DOCUMENT
CISA OCIO Industry Day 26Jan22 QandA FINAL 2.24.22.pdf
OVERVIEW
Original Source
Contract Opportunity
Related Opportunity
Related Agency
Posted
March 17, 2022
Type
.pdf
Size
0.51MB
Profiled People
DOCUMENT PREVIEW
EXTRACTED TEXT
CISA OCIO Industry Day 26 Jan 22_Questions & Answers
Number
Vendor Question(s)
Response
What future plans and current programs does the OCIO or CISA at large
have with regards to learning and development of your workforce?
What is the best way for training organizations to connect with CISA to
discuss needs/requirements of the Agency, our organizational
capabilities, and where the two intersect?
Ms. Barbour mentioned that there may be a future Industry Day that
discusses this topic, so please put me on the list for information
regarding anything to do with learning and development needs of the
Agency, specifically around technology, project management, and
leadership/organizational development training.
Copy of Matt Harmans remarks; Matts remarks were extensive (15-20
minutes), but he presented no slides. It appeared he was reading from
prepared text, so was hoping to get a copy of it because there was
lots of useful information, but no ability to capture via notetaking
alone.
Copy of Recently completed CISA Cybersecurity Operating Plan; Matt
mentioned that a CISA 2022 Cybersecurity Operating Plan had been
complete the prior week. So, I was requesting a copy.
I reached out to get a list of FY22 contract requirements/opportunities.
How is CISA managing all the cryptographic assets they have across the
enterprise?
Does CISA have system in place that can provide a view of all these
assets that can be shared with individual teams in real time?
Identity and Encryption are critical to Zero Trust so being able to apply
certs and keys across a variety of platforms and revoke/re-issue those
keys in event of a breach is critical as these assets expand across the
enterprise.
Per Matt Hartmans part of the presentation this morning, he
mentioned the Annual Operating Plan (AOP). I cannot locate on the
website. Is this something you can share?
Will CISA consider / provide a bidders library to those companies who
meet basic qualifications (and have the required personal NDAs in
place) for those high dollar acquisitions scheduled over the next 24
months?
You may check out Doing Business With CISA | CISA @ https://www.cisa.gov/doing-
business-cisa for more information. You may find contract opportunities on the System
for Award Management (SAM) https://sam.gov/content/opportunities. Anyone
interested in doing business with the government can use this system to search
opportunities. Opportunities include pre-solicitation notices, solicitation notices, award
notices, and sole source notices. Also, check out DHS Acquisition Planning Forecast
System (APFS) https://apfs-cloud.dhs.gov/ to learn about CISA upcoming requirements.
Vendors may submit inquiries for a capabilities briefing to CISA Vendor Engagement
Team: cisavendorengagement@cisa.dhs.gov. Prospective vendors may meet with CISA
divisions based on the division's requirements.
Details regarding additional upcoming Virtual Mini-Industry Days are coming soon.
Please check out Doing Business With CISA | CISA @ https://www.cisa.gov/doing-
business-cisa for more information. Industry Day Events are for vendors and closed to
the press. Please refer any media inquiries to CISAMedia@cisa.DHs.gov.
Additional questions regarding Industry Day may be submitted to CISA Vendor
Engagement at cisavendorengagement@cisa.dhs.gov.
Refer to https://www.cisa.gov/ for the latest guidance. Please refer any media inquiries
to CISAMedia@cisa.dhs.gov.
Refer to https://www.cisa.gov/ for the latest guidance. Please refer any media inquiries
to CISAMedia@cisa.dhs.gov.
Check out Doing Business With CISA | CISA @ https://www.cisa.gov/doing-business-cisa
for more information. You may find contract opportunities on the System for Award
Management (SAM) https://sam.gov/content/opportunities. Anyone interested in doing
business with the government can use this system to search opportunities.
Opportunities include pre-solicitation notices, solicitation notices, award notices, and
sole source notices. Also, check out DHS Acquisition Planning Forecast System (APFS)
https://apfs-cloud.dhs.gov/ to learn about CISA upcoming requirements.
