DOI - IBC C-SCRM Tool Solution - MRAS

The U.S. Department of the Interior's Office of the Chief Information Officer is seeking a Cybersecurity Supply Chain Risk Management (C-SCRM) Tool Solution. The purpose of this tool is to enable the Department to identify, assess, monitor, manage, and mitigate cybersecurity risks associated with its information and communications technology (ICT) supply chain. The Department recognizes that vulnerabilities can be introduced at any point in the supply chain, posing significant risks. The C-SCRM Tool Solution will be used to perform assessments and monitoring throughout the acquisition and product/service life cycles. The Department estimates awarding approximately 2,000 contracts supporting ICT products and services over the next five years.

The scope of the C-SCRM Tool Solution includes several use cases such as supplier/product/entity assessment, product/producer assurance, continuous monitoring and alerting, sharing information securely, data visualization and reporting, and integration with key systems. The tool should provide capabilities to support federal guidance on C-SCRM and securing the software supply chain. It should also be scalable, consider security and user experience considerations, and comply with legal constraints.

The period of performance for this effort is one year with four option periods of one year each. The implementation support may be required off-site or on-site at various locations including Denver, CO; Washington DC; and Reston, VA. Remote work may also be authorized depending on duties and needs.

The deliverables for this project include a project WBS/plan/schedule, status reports/meetings, final implementation plan, training plan, and other ad-hoc deliverables as required. The Department prefers implementing the C-SCRM Tool Solution via a software as a service (SaaS) model in a FedRAMP approved cloud environment to minimize impact on DOI resources while enabling scalability.

Overall, this opportunity presents a significant contract for a C-SCRM Tool Solution that will help the U.S. Department of the Interior enhance its cybersecurity supply chain risk management capabilities and ensure the security of its ICT products and services.