Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t exceed six mnths, withut renewal ptins. Labr Categry #48: Senir Cmputer Security Systems Anticipated start date Early December 2012 Duratin f assignment Up t 6 mnths Designated Small N Business Reserve?(SBR): (Enter Yes r N ) MBE gal, if applicable %0 Issue Date: mm/dd/yyyy Place f Perfrmance: 11/08/2012 Due Date: mm/dd/yyyy Time (EST): 00:00 am/pm 45 Calvert Street, Annaplis, MD 11/28/2012 9:00 am Special Instructins: (e.g. interview infrmatin, attachments, etc.) Security Requirements (if applicable): Invicing Instructins: 1. New psitin, n incumbent 2. Candidate must meet all minimum requirements in their labr categry t be cnsidered Time and Materials Cntract; invice submitted mnthly (based n apprved weekly timesheet) t Cntract Manager Sectin 2 Agency Pint f Cntact (POC) Infrmatin Agency / Divisin Name: Department f Infrmatin Technlgy, Operatins Agency POC Name: Michael Baldersn Agency POC 410-260-7549 Phne Number: Agency POC Email Mike.Baldersn@maryland.gv Agency POC Fax: (443) 926-9742 Address: Agency POC Mailing 45 Calvert Street, Rm 444A, Annaplis, MD, 21401 Address: Revised 02/17/11 1
Sectin 3 Scpe f Wrk Backgrund The Maryland Department f Infrmatin Technlgy (DIT) publishes Infrmatin Technlgy (IT) security plicies that Executive Departments and Independent State agencies must cmply with in rder t prtect the cnfidentiality, integrity and availability f state wned infrmatin. DIT wishes t measure the current cmpliance effrts f these agencies and the effectiveness f their verall security prgrams. The bjective f this RFR is t btain ne persn frm a TO Cntractr that will functin as an independent and bjective bdy that reviews and evaluates infrmatin technlgy (IT) security plicy cmpliance effrts f State agencies. The psitin ensures that agency management has implemented a security prgram that supprts the State Infrmatin Security Plicy and any ther state r federal regulatry guidelines that may apply. This persn will supprt DIT Security Cmpliance Cmmittee by develping, implementing, and managing a statewide IT cmpliance prgram t assist agencies in meeting selected minimum security requirements and easily reprting results f agency cmpliance effrts. Jb Descriptin/s Labr Categry/s (Frm Sectin 1 Abve) Labr Categry #48: Senir Cmputer Security Systems Duties / Respnsibilities Develps, initiates, maintains, and revises plicies and prcedures fr the general peratin f a Cmpliance Prgram and its related activities and manages day-t-day peratin f the Prgram. Mnitrs the perfrmance f the Cmpliance Prgram and reviews activities n a cntinuing basis, taking apprpriate steps t imprve its effectiveness. Establish cperative relatinships with agencies t mnitr agency cmpliance with State security plicies, standards and guidelines. Develp, maintain, and perfrm an annual audit plan t review and test existing agency infrmatin technlgy security prgrams fr cmpliance with State infrmatin security plicies. Cmpse and issue reprts t the agency n the results f these reviews identifying all exceptins r vilatins with IT security plicy and regulatins. Revised 02/17/11 2
Prvide guidance r assistance t the agency t reslve the reprted exceptins and vilatins in rder t achieve cmpliance with State plicies. Recmmend imprvements r versee the develpment f cntrls necessary t mnitr agency cmpliance. Prvide the Security Cmpliance Cmmittee with peridic status reprts and updates regarding the Prgram s perfrmance and results, statewide agency cmpliance effrts and recmmended changes t State Infrmatin Security Plicy. Develp, mnitr, and review reprting cmpliance requirements. The State will furnish an apprpriate wrk space, hardware, and sftware t perfrm this task. Desirable qualificatins include experience and/r familiarity with all r mst f the fllwing: Micrsft Office Prfessinal Suite Ggle Mail Excellent cmmunicatin and custmer service skills Revised 02/17/11 3
Minimum Qualificatins Fr resurce minimum qualificatins, see the labr categry descriptin in the CATS II RFP fr the RFR labr categry in questin. In additin, qualified candidates must meet the minimum qualificatins specified belw. Labr Categry/s (Frm Sectin 1 Abve) #48: Senir Cmputer Security Systems Minimum Experience/Knwledge/Skill Educatin: A Bachelr's Degree frm an accredited cllege r university with a majr in Cmputer Science, Infrmatin Systems, Engineering, Business, r ther related scientific r technical discipline. A Master's Degree is preferred. A Master s Degree in ne f the abve disciplines equals ne year specialized and tw years general experience. This psitin requires a minimum f eight (8) years f experience in analysis and definitin f security requirements. At least five (5) years f specialized experience in defining cmputer security requirements fr high-level applicatins, evaluatin f apprved security prduct capabilities, and develping slutins t MLS prblems. Current certificatin in ne f the fllwing: Certified Infrmatin Systems Auditr (CISA) Certified Infrmatin Systems Security Prfessinal (CISSP) Certified Internal Auditr (CIA). Minimum tw (2) years f experience develping and deplying IT plicies and prcedures. Minimum ne (1) year experience with the fllwing IT Security guidance: COBIT infrmatin technlgy gvernance and cntrl framewrk published by ISACA (Infrmatin Systems Audit and Cntrl Assciatin). FISMA requirements and NIST 800 series special publicatins, in particular; SP 800-30 rev.1, SP 800-53 rev.3 & 4, SP 800-53A rev.1 and SP 800-55 rev.1 Center fr Strategic & Internatinal Studies (CSIS) Cnsensus Audit Guidelines fr Critical Security Cntrls. Revised 02/17/11 4
