Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF MARCH 08, 2018 FBO #5949
SOURCES SOUGHT

R -- PP&O MISSION ASSURANCE SYSTEM MANAGEMENT SUPPORT

Notice Date
3/6/2018
 
Notice Type
Sources Sought
 
NAICS
541990 — All Other Professional, Scientific, and Technical Services
 
Contracting Office
Department of the Navy, United States Marine Corps, MCICOM HQ, 701 S Courthouse Rd, Arlington, Virginia, 22204-2461, United States
 
ZIP Code
22204-2461
 
Solicitation Number
M95494-18-008
 
Archive Date
4/4/2018
 
Point of Contact
Erika A Chavarria, Phone: 7036044495
 
E-Mail Address
erika.chavarria@usmc.mil
(erika.chavarria@usmc.mil)
 
Small Business Set-Aside
N/A
 
Description
THIS SOURCES SOUGHT IS FOR INFORMATIONAL PURPOSES ONLY. THIS IS NOT A REQUEST FOR PROPOSAL. IT DOES NOT CONSTITUTE A SOLICITATION AND SHALL NOT BE CONSTRUED AS A COMMITMENT BY THE GOVERNMENT. RESPONSES IN ANY FORM ARE NOT OFFERS AND THE GOVERNMENT IS UNDER NO OBLIGATION TO AWARD A CONTRACT AS A RESULT OF THIS ANNOUNCEMENT. NO FUNDS ARE AVAILABLE TO PAY FOR PREPARATION OF RESPONSES TO THIS ANNOUNCEMENT. ANY INFORMATION SUBMITTED BY RESPONDENTS TO THIS NOTICE IS STRICTLY VOLUNTARY. 1. BACKGROUND. Headquarters Marine Corps (HQMC), Plans, Policies and Operations (PP&O), Security Division (PS) is requesting support for the Marine Corps Critical Asset Management System (MC-CAMS). PP&O, PS is responsible for the management and safeguarding of USMC owned Critical Infrastructure (CI) through Mission Assurance risk assessments and other risk management practices. This information is collected and shared within DoD to support all phases of military operations and objectives. This capability provides the required support elements to document, validate, track, share and maintain Mission Assurance related data in order to enhance protection program efforts and support risk decision in support of operation mission success. 2. TASKS. Task 1 - Provide support for the Mission Assurance Development Lab (MADL): The Contractor will provide support for the Mission Assurance Development Lab (MADL) that will be the collaborative environment designated for all support, analysis, testing and integration activities associated with the MC-CAMS Risk Management Framework (RMF) transition and all system enhanced integration efforts. This includes authoring supportive artifacts that will be managed within the Marines Corps MCCAST platform, enhancements to the CAMS solution for greater data sharing capabilities, and supporting testing efforts required for applied updates to the MC-CAMS platform. The contractor will provide subject matter experts (SMEs) to conduct daily operational support for all MADL hosted systems, operation and maintenance support, analysis and testing for MC-CAMS integration efforts supporting risk management data that defines the Mission Assurance Program. SMEs will be associated as key personnel to advise this task and provide USMC Mission Assurance program directed guidance and vision. Activities that will be managed under the MADL will be the following: - Provide and maintain daily operations support of the MADL training suite, configuration management systems, testing suite, and supporting infrastructure and linkages to Cyber Range - Provide account management and creation for all supporting stakeholder and team members - Provide case studies, testing and analysis for system to system integration efforts that entail data sharing and capability migration - Provide SME support for USMC Mission Assurance program policy, procedures and guidance - Author systems capability briefings, system and network architectural diagrams and other lifecycle management artifacts - Manage and maintain all historic and future supporting artifacts within the MADL's configuration management library - Facilitate a monthly Configuration Control Board (CCB) at the MADL supporting all DoN stakeholders using the Critical Asset Management System - Provide physical and logical access control to the MADL facility and supporting systems Task 2 - Provide Operations and Training support for Marine Corps Critical Asset Management System (MC-CAMS): The Contractor will provide MC-CAMS systems operational support that resides on classified and unclassified networks. Specific SME support will cover the following areas: user help desk support, training classroom support and MADL hosted training infrastructure. The support team will provide engineering support for the management of the MC-CAMS Certification and Accreditation (C&A) processes, account management, software and hardware upgrades, Continuity of Operations (COOP) support, system backups, performance tuning, user help desk support, training support and troubleshooting measures. In addition, the contractor will provide guidance on all major system related policy updates and changes that may impact operations for any of the supported applications and/or infrastructures. In addition, the contractor will provide support for all major system related policy updates and changes that may impact operations for any of the supported applications and/or infrastructures. SME will be associated as key personnel to Dev OPS and software engineering requirements for this task. All activities and actions pertaining to training and the operations of the environments will be captured within site reports and reviewed during the monthly