Coder Social home page Coder Social logo

tts-buy-cloudgov-3pao's Introduction

tts-buy-cloud.gov-3pao

This RFQ is being posted Per FAR 52.232-18 Availability of Funds. This award will not be made prior to receipt and acceptance of the funds. See FAR 52.232-18 Availability of Funds (APR 1984) in the Clause section of this RFQ.

Important Dates to Remember

Question and Answer Period

All questions submitted concerning the RFQ must be submitted using the issue template in the associated repository no later than Noon Eastern Time on August 27, 2018. The Government will provide responses to open issues as soon as possible.

Technical and Price Submission

Quotes will only be accepted via the referenced Google Forms below. The vendor shall complete the Technical Response Google Form and Price Response Google Form. Quotes shall be submitted no later than Noon Eastern Time on August 30, 2018.

Statement of Need

To continue to successfully achieve cloud.gov’s mission, cloud.gov requires annual re-assessment for all participating Cloud Service Providers, including annual auditing by an accredited Third Party Assessment Organization (3PAO).

What we're hoping to end up with

Additional information is provided in the RFQ, but in short:

The vendor must provide security assessments and reports for an Annual Assessment, with options for including Significant Change Request assessments, for cloud.gov at the JAB Moderate security level. These security assessments must meet all of the requirements of a FedRAMP security assessment, as outline within the Request of Quotation section 3.0 Requirements.

How to respond

Additional information is provided in the Instructions section of the RFQ, but in short:

Quotation must be received electronically via the RFQ Technical Response Form and the RFQ Pricing Response Form, by the official closing date and time identified above. A late quotation will not be considered for award.

Contributing

See CONTRIBUTING for additional information.

Public domain

This project is in the worldwide public domain. As stated in CONTRIBUTING:

This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.

tts-buy-cloudgov-3pao's People

Contributors

kagreen70 avatar kelleyconfer avatar michellemcnellis avatar

Stargazers

avatar

Watchers

avatar avatar avatar

Forkers

mhoagberg songbird300 hayespatrick mogul isabella232

tts-buy-cloudgov-3pao's Issues

Significant Change Request field

Question/Comment

Name and affiliation

Director of Proposals

Section of RFQ documents

Price Response Form (0002/1002/2002/3002/4002) - Significant Change Request (LH) field.

Question/Comment

It's unclear what offerors should input to this field. Should offerors just put the $100,000 ceiling amount?

3PAO's that have completed security packages for a PaaS and delivered them to the FedRAMP JAB

Question/Comment

Name and affiliation

Cortney Rose - Proposal Manager for Booz Allen Hamilton, FedRAMP 3PAO

Section of RFQ documents

Technical Response Form - cloud.gov 3PAO Services - Phase 1 - Minimum Requirements

Question/Comment

Currently, there are only two 3PAO's that have completed security packages for a PaaS and delivered them to the FedRAMP JAB. Coalfire has conducted ten assessments and Kratos SecureInfo has conducted two. Is this bid limited to these two 3PAOs? Suggest requirement be rewritten to state, "The 3PAO has previously completed 3PAO assessments for CSPs and has performed work with GSA."

Upload Sample Reports?

Question/Comment

Name and affiliation

Director of Proposals

Section of RFQ documents

Technical Response Form, Factor 2 - Similar Experience

Question/Comment

Offerors have been asked to provide SAR Risk Table findings and Test Case analysis examples. How should we provide this information? Copying the content into the form makes it difficult to read. Is there a mechanism for uploading the sample reports to GSA?

Few Questions

How many significant changes are expected each year? Is there an estimated Level of Effort (LOE) per change?

Will a proposal and TO be issued for each significant change made? Without details on the changes and impact it is not possible to price. Should the CLIN for Significant Changes for each year be entered in at $100,000 knowing that only hours required will be funded?

Tables and graphics are not able to be uploaded into the submission form. How would you like the breakout of FFP for labor categories, rates, and pricing when submitting in the Google Pricing Form (only allows 1 line).

Has Cloud.gov maintained continuous monitoring since achieving FedRAMP ATO?

RFQ#1322561 - Attachments?

Name and affiliation
Nalini Martinez
Director, Sales
Kratos SecureInfo
Voice: 703.668.1012
[email protected]

I am a director of sales working for Kratos and will be acting as the interface for communication between Kratos and GSA.

Section of RFQ documents
RFQ #1322561: Technical Response Form

Question
We would like to attach some documents as part of the response. Can you please tell us the preferred method to do so?

Thank you!

Questions for RFQ 1322561

Name and affiliation

Felece Whitfield, Cyber Security Program Manager/ FedRAMP Technical Manager.

Section of RFQ documents

Factor 2. Similar Experience

The offeror shall provide at least one example, from private or public sector, past or current

assessments meeting substantially the same size, scope and complexity of the requirements

listed within section 3.0 of the RFQ. The Government will not accept any past experience

performed by the offeror’s parent company, other corporate affiliate, subcontractor or

teaming partner.

Question/Comment

  1. Dakota Consulting acquired subcontractor's to augment for two CSPs initial assessment in 2016 in 2018 Will that be accepted that we used our employees and subcontractors?

  2. How many significant CRs have been approved for cloud.gov within the year that will be in scope for independent testing?

  3. For the annual assessment, has there been agreement between the JAB and Cloud.gov for the 1/3rd of FedRAMP security controls to be tested?

  4. How many FedRAMP security controls and/or any agency specific controls in total?

Questions relating to RFQ 1322561

Question

Name and affiliation
Nalini Martinez
Director, Sales
Kratos SecureInfo
Voice: 703.668.1012
[email protected]

I am a director of sales working for Kratos and will be acting as the interface for communication between Kratos and GSA.

Section of RFQ documents
RFQ #1322561: Section 3.0 (Requirements)

Questions

  1. How many controls require testing for the systems annual assessment?
  2. Please explain what the anticipated significant changes to the system are in order to determine level of effort for significant change assessment activities.
  3. How many overall vulnerabilities have been remediated since the last annual assessment that will require validation by the 3PAO and what type of vulnerabilities are they?
    3.1. Penetration testing vulnerabilities?
    3.2. Vulnerability scanning vulnerabilities?
    3.3. Control vulnerabilities?
    3.4. Manual Testing vulnerabilities?
  4. How many devices (if applicable) cannot be scanned using vulnerability scanners and require manual testing?
  5. Which penetration testing attack vectors are in scope for the assessment?
  6. Does the system include any mobile applications? If yes, how many?
  7. Approximately how many dynamic web application pages are in scope for this system?
  8. Approximately how many hosts makeup the inventory of this system?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.