SSA looks for cyber risk help

WHAT: A Social Security Administration request for information on the availability of cybersecurity and risk management services to protect SSA programs and systems.

WHY: SSA is looking for services that will help it comply with the security requirements in the Office of Management and Budget Circular A-130 and the Federal Information Security Modernization Act of 2014. SSA also plans to implement an agencywide security program for its information systems and those operated by contractors on its behalf.

Officials are interested in security programs that can protect sensitive data across SSA's IT infrastructure, address security controls at the program level, and secure major applications, general support systems, IT resources and data.

The agency is also looking for continuous diagnostics and mitigation support via an existing Splunk software tool. Official would like to integrate the agency's CDM dashboards and data-mining scripts with the federal IT Dashboard to report metrics required under FISMA.

Furthermore, the agency wants to establish action plans to identify and compile information to satisfy security performance metrics defined by the White House, OMB and Department of Homeland Security. Services should include a quarterly review of CIO cybersecurity performance metrics, DHS' cross-agency priority goals and the White House's cyber scorecard key indicators, among others.

SSA officials said they are also contemplating contractor help with independent assessment of cloud computing services under the Federal Risk and Authorization Management Program.

Click here to read the RFI.