RFI for Security Risk Management and Analysis (SRMA) Support Services

The Department of the Treasury, Internal Revenue Service's (IRS), Cybersecurity began the Security Risk Management and Analysis (SRMA) Project in early 2015 as a result of a Business Impact Assessment Project and the need to expand on the risks associated with Filing Season. This holistic view takes into consideration applications supporting Treasury's Mission Essential Functions (MEFs), also known as Critical Business Processes (CBPs). The SRMA Project spans numerous program areas, including but not limited to, the Filing Season, Financial Systems, Infrastructure Currency, Risk Based Decisions (RBD), Plans of Action and Milestones (POA&M), High Value Assets, U.S. Government Accountability Office (GAO) Audits and U.S. Treasury Inspector General for Tax Administration (TIGTA) Audits, etc. The risk data reports from these Project focus areas support a multitude of program areas and further supports Cybersecurity Risk Awareness and Remediation.

The Contractor shall continue the creation of an enterprise-wide interconnected view of organizational risk, developing decision environments for stakeholders, incorporating authoritative data feeds, and establishing use cases to provide risk insights to stakeholders and mitigation teams. This will involve collection of Internet Protocols (IP) mapping and data associations to make justifiable nexuses among the various categories or IRS critical assets, establishing a process to validate the alignment of discovered IPs on the network to systems and provide updates to authoritative data stores to allow the IRS to appropriately assign remediation and mitigation activities to owners. The Contractor shall also implement additional automation, scripted tasks and better data acquisition processes.