Details regarding additional upcoming Virtual Mini-Industry Days are coming soon.
Please check out Doing Business With CISA | CISA @ https://www.cisa.gov/doing-
business-cisa for more information. Industry Day Events are for vendors and closed to
the press. Please refer any media inquiries to CISAMedia@cisa.DHs.gov.
Cryptographic assets are managed and maintained by the COMSEC Team using the
standard capabilities used by the Defense Information System Agency (DISA).
Refer to https://www.cisa.gov/protect-assets for the latest guidance. Critical assets are
the organizational resources essential to maintaining operations and achieving the
organizations mission.
CISA agrees that Identity and Encryption are critical to Zero Trust.
Refer to https://www.cisa.gov/ for the latest guidance. Please refer any media inquiries
to CISAMedia@cisa.dhs.gov.
Check out Doing Business With CISA | CISA @ https://www.cisa.gov/doing-business-cisa
for more information. You may find contract opportunities on the System for Award
Management (SAM) https://sam.gov/content/opportunities. Anyone interested in doing
business with the government can use this system to search opportunities.
Opportunities include pre-solicitation notices, solicitation notices, award notices, and
sole source notices. Also, check out DHS Acquisition Planning Forecast System (APFS)
https://apfs-cloud.dhs.gov/ to learn about CISA upcoming requirements.
I would appreciate any additional information you could provide
around whether an industry day with CSD is planned and, if so, how I
can register to attend.
Additional questions regarding Industry Day may be submitted to CISA Vendor
Engagement at cisavendorengagement@cisa.dhs.gov.
Are there any current or perspective modeling and simulation efforts
that industry can test against to benefit upcoming CISA initiatives?
Not at this time.
Is CISA looking to apply or adapt Model Based Systems Engineering
(MBSE) into the systems engineering process?
The CISA CIO Engineering capability is in its infancy and as such no decisions have been
made on any specific methodology. The CIO is open to hearing from industry on forward
leaning approaches that take into account the well known agile principles with the goal
of delivering value in the most efficient way possible.
Near term goal is to provide continuous authorization capability designed to evaluate
systems based upon risk and transition away from the traditional three-year process.
Embedding security requirements at the outset of projects enables the agency to move
with the speed of mission and deliver products and services quickly.
Long term goal is to evolve by offering innovative options to system authorizations that
enable our stakeholders versus inhibiting their operations. Moving to an ongoing
approach allows a more real-time view of security and compliance allowing the ability
to continuously evaluate and identify risks.
oThis process can enable the organizaon to review threats and risks in near real-me
oEnsures authorizaon ocial insight and engagement throughout the authorizaon
process
oPromote a beer understand of risks resulng from the operaon/use of systems
oSupports consistent and informaon authorizaon decisions
Industry day events provide an overview of CISA requirements to allow industry to have
better information to plan to develop and compete for contract opportunities. You may
check out Doing Business With CISA | CISA @ https://www.cisa.gov/doing-business-cisa
for more information. You may find contract opportunities on the System for Award
Management (SAM) https://sam.gov/content/opportunities. Anyone interested in doing
business with the government can use this system to search opportunities.
Opportunities include pre-solicitation notices, solicitation notices, award notices, and
sole source notices. Also, check out DHS Acquisition Planning Forecast System (APFS)
https://apfs-cloud.dhs.gov/ to learn about CISA upcoming requirements.
Zero Trust across the agency is a collaborative effort between the Office of the Chief
Information Officer and the Chief Technology Officer through research, analysis, proof
of value demonstration to ensure the right capabilities are selected to support agency
operations.
Software Bill of Materials and Secure Supply Chain efforts are being evaluated working
in conjunction with the Department for a holistic solution. Software leveraged within
CISA specifically, looking to assess software through additional testing and evaluation
methods to implement within CISA systems.
Can CISA provide industry with more details around their near term
and long term goals to improve the Continuous ATO capabilities within
CISA?
