Notice ID: RFI250010
The AO is interested in hearing from vendors that have experience with similar assessment type work for large cloud-based software applications that utilize cloud native technologies and modern development methods. Vendors interested in responding to this RFI should have experience in the following areas:
- Specialization in Application and Security Assessments: Demonstrated expertise in assessing large scale cloud-based software applications, particularly those that handle sensitive data and operate in high-security environments.
- Experience with Security Standards: A proven track record of working with industry recognized security frameworks and standards (e.g., NIST, ISO 27001, GDPR, HIPAA) and the ability to adopt agency-specific security framework.
- Cloud-Native development Expertise: Experience with cloud-native technologies, including serverless architectures, containerization (e.g., Kubernetes, Docker), and cloud environments such as AWS, Azure, Google and Oracle Cloud.
- Cybersecurity Expertise: Extensive experience in cybersecurity, particularly in the context of cloud-based applications, threat mitigation, data protection, and incident response.
- Government or High-Security Experience: Experience in performing audits for government agencies, or organizations handling sensitive or classified data is highly preferred.
- Independent and Objective Evaluation: The ability to provide an independent, third-party perspective with no current or future vested interest in the development or operational aspects of the application and the environment that it will operate in.