The vendor required to provide to developing information technology policy assessment and development, vulnerability management policy and procedure and incident response plans (IRP) for computing networks that rely on both on-premises and cloud-based components.
- Information technology policy assessment and development
• Establish goals and objectives.
• Perform comprehensive assessment of existing policies or access to relevant documentation,
• Such as existing it policies, legal and regulatory requirements, and industry standards.
• Identify roles and responsibilities.
• Develop procedures that complement the policy.
• Develop and refine ai usage policy.
- Vulnerability management policy and procedure
• Establish goals and objectives of the plan.
• Classify vulnerabilities.
• Specify ways vulnerabilities are reported.
• Specify methods to prioritize vulnerabilities to determine cause and mitigate.
• Identify roles and responsibilities.
• DEVELOP procedure that complements the policy.
- The incident response plan (IRP) and procedure development shall:
• Establish goals and objectives of the plan.
• Classify incidents.
• Specify ways incidents are identified and reported.
• Specify methods to prioritize incidents to determine cause and mitigate.
• Address appropriate contact information for resources needed to resolve a given incident.
• Provide methods to analyze incidents.
• Address communications with internal departments and external organizations (e.g., The media, social media, outside agencies and outside organizational contacts).
• Address cyber forensics.
• Identify roles and responsibilities.
• Identify or establish mechanisms that outside organizations can use to report incidents.
- The IRP shall fully cover it cyber incident response to include:
• Prevention,
• Preparation,
• Planning,
• Incident management, recovery, mitigation, remediation,
• Post incident analysis, and lessons learned.
• Identify current control measures and preparedness, and develop recommendations to mitigate deficiencies.
Set up free email alerts and get notified when new government bids, tenders and procurement opportunities match your industry and location. Choose daily or weekly delivery.
