3PAO will be updated accordingly. PLEASE NOTE THAT APPLICATIONS WITH INCOMPLETE SUPPORTING EVIDENCE WILL NOT BE PROCESSED FOR THE INITIAL LIST OF 3PAOs. GSA will hold an industry day to provide an overview of FedRAMP as well as the 3PAO process on December 16, 2011 at 8:30. To register for this industry day, please visit FedRAMP.gov/3PAO. For more information, please see FBO announcement QTALY002. Questions and clarifications about the application process and materials that potential 3PAOs would like to be addressed at the industry day should be submitted to 3PAO@FedRAMP.gov by 5:00pm EST December 14, 2011.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/notices/020ae337e4195370bc3b17bd7b423038)
 
Place of Performance
Address: 1275 1st Street NE, Washington, District of Columbia, 20475, United States
Zip Code: 20475
 
Record
SN02636236-W 20111210/111208234654-020ae337e4195370bc3b17bd7b423038 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  © 1994-2020, Loren Data Corp.