NCATS has established a Cybersecurity Services (CSS) Division within the Information Technology Resources Branch (ITRB) to manage the NCATS-wide Cybersecurity Service Program.
The purpose of this requirement is to provide the National Center for Advancing Translational Sciences (NCATS) Information Technology Resources Branch (ITRB) Cybersecurity Services (CSS) Division with day-to-day support services.
The contractor will provide full-time support through a small cadre of individuals under a fixed-price task order. The individuals working under this contract are expected to have deep individual cybersecurity expertise. Discrete tasks (for example, completion of an authorization to operate (ATO) package) will be performed through fixed-price or time-and-materials task orders structured to meet those needs (e.g. for a period of weeks or months, part-time, on-site/off-site, by subcontract, joint venture, etc.). The contractor will provide advice to the CSS division chief regarding the most advantageous and cost-effective approaches to accomplish the tasks in this Statement of Work (SOW).
These support services will primarily consist of direct support to the CSS Division on a fixed-price level of effort basis, with the first task order to provide for full-time level of effort that will address the contract management and program management tasks described below. Additional task orders may be issued on a fixed-price level of effort, fixed price completion, or time-and-materials basis.
In addition to supporting NCATS day-to-day cybersecurity requirements, the contractor managing CSS will also be responsible for providing its services to externally-facing and collaborative extramural NCATS programs such as the Rare Disease Clinical Research Network (RDCRN), the Clinical Translational Science Awards (CTSA) Program Network, and A Specialized Platform for Innovative Research Exploration (ASPIRE).
Develop and provide information security and privacy support to NCATS employees and contractors to apply on specific business needs, technical situations and policy requirements, including but not limited to:
- Provide guidance and determine the impact of new technology or policy (e.g., CDM technologies, anomaly-based tools, virtual and cloud environments, etc.) on the NCATS information security and privacy program;
- Provide expert analysis and document preparation for various analytical efforts focused on processes and procedures;
- Review various draft documents and provide timely feedback to NCATS employees and contractors;
- Develop and implement information security and privacy program strategic and tactical goals and objectives, in addition to outreach and communication plans;
- Assist with transforming the organization and governance structure to support NCATS information security and privacy initiatives;…
Task Area 2a – Assessment and Authorization (A&A) Support
Tasks include but are not limited to:
- Provide overall subject matter expertise to the Information Security Assessment and Authorization (A&A) program. Provide specific guidance and technical expertise in the form of standards, policies, procedures, and oversight for the NCATS A&A program;
- Create and/or review and analyze all Authorization to Operate (ATO) artifacts for accuracy and completeness in support of ATO requests;
- Conduct audits of Plan of Actions and Milestones (POA&M) for completeness and compliance;