Configuration Control Board (CCB). This includes the following capabilities: - Provide management and up keep for all MC-CAMS Mobile Training Suites (MTS) - Provide tier 1, tier 2 and tier 3 MC-CAMS helpdesk support for all USMC CAMS production systems - Provide operations and maintenance for all fielded HQMC PP&O/PS Mission Assurance supporting classified and unclassified production systems - Support monthly COOP related exercises hosted through HQMC Administration and Resource Management Division, Information Systems Management Branch (ARI) - Coordinate with the MC-CAMS hosting agent, HQMC ARI, for all environmental and/or policy changes that may create impact on the production systems - Maintaining, deploying, configuring and providing on-site technical support for the mobile training suites to support MC-CAMS training at four Marine Corps installations. - Provide instructional classroom support at each MC-CAMS training event and capture user input and feedback for CCB review and consideration. - Provide Train the Trainer (TTT) sessions for the MC-CAMS systems capabilities and enhancements to keep classroom instruction accurate and up-to-date. - Provide regional and installation on-hands technical support for the use of the MC-CAMS production platform during these training events. - Provide a report of training and operational support activities at the monthly MADL hosted Configuration Control Board (CCB). - Contractor must provide Information Systems and Cyber-Security services in support of the MC-CAMS portfolio. The MC-CAMS Information Systems portfolio must include processes and engineering services which are required due to the results of an operational or functional system assessment. Task 3 - Provide Support for Risk Management Framework requirements for Marine Corps Critical Asset Management System (MC-CAMS): The Contractor must provide MC-CAMS systems operational support that resides on both USMC classified and unclassified networks. SME will be considered key personnel to support this task. Specific SME support will cover the following areas: Certification and Accreditation (C&A) processes, Risk Management Framework (RMF) support, account management, software and hardware upgrades, Continuity of Operations (COOP) support, system backups, system vulnerability management, performance tuning, user help desk support, training support and troubleshooting measures. In addition, the contractor will provide guidance on all major system related policy updates and changes that may impact operations for any of the supported applications and/or infrastructures. Provide support to monitor and maintain the Marine Corps Critical Asset Management System (MC-CAMS) RMF technical requirement to support DIACAP to RMF requirements for the Authority to Operate. - The contractor must provide a monthly Cybersecurity Issues report that identifies current cybersecurity issues that pose an immediate risk to the MC-CAMS security posture and system schedule. - The contractor must develop and maintain detailed cybersecurity project plans for MC-CAMS. Cybersecurity Project Plans must identify all action items necessary to obtain, maintain, system authorization, maintain Federal Information Security Management Act (FISMA), compliance, implementation tasks used to meet or exceed the systems continuous monitoring strategy. Cybersecurity Project Plans must account for Information System inspections, and Information System milestone events. - The contractor must update the MC-CAMS Cyber Security Strategic Plan annually - The contractor must develop and provide all documentation to meet MC-CAMS, USMC, and Combatant Command/Service/Agency Components compliance with security, interoperability, supportability, sustainability, and usability regulations; guidelines, and policies. - The contractor must support the MC-CAMS portfolio across all system lifecycle stages that lead to; and maintain the Portfolios' USMC ATO. - Provide direct support for the management of all MC-CAMS USMC MCCAST. This entails full documentation and disclosure of both internal and external dependencies of the system and the documentation of all security related risks that may be inherent to the supporting networks. - Provide direct support to conduct, record and analyze MC-CAMS security testing through penetration and/or exploitation techniques. Anticipated Key Personnel Requirements: • Task 1: Program Manager The MADL program manager must work directly with DoD MA leadership to help capture and refine IT development needs to align with policy objectives and guidance. They must possess a strong technical background and have the ability to correlate advanced technical concepts to senior leadership through briefings, whitepapers and discussions. In addition, the Program Manager must be able to take the vision from the stakeholder community and clearly relay that directive to the supporting technical teams for product or event development activities. o The ability to cost, schedule and lead local and remote technical project teams to support all Mission Assurance focused development efforts o Must develop strategic, tactical and technical program documentation to assist or present leadership with vision and guidance supporting DoD Mission Assurance o Must have a clear understanding of DoD processes, guidelines and procedures for classified networks and environments