Request for Information/Sources Sought - Judiciary Security Personal Security Risk Reduction

Questions & Answers / Clarifications

This document provides responses to questions raised by potential vendors regarding the Judiciary Risk Management opportunity, specifically addressing the draft Statement of Work (SOW) and Sources Sought Notice (SSN).

• Procurement Focus: The primary requirement is for professional services, not solely a SaaS solution. However, some IaaS, SaaS, and PaaS components are required as vendor-provided elements within the SOW's table of deliverables.
• Incumbent Contractor: There is no incumbent contractor for this requirement.
• Tooling for Case Management: The government has existing services for Vulnerability Management and PII Redaction (case management process). Contractors are expected to evaluate these services and recommend potential refinements. New tooling may need to be proposed or implemented.
• Third-Party Tools: Contractors are expected to procure and manage licenses/subscriptions for named third-party tools (DeleteMe, ArcGIS, OnSolve, OutSystems) for all mandated user seats.
• Surge Events: Vendor staff will need a minimum of a Secret clearance for surge events. Past examples of surge events include the 2017 and 2020 hurricane seasons, and the 2020 George Floyd protests.
• Coverage Locations: The government has visibility on approximately 850 judiciary facilities. Coverage for judges' residences (up to three per judge) will be determined during the PII Reduction and Redaction program enrollment process.
• ESRI Requirement: ESRI ArcGIS, DeleteMe, OnSolve, and OutSystems capabilities are currently in place and need to be maintained without interruption of service immediately upon award.
• Vulnerability Management Definition: Vulnerability management for personnel involves a continuous monitoring process to identify, evaluate, prioritize, and mitigate potential and actual programmatic weaknesses related to physical security and emergency management.

This Q&A document clarifies key aspects of the draft SOW, particularly regarding the mix of professional services and SaaS/IaaS/PaaS components, contractor responsibilities for third-party tools, and the immediate need for maintaining existing ESRI capabilities. Bidders should incorporate these clarifications into their understanding of the requirements and proposal preparation.

Request for Information (RFI) / Sources Sought Notice (SSN)

This RFI/SSN is issued for market research purposes to identify potential vendors capable of providing services for the draft Judiciary Security Personal Risk Reduction and Vulnerability Management Support Statement of Work (SOW). The government aims to understand the marketplace, evaluate vendor capabilities, and gather feedback on the draft SOW. This is NOT a solicitation for proposals, and the government is not committed to issuing a future solicitation.

• Geospatial Risk Analysis: Providing intelligence and IT/Software services for risk and vulnerability determination, data analytics, and reporting.

• Vulnerability Analysis Reporting and Training: Monitoring online sources for risks, providing intelligence to leadership, and forwarding threats.

• PII Reduction and Redaction: Third-party data broker redaction, online vulnerability assessment, training for at-risk individuals, and processing Daniel Anderl Act requests.

• NAICS Code: 519290 – Web Search Portals and All Other Information Services.

• PSC: DJ01 IT and Telecom Security and Compliance Support.

• No reimbursement for costs associated with providing information.

• Vendors must submit a Statement of Capability addressing general and technical capabilities.

• General Information: Company Name, Address, POC, UEI, contract vehicles, NAICS code, Web URL.

• Technical Capabilities: Vendor Viability, SaaS Platform & Architecture, Security & Compliance, Implementation & Transition, Support & Roadmap, Program Integration, Vulnerability Monitoring, PII Reduction, Data Security, Technology Integration, Personnel Expertise, Training, Data Sharing, Performance Measurement, and Scalability.

• Due Date: January 30, 2026, by 3:00 PM EST.

• Questions Due Date: January 22, 2026, by 3:00 PM EST.

• Submission via email to sjackson@ao.uscourts.gov with a copy to christina_carter-kurant@ao.uscourts.gov.

• Reference "SSN Response – Threat Mgmt" in the subject line.

Not specified in this RFI/SSN.

• Responses should not include generic brochures or extraneous literature.
• The Government will not respond to phone calls.

Statement of Work (SOW) / Performance Work Statement (PWS)

This Statement of Work (SOW) outlines the requirement for a contractor to provide personnel and services to support the Judiciary Security Personal Risk Reduction and Vulnerability Management Program. The program aims to safeguard judiciary people, property, and critical functions from threats, hazards, or harmful events.

The contractor will provide support across five key program elements:

• Program Management Assistance: Including project management, development support, and staffing.
• Vulnerability Management Services: Researching and analyzing all-hazards data and intelligence to assess risks to judiciary protectees, identifying threatening language, providing intelligence reports, assessing risks, and managing the AOUSC Emergency Notification System.
• PII Reduction and Redaction: Implementing a program to maximize awareness and participation, conducting personalized mitigation strategies based on PII vulnerabilities, and providing redaction services.
• Geospatial Services: Developing and maintaining geospatial services, identifying and managing all-hazards data sources, supporting customized ArcGIS solutions, and integrating non-ESRI services.
• Training and Education: Developing training plans and products on data privacy, geospatial services, and emergency notification services.
• Technology and Data Integration and Support: Researching, implementing, and maintaining technology services, supporting IT security processes, and developing data integration solutions.
• Optional Surge Support Services: Providing additional personnel for short-term surge events.

Not explicitly stated in this section of the document, but travel within the National Capital Region (NCR) is required for meetings and conferences, with potential for off-site travel.

• Services must align with judiciary policy, public safety standards, and relevant acts (e.g., Daniel Anderl Judicial Security and Privacy Act of 2022).
• Compliance with the Judiciary Information Security Framework (JISF) and NIST RMF is required for technology services.
• Contractor must have the capacity to provide surge support services.
• Deliverables include various software licenses, tracking tools, case management systems, strategy documents, and training templates, with specified due dates post-award.