FedOpsFedOps
Description
The ATF Certification and Accreditations (C&As) process is aligned with the NIST SP800-64 “Security Consideration in the Information System Development Lifecycle”, October 2008; it follows the five lifecycle phases of Initiation, Development and Acquisition, Implementation, Operations and Maintenance and Disposition. This five-step lifecycle is closely aligned with ATF Handbook 7200.2B ATF System Life Cycle (SLC). The table Security Artifacts and Activities Per SLC Phase below shows a high-level list of security artifacts and activities due during each SLC Phase. The proposed system must provide a web-based system in a Federal Risk and Authorization Program (FedRAMP) approved (see below for levels) environment that provides the ability to access the system via a secure, encrypted internet connection using a US government sanctioned encryption method. from any approved computer, tablet or smart phone in order to initiate alerts and notifications via any mode supported by the system. The proposed system shall be fully hosted by the vendor in a FedRAMP environment certified at Moderate or above and shall only require an internet connected computer to send messages and operate the system. FedRAMP High certification may be given additional credit in solicitation evaluation provided that a risk-benefit evaluation of any features that may not operate in a high configuration determines those features are not required. The proposer's system shall have a robust hardware and a geographically dispersed components across the United States of America with failover mechanisms in place to ensure the ability to operate under all conditions and provide security and redundancy eliminating any single point of failure. The proposal shall document how this system provides this capability and ensures continued operation in the event of computer equipment failures, loss of utility power, natural disaster or intentionally caused human physical or virtual attack. The proposer's system will be required to comply with all Federal information technology operating and security requirements in place at the time the solicitation is awarded. In order to accept the system, the vendor will have to support ESS staff to complete the ATF Certification and Accreditations (C&As) process. This is aligned with the NIST SP800-64 “Security Consideration in the Information System Development Lifecycle”, October 2008; it follows the five lifecycle phases of Initiation, Development and Acquisition, Implementation, Operations and Maintenance and Disposition. This five-step lifecycle is closely aligned with ATF Handbook 7200.2B ATF System Life Cycle (SLC). This C&A process will determine if the system can be used to interact with ATF computers and process ATF information. The proposed system must be capable of authenticating users to the vendor hosted system using government provided Personal Identity Verification (PIV) credentials. Proposed system must be technically capable of al…
Classification
Place of Performance
Contracting Office
Contacts
Attachments (3)