HHS NIH - Information Security Program Support - MRAS

The Department of Health and Human Services (HHS), through the General Services Administration (GSA), is conducting market research to identify capable contractors who can provide comprehensive information security program support for the National Institutes of Health (NIH). This initiative is part of NIH's ongoing efforts to safeguard critical biomedical research data and sensitive information, which includes patient health information and personally identifiable information. The overall goal is to enhance NIH's cybersecurity posture by leveraging external expertise in managing and mitigating risks associated with cyber threats.

The scope of work outlined in the Statement of Work (SOW) involves a range of tasks designed to bolster NIH's Information Security Program. Key areas include transition services, program management, continuous diagnostics and mitigation, incident response, security architecture support, vulnerability management, penetration testing, risk management framework support, and policy training and awareness. Each task requires specialized skills in cybersecurity practices such as system administration, zero trust architecture implementation, vulnerability scanning, data protection strategies, and incident response forensics.

Specifically, the contractor will be responsible for transitioning existing services smoothly while ensuring knowledge transfer and tool access validation. They will also manage ongoing program activities by providing robust project management services. Additionally, continuous diagnostics will be employed to monitor systems proactively for vulnerabilities or breaches. In the event of a security incident, the contractor must be prepared to provide tiered support for rapid response and forensic analysis.

Moreover, the SOW emphasizes the importance of maintaining a secure infrastructure through effective security architecture planning and risk management frameworks. The contractor will aid in developing policies that promote security awareness across NIH while ensuring compliance with federal regulations like FISMA. By engaging with this initiative, HHS seeks to enhance its overall capability in protecting sensitive data against advanced persistent threats within an ever-evolving cyber landscape.