Does the OCIO envision any FY2022 acquisitions to support the 4 key
areas discussed in the Introductory and Overview sections of the
presentations?
What role across CISA will the OCIOs office play in the implementation
of Zero Trust, SBOM, and Secure Supply Chain efforts?
17
Number
Vendor Question(s)
Response
What future plans and current programs does the OCIO or CISA at large
have with regards to learning and development of your workforce?
What is the best way for training organizations to connect with CISA to
discuss needs/requirements of the Agency, our organizational
capabilities, and where the two intersect?
Ms. Barbour mentioned that there may be a future Industry Day that
discusses this topic, so please put me on the list for information
regarding anything to do with learning and development needs of the
Agency, specifically around technology, project management, and
leadership/organizational development training.
Copy of Matt Harmans remarks; Matts remarks were extensive (15-20
minutes), but he presented no slides. It appeared he was reading from
prepared text, so was hoping to get a copy of it because there was
lots of useful information, but no ability to capture via notetaking
alone.
Copy of Recently completed CISA Cybersecurity Operating Plan; Matt
mentioned that a CISA 2022 Cybersecurity Operating Plan had been
complete the prior week. So, I was requesting a copy.
I reached out to get a list of FY22 contract requirements/opportunities.
How is CISA managing all the cryptographic assets they have across the
enterprise?
Does CISA have system in place that can provide a view of all these
assets that can be shared with individual teams in real time?
Identity and Encryption are critical to Zero Trust so being able to apply
certs and keys across a variety of platforms and revoke/re-issue those
keys in event of a breach is critical as these assets expand across the
enterprise.
Per Matt Hartmans part of the presentation this morning, he
mentioned the Annual Operating Plan (AOP). I cannot locate on the
website. Is this something you can share?
Will CISA consider / provide a bidders library to those companies who
meet basic qualifications (and have the required personal NDAs in
place) for those high dollar acquisitions scheduled over the next 24
months?
You may check out Doing Business With CISA | CISA @ https://www.cisa.gov/doing-
business-cisa for more information. You may find contract opportunities on the System
for Award Management (SAM) https://sam.gov/content/opportunities. Anyone
interested in doing business with the government can use this system to search
opportunities. Opportunities include pre-solicitation notices, solicitation notices, award
notices, and sole source notices. Also, check out DHS Acquisition Planning Forecast
System (APFS) https://apfs-cloud.dhs.gov/ to learn about CISA upcoming requirements.
Vendors may submit inquiries for a capabilities briefing to CISA Vendor Engagement
Team: cisavendorengagement@cisa.dhs.gov. Prospective vendors may meet with CISA
divisions based on the division's requirements.
Details regarding additional upcoming Virtual Mini-Industry Days are coming soon.
Please check out Doing Business With CISA | CISA @ https://www.cisa.gov/doing-
business-cisa for more information. Industry Day Events are for vendors and closed to
the press. Please refer any media inquiries to CISAMedia@cisa.DHs.gov.
Additional questions regarding Industry Day may be submitted to CISA Vendor
Engagement at cisavendorengagement@cisa.dhs.gov.
Refer to https://www.cisa.gov/ for the latest guidance. Please refer any media inquiries
to CISAMedia@cisa.dhs.gov.
Refer to https://www.cisa.gov/ for the latest guidance. Please refer any media inquiries
to CISAMedia@cisa.dhs.gov.
Check out Doing Business With CISA | CISA @ https://www.cisa.gov/doing-business-cisa
for more information. You may find contract opportunities on the System for Award
Management (SAM) https://sam.gov/content/opportunities. Anyone interested in doing
business with the government can use this system to search opportunities.
Opportunities include pre-solicitation notices, solicitation notices, award notices, and
sole source notices. Also, check out DHS Acquisition Planning Forecast System (APFS)
https://apfs-cloud.dhs.gov/ to learn about CISA upcoming requirements.
Details regarding additional upcoming Virtual Mini-Industry Days are coming soon.
