Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF DECEMBER 05, 2012 FBO #4029
SOURCES SOUGHT

D -- CRITICAL SYSTEM PROTECTION (CYBER SECURITY)

Notice Date
12/3/2012
 
Notice Type
Sources Sought
 
NAICS
541512 — Computer Systems Design Services
 
Contracting Office
Defense Information Systems Agency, Procurement Directorate, DITCO-NCR, P.O. BOX 549, FORT MEADE, Maryland, 20755-0549, United States
 
ZIP Code
20755-0549
 
Solicitation Number
CYBER_SECURITY_SOURCE_SOUGHT
 
Archive Date
1/17/2013
 
Point of Contact
Kim Oanh P. Scott, , Suzanne Rippenbaum,
 
E-Mail Address
kimoanh.p.scott.civ@mail.mil, Suzanne.M.Rippenbaum.Civ@mail.mil
(kimoanh.p.scott.civ@mail.mil, Suzanne.M.Rippenbaum.Civ@mail.mil)
 
Small Business Set-Aside
N/A
 
Description
SOURCES SOUGHT ANNOUNCEMENT for Defense Information Systems Agency (DISA) for CRITICAL SYSTEM PROTECTION (CYBER SECURITY) 3 December 2012 CONTRACTING OFFICE ADDRESS: DISA, Procurement Directorate (PLD), Defense Information Systems Agency (DISA) P.O.BOX 549 FORT G. MEADE MARYLAND INTRODUCTION: This is a SOURCES SOUGHT TECHNICAL DESCRIPTION to determine the availability and technical capability of small businesses (including the following subsets, HUBZone Firms; Certified 8(a), Service-Disabled Veteran-Owned Small Businesses and Woman Owned Small Business) to provide the required products and/or services. The Defense Information Systems Agency (DISA) Office of the Chief Technology Office (CTO) is seeking information for potential sources that can provide technical, engineering, integration and testing support to the Advanced Concepts Office (ACO) for Enterprise Joint Capability Technology Demonstrations (JCTD), Enabling Technologies, and Innovative Pilot capabilities. The work will include designing, implementing, and evaluating software and application deployments to determine readiness for enterprise use while determining approaches to incorporate cross domain solution into final deployed solutions. DISCLAIMER: THIS SOURCES SOUGHT IS FOR INFORMATIONAL PURPOSES ONLY. THIS IS NOT A REQUEST FOR PROPOSAL. IT DOES NOT CONSTITUTE A SOLICITATION AND SHALL NOT BE CONSTRUED AS A COMMITMENT BY THE GOVERNMENT. RESPONSES IN ANY FORM ARE NOT OFFERS AND THE GOVERNMENT IS UNDER NO OBLIGATION TO AWARD A CONTRACT AS A RESULT OF THIS ANNOUNCEMENT. NO FUNDS ARE AVAILABLE TO PAY FOR PREPARATION OF RESPONSES TO THIS ANNOUNCEMENT. ANY INFORMATION SUBMITTED BY RESPONDENTS TO THIS TECHNICAL DESCRIPTION IS STRICTLY VOLUNTARY. SOURCES SOUGHT: The anticipated North American Industry Classification System Code (NAICS) 541512, with the corresponding size standard of $25.5M. This Sources Sought Synopsis is requesting responses to the following criteria ONLY from small businesses that can provide the required services under the NAICS Code. To assist DISA in making a determination regarding the level of participation by small business in any subsequent procurement that may result from this RFI, you are also encouraged to provide information regarding your plans to use joint venturing (JV) or partnering to meet each of the requirements areas contained herein. This includes responses from qualified and capable Service Disabled-Veteran Owned Small Businesses, Women-owned Small Businesses, HUBZone Small Businesses, and 8(a) companies. You should provide information on how you would envision your company's areas of expertise and those of any proposed JV/partner would be combined to meet the specific requirements contained in this source sought. In order to make a determination for a small business set-aside, two or more qualified and capable small businesses must submit responses that demonstrate their qualifications. Responses must demonstrate the company's ability to perform in accordance with the Limitations on Subcontracting clause (FAR 52.219-14). REQUIRED CAPABILITIES: I BACKGROUD: Securing the Department of Defense (DoD) against cyber attacks has become one of the nation's highest priorities. To achieve this objective, networks and systems, as well as the operations teams that support them, must vigorously defend against a variety of internal and external threats. To respond to those attacks that are successful, defense mechanisms must be in place to detect and stop follow-on attacks within internal enterprise networks. A critical component of such a defense system is continuous monitoring, ability to automatically test, and validate whether current security measures are working to remediate proactively vulnerabilities in a timely manner. A. The contractor will prepare a Contract Management Plan (CMP) describing the technical approach, organizational resources, including contract budget, labor category breakouts, and management controls. A Work Breakdown Structure (WBS) and project schedule will be provided with the CMP as separate documents. The CMP cost and schedule data will serve as the guide