Security Risk Management Plan (SRMP), System Security Plan (SSP), Statement of Applicability(SOA), Vulnerability or Penetration Testing (price for both)

The Fraud and Compliance Branch within the NDIA is working with a cloud hosting partner and COTS software partner to deliver a Case Management System for Fraud and Compliance matters. The COTS product is using IBM iBase software.

The services of a suitably qualified and experienced vendor are required to conduct and document a number of Cyber Security Assurance activities to help understand any risks and where appropriate recommend steps to mitigate those risks.

The services requested are:

1. A Security Risk Management Plan (SRMP)
2. A Statement of Applicability (SOA)
3. A System Security Plan (SSP)
4. Vulnerability or Penetration Testing (price for both)

The preferred supplier will be asked to present findings to a group of stakeholders with various levels of technical background.