Wanted: Some SCAP Wranglers
Posted May 18th, 2009 by rybolovSo I was doing my usual “Beltway Bandit Perusal of Opportunities for Filthy Lucre” also known as diving into FedBizOps and I found this gem. Basically what this means is that sometime this summer, NIST is going to put out an RFP for contractors to further develop SCAP using ARRA funds.
Keeping in mind that this isn’t the official list of what NIST wants done under this contract, but it’s interesting to look at from an angle of where SCAP will go over the next couple of years:
- Evolution of the SCAP protocol and specifications thereof
- Feasibility studies, development, documenting, prototyping, and road-mapping of SCAP expansions (e.g., remediation capability) and analog protocols (e.g., Network Event Content Automation Protocol
- Implementation and maintenance support for the Security Automation Content Validation Program
- Maintenance support for the SCAP Product Validation Program
- Pilot, beta, and production support for SCAP and security automation use-cases
- Content development, modification, and testing
- Infrastructure and reference implementation development in JAVA, C++, and C programming languages
- Data trust models and data provenance solutions.
So how do you play? Well, the first thing is that you respond to the notice with a capabilities statement saying “yes, we have experience in doing what you want”–there is a list of specifics in the original notice. Then sign up for FedBizOps and follow the announcement so you can get changes and the RFP when it comes out.
Similar Posts:
Posted in NIST, Outsourcing | 5 Comments »
Tags: 800-53 • fisma • infosec • infosharing • management • metrics • moneymoneymoney • NIST • scalability • scap • security
May 19th, 2009 at 3:00 pm
Neato…. this sounds like some fun work for whoever can get it.
May 20th, 2009 at 12:11 pm
Hi Anton
I was hoping you would bid on it. Actually, anybody with a clue would bid on it because we as an industry need some good people helping NIST build SCAP.
May 20th, 2009 at 6:43 pm
Long time fan, first post (i hear radio personalities hate that)!
My understanding is that much of the NIST SCAP work is done by MITRE now. This means industry has little or no win chance.
It amazes me that things like that are done so obliquely. Why give money to NIST to have it let through acquisition back to an FFRDC?
Seems to me it would be much more efficient to do the work themselves.
The net effect would be the work gets done for a lot less.
May 21st, 2009 at 9:26 am
@sammyc Sshhh, I actually want people outside of Mitre and BAH to get interested in this and bid. Defeatist attitudes get me nothing here! =)
NIST doesn’t have the amount of people to do this themselves. It’s way better for them to bring on a contractor of some sort for a year to get it all done than it is for them to increase headcount that they won’t need later on when the work is done.
As hard as it is to hire a contractor under a competitive procurement, it’s much harder to build out 20 Government positions.
May 22nd, 2009 at 11:51 am
I can vouch for the difficulties in building out govie jobs, even just 1066 or temp jobs. It is very reminiscent of the description of Vogons in the Hitchhikers Guide to the Galaxy.