Search Contract Opportunities

Continuous Cyber Risk Monitoring Annual Subscription

ID: 5000179404 • Type: Sources Sought • Match:  85%
Opportunity Assistant

Hello! Please let me know your questions about this opportunity. I will answer based on the available opportunity documents.

Please sign-in to link federal registration and award history to assistant. Sign in to upload a capability statement or catalogue for your company

Some suggestions:
Please summarize the work to be completed under this opportunity
Draft a sources sought response template for this opportunity
Do the documents mention an incumbent contractor?
I'd like to anonymously submit a question to the procurement officer(s)

Description

Posted: Feb. 13, 2024, 8:16 a.m. EST

The Internal Revenue Service is issuing this sources sought notice as a market survey to determine if any small businesses can meet the requirements specified in the attached SOW for a Continuous Cyber Risk Monitoring Annual Software Subscription. Please note the USG is not interested in developing a new software but seeks to acquire a subscription to an existing software currently available in the commercial marketplace.

Responses shall specifically address their company's ability to meet the following:

  1. Provide a summary of your proposed solution and it's ability to meet the requirements described in the attached SOW. Responses should cleary and adequately address paragraphs 1-7 in the "Tool Requirements" section under paragraph 3, Scope.

Responses shall be limited to 7 pages not including the cover page. Responses shall be in 10 Arial font or larger. Responses shall include a cover page including the:

  1. Company Name;
  2. Company Address;
  3. Company Point of Contact, Phone Number and Email address;
  4. Unique Entity ID Number
  5. Identify any available contracts you hold that could be utilized for this requirement (GSA MAS or any Government Wide Acquisition Contract). Include current contract number and task area(s) appropriate for this notice; include the and North American Industry Classification System (NAICS) Code.
  6. Size and Type of Company (i.e., small business, 8(a), woman owned, veteran owned, etc.)

All responses to this RFI shall be sent via email to JW Terry at jw.r.terry@irs.gov no later than 5:00 pm Eastern Standard Time (ET) on 16 February 2024. This notice is for informational purposes only. This is not a request for proposal or quote. It does not constitute a solicitation and shall not be construed as a commitment by the government. Responses in any form are not offers and the government is under no obligation to award a contract as a result of this announcement. No funds are available to pay for preparation of responses to this announcement. Any information submitted by respondents to this notice is strictly voluntary.

Posted: Feb. 13, 2024, 7:39 a.m. EST
Posted: Feb. 8, 2024, 3:33 p.m. EST
Background
The Internal Revenue Service (IRS) Cybersecurity, Security Risk Management (SRM) Cybersecurity Supply Chain Risk Management (C-SCRM) Program is tasked with effectively managing supply chain risks presented to the IRS through the acquisition, use, and sustainment of externally sourced Information Technology (IT) products and services by performing Cybersecurity Supply Chain Risk Assessments (C-SCRA). C-SCRA provides an analysis of the vulnerabilities, threats, likelihood, and impacts to determine the IRS’ risk exposure associated with the acquisition, procurement, or continued use of the third-party ICT product, service, or supplier. C-SCRM is required by Executive Order 14028, NIST 800-53 Rev 5 Supply Chain Risk Management Policy and Procedures, and NIST 800-161 Rev 1 Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations.

Work Details
The Continuous Cyber Risk Monitoring Annual Subscription requires an automated tool to improve the accuracy and risk monitoring capabilities of the C-SCRA process. The tool will be utilized to provide detailed vendor profiles, vendor risk rating scores, product risk assessment contributing to the identification of vulnerabilities, threats, and risks in the IRS ICT supply chain. The tool shall provide multidimensional technical cyber rating for IRS third party ICT providers suppliers, managed service organizations, and 3rd and nth party risk for pre-acquisition and continuous monitoring in various categories. It shall also automatically ingest security compliance documents like ISO 27001 Reports, FedRAMP or NIST 800-53 documentation like SSPs and POAM information, SSAE 18, SOC 2 Type 2 Reports among others. Additionally, it should allow pre-acquisition teams to collaborate through an alerting/ticketing process that integrates with ServiceNow to monitor IRS third party ICT providers. The tool shall provide Technical Cyber Rating, automated Risk Quantification using Open FAIR to evaluate risk for pre-acquisition and continuous monitoring. It should also perform preemptive ransomware susceptibility information for pre-acquisition and continuous monitoring.

Period of Performance
The desired period of performance will be from 3/1/2024 – 2/28/2025.

Place of Performance
IRS-IT Cybersecurity SRM Attn: James Macke Phone: 240-613-6848

Overview

Agency
IRS Office of the Chief Procurement Officer (OCPO) [USDT - IRS]
Response Deadline
Feb. 16, 2024, 5:00 p.m. EST Past Due
Posted
Feb. 8, 2024, 3:33 p.m. EST (updated: Feb. 13, 2024, 8:16 a.m. EST)
Set Aside
Small Business (SBA)
NAICS
541511 - Custom Computer Programming Services
PSC
DE10 - IT And Telecom - End User As A Service: Help Desk; Tier 1-2, Workspace, Print, Productivity Tools
Place of Performance
Atlanta, GA 30341 United States
Source
Open
Current SBA Size Standard
$34 Million
Pricing
Likely Fixed Price
Est. Level of Competition
Low
Odds of Award
16%
Signs of Shaping
The solicitation is open for 8 days, below average for the IRS Office of the Chief Procurement Officer. 70% of obligations for similar contracts within the Internal Revenue Service were awarded full & open.
On 2/8/24 IRS Office of the Chief Procurement Officer issued Sources Sought 5000179404 for Continuous Cyber Risk Monitoring Annual Subscription due 2/16/24. The opportunity was issued with a Small Business (SBA) set aside with NAICS 541511 (SBA Size Standard $34 Million) and PSC DE10.
Primary Contact
Name
JW Terry   Profile
Email
jw.r.terry@irs.gov
Phone
(937) 610-2123

Documents

Posted documents for Sources Sought 5000179404

Question & Answer

The AI Q&A Assistant has moved to the bottom right of the page

Incumbent or Similar Awards

Contracts Similar to Sources Sought 5000179404

Potential Bidders and Partners

Awardees that have won contracts similar to Sources Sought 5000179404

Similar Active Opportunities

Open contract opportunities similar to Sources Sought 5000179404

Additional Details

Source Agency Hierarchy
TREASURY, DEPARTMENT OF THE > INTERNAL REVENUE SERVICE > NATIONAL OFFICE - PROCUREMENT OITA
FPDS Organization Code
2050-2032H5
Source Organization Code
100168402
Last Updated
March 2, 2024
Last Updated By
jw.r.terry@irs.gov
Archive Date
March 2, 2024