The Social Security Administration (SSA) is seeking information to help it adopt a commercial off-the-shelf (COTS) tool that would bolster the agency’s cybersecurity and help it mitigate breaches in a recent request for information (RFI).
In addition to the COTS software, SSA said it needs aid in installing and configuring the tool, as well as developing business processes and test cases for it.
SSA details a slew of requirements it seeks in response to its RFI, including how solutions can be customized to simulate attacks without infecting SSA’s underlying IT infrastructure and if they can be cloud-based and have FedRAMP certification.
The RFI also asks if potential solutions would use MITRE and National Institute of Standards and Technology frameworks, and if vendors could inform SSA about their solutions’ security control, reporting, and data exfiltration capabilities.
On the service end of the RFI, SSA requested information from vendors asking if they could assist in solution requirement-gathering, installation and configuration, business process and scenario development, and administrative training.
Although the original response deadline to the RFI was June 28, SSA extended it to July 5.