Various Information Technology Audits for NSF OIG

Background
The National Science Foundation (NSF)'s Office of Inspector is seeking potential sources to conduct targeted IT audits in the areas of NSF's Cloud Platforms, Implementation of Zero Trust Architecture Cybersecurity Principles, and Compliance with Security Requirements for Controlled-Unclassified Information. The audits are in response to Executive Order 14028 and OMB M-22-09, which require federal agencies to migrate to a zero trust architecture (ZTA) and meet specific cybersecurity standards and goals by the end of fiscal year 2024.

Work Details
The contractor is required to plan and conduct an audit of NSF’s implementation of the ZTA strategy. This includes reviewing all relevant ZTA requirements and criteria, assessing NSF’s progress towards achieving the zero trust security goals by the end of Fiscal Year 2024, and identifying NSF’s ZTA maturity based on the CISA ZTA maturity model. The audit will also involve preparing and submitting an audit plan, conducting the audit according to applicable standards, and providing all required deliverables as outlined in the solicitation.

Period of Performance
The audit shall be completed within 9 months from the date of the entrance conference, tentatively scheduled to begin no later than three months after contract award. The overall completion date of the contract is twelve months after contract award.

Place of Performance
All necessary fieldwork will be conducted virtually or on-site at NSF Headquarters in Alexandria, VA.