|Date Posted||November 19, 2019|
DCSA requires Information Systems Security Engineering (ISSE) support in order to maintain IT infrastructure, applications, and any new development projects ensuring the security of networks. Technical analysis, research, evaluation, and technical guidelines are to be performed in order to provide support. The workload will vary depending on the number of active development projects and other technical evaluations required. Requirements include:
- Support all phases of an Information Systems Security Engineering (ISSE) Program with certified personnel to support the requirements of the DoD A&A Process. The ISSE Program will use the Information Assurance Technical Framework (IATF); DoD 5200.1-M; Common Criteria for IT Security Evaluation (International Organization for Standardization (ISO)/International Electro technical Commission (IEC) 15480; and DOD, Federal, and DCSA Cyber Security Policies as guides.
- Provide input to the DCSA A&A Process including Information Security planning, design, testing, and analysis.
- Provide research and analysis of Commercial-Off-The-Shelf (COTS) and Government-Off-The-Shelf (GOTS) and IA- enabled products as part of the security architecture and ensure that the products are National Security Telecommunications and Information Systems Security Policy Number 11 (NSTISSP-11) compliant and validated via the NIAP Common Criteria Evaluation and Validation Scheme or NIST Federal Information Processing Standards (FIPS) Cryptographic Module Validation Program (CMVP.)
- Support the development of long-range IT strategic plans.
- Support and maintain the DCSA IT technical guidelines and framework.
- Assess the quality and viability of existing solution architectures and design integrity.
- Support the evaluation of technology products and develop trade studies when needed for potential addition of system functionality.
- Provide support in designing IT system architecture and IT solutions.
- Provide support in the development of executive orders and agency-wide policies.
- Provide support in requirements definition and validation.
- Analyze enterprise business models, IT solutions, trends, and emerging technologies.
- Provide support in the planning and designing of availability, capacity, and service continuity.
- Develop and provide IT COTS/GOTS product analysis and testing processes in accordance with applicable DoD Policies.
- Information System Security Engineer (ISSE) Deliverables, at the discretion of the government, may include but are not limited to:
- Service Acceptance Criteria and Service Level Requirements
- Service Level Policies, Procedures, and Reports
- Service Level Agreements and Operational Level Agreements
- Availability Policy, Plans, Design Criteria, Risk -Analysis and Reports
- Business and IT service continuity policy, strategy, plans, risks, business impact analysis, and reports
- Technical Documents
- Market Research Analysis and Results
- Technical Guidelines and Framework
- Technical and Product Evaluation Reports
- Technical Studies
- Cloud Design Diagram with security impacts (outlines systems to be deployed to a cloud infrastructure; outlines the ingress and egress points from the DCSA network to the cloud infrastructure, locations of the CND Suite, and method of connecting to the DoD information network (DoDIN))
- Cloud Suitability Questionnaire Template-(will be used to score an application’s suitability for deployment to the cloud with security impacts. The template should baseline a score to be used to determine suitability based on qualifying factors).
- Technical Documents as defined by the Government
- Courses of Action
- Proofs of Concept