As a direct result of contract performance, the Chief Information Security Officer and his staff within FDA Office of Information Security (OIS) and the Office of Information Technology and Management (OIMT) expects to maintain the FDA’s Cybersecurity posture against advancing cyber threats via the following outcomes:
Develop, implement, integrate, operate and support cybersecurity capabilities that align with the National Institutes of Standards and Technology’s (NIST) Cybersecurity Framework and the Department of Homeland Security’s (DHS) Continuous Diagnostic and Mitigation (CDM) Program
Acquire the necessary hardware, software, services and training required to implement and operate technology solutions in support of the FDA cybersecurity mission
Ensure that the Information Technology FDA acquires and implements meet current industry standards while aligning with emerging capabilities
Ensure that the FDA Information Technology staff that operates the technologies receives the necessary training to understand and operate newly implemented cybersecurity technologies
Improve efficiencies in procedures while ensuring implementation of appropriate security controls
Integrate new technology solutions into a system development life cycle (SDLC) management framework…
This statement of work (SOW) conveys the current FDA Information Technology and cybersecurity objectives, constraints, applicable scope, technical requirements, and applicable task areas. Individual task orders will be issued to obtain specific services for FDA Cybersecurity Capabilities (projects). FDA Cybersecurity Capabilities projects will include the acquisition of software, hardware, vendor-certified engineering resources necessary for implementation, operations, maintenance and training.
The scope of this contract encompasses the technical and management services necessary to permit the FDA and all its Offices and Centers to meet the objectives presented in section 1.2 above. The Contractor shall also provide all maintenance agreements, documentation, and training materials necessary to implement and maintain FDA’s access to its solution. The task areas listed below follow the federal Cybersecurity Framework.
Examples of Cybersecurity Framework capabilities include:
- Network Penetration Testing
- Web Application Firewalls
- Dark Web services (via subscription) …