against which the government will monitor contract progress. B. The contractor must analyze the Information Assurance (IA) products and technologies designed to build or enhance security architecture(s), create security implementation documentation, analyze and evaluate security architectures standards, architecture, engineering, and integration support; analyze and evaluate security patches, security patch testing; analyze and evaluate security releases; security measures and environmental transport/system network of infrastructure, and components of the network. C. Cost Model Analysis: The contractor will provide technical support for a cost model analysis for CTO. The cost model analysis must present cost guidance associated with the implementation of security applications from desktop to enterprise. D. Cyber Security Implementation, Engineering and Information Assurance (IA) Support. The contractor will provide, implement, train required personnel, and support the technical security solution that will monitor, detect, analyze, protect, report, and respond against known vulnerabilities, attacks exploitations, and continuously test and evaluate information security controls and techniques. E. Training Support. As part of the product delivery and implementation, the contractor must provide products, solutions, and training to highly skilled individuals who perform planning, configuring, monitoring, and troubleshooting functions to maintain effectively the Cyber Security product in an enterprise environment, stand alone computer or mobile device. F. Professional Service: 1. Technical Engineering and Configuration. The contractor will provide mid-level engineering and configuration services to configure the commercial Cyber Security software. The contractor will also supply engineering and configuration services to assist DISA in maintaining Cyber Security and the underlying components. 2. Quality Assurance. The contractor will provide the CTO with documentation and test cases that demonstrate 100% functionality of Cyber Security within the DoD enterprise. The contractor will provide documentation for applications that perform at less than 100% functionality within Cyber Security. The documentation will state the functionality that was unable to be achieved within Cyber Security and the contractor will explain why the application did not meet the 100% functionality requirement including lessons learned to provide future 100% functionality. 3. Industry Best Practices Process Management Support. The contractor will provide the CTO with process management support using industry best-practice frameworks and standards including ITIL, ISO/IEC 20000 and 27001, Control Objectives for Information and Related Technology (COBIT), Six Sigma and Project Management Body of Knowledge (PMBOK), to facilitate a streamlined and repeatable process environment. This task will support the end-to-end process lifecycle from initial assessment, through design and implementation, to continual service improvement (CSI). II. PURPOSE The purpose of this sources sought is to assess the capabilities of small businesses to address DoD's Cyber Security need to provide a solution that controls application behavior, blocks port traffic, and provides host-based intrusion prevention and detection. Some of the assessment objectives for Cyber Security Services and its components would adequately protect the operating system, user applications, and user actions at the appropriate level of granularity within a large enterprise with both local and enterprise policies. Cyber Security Services operate securely within the context of the DoD IA culture by streamlining the DoD IA business processes resulting in a reduction of cost. To assist DISA in making a determination regarding the level of participation by small business in any subsequent procurement that may result from this RFI, you are also encouraged to provide information regarding your plans to use joint venturing (JV) or partnering to meet each of the requirements areas contained herein. This includes responses from qualified and capable Service Disabled-Veteran Owned Small Businesses, Women-owned Small Businesses, HUBZone Small Businesses, and 8(a) companies. You should provide information on how you would envision your company's areas of expertise and those of any proposed JV/partner would be combined to meet the specific requirements contained in this RFI. In order to make a determination for a small business set-aside, two or more qualified and capable small businesses must submit responses that demonstrate their qualifications. Responses must demonstrate the company's ability to perform in accordance with the Limitations on Subcontracting clause (FAR 52.219-14). III. REQUESTED TECHNICAL INFORMATION. Interested vendors are requested to submit statement demonstrating their DoD