So I was doing my usual “Beltway Bandit Perusal of Opportunities for Filthy Lucre” also known as diving into FedBizOps and I found this gem. Basically what this means is that sometime this summer, NIST is going to put out an RFP for contractors to further develop SCAP using ARRA funds.
Keeping in mind that this isn’t the official list of what NIST wants done under this contract, but it’s interesting to look at from an angle of where SCAP will go over the next couple of years:
- Evolution of the SCAP protocol and specifications thereof
- Feasibility studies, development, documenting, prototyping, and road-mapping of SCAP expansions (e.g., remediation capability) and analog protocols (e.g., Network Event Content Automation Protocol
- Implementation and maintenance support for the Security Automation Content Validation Program
- Maintenance support for the SCAP Product Validation Program
- Pilot, beta, and production support for SCAP and security automation use-cases
- Content development, modification, and testing
- Infrastructure and reference implementation development in JAVA, C++, and C programming languages
- Data trust models and data provenance solutions.
So how do you play? Well, the first thing is that you respond to the notice with a capabilities statement saying “yes, we have experience in doing what you want”–there is a list of specifics in the original notice. Then sign up for FedBizOps and follow the announcement so you can get changes and the RFP when it comes out.