VA has issued a revised RFI to assist the Agency in mitigating the risk of reacting to compliance reviews that identify policy gaps.
“The Department requires the development and execution of a policy capability to assist us in proactively developing, implementing, and measuring cybersecurity policy as well as staying abreast of government and industry policy-related activities (e.g., revisions, public comment periods, opportunities to influence policy).”
“The Contractor shall provide information security policy programmatic development and support by establishing a world-class policy construct for VA and ensuring Information Security (IS) policy documentation complies with federal laws, regulations, standards, and guidance. In addition to defining policy, stakeholder roles and responsibilities, and establishing an overarching policy governance program, assignments may include creation and revision of organizational policies, standards, guidance, procedures, and memoranda. Further, the Contractor shall be responsible for supporting the development of security related policies and handbooks designed to meet VA’s Directive and Handbook 6330, Directives Management formatting requirements as well as VA’s Section 508 compliance requirements, across the spectrum of IT and IT Security related disciplines and subject areas.”
Responses are due by June 12, 2018.
