Civic AI
Civic AI
Procurement intelligence
Acquisition GatewayForecastAG39414_1759512807

FY26 FISMA Audit

General Services Administration.GSA FAS Office of Acquisition Opera · DC
Est. solicitation
Date posted

Description

The Federal Information Security Management Act of 2002 (FISMA), as amended in 2014, requires agencies to develop, implement, and document department-wide information security programs. FISMA requires each federal agency to perform an annual independent evaluation of the information security program and practices of the agency to determine the effectiveness of such programs and practices and report the results to the Office of Management and Budget (OMB). For each agency with an Inspector General (IG) appointed under the Inspector General Act of 1978, the annual evaluation must be performed by the IG or by an independent external auditor, as determined by the IG of the agency. GSA OIG has elected to have the annual evaluation performed by an independent external auditor.  OMB requires inspectors general to assess metrics in 6 security function areas: Govern, Identify, Protect, Detect, Respond, and Recover to determine the effectiveness of their agencies’ information security programs and the maturity level of each function area. OMB has five defined maturity levels from lowest to highest: Ad Hoc, Defined, Consistently Implemented, Managed and Measurable, and Optimized. Consistent with FISMA and OMB requirements, the objective of the audit is to determine the effectiveness of GSA’s information security program and practices for a specified period each year. Specifically, the Contractor will assess GSA’s performance in the six security function areas. Under the general direction of the U.S. General Services Administration (GSA) Office of Inspector General (OIG), Office of Audits, the Contractor will perform an audit of GSA’s information security program and practices to determine the effectiveness of such program and practices pursuant to the Federal Information Security Modernization Act of 2014 (FISMA). The audit must be conducted in accordance with the Government Accountability Office Government Auditing Standards (GAGAS), the OMB Guidance on Federal Information Security and Privacy Management Requirements, and the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework). 

Planning details

Estimated value
$1M - $1.9M
Contract type
Firm Fixed Price

Classifications

  • NAICS541211
  • PSC541211

Explore more