Accessibility Information

Users of assistive technologies such as screen readers should use the following link to activate Accessibility Mode before continuing: Learn more and Activate accessibility mode.

Comprehensive and Robust Information Security (CRIS2) Program Support

Solicitation Number: WOAQMITRFI009
Agency: Department of Agriculture
Office: Forest Service
Location: WO-AQM IT Support
  • Print


There have been modifications to this notice. You are currently viewing the original synopsis. To view the most recent modification/amendment, click here
Sources Sought
Added: Oct 31, 2013 4:49 pm
This Request for Information (RFI) is for planning/information purposes only and shall not be construed as a commitment or a promise of a contract by the Government. This is not a solicitation. This notice does not constitute an Invitation for Bid (IFB), Request for Quote (RFQ), or Request for Proposal (RFP), nor does it restrict the Government as to the ultimate acquisition approach.

1. PURPOSE: The US Forest Service (FS), Washington Office (WO) Acquisition Management (AQM), Information Technology (IT) Support Branch is conducting a market analysis with this RFI to refine the requirement and determine the most suitable approach for acquiring and fulfilling the needs associated with providing the full range of information technology for the Comprehensive and Robust Information Security (CRIS2) Program Support listed in paragraph 3 below, entitled Overview of Capabilities.

The information collected in this RFI will be used to further define the government's requirements and create the appropriate acquisition strategy. Consequently, do not submit proprietary information in response to this request. All submission information will be considered in finalizing the FS requirement.

2. INTRODUCTION AND BACKGROUND: The FS is issuing this RFI to obtain information on the latest offerings, best practices, and approaches for information technology Comprehensive and Robust Information Security (CRIS2) Program Support. This RFI shall not be construed as a decision or obligation on the part of the Government to acquire any products or services cited in this notice. The Government will not reimburse respondents for any costs incurred in preparation of a response to this notice.

Over the past five years, FS has made significant progress meeting the security mandates required by federal laws, standards, and guidance, and has developed a more advanced conceptual and continuous approach to security to ensure the safeguarding of information entrusted to the FS. The FS "Comprehensive and Robust" Information Security (CRIS) Program is accomplished: (1) by continuing to implement and update NIST-compliant policies, and procedures, (2) by engineering and implementing solutions to new requirements that arise both from advances in technology and from new Federal and USDA regulations and directives and (3) by maintaining IT system resiliency with effective contingency planning, evaluation, and testing. The FS Cyber Security Team is responsible for CRIS and is charged with:

• Ensuring consistent application of information security standards across all FS information systems.
• Meeting all regulatory and USDA agency documented standards and guidance.
• Integrating these regulations and standards into a fully implementable security program.
• Ensuring preparation for internal and external audits through management of all infrastructure artifacts required to pass audits.
• Ensuring all new information technology (IT) projects meet or integrate security standards into their development.
• Developing a culture of security-mindful professionals across the FS community.
• Being more flexible and responsive to new regulatory directives.
• Serving as the central authority for all IT security-related activities across the agency.
• Ensuring information system survivability and integrity.
• Optimizing processes to meet IT security-related goals and strategies.

3. OVERVIEW OF CAPABILITIES: The FS is looking for the Contractor to provide the following capabilities:

1. Project Management
2. Enterprise Security Program Guidance and Policy
3. Framework/Strategy Refresh and Monitoring
4. Oversight and Compliance Verification
5. Survivability and Contingency Program Support
6. Assessment and Authorization Testing
7. Enterprise Security Metric Reporting

8. Centralized Account Management
9. Information Security Outreach and Awareness
10. Vulnerability Scanning and Auditing
11. IT Security Support to FS Data Center Migration
12. Security Program Assessment Support
13. IT Security Process Improvement
14. Wireless Assessment
15. Network Security Assessment
16. Penetration Testing
17. Privilege Access Control Management
18. Program Management Support to FS IT Security Program
19. Vulnerability Management

4. SUMMARY OF REQUESTED INFORMATION: FS is not seeking elaborate replies, but rather concise, meaningful responses from vendors with the required expertise. In 15 single-sided 8.5" X 11" pages or less (title page or table of contents do not count against the page count), contractors are requested to provide the following information:
1. Company Information.
a. Name, address, and DUNS.
b. Current contract vehicles (such as GSA Schedules, GWACs) with CRIS2 program support within scope.
c. Number of contracts for 1) government, and 2) commercial CRIS2 program support of similar scope, size, and complexity in the last three years.
d. Indicate whether they are/are not a small business, a small disadvantaged business, 8(a), hub-zone certified, woman-owned, or Historically Black College or University Minority Institution.
2. Describe the capabilities, features, and benefits of your similar CRIS 2 program 6. What pricing approaches have been used in your federal contracts? 3. What performance standards are used in your current contracts held by your company?
4. Provide three references within the past three years for contracts similar in scope. References should include:
a. Customer
b. Name, phone number, and email address for the customer's program manager
c. Contract Name
d. Contract Number
e. Contract Value
f. Contract type
g. Brief description of system.
h. If a transition period existed, note the length of the transition period, the sufficiency of the transition period and recommended transition best practices from previous experiences.
5. The Draft Performance Work Statement (PWS) is enclosed for review and comment. Offerors are encouraged to provide comments/suggestions to the PWS and Performance Standards.
6. Any additional information that may be helpful to the FS.

5. QUESTIONS: All questions must be submitted electronically to by 5:00 MT on November 19, 2013. Questions submitted after this date will not be responded to.

6. SUBMISSION INFORMATION: All responses shall address each item of paragraph 4 above and shall be provided electronically in Word or PDF to Ms. Laurie Mahalla, Contract Specialist, at All responses must be submitted via email by 5:00 MT on December 9, 2013.


Please consult the list of document viewers if you cannot open a file.


Other (Draft RFPs/RFIs, Responses to Questions, etc..)
Posted Date:
October 31, 2013
Description: Draft PWS
Albuquerque Service Center
Pan American Bldg, Suite 200
101 B Sun Ave NE
Albuquerque, New Mexico 87109
United States
Laurie K Mahalla,
Contract Specialist
Phone: 505-563-7264