knowledge, experience and capabilities for the following: A. Subject matter experts in implementing standards, security engineering, and integrating analyses for designated project components. Identify and mitigate exploits by adversaries that are seeking to disrupt or redirect the normal function of the enterprise solutions and have the technical expertise in implementing Cyber Security solutions. B. Understand existing and emergency technical standards related to cyber security, security patches, security patch testing, and evaluate security releases for the infrastructure and components of the network. C. Demonstrate or illustrate through examples and various implementations on how the vendor provided these skills in previous deployments, implementations, and projects. D. Engineering expertise in designing, architecting, prototyping, and evaluating cyber security applications, systems and technical solutions for use on various computing platforms and network environments. SPECIAL REQUIREMENTS 1. The work to be performed under this contract is classified up to the Top Secret level and may require personnel eligible for Sensitive Compartmented Information (SCI) access. All personnel supporting this contract MUST be U.S. citizens and must have a minimum Secret security clearance. 2. Information Assurance (IA) compliance requires the contractor to be familiar with a wide range of Federal and DoD security requirements. These include Public Law; OMB Circulars; NIST Guidance; as well as specific DISA governing security requisites data security requirements, network connection rules, configuration; change management requirements, and re- accreditation requirements. SUBMISSION DETAILS: Responses should include: 1) Business name and address; 2) Name of company representative and their business title; 3) Size of Business; 4) Cage Code; 5) Contract vehicles that would be available to the Government for the procurement of the product and service, to include ENCORE II, General Service Administration (GSA), GSA MOBIS, NASA SEWP, Federal Supply Schedules (FSS), or any other Government Agency contract vehicle. Vendors who wish to respond to this should send responses via email Jan 2, 2013 by 11:00 AM Eastern Daylight Time (EDT) to Suzanne.M.Rippenbaun.civ@mail.mil And KimOanh.P.Scott.Civ@mail.mil. Interested businesses should submit a brief capabilities statement package (no more than ten pages) demonstrating ability to perform the services listed in this Technical Description. Documentation should be in bullet format. Proprietary information and trade secrets, if any, must be clearly marked on all materials. All information received that is marked Proprietary will be handled accordingly. Please be advised that all submissions become Government property and will not be returned. All government and contractor personal reviewing RFI responses will have signed non-disclosure agreements and understand their responsibility for proper use and protection from unauthorized disclosure of proprietary information as described 41 USC 423. The Government shall not be held liable for any damages incurred if proprietary information is not properly identified. This Source Sought is issued solely for information and planning purposes and does not constitute a solicitation. In accordance with (IAW) FAR 15.201(e), responses to this Source Sought are not offers and cannot be accepted by the Government for forming a binding contract. The government will not reimburse companies for any costs associated with the preparation and submission of Source Sought responses. All proprietary information received in response to this Source Sought must be marked "Proprietary" and will be handled accordingly. Responses to the Source Sought will not be returned. Questions or clarifications to this Source Sought must be submitted, via email, to the Contracting Specialist. The opportunity for clarification of this Source Sought will not change the submission date identified above. Oral communications are not permissible. Marketing brochures and/or generic company literature will not be considered. FedBizOpps will be the sole repository for all information related to this announcement.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DISA/D4AD/DTN/CYBER_SECURITY_SOURCE_SOUGHT/listing.html)
 
Place of Performance
Address: USCYBERCOM approved facilities at 9800 Savage Rd., FT Meade, MD or within government facilities in the NSA Washington region - predominantly at Fort Meade, MD and the Washington, DC - Baltimore, MD area. Limited facility availability may necessitate an alternate government or appropriately cleared industry location for future place of performance., Fort G. Meade, Maryland, 20755-0549, United States
Zip Code: 20755-0549
 
Record
SN02940947-W 20121205/121203234022-3703614a15b9a9780dceb9df9016d618 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.