Government Contract | North Carolina
ESRMO Policy Manual Rewrite

Bid Information

Bid Alert No: 00000437767

Bid Title: ESRMO Policy Manual Rewrite

Agency Bid No. Title: ITS-009527-MW

Received Date: 12/14/2015

Close Date: 01/20/2016

Purchase Type: Not Stated

Delivery Point: North Carolina

Delivery Date: Not Stated

Special Notices: Questions Due By 01/04/2016 02:00 PM, Bidder Preregistration


Specifications include, but are not limited to:Background:The State of North Carolina is adopting the National Institute of Standards & Technology(NIST) Risk Management Framework (RMF) which includes the application of NISTSpecial Publication 800-53 Revision 4 - Security and Privacy Controls for FederalInformation Systems and Organizations as its basic framework for its informationsecurity policies and underlying standards. The NIST Special Publication 800-37Revision Guide for Applying the Risk Management Framework to Federal InformationSystems provides an organizational structure for the manual(s). The State has existing ITS-009527-MWPage 13 of 34Rev. 11/01/2015policies and standards based on ISO 27002 and a statewide IT strategy that need to berewritten in alignment to the NIST Special Publication 800-53 Revision 4 Security andPrivacy Controls for Federal Information Systems and Organizations structure as well. The current Statewide Information Security Policy Manual is accessible via theInternet: The NIST Special Publication 800-37 Revision 1 is available on the Internet: The NIST Special Publication 800-53 Revision 4 is available on the Internet: The NIST Framework for Improving Critical Infrastructure Cybersecurity isavailable on the Internet: guidance documents are: FIPS 140-2, Security Requirements for Cryptographic Modules FIPS 199, Standards for Security Categorization of Federal Information andInformation Systems NIST Special Publication 800-30, Revision 1, Guide for Conducting RiskAssessments, September 2012 NIST Special Publication 800-47, Security Guide for Interconnecting InformationTechnology Systems, August 2002 NIST Special Publication 800-53A, Assessing Security and Privacy Controls inFederal Information Systems and Organizations: Building Effective AssessmentPlans, current edition NIST Special Publication 800-137, Information Security Continuous Monitoring(ISCM) for Federal Information Systems and Organizations, September 2011 NIST Special Publication 800-160, Systems Security Engineering Guideline, 12May 2014b. Objectives: Support of the State of North Carolinas migration from current ISO standards toNIST Risk Management Framework. Updated and/or drafted series of information security/policies, standards andprocedures that will replace the current manual used by State agencies. Implementation of leading practices to provide a baseline for statewidecybersecurity policies and procedures

Product Code: 96190

Agency Information

Issuing Agency: State of North Carolina - Office of Information Technology Services (ITS)

State: North Carolina

Agency Type: State and Local

Contact: Melinda C. Williams Office of Information Technology Services, 3900 Wake Forest Road, Raleigh, North Carolina, 27609

Phone: 919-707-6414




FREE Market Analysis

Get a FREE 90-Day Market Analysis and see the bids you’ve been missing