Request for Information: Information Assurance Compliance Support Services

Request for Information (RFI)

This RFI is issued by the Department of Homeland Security (DHS), Science and Technology (S&T) Directorate, Chief Information Office (CIO) for Information Assurance Compliance Support Services for FY26. The purpose is to collect information from qualified sources regarding their capability and experience in providing services outlined in the attached draft Statement of Work (SOW). This RFI is for planning purposes only and does not constitute a solicitation. The government is not obligated to issue a formal solicitation based on responses.

The DHS S&T CIO Office supports homeland security missions by applying scientific, engineering, and analytical approaches. The Information Assurance (IA) branch specifically requires support for compliance, testing, tracking, and managing cyber-related mandates (e.g., FISMA, Executive Orders, OMB memorandums) for approximately 35 distinct IT Systems and 2500 endpoints.

Respondents are asked to describe their capabilities and experience in:

• Implementing FedRAMP baselines and assessing cloud systems (NIST SP 800-53, 800-37).

• Identifying skills, qualifications, and experience for Information System Security Managers (ISSM) and Zero Trust/Security Operations (SOC) personnel.

• Supporting Zero Trust Framework implementation in federal environments.

• Developing performance metrics and reporting for cyber mandates.

• Implementing emerging technologies and continuous improvement in cybersecurity programs.

• Managing a Project Management Office (PMO) Level III.

• Responses are limited to eight (8) pages.

• Must include a cover letter with specific company information, socio-economic status, recommended NAICS code, points of contact, and answers to the six questions.

• Identify interest in prime or subcontracting roles and any teaming arrangements.

• Identify existing Best-in-Class (BIC) vehicles.

• Submissions must be made using Microsoft Office applications (12-point Times New Roman font).

• Deadline: February 17, 2026, 10:00 a.m.

• Submission Email: Danette.Williams@hq.dhs.gov and Marco.Macherelli@hq.dhs.gov

Previous work related to this RFI includes a Blanket Purchase Agreement (BPA) with SiloSmashers, Inc. and a Task Order (TO) with APF Technology, LLC.

An Industry Day may be held; details will be provided later. The government may also hold one-on-one meetings with respondents.

Statement of Work (SOW) / Performance Work Statement (PWS)

This Statement of Work (SOW) outlines the requirements for Information Assurance Compliance Support Services for the U.S. Department of Homeland Security (DHS) Science & Technology Directorate (S&T) Office of the Chief Information Officer (OCIO). The primary goal is to support DHS S&T in integrating innovative technology into everyday use and maintaining/evolving its organizations.

The scope of work is to support the Information Assurance Compliance function within S&T OCIO, limited to S&T contract staffing. Key areas include:

• Program Management Support: Managing all aspects of service delivery, including transition planning, resource management, quality assurance, and risk management. This involves developing Project Management Plans and providing professional administrative support.

• Compliance Services: Overseeing the Plan of Action and Milestones (POA&M) process, validating system security reporting, maintaining system inventories, developing procedures for DHS IT security policy, supporting the S&T CISO in addressing security issues, implementing IT Security Review and Assistance Programs, conducting Security Assessment and Authorization (A&A) or Ongoing Security Assessments per NIST SP 800-37, and evaluating system configurations and vulnerabilities.

• Information System Security Officer (ISSO) Services: Ensuring compliance with ISSO roles and responsibilities, tracking A&A processes, maintaining continuous monitoring information, updating security documentation, and documenting NIST publications and security controls.

• Information System Security Manager (ISSM) Services: Overseeing ISSO team activities, ensuring adequate ISSO support, reviewing security documentation, and acting as the interface between the ISSO team and Federal Management.

• Security Operations Center (SOC) Services: Operating a 24x7x365 SOC, monitoring and analyzing security events, performing incident triage, maintaining SOPs, conducting technical investigations, and supporting the vulnerability management program.

• Zero Trust Architecture (ZTA) Services: Supporting ZTA implementation, modernization, and program services, including executing DHS's ZTA Strategic Plan, developing implementation plans, and providing expertise on Zero Trust concepts.

• The period of performance is 5 years, starting July 01, 2026, to June 30, 2031.

• The primary place of performance is the S&T headquarters in the National Capital Region. Additional performance locations may be added.

• Contract type: Time and Material (T&M) for base effort and surge support.

• Security: Contractor access to classified information up to Top Secret/SCI is required. Personnel must be vetted for security clearance, with a Single Scope Background Investigation. Key personnel must have at least a SECRET Clearance.

• Accessibility: All Information and Communications Technology (ICT) delivered must conform to Section 508 standards.

• Cyber Supply Chain Risk Management (C-SCRM) is a critical requirement.

• Reporting: Regular reporting (weekly, monthly, quarterly) is required, including status reports, performance metrics, and compliance documentation.

Request for Information (RFI)

This RFI is issued by the Department of Homeland Security (DHS), Science and Technology (S&T) Directorate, Chief Information Office (CIO) for Information Assurance Compliance Support Services for FY26. The purpose is to collect information from qualified and interested sources regarding their capability and experience in providing services related to Information Assurance (IA) and compliance support for S&T's IT systems. This RFI is for planning purposes only and does not constitute a solicitation or an obligation to award a contract.

Respondents are asked to address the following six questions:

• Capability and experience implementing FedRAMP baseline for cloud systems, considering NIST SP 800-53 and 800-37.
• Recommendations for knowledge, skills, qualifications, certifications, and experience for Information System Security Manager (ISSM) and Zero Trust/Security Operations (SOC) personnel.
• Capability and experience supporting the Zero Trust Framework in a federal environment.
• Capability and experience developing performance metrics and reporting for cyber mandates.
• Capability and experience with emerging technologies and continuous improvement in cybersecurity programs.
• Capability and experience implementing and managing a Project Management Office (PMO) Level III.

Not applicable, as this is an RFI.

• Responses are due no later than 10:00 a.m. on February 17, 2026.
• Submissions should be made using Microsoft Office applications, with a font no smaller than 12-point Times New Roman.
• Responses shall not exceed eight (8) pages and must include a cover letter.
• Submissions should be sent to Danette Williams (danette.williams@hq.dhs.gov) and Marco Macherelli (marco.macherelli@hq.dhs.gov).

Not specified. Responses from all interested sources are encouraged.

• The RFI is associated with previous RFIs related to Service Delivery Support, Information Assurance Compliance Support, and Systems Engineering/Operations and Maintenance Support under BPA 70RSAT22A00000001, which expires July 31, 2026.
• An Industry Day may be held, with details to be provided later.
• The Government may hold one-on-one meetings with respondents as part of market research.