|
Functional Areas supported: Information Systems
Security
The Office of Information Resources Management, International Trade Administration
(ITA) requires IT Security Plans, IT Security Policy, Risk Assessment;
as well as Application Development as detailed in Section C of this Fast
Track Request for Solutions.
The Government prefers a Cost Plus Fixed Fee type task order. The scope
and cost/pricing will be for a one-year duration from the time of award.
International Trade Administration IT Security Support.
SCOPE OF WORK/OBJECTIVE:
Because of the program importance of the information maintained in IT
systems and the increased attention being focused on IT security, ITA
needs to significantly improve its security readiness. The major effort/scope
of this contract is to provide the full spectrum of IT security, from
individual system plans through overall security policy.
Information Systems Security Support
ITA is in the process of revising the security plans for its major IT
systems. Currently ITA has seven major systems. While none of these systems
are very big in absolute terms, they are the most important and largest
systems operated by ITA. While the system manager and system administrator
are doing the majority of work associated with these plans, external support
is needed to assure that the plans are comprehensive in nature and are
consistent across the organization. The contractor shall work with the
ITA Systems Managers and assist in the development of system security
plans, risk assessments, and contingency/disaster recovery plans for these
systems.
In addition to system plans the contractor shall conduct an assessment
of the overall infrastructure used by ITA. Security plans cover individual
systems, but the entire environment needs to be reviewed for vulnerability.
ITA also needs assistance in refining its overall security policy. The
contractor shall develop a comprehensive IT Security Policy that will
guide ITA system development and operational activities. This policy will
address the full spectrum of IT security and be a living document that
reflects the constantly changing threats in the IT environment.
The contractor shall develop and test a Security Incident Response Plan.
This plan will address the threats facing ITA's infrastructure and systems
and provide alternative action plans for use in the case of disruption
or loss of services.
All IT systems require accreditation. The contractor shall provide assistance
in developing an accreditation process and in reviewing and accrediting
the unclassified systems operated by ITA.
The contractor shall provide Security testing support. Several forms of
testing support are required, including testing of the system security
plans, the contingency/disaster recovery plans and penetration testing
of the overall infrastructure.
DELIVERABLES
o Systems Security Plans
o Risk Assessment of IT infrastructure
o Contingency/Disaster Recovery Plan for each system
o IT Security Policy
o Incidence Response Plan
o Accreditation Process
o Security Penetration, Assessment and Analysis
|
