The Department of Justice (DOJ) is seeking proposals for a Governance Risk Compliance (GRC) tool to enable the Office of the CIO within the FBI’s Enterprise Information Security Section (EISS) to provide automated security processes and enhance reporting abilities.
“In addition to the software suite and service management, the Offeror shall provide guidance to optimize technology, people, and processes across the GRC tool,” a request for proposal (RFP) said. “The Offeror shall implement and rely on FBI services provided within the FBI’s Enterprise Developer Services (FED’s) environment for use across all FBI systems to realize the full potential of the GRC tool and support the IT risk management activities for the FBI.”
The RFP cites that the GRC tool must also meet 18 requirements to be selected, including, but not limited to:
- A customizable user interface;
- Automated document generation;
- Automatically categorize systems;
- Security control assessments;
- Automated workflow and actions/approvals;
- Role based access control; and
- Reporting/state visibility.
“The GRC tool will enable the EISS to provide automated security processes as well as enhanced reporting abilities,” the RFP states. “The support services required for this software suite include templates, workflows, dashboards, documentation, access to bug fixes, service packs, FBI level content, updates, version functionality upgrades, software technical support, training, and help desk support for the GRC tool, all associated products and related functionality.”
Proposals for the GRC tool are due by June 26, 2020.