o Must have a solid understanding of DoD operation environments o Host and manage supporting working groups, meetings and CCBs o Identify resourcing challenges and develop recommendations for client review • Qualifications: o 15 years of experience leading DoD enterprise level application development programs o 10 years' experience supporting across the DoD with Mission Assurance pillars (CIP, AT, CBRN, EM, PS, CYBER, COOP) o 10+ years using and working with the Critical Asset Management System (CAMS) o Must hold a Bachelor of Science degree in Computer Science, Computer Engineering or Communications o Must hold an active TOP SECRET security clearance and be eligible for SCI nomination o Must hold at least one Microsoft certification o Must have completed ICS-CERT Level III training o Must have completed Security + certification • Task 1: Senior Systems Engineer A Senior Systems Engineer is responsible for resolving escalated service issues, coaching other engineers to resolutions, engineering and implementing complex projects, and for maintaining and overseeing the technology of their assigned accounts. This role is a key position within the service department and will be called upon to resolve the highest level technical issues. Provide IT oversight for the Mission Assurance Development Lab (MADL) and the client production, development, testing, red team and mobile training kit environments in support of the Marine Corps Mission Assurance program. Responsible for the architecture design, short/long term infrastructure planning and leading up the efforts for software/hardware integrations, implementations, upgrades, maintenance and disaster recovery. Provide architecture and engineering subject matter expert (SME) support to the Information Assurance (IA) team for cybersecurity, penetration testing and accreditation packages. Present senior level management on the IT infrastructure which encompasses the MADL, production, testing and development environments. Author system and network design documents, site visit reports and configuration guides. Responsible for the management, training and mentorship of the systems engineering team. o Provide technical services and support for the following areas:  Network level: WAN and LAN connectivity, routers, firewalls, and security  Internal systems, cloud and network infrastructure  Microsoft related technologies: Windows Server, Exchange, SQL, SharePoint  Virtualization technologies: VMware, Citrix, and Microsoft  Remote access solution support: VPN, Terminal Services, and Citrix  Remote monitoring and management of system alerts and notifications • Qualifications: o 10+ years of experience in a DoD environment with detailed knowledge of DoD hosting environments for both classified and unclassified networks o Must have at least 10+ years of experience with heterogeneous network environments and a solid understanding of Windows and Linux operating systems o Must have at least 7+ years of experience with VMware ESX and the supporting server packages o Must have experience standing up development environments o Must hold a Bachelor's of Science Degree with technical focus o Must be a Microsoft Certified System Administrator (MCSA) o Must be CompTIA Security+ CE certified o Must hold an active Top Secret security clearance and be eligible for SCI nomination • Technical Skills Required: o Operating Systems: Windows XP/ 7/8/10, Windows Server 2003/2008/2012/2016, Linux (Fedora, Debian, Red Hat, Ubuntu, Pfsense, VMware) o Software: Veritas Cluster Server, ACAS by Nessus, Active Directory, Group Policy, Microsoft NLB, IIS, Windows Server Update Services (WSUS), SQL Server 2012/2014, Remedy, ArcGIS Server 10.4.1, Portal for ArcGIS 10.4.1, SharePoint Server 2007/2010/2013, AutoStart, VMware Horizon View, UpTime Monitoring, Project 2010/2013, Citrix, Visio 2013, System Center Configuration Manager (SCCM) 2012, Forefront Threat Management Gateway (TMG) 2010, ADFS, Team Foundation Server (TFS) 2015, Symantec BackupExec, Symantec Endpoint, GrayLog • Task 2: Technical Team Lead/Solution Architect Lead a technical group supporting the United States Marine Corps Mission Assurance (MA) program; mentoring technical team members by demonstrating deep knowledge and experience in designing, engineering and producing software applications, tools and technical solutions used to support Department of Defense (DoD) community. To produce the best solutions possible, an agnostic approach to technologies must be applied after thorough review of requirements are provide. An understanding of various Commercial Off The Shelf (COTS) products and Open Source technologies is typically required to find the most advanced cost affective measure before proceeding to development. Management of both local and remote technical resources is required knowledge of the Mission Assurance processes, directives and structure. Understand and apply the Software Development Life-Cycle (SDLC) and Application Life-cycle Management (ALM) to government owned projects. Must be able to work in a very fluid and dynamic environment and willing to adapt to and overcome technical obstacles. o The ability to assist with building the costs and schedule for agreed upon technical solutions o Lead local and remote technical project teams to support various Mission Assurance focused development efforts o Must have the