OPM needs data management for background checks

Shutterstock image (by Den Rise): Security services and protection concept; businesswoman displays a padlock, symbol of security.

WHAT: A draft request for proposals for the support of the centralized records unit at the Office of Personnel Management’s Federal Investigative Services.

WHY: FIS will soon be folded into a Pentagon-designed security clearance organization called the National Background Investigations Bureau, but it needs support to maintain the clearance process in the meantime.

In a draft RFP issued Feb. 10, OPM is seeking a contractor to help manage the flow of background investigation data at its Boyers, Pa., facility. The contract will cover scheduling interviews and reviews, managing data and coordinating with other agencies’ databases to evaluate individuals, including those of the IRS and FBI.

Perhaps more interesting than the solicitation itself is the list of security requirements that apply to OPM contracts in the wake of the massive hack that rattled the agency. The draft RFP notes that a slew of standard IT clauses were updated in April 2015. Specifically, anything that looks like an attempted hack, breach or other information security incident must be reported to OPM's situation room within 30 minutes of detection. In addition, all IT functions must be certified as being compliant with IPv6 and dual-stack IPv4/IPv6.

Although the contractor will be limited to using OPM’s vetted hardware and its Investigative Enterprise Systems “or any future OPM system that is directly associated with the investigative process,” the draft RFP states that technology changes will probably alter the scope of the contractor’s work, and officials are open to cloud storage solutions.

Contractors will need to use a slew of best security practices: personal identity verification cards (supplied by OPM), FIPS-140 encryption and continuous monitoring (also via OPM). Sharing PIV cards among contract employees will result in disabled accounts and the denial of access to OPM systems.

The contractor will also need to get a Federal Risk and Authorization Management Program third-party assessment organization to size up its security and privacy controls. Furthermore, the contractor’s information system security officers and information security specialists must have Certified Information Systems Security Professional status within six months of the contract award.

Comments on the draft are due by 3 p.m. EST on Feb. 22. OPM said the final RFP will likely be released in March.

Click here to read the draft RFP.

Posted by Zach Noble on Feb 16, 2016 at 1:17 PM


Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.