Please check out Doing Business With CISA | CISA @ https://www.cisa.gov/doing-
business-cisa for more information. Industry Day Events are for vendors and closed to
the press. Please refer any media inquiries to CISAMedia@cisa.DHs.gov.
Cryptographic assets are managed and maintained by the COMSEC Team using the
standard capabilities used by the Defense Information System Agency (DISA).
Refer to https://www.cisa.gov/protect-assets for the latest guidance. Critical assets are
the organizational resources essential to maintaining operations and achieving the
organizations mission.
CISA agrees that Identity and Encryption are critical to Zero Trust.
Refer to https://www.cisa.gov/ for the latest guidance. Please refer any media inquiries
to CISAMedia@cisa.dhs.gov.
Check out Doing Business With CISA | CISA @ https://www.cisa.gov/doing-business-cisa
for more information. You may find contract opportunities on the System for Award
Management (SAM) https://sam.gov/content/opportunities. Anyone interested in doing
business with the government can use this system to search opportunities.
Opportunities include pre-solicitation notices, solicitation notices, award notices, and
sole source notices. Also, check out DHS Acquisition Planning Forecast System (APFS)
https://apfs-cloud.dhs.gov/ to learn about CISA upcoming requirements.
I would appreciate any additional information you could provide
around whether an industry day with CSD is planned and, if so, how I
can register to attend.
Additional questions regarding Industry Day may be submitted to CISA Vendor
Engagement at cisavendorengagement@cisa.dhs.gov.
Are there any current or perspective modeling and simulation efforts
that industry can test against to benefit upcoming CISA initiatives?
Not at this time.
Is CISA looking to apply or adapt Model Based Systems Engineering
(MBSE) into the systems engineering process?
The CISA CIO Engineering capability is in its infancy and as such no decisions have been
made on any specific methodology. The CIO is open to hearing from industry on forward
leaning approaches that take into account the well known agile principles with the goal
of delivering value in the most efficient way possible.
Near term goal is to provide continuous authorization capability designed to evaluate
systems based upon risk and transition away from the traditional three-year process.
Embedding security requirements at the outset of projects enables the agency to move
with the speed of mission and deliver products and services quickly.
Long term goal is to evolve by offering innovative options to system authorizations that
enable our stakeholders versus inhibiting their operations. Moving to an ongoing
approach allows a more real-time view of security and compliance allowing the ability
to continuously evaluate and identify risks.
oThis process can enable the organizaon to review threats and risks in near real-me
oEnsures authorizaon ocial insight and engagement throughout the authorizaon
process
oPromote a beer understand of risks resulng from the operaon/use of systems
oSupports consistent and informaon authorizaon decisions
Industry day events provide an overview of CISA requirements to allow industry to have
better information to plan to develop and compete for contract opportunities. You may
check out Doing Business With CISA | CISA @ https://www.cisa.gov/doing-business-cisa
for more information. You may find contract opportunities on the System for Award
Management (SAM) https://sam.gov/content/opportunities. Anyone interested in doing
business with the government can use this system to search opportunities.
Opportunities include pre-solicitation notices, solicitation notices, award notices, and
sole source notices. Also, check out DHS Acquisition Planning Forecast System (APFS)
https://apfs-cloud.dhs.gov/ to learn about CISA upcoming requirements.
Zero Trust across the agency is a collaborative effort between the Office of the Chief
Information Officer and the Chief Technology Officer through research, analysis, proof
of value demonstration to ensure the right capabilities are selected to support agency
operations.
Software Bill of Materials and Secure Supply Chain efforts are being evaluated working
in conjunction with the Department for a holistic solution. Software leveraged within
CISA specifically, looking to assess software through additional testing and evaluation
methods to implement within CISA systems.
Can CISA provide industry with more details around their near term
and long term goals to improve the Continuous ATO capabilities within
CISA?
Does the OCIO envision any FY2022 acquisitions to support the 4 key
areas discussed in the Introductory and Overview sections of the
presentations?
What role across CISA will the OCIOs office play in the implementation
of Zero Trust, SBOM, and Secure Supply Chain efforts?
17
Show All