Request for Information: Information Assurance Compliance Support Services
Overview
Buyer
Place of Performance
NAICS
PSC
Set Aside
Original Source
Timeline
Qualification Details
Fit reasons
- NAICS alignment with historical contract wins in similar service areas.
- Scope strongly matches core technical capabilities and delivery model.
Risks
- Past performance thresholds may require one additional teaming partner.
- Potential clarification needed on staffing minimums before bid/no-bid.
Next steps
Validate eligibility requirements, assign capture owner, and schedule partner outreach to confirm teaming strategy before submission planning.
Quick Summary
The Department of Homeland Security (DHS), Science and Technology (S&T) Directorate, has issued a Request for Information (RFI) for Information Assurance Compliance Support Services. This RFI is for market research and planning purposes only, seeking qualified sources to support S&T's IT systems. The government is exploring a potential 5-year Time and Material (T&M) contract. Responses are due by February 17, 2026, at 10:00 a.m. EST.
Purpose & Scope of Interest
This RFI aims to gather information on industry capabilities and experience in providing comprehensive Information Assurance (IA) and compliance support. The scope of interest, as detailed in the draft Statement of Work (SOW), includes:
- Program Management Support: Service delivery, resource management, quality assurance.
- Compliance Services: POA&M oversight, system security reporting, A&A per NIST SP 800-37, Section 508 compliance.
- Information System Security Officer (ISSO) & Manager (ISSM) Services: A&A process tracking, security documentation, team oversight.
- Security Operations Center (SOC) Services: 24x7x365 monitoring, incident triage, vulnerability management.
- Zero Trust Architecture (ZTA) Services: Implementation, modernization, and expertise in DHS's ZTA Strategic Plan. Respondents are specifically asked to address capabilities in FedRAMP baseline implementation, ISSM/SOC personnel qualifications, Zero Trust Framework support, cyber mandate performance metrics, emerging technologies, and PMO Level III management.
Potential Contract & Timeline
- Type: Request for Information (RFI) - market research only. The potential future contract type is anticipated to be Time and Material (T&M).
- Duration: The draft SOW indicates a 5-year period of performance, from July 01, 2026, to June 30, 2031.
- Set-Aside: None specified. Responses from all interested sources are encouraged.
- Response Due: February 17, 2026, 10:00 a.m. EST.
- Published: January 23, 2026.
- Place of Performance: Primarily S&T headquarters in the National Capital Region (Springfield, VA).
Special Requirements (from Draft SOW)
- Security Clearance: Contractor personnel will require access to classified information up to Top Secret/SCI, with key personnel needing at least a SECRET Clearance.
- Compliance: All Information and Communications Technology (ICT) must conform to Section 508 standards. Cyber Supply Chain Risk Management (C-SCRM) is a critical requirement.
Submission Requirements
Responses must be submitted using Microsoft Office applications, with a font no smaller than 12-point Times New Roman, and shall not exceed eight (8) pages, including a cover letter. Submissions should be sent via email to Danette Williams (danette.williams@hq.dhs.gov) and Marco Macherelli (marco.macherelli@hq.dhs.gov).
Additional Notes
This RFI is for planning purposes only and does not constitute a solicitation or an obligation to award a contract. An Industry Day and one-on-one meetings may be held, with details to be provided later.