Notice ID: 36C10B21Q0423
To protect Veteran’s and VA information, OIS has developed a strategic plan, and is maturing a Enterprise Security Architecture (ESA) with artifacts that link the organizational and business levels to lower technical, logical-structure and systems levels that enables the deployment of new and secure technologies with consistency. As part of its strategic direction and, in accordance with the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, the VA is looking to strengthen the cybersecurity of its information technology (IT) infrastructure and solutions to support and enhance the Department’s mission.
The Contractor shall provide technical and programmatic support services to include the development, maintenance of the ESA artifacts, administrative engineering support, and the facilitation of the enterprise-wide use of the VA ESA. The VA ESA shall support an integrated VA-wide risk management program in accordance with NIST SP 800-39, Managing Information Security Risk, Organization (High Level), Mission (Business), and the Information System View (System views may include but would not limited to logical, data, and tactical). The VA ESA shall be comprehensive and consist of artifacts that support the VA risk management process at the: (i) organization level (VA-level); (ii) mission/business process level (VHA, VBA, NCA, and VACO); and (iii) information system level.
The VA ESA shall align, support, and enable the VA ESA Strategy to address the evolving threat landscape, support VA Business and IT Modernization initiatives, and take advantage of new and emerging security approaches and technologies. The Contractor shall provide multi-domain support to address VA’s scope, size and complexity; which includes but is not limited to enterprise architecture, emerging technologies, networks, mobile, specialized domain areas (healthcare, medical devices, cybersecurity, IT Modernization, large-scale architecture, risk management, etc.). The Contractor shall demonstrate specialized technical and cybersecurity expertise needed to advance the new technologies that VA introduces; including merging of Electronic Health Records (EHR), cloud computing, Application Programming Interfaces (APIs), specialized networks (i.e. software and security perimeter and defined networks), Internet of Things (IoT), zero trust, analytic ecosystems, 5G, and medical devices.