OPM needs data management for background checks

Shutterstock image (by Den Rise): Security services and protection concept; businesswoman displays a padlock, symbol of security.

WHAT: A draft request for proposals for the support of the centralized records unit at the Office of Personnel Management’s Federal Investigative Services.

WHY: FIS will soon be folded into a Pentagon-designed security clearance organization called the National Background Investigations Bureau, but it needs support to maintain the clearance process in the meantime.

In a draft RFP issued Feb. 10, OPM is seeking a contractor to help manage the flow of background investigation data at its Boyers, Pa., facility. The contract will cover scheduling interviews and reviews, managing data and coordinating with other agencies’ databases to evaluate individuals, including those of the IRS and FBI.

Perhaps more interesting than the solicitation itself is the list of security requirements that apply to OPM contracts in the wake of the massive hack that rattled the agency. The draft RFP notes that a slew of standard IT clauses were updated in April 2015. Specifically, anything that looks like an attempted hack, breach or other information security incident must be reported to OPM's situation room within 30 minutes of detection. In addition, all IT functions must be certified as being compliant with IPv6 and dual-stack IPv4/IPv6.

Although the contractor will be limited to using OPM’s vetted hardware and its Investigative Enterprise Systems “or any future OPM system that is directly associated with the investigative process,” the draft RFP states that technology changes will probably alter the scope of the contractor’s work, and officials are open to cloud storage solutions.

Contractors will need to use a slew of best security practices: personal identity verification cards (supplied by OPM), FIPS-140 encryption and continuous monitoring (also via OPM). Sharing PIV cards among contract employees will result in disabled accounts and the denial of access to OPM systems.

The contractor will also need to get a Federal Risk and Authorization Management Program third-party assessment organization to size up its security and privacy controls. Furthermore, the contractor’s information system security officers and information security specialists must have Certified Information Systems Security Professional status within six months of the contract award.

Comments on the draft are due by 3 p.m. EST on Feb. 22. OPM said the final RFP will likely be released in March.

Click here to read the draft RFP.

Posted by Zach Noble on Feb 16, 2016 at 1:17 PM


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.