Sectin 4 - Required Submissins Sectin 4 - Required Submissins NOTE: Master Cntractrs may prpse nly ne candidate fr the psitin requested. - Master Cntractrs electing nt t prpse in respnse t the RFR must submit a Master Cntractr Feedback Frm via the Master Cntractr Lgin n the CATS II web site. - Master Cntractrs prpsing in respnse t the RFR must submit the dcuments belw as separate files cntained in tw separate emails as fllws: Email 1 with Technical: RFR Number, Master Cntractr Name, & Candidate Name in the subject line Resume fr the labr categry described in the RFR (Attachment 1) Three recent reference cntact names, telephne numbers and email addresses fr use in verifying the experience prvided in respnse t Minimum Qualificatins. Email 2 with Financial: RFR Number, Master Cntractr Name, & Candidate Name in the subject line Price Prpsal (Attachment 2) Cnflict f Interest Affidavit (Attachment G in the CATS II RFP) Living Wage Affidavit (Attachment I in the CATS II RFP) Sectin 5 Evaluatin Criteria (Prvide a list f evaluatin criteria in descending rder f imprtance) 1. Meets r exceeds Minimum Qualificatins. 2. Experience with IT plicy cmpliance effrts in a similar supprt envirnment, as verified by the references. 3. Respnse t interview questins. 4. Price Basis fr Award Recmmendatin RFRs will be awarded in accrdance with the cmpetitive Sealed Prpsals prcess under COMAR 21.05.03. The agency POC will recmmend award t the Master Cntractr whse prpsal is determined t be the mst advantageus t the State, cnsidering price and the evaluatin factrs set frth in the RFR. The agency POC will initiate and deliver a RFR Agreement t the selected Master Cntractr. Master Cntractrs shuld be aware that if selected, State law regarding cnflict f interest may prevent future participatin in prcurements related t the RFR Scpe f Wrk, depending upn specific circumstances. Revised 02/17/11 5
ATTACHMENT 1 RFR RESUME FORM RFR # F50B3400026 Instructins: Insert resume infrmatin in the fields belw; d nt submit ther resume frmats. Submit nly ne resume per Labr Categry described in Sectin 1 f the RFR. If the RFR requests multiple Labr Categries, use a separate resume frm fr each prpsed candidate. Candidate Name: Master Cntractr: A. Educatin / Training Institutin Name / City / State Labr Categry (frm Sectin 1 f the RFR): Labr Categry #48: Senir Cmputer Security Systems Degree / Certificatin Year Cmpleted Field Of Study B. Relevant Wrk Experience Describe wrk experience relevant t the Duties / Respnsibilities and Minimum Experience / Knwledge / Skill described in Sectin 3 f the RFR. Start with the mst recent experience first; d nt include nn-relevant experience. [Organizatin] [Title / Rle] [Perid f Emplyment / Wrk] [Lcatin] [Cntact Persn (Optinal if current emplyer)] [Organizatin] [Title / Rle] [Perid f Emplyment / Wrk] [Lcatin] [Cntact Persn] Descriptin f Wrk Descriptin f Wrk C. Emplyment Histry List emplyment histry, starting with the mst recent emplyment first Start and End Dates Jb Title r Psitin Organizatin Name Reasn fr Leaving D. References List persns the State may cntact as emplyment references Reference Name Jb Title r Psitin Organizatin Name Telephne / Email Revised 02/17/11 6
ATTACHMENT 2 RFR PRICE PROPOSAL ONE POSITION RFR # F50B3400026 (This frm is t be filled ut by Master Cntractrs) Jb Title Senir Cmputer Security Systems Prpsed CATS II Labr Categry Labr Categry #48: Senir Cmputer Security Systems Candidate Name Hurly Labr Rate Ttal Hurs / Resurces (up t 6 mnths) $ 1,000* $ Ttal Evaluated RFR Price (Sum f Labr Categry Prices): $ Labr Categry Price (Labr Rate x Hurs) *Nte: Hurs are used fr evaluatin purpses nly. Actual hurs per resurce fr a labr categry may be mre r less. Authrized Individual Name Cmpany Name Title Cmpany Tax ID # Prpsed labr categries must be frm thse described in the and must crrespnd t the resume/s prvided. Supprt staff is limited t engagements f up t six mnths. The Hurly Labr Rate is the actual fully-laded rate, all inclusive that the State will pay fr services recrded in dllars and cents. Hurly rates must be equal t r less than the rates prpsed by the Master Cntractr fr the. Revised 02/17/11 7