RFQ ID: RFQ1630152 Set-Aside Type: N/A MAS Category/SIN: VETS2:VETS2 Description The U.S. Small Business Administration (SBA) must provide information security for the information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source. The Federal Information Security Modernization Act of 2014 (FISMA) describes Federal agency security responsibilities as including “information systems used or operated by an agency or by a contractor of an agency or other organization on behalf of an agency.” This includes services which are either fully or partially provided; including other agency hosted, outsourced, and cloud computing solutions. FISMA has a somewhat broader applicability than prior security law and applies to both information and information systems used by the agency, contractors, and other organizations and sources. Agency information security programs apply to all organizations (sources) which possess or use Federal information – or which operate, use, or have access to Federal information systems (whether automated or manual) – on behalf of a Federal agency, information systems used or operated by an agency or other organization on behalf of an agency. This document applies to all Agency contracts in which SBA sensitive information is stored, generated, transmitted or exchanged by an SBA contractor, subcontractor or third-party, or on behalf of any of these entities regardless of format. The regulations in this document also pertain to information residing on an SBA or a non-SBA system in order for the contractor, subcontractor or third party to perform their contractual obligations to SBA, standing in lieu of SBA or acting on SBA’s behalf. The contractor shall leverage all applicable enterprise IT services available from the Office of the Chief Information Officer (OCIO) and the Office of the Chief Information Security Officer (OCISO). The goal of enterprise services is to maintain enterprise protection and visibility of all agency IT systems. The agency expects a lower cost of ownership, less complexity, lower level of maintenance effort and overall cost savings over the life of the contract. Attachment(s)/Link: YES RFQ Attachment-F-Cyber-Security-Reqs.1684957782587 RFQ Attachment-J-NDA.1684957843476 RFQ No. 73351023Q0266 - MySBA.1684957748545