DOI - IBC C-SCRM Tool Solution - MRAS

The U.S. Department of the Interior's Office of the Chief Information Officer is seeking a Cybersecurity Supply Chain Risk Management (C-SCRM) Tool Solution. The purpose of this tool is to enable the Department to identify, assess, monitor, manage, and mitigate cybersecurity supply chain risks associated with its information and communications technology (ICT) suppliers, products, and services. The Department envisions using the tool in various use cases, including supplier assessment, product assurance, continuous monitoring and alerting, sharing information securely, data visualization and reporting, and integration with other systems. The period of performance for this effort is one year with four option periods of one year each. The implementation support may be required on-site or off-site at various Department of the Interior facilities.

The C-SCRM Tool Solution should be a commercial off-the-shelf (COTS) software that meets the Department's needs and federal guidance on C-SCRM. It should have capabilities such as performing assessments, supporting secure software development practices, scalability, impact on DOI IT environment, security considerations, user experience considerations, 508 compliance considerations, records and legal constraints, implementation time frame implications, and optional capabilities for operational technology (OT) integration.

The Contractor will also provide professional services for implementing and training personnel on the C-SCRM Tool Solution. This includes developing an implementation plan, integrating and testing the tool solution, expanding deployment from pilot to production roll-out, developing processes and workflows to support use cases, implementing role-based access control, creating required artifacts for system authorization, providing documentation and training for stakeholders, and configuring and managing the tool solution.

The Department prefers implementing the C-SCRM Tool Solution via a software as a service (SaaS) model in a FedRAMP approved cloud environment to minimize impact on DOI resources and enable efficient scaling of capabilities.