ability to develop technical program documentation to support briefings, configuration management efforts and the system accreditation process o Must have a clear understanding of DoD processes, guidelines and procedures for classified networks and environments o Travel to collaborate with MA community system owners and provide technical guidance • Qualifications: o 20 years of software development experience (programming and designing) o 10+ years leading software projects supporting the DoD o 8 + years working with the Microsoft.NET Framework and able to create and manage software solutions in Visual Studio o 7 + years managing development projects through Microsoft's Team Foundation Server (TFS) o 7 years' experience supporting across the DoD with Mission Assurance pillars (CIP, AT, CBRN, EM, PS, CYBER, COOP) o 3+ years using and working with the Critical Asset Management System (CAMS) o 5+ years using and working with the Mission Assurance Decision Support System (MADSS) o 2+ years using and working with the Enterprise Mission Assurance Assessment Tool (eMAAT) o Must hold a Bachelor of Science degree in Computer Science, Engineering or Communications o Must hold an active TOP SECRET security clearance and be eligible for SCI nomination o Must hold (MSCSA) System Administrator o Must hold (MSCDBA) Database Administrator o Must hold (MSCE) System Engineer o Must hold a General Class amateur radio license o Must have completed (SY0-401) Security + certification • Technical Skills Required: o Microsoft ASP.NET MVC 4 and Greater, MVC Core o Web skills/technologies like JavaScript, TypeScript, Bootstrap, Knockout, Angular, CSS and the use of SASS, Less o Universal Windows Platform (UWP), Windows Presentation Foundation (WPF), XAML o Xamarin Controls and forms o Telerik Controls o VB, C#, C++ o Windows Forms (WinForms) and older Active Server Pages Web Forms o DevExpress Controls o Java o SQL Server, T*Sql, MySQL, Oracle, and NoSQL data stores o IIS, SSIS, SSAS, SSRS, SQLData Tools o Extract Transform and Load (ETL) tools from Redgate and others o Online Analytic Processes (OLAP), Online Transaction Processes (OLTP) o Analytic Cube design and use of MDX and R o Understanding of various software development processes and requirement gathering techniques (SCRUM, Waterfall, CMMI) o Experienced with UML and use of tools like Visual Paradigm, Rational Rose and Enterprise Architect • Task 2: Project Software Engineer Provides leadership and task management to the CAMS development team. Works with Configuration Management and the PM to review what features will go into each release based on schedule and resources available. Must be highly proficient with Visual Studio and programming in C# using Visual Studio with Team Foundation Service as a means for source control and work item management. Attend and actively participate in requirements gathering and internal program reviews with the client. o Provide insight and scope into technical courses of actions available to address new or extended requirements o The ability to assist with building the costs and schedule for agreed upon technical solutions o Lead local and remote technical project teams to support various Mission Assurance focused development efforts o Must have the ability to develop technical program documentation to support briefings, configuration management efforts and the system accreditation process o Must have a clear understanding of DoD processes, guidelines and procedures for classified networks and environments o Host and manage supporting technical working groups, development meetings and demonstrations o Travel to collaborate with MA community system owners and provide technical guidance o Assist with training efforts and gather feedback from end users to present through the Configuration Control Board o Work with the security team to provide input into any supporting RMF documentation or artifact • Qualifications: o 20+ years of software development experience (programming and designing) o 10+ years leading software projects supporting the DoD o 8 + years working with the Microsoft.NET Framework and able to develop and manage solutions in Visual Studio o 7 + years managing development projects through Microsoft's Team Foundation Server (TFS) o 7+ years' experience supporting across the DoD with Mission Assurance pillars (CIP, AT, CBRN, EM, PS, CYBER, COOP) o 7+ years using and working with the Critical Asset Management System (CAMS) o 2+ years using and working with the Enterprise Mission Assurance Assessment Tool (eMAAT) o Must hold a Bachelor of Science degree with technical focus o Must hold an active TOP SECRET security clearance and be eligible for SCI nomination o Must hold (MCTS) Microsoft.NET Framework 3.5, ASP.NET Application Development o Must hold an Amateur Class amateur radio license o Must have completed (SY0-401) Security + certification • Technical Skills Required: o Microsoft ASP.NET, MVC 4 and greater, MVC Core o Web skills/technologies like JavaScript, TypeScript, Bootstrap, Knockout, Angular, CSS and the use of SASS, LESS o Universal Windows Platform (UWP), Windows Presentation Foundation (WPF), XAML o Xamarin Controls and forms o Telerik, Syncfusion, DevExpress Controls o VB, C#, C++ o Windows Forms (WinForms) and older Active Server Pages Web Forms o Java o SQL Server, T*Sql, MySQL, Oracle, and NoSQL data stores