State of Florida Cyber Security Services RFI

Transcription

1 RFI ATTENTION: State of Florida Dept. of Management Services Joel Atkinson Associate Category Manager 4050 Esplanade Way, Suite 360 Tallahassee, FL (850) REMIT TO: evigilant Security Raj S. Leyl EVP, Cyber Security 8253-M Backlick Rd. Lorton, VA (301) September 3, 2015 DUNS #: Cage Code: 3CEK3 Small Disadvantaged Business GSA Schedule 70: GS35F178AA GSA Schedule 84: GS07F0178W GSA Stars II: GS Z

2 Table of Contents 1 INTRODUCTION BACKGROUND SECTION IV RESPONSE... 3 for any purpose other than to evaluate the Proposal. i

3 1 INTRODUCTION evigilant is a small, minority-owned business and a prime contractor on both the GSA Schedule 70 and GSA STARSII contracts. evigilant has significant experience in providing information assurance, risk assessment and mitigation support to Federal and DoD agencies. We have also supported various information assurance efforts, all of which we have predicated with costeffective, risk-balanced applications of controls to promote confidentiality, integrity, availability, non-repudiation, and authentication of information. 1.1 BACKGROUND evigilant, a full service security provider since 1999, specializes in facilitating risk and vulnerability mitigation for its clients within their IT systems and physical facilities. As a direct result of evigilant s impeccable quality of service and client satisfaction levels, we have enjoyed healthy growth over the past three years, maintaining an annual growth rate of 60% or higher from each year. evigilant has served as a trusted advisor in matters pertaining to electronic security solutions and cyber security for agencies such as EPA, IRS, FTC, Department of Commerce, TSA, USAID, Department of Army, and NCIS. We have a team of highly skilled and experienced Information Assurance experts all of whom possess intimate familiarity with the DoD pertaining to Information Assurance Certification and Accreditation Process (DIACAP) and related DoD IA instructions, including DoD E, DoD , DoD , DoD evigilant deploys a Global Security Solutions (GSS) practice comprised of a C&A Assessment Team whose primary purpose is to provide information assurance (IA) support and guidance to the Federal Government, Department of Defense (DoD) and/or commercial organizations to ensure satisfaction of the compulsory requirements related to the organization s overall security posture. We focus our services on improving IT networks and defending them against cyber-attacks. Our services include: technology assessment, development and transition, requirements analysis, systems engineering, operational and technical support, software development and prototyping, hardware development and prototyping, training support and cyber security engineering. Raj S. Leyl, MBA, PMP, evigilant s EVP and formerly led the IRS e-file program, where he reported to the IRS Commissioner and was appointed by the Secretary of Treasury to serve and help improve the security posture of the IRS e-file eco-system. Mr. Leyl is an experience executive who oversees all of evigilant s information security contracts and programs. He helps ensure that all of our cyber programs are properly staffed with the best talent, and has implemented processes and tools to help mitigate risks and deliver solutions consistently on time, on budget, and meeting evigilant s high quality standards. evigilant s strength is in serving as a trusted advisor to our clients, to help ensure that all requirements are understood and all current assets are reviewed and assessed before we prescribe a solution. We have in-house principals that are expert integrators that have experience in pre and post incident response services. Our goal is to meet your requirements, quality standards and deliver the most cost-effective solutions possible. We go the extra mile to ensure that our client s best interests are always factored into our recommendations. evigilant is also a leader in IT security and we have staff members that are leaders in this field. for any purpose other than to evaluate the Proposal. 1

4 CONTACT INFORMATION Company Name evigilant.com, Inc. Address 8253-M Backlick Rd. Lorton, VA Point of Contact Raj S. Leyl Title Executive Vice President, Cyber Security Phone (301) Website for any purpose other than to evaluate the Proposal. 2

