DOS - Highly Adaptive Cybersecurity MRAS

The Department of State (DOS) is seeking cybersecurity support services for its Cybersecurity Integrity Center (CIC). The CIC provides operational cybersecurity monitoring, detection, and response to protect and defend the confidentiality, integrity, and availability of networks and information systems under the purview of the Chief Information Officer. The objective of this contract is to provide High Value Asset (HVA) assessment services on DOS HVA and non-HVA systems. The contractor will conduct assessments using the methodology laid out by the Cybersecurity and Infrastructure Security Agency (CISA) Assessment Evaluation and Standardization (AES) program. The assessment process includes planning, execution, and post-execution phases. The contractor must have experience in the US federal government space and be pre-vetted by the General Services Agency (GSA) for assessing DOS HVA systems.

The scope of work includes conducting risk and vulnerability assessments, security architecture reviews, and various subtasks such as penetration testing, network mapping, vulnerability scanning, phishing assessment, wireless assessment, web application assessment, and database assessment. Deliverables include reports such as Rules of Engagement, Penetration Test Report, Network Map, Vulnerability Scanning Risk Assessment, Phishing Assessment Report, Wireless Assessment Report, Web Application Assessment Report, Database Assessment Report, and Security Architecture Review (SAR) Report. All deliverables will be inspected by the Contracting Officer's Representative (COR) for content, completeness, accuracy, and conformance.

Non-conforming deliverables will be rejected and deficiencies must be corrected by the contractor within a specified number of business days. If the deficiencies cannot be corrected within the given timeframe, the contractor must provide a proposed corrective action plan to the COR.