Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF JANUARY 10, 2016 FBO #5161
SOURCES SOUGHT

R -- Sources Sought Notice for Conference Support and Professional Services - IT Security Requirements - Sources Sought

Notice Date
1/8/2016
 
Notice Type
Sources Sought
 
NAICS
541611 — Administrative Management and General Management Consulting Services
 
Contracting Office
Department of Commerce, National Institute of Standards and Technology (NIST), Acquisition Management Division, 100 Bureau Drive, Building 301, Room B130, Gaithersburg, Maryland, 20899-1410, United States
 
ZIP Code
20899-1410
 
Solicitation Number
CAW1
 
Archive Date
2/4/2016
 
Point of Contact
Carol A. Wood, Phone: 301-975-8172, Carol A. Wood, Phone: 301-975-8172
 
E-Mail Address
carol.wood@nist.gov, carol.wood@nist.gov
(carol.wood@nist.gov, carol.wood@nist.gov)
 
Small Business Set-Aside
N/A
 
Description
IT Security Requirements This is a SOURCES SOUGHT NOTICE for market research purposes. THIS IS NOT A REQUEST FOR PROPOSALS OR A REQUEST FOR QUOTATIONS. The National Institute of Standards and Technology (NIST) recognizes the value of conferences that are relevant to its mission and to the public interest. Conferences permit individuals and organizations to engage in a variety of activities that are critical to the development and implementation of NIST programs and play an important role in fulfilling NIST's mission. Conferences are an effective way to bring together various groups of people to share information, educate the scientific community and the public, work with state and local government partners, and/or learn from non-governmental stakeholders. Conference planning at NIST has been centralized within the Conference Program, part of the NIST/Public & Business Affairs Office. The Program supports NIST Laboratories and Major Programs at NIST sites in Gaithersburg, MD, Boulder, CO, and Charleston, SC, by providing professional conference planning and conference-related support services in a cost effective manner and in accordance with all Government rules and regulations. The Government is contemplating a procurement to establish an indefinite delivery/indefinite quantity (IDIQ) contract to provide conference support services for NIST. Conference support services shall include, at a minimum: Registration, website creation, travel arrangements and reimbursement, obtaining meeting space, speaker support services, and audio visual support. Within the scope of this IDIQ, the Contractor will be required to provide professional services to NIST to perform subject matter analysis, implementation and reporting, opportunities document development and in-depth analytical strategic, and project management advice and support. These services will focus on the following technological areas: -Chemical, Physical and Materials Sciences; -Biotechnology; -Manufacturing, Construction and Physical Infrastructure; -Medical Technology; and -Information Technology. Selected technological focus areas may also be cross-disciplinary and include subsets of more than one of the above areas. Conference support will include workshop development in the technological areas above as well as other technical and administrative areas. Given that this requirement anticipates the Contractor will have access to personally identifiable information (PII) that will be transmitted and stored electronically, the Contractor will be required to possess, at a minimum, an authorized FedRAMP security and privacy controls package at a moderate level, or FedRAMP authorization or an Authorization to Operate (ATO) letter issued by a Federal Government agency as proof of evidence that the Contractor has been assessed and authorized at the moderate level. If using an ATO letter, that letter shall clearly state that the Contractor has been authorized at the moderate level. The Federal Information Security Management Act of 2002 (FISMA) is a United States Law that recognized the importance of information security. The Act requires that all federal agencies develop, document and implement an agency-wide program to provide information security for information and information systems that support the operations and assets of the agency, including those provided by or managed by another agency, contractor, or other source. The FISMA requirements are not just for websites, but apply to any vendor, network, or computing environment that has NIST data in it. FedRAMP was developed to be compliant with FISMA. The Federal Risk and Authorization Program (FedRAMP) is a risk management program for large outsourced and multi-agency information systems used by the U.S. Government. FedRAMP authorizes and continuously monitors IT services that are used by multiple federal departments and agencies. This approach uses a "do once, use many times" framework that will save cost, time, and staff required to conduct redundant agency security assessments. The requirement for FedRAMP approval and/or the Authorization to Operate applies when the Contractor, and possibly their subcontractors, will have access to personally identifiable information. This process of assessing the Contractor's (and subcontractor's) processes and procedures with respect to the handling and securing of PII is not limited to electronic data, but also applies to data that is or will be maintained in hard copy form as well. SUBMISSION REQUIREMENTS NIST is seeking responses from all responsible sources. Small businesses are defined under the associated NAICS code for this effort, 541611, as those domestic sources having annual revenues of $15.0M or less. Please include your company's size classification in any response to this notice. After the results of this market research are obtained and analyzed, NIST may conduct one or more competitive procurement(s) and subsequently award contracts. If at least two qualified small business are identified during this market research stage, then competitive procurements that result would be anticipated to be conducted small business set-aside. The following information is required to be provided as part of the response to this sources sought notice: 1. Does your company currently possess FEDRAMP or ATO certification from any Government Agency? This question also applies to all subcontractors with whom you would consider working. If submitting an ATO letter, the letter must clearly state the impact level (i.e., moderate or high), at which the Contractor has been assessed and authorized. If subcontractors are involved, each party must have the above stated FedRAMP authorization or Federal agency-issued ATO letter stating the authorization; 2. While FedRAMP authorization or ATO is preferred, in lieu of the above, the Contractor and its intended subcontractors, may demonstrate that they have passed an independent security audit (e.g. Statement on Standards for Attestation Engagements (SSAE), PCI Data Security Standard (PCI DSS)). The Contractor shall provide to NIST, a description of the audit(s) performed, evidence of the audit(s), or instructions on how to obtain evidence of the above, if the Contractor has had any audits described above or other security audit; 3. Relevant documentation which demonstrates your company's overall capability to complete any or all tasks associated with planning for conferences and workshops of any size from 20 persons to 500 persons; 4. Documentation of the company's expertise in the areas of Chemical, Physical and Materials Sciences; Biotechnology; Manufacturing, Construction & Physical Infrastructure; Medical Technology; and Information Technology; 5. Documentation of the company's expertise in the areas of subject matter analysis, implementation and reporting, opportunities document development and in-depth analytical strategic, and project management as they apply to task areas identified; 6. Documentation of the company's existing compliance or willingness to comply with the following information technology security standards as defined on the attached sheet: -IPV 6 -Section 508 -Authentication and -Incident Response. 7. Name and business size of the company; 8. Any other relevant information that is not listed above which the Government should consider in finalizing its market research. Submission must be received not later than Wednesday, January 20, 2016, at 3:30 PM Eastern Time.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DOC/NIST/AcAsD/CAW1/listing.html)
 
Place of Performance
Address: NIST Sites and the Contractors Site, United States
 
Record
SN03986811-W 20160110/160109132746-e50effddf0e9b8217a7223aa442dc4c4 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.