5 2 SECTION IV RESPONSE Services a. Incident Response Agreements Terms and conditions in place ahead of time to allow for quicker response in the event of a cybersecurity b. Assessments Evaluate a State Agency s current state of information security and cybersecurity incident response capability c. Preparation Provide guidance on requirements and best practices d. Developing Cyber-Security Incident Response Plans Develop or assist in development of written State Agency plans for incident response in the event of a cyber-security e. Training Provide training for State Agency staff from basic user awareness to technical education. evigilant Capability Pre-Incident Services: evigilant is a first tier sub-contractor at USAID where we currently have staff providing this service. We also currently are a prime contractor at US ARMY TARDEC, where we perform this function. evigilant is also a prime contractor and trusted advisor at the Maryland Enterprise Education Consortium and provides expert Cyber Security services to Maryland educational institutions including colleges, libraries, and K-12 school system. evigilant performed a comprehensive IT security assessment for the National Building Museum and have since remediated the vulnerabilities that were identified. evigilant continues to provide IT network and security management services to the National Building Museum. As part of our scope at USAID, we are a major vendor providing expert cyber security support services to the USAID CISO (Chief Information Security Officer). We recently completed a comprehensive IT Security assessment and have developed a roadmap to help bridge the gaps in a logical manner; based on severity and impact to the overall security posture vs. cost. evigilant provides guidance on IT security requirements and best practices to multiple clients including USAID, National Building Museum, IRS, Army, and EPA. At USAID, our team of 28 people supports all aspects of the USAID CISO mission including incident response, e-discovery, Risk Management, Information Assurance governance and assessments, security engineering, security training, and privacy and information protection. evigilant is on a State of MD wide contract to provide IT Security Assessments and Advisory Services. The Maryland Education Enterprise Consortium (MEEC) is an initiative of the University System of Maryland comprised of educational agencies throughout the State of Maryland, including: 6 educational organizations/associations 49 higher education agencies 24 public K-12 school districts (1475 schools) 105 private K-12 schools 18 library systems Our team has also developed cyber-security incident response plans for the United States Agency for International Development (USAID), where we work directly for the USAID CISO. We have a comprehensive incident response tools, processes, and guidelines in place to help protect USAID IT infrastructure and we also have an e-discovery team in place to help deal with post-incident services. evigilant has extensive experience in providing training services, from online content development, instructional design, implementing enterprise learning management systems such as SuccessFactors, and Cornerstone OnDemand, to offering on-the-job training and instructor-led training courses to our many clients. We provide IT Security awareness training, including privacy training at USAID currently. We also have provided similar training on e-signatures and IT security via online courses and integrating it with a learning management system (LMS) at the Internal Revenue Service (IRS). Past Performance M- M- M- MEEC - C P ( M- M- IRS -TIRNO- 10-C for any purpose other than to evaluate the Proposal. 3

6 a. Breach Services Toll-free Hotline Provide a scalable, resilient call center for incident response information to State Agencies. b. Investigation/Cl ean-up Conduct rapid evaluation of incidents, lead investigations and provide remediation services to restore State Agency operations to preincident levels. c. Incident response Provide guidance or technical staff to assist State Agencies in response to an d. Mitigation Plans Assist State Agency staff in development of mitigation plans based on investigation and incident response. Assist State Agency staff with incident mitigation activities. e. Identity Monitoring, Protection, and Restoration Provide identity monitoring, protection, and restoration services to any individuals potentially affected by a cyber-security Post-Incident Services: evigilant currently provides e-discovery and similar services at USAID. We have implemented and oversee a comprehensive incident response program which includes capturing all incidences, qualifying them, and remediating them. evigilant currently provides incident response remediation services at USAID as well as the National Building Museum. We also provide these services under our State of Maryland MEEC IT Security Assessments and Advisory Services contract. evigilant has also been providing this service to the National Building Museum since 2010 and continue to provide this service over the last 5 years. evigilant has the experience and skills to effectively provide expert guidance and/or technical cyber security staff to assist the State of Florida in responding to, and effectively addressing and mitigating a security Our EVP of cyber security, Mr. Raj Leyl, was an appointed executive and worked for the IRS commissioner to instill new security policies and guidance for online tax return preparers to help further improve the security posture of the nation s tax e-filing system. Mr. Leyl was the executive in charge of the IRS e-file system and worked closely with the IRS CISO and Cyber Security division to develop strategies to protect the IRS e-filing eco-system from breach. evigilant has developed comprehensive mitigation plans for USAID as well as the National Building Museum. We currently have staff onsite at USAID that are managing the USAID incident response program and operations. To date, we are proud that our team has successfully mitigated all breaches and we have implemented proactive measures to counter attacks before they occur and we have the expertise to quickly mitigate an incident when it occurs. evigilant works with its proven partners such as CSID and Identity Guard to provide active ID monitoring and protection. At USAID, we have recommended, and successfully obtained approval to implement an API Gateway solution that will help the agency validate and verify identities before they are allowed access into the USAID network. This API Gateway sits outside of the USAID firewall. MEEC- C P IRS - TIRNO-10- C Note: For referenced past performances, the following is breakout of period of performance (POP) and contract value: for any purpose other than to evaluate the Proposal. 4

7 USAID- M- - United States Agency for International Development (USAID) CISO Information Assurance Support Services (POP: 3/2015 3/2018 Total Value: $8,000,000) NBM Service Schedules 1 to Service Schedule 7 Natiional Building Museum (NBM) IT Network Security Assessment and ongoing maintenance and security (POP: 6/2010 Present) SS1 SS7) over $550K) MEEC - C P - Maryland Education Enterprise Consortium (MEEC) - IT Security Assessments and Advisory Services (POP: 3/2015 3/2018, IDIQ contract) IRS -TIRNO-10-C Internal Revenue Service (IRS) Unax IT Security Training Solution (POP: 9/2010 2/2013. Total Value: $1.3M) for any purpose other than to evaluate the Proposal. 5