OPM needs data management for background checks

Shutterstock image (by Den Rise): Security services and protection concept; businesswoman displays a padlock, symbol of security.

WHAT: A draft request for proposals for the support of the centralized records unit at the Office of Personnel Management’s Federal Investigative Services.

WHY: FIS will soon be folded into a Pentagon-designed security clearance organization called the National Background Investigations Bureau, but it needs support to maintain the clearance process in the meantime.

In a draft RFP issued Feb. 10, OPM is seeking a contractor to help manage the flow of background investigation data at its Boyers, Pa., facility. The contract will cover scheduling interviews and reviews, managing data and coordinating with other agencies’ databases to evaluate individuals, including those of the IRS and FBI.

Perhaps more interesting than the solicitation itself is the list of security requirements that apply to OPM contracts in the wake of the massive hack that rattled the agency. The draft RFP notes that a slew of standard IT clauses were updated in April 2015. Specifically, anything that looks like an attempted hack, breach or other information security incident must be reported to OPM's situation room within 30 minutes of detection. In addition, all IT functions must be certified as being compliant with IPv6 and dual-stack IPv4/IPv6.

Although the contractor will be limited to using OPM’s vetted hardware and its Investigative Enterprise Systems “or any future OPM system that is directly associated with the investigative process,” the draft RFP states that technology changes will probably alter the scope of the contractor’s work, and officials are open to cloud storage solutions.

Contractors will need to use a slew of best security practices: personal identity verification cards (supplied by OPM), FIPS-140 encryption and continuous monitoring (also via OPM). Sharing PIV cards among contract employees will result in disabled accounts and the denial of access to OPM systems.

The contractor will also need to get a Federal Risk and Authorization Management Program third-party assessment organization to size up its security and privacy controls. Furthermore, the contractor’s information system security officers and information security specialists must have Certified Information Systems Security Professional status within six months of the contract award.

Comments on the draft are due by 3 p.m. EST on Feb. 22. OPM said the final RFP will likely be released in March.

Click here to read the draft RFP.

Posted by Zach Noble on Feb 16, 2016 at 1:17 PM


Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.