Postal Inspector General Needs Email Security Services by January


The Postal Service’s internal watchdog is looking for a cloud-based email authentication service to meet a Homeland Security mandate.

One year after administration officials issued a binding mandate for agencies to bolster email security, the U.S. Postal Service’s watchdog is preparing a solicitation for email security services.

In October 2017, Homeland Security Department officials issued a binding operational directive for improving email and web security through better agency cyber hygiene, including email authentication using Domain-Based Message Authentication, Reporting and Conformance, or DMARC.

The Postal Service Office of the Inspector General released a request for information this month seeking market research on email authentication tools that would help meet this mandate by blocking unauthorized emails at the server before reaching the intended recipient.

Specifically, the office is looking for a cloud-based, software-as-a-service solution that is already certified by the Federal Risk and Authorization Management Program, or FedRAMP. The RFI includes a comprehensive list of the office’s needs and wants.

“Based on the requirements, the supplier must have the capability to remotely analyze OIG’s current state, design and implement a solution that fits the current needs and provides support for the solution to include training and professional services if requested by the OIG,” the RFI states.

The Postal OIG has a goal of implementing the new authentication system quickly to be in compliance with the binding directive by January 2019.

While the RFI is not itself a solicitation—the office is not looking for pricing information at this time—vendors interested in bidding on the request for proposals must respond to the preliminary RFI in order to be considered for award.

An Oct. 31 amendment extended the response timeline to Nov. 19, giving interested vendors an additional two weeks.