o IIS, SSIS, SSAS, SSRS, SQL Data Tools o Analytic Cube design and use of MDX and R o Understanding of various software development processes and requirement gathering techniques (SCRUM, Waterfall, CMMI) o Experienced with UML and use of tools like Visual Paradigm, Rational Rose and Enterprise Architect o Experienced with virtualized environments • Task 3: Senior Security RMF Engineer Lead engineering, implementing and monitoring security measures for the protection of computer systems, networks and information. Identifying and defining system security requirements. Designing computer security architecture and developing detailed cyber security designs. Continuously monitoring the threat landscape affecting the infrastructure and its components through the identification of vulnerabilities, assessing risk, and proposing mitigation solutions. Information Assurance Lead with the Certification and Accreditation process for all supported systems developed within the MADL. Manage the Risk Management Framework package and process for the CAMS application for both classified and unclassified networks. Review ongoing development efforts to better understand changes that may impact the overall security posture of the accredited systems. Provide weekly updates to team members regarding the latest security news. Develop and maintain detailed cybersecurity project plans for CAMS. Cybersecurity Project Plans must identify all action items necessary to obtain, maintain, system authorization, maintain Federal Information Security Management Act (FISMA), compliance, implementation tasks used to meet or exceed the systems continuous monitoring strategy. Cybersecurity Project Plans must account for Information System inspections, and Information System milestone events. Generate the RMF security controls based on the System Categorization, applicable overlays, Defense-in-Depth Functional Implementation Architecture (DFIA), and CYBERSAFE grade within Marine Corps C&A Support Tool (MCCAST) to establish the initial control set for the GCSS-MC LIS programs. The contractor must utilize and implement Step Two of the RMF process- Select Security Controls, to meet the requirements of this task. Provide information system security engineering support as part of Integrated Product Teams (IPT) and other program related meetings. The IPT support must develop and present documented information identifying, predicting, and evaluating the vulnerability of the proposed solutions to threats anticipated throughout the system's life cycle. • Qualifications: o 10+ years of experience in a DoD environment o 8+ years of experience in Security Engineering o 2+ years of experience with the Critical Asset Management System (CAMS) o 2+ years of experience working within the Software Development Life Cycle (SDLC) o 3+ years working under the guidelines and directives of DoD 8510, NIST 800.53 Risk Management Framework, and CNSSI 1253 o Must hold a Bachelor's degree in Computer Science, Information Security, Electrical Engineering or a related scientific /technical discipline o Must hold an active Top Secret security clearance and be eligible for SCI nomination o Must hold IAT/IAM Level III (CISSP, CISM, GLSC) o Must hold CEH/GCIA • Technical Skills Required: o Operating Systems: Windows, Windows Server, Linux (Debian, Kali, PenToo, Red Hat) o Software: MS Office, Visio, SharePoint, HTML, XML, MCCAST 3. PERIOD OF PERFOMANCE: The period of performance will be a one (1) year Base Period and four (4), one-year Options Periods, if exercised. The expected date of commencement is June/July 2018. 4. PLACE OF PERFORMANCE: Work performance will take place at the following locations: • At the Contractor's facility • Pentagon, Washington, DC • On all Marine Corps installations where training takes place both CONUS and OCONUS. Travel: The contractor should expect to make several trips to Marine Corps installation specified by the government each year (approximately 1-2 contractor employees on each trip). Each trip is estimated to last between six (6) to nine (9) days to the locations listed below. These trips are estimations and are subject to change throughout the contract. • One (1) trip to Marine Forces Reserve, New Orleans, Louisiana • Two (2) trips to Camp Pendleton, California • One (2) trip to Marine Corps Base Camp Lejeune, NC • Three (1) trips to Camp Foster, Okinawa, Japan • One (1) trip to Marine Corps Base Hawaii 5. NAICS: The anticipated North American Industry Classification System Code (NAICS) for this requirement is 541990 All Other Professional, Scientific and Technical Services, with the corresponding size standard of $15 million. 6. RESPONSE INSTRUCTIONS: 1. Name of Organization, Cage Code, DUNS Number, Telephone Number, Address, and Email address for the primary point of contact. 2. Description of your organization's capabilities / experience with regards to the tasks outlined above and required personnel. This description should demonstrate ability to perform the services described in this notice. 3. Summary of organization's history relative to the specific tasks required. For each reference, please provide a summary of the work involved and references' point of contact, phone number, and email address. 4. Any existing Contract vehicles that would be available to the Government for the procurement of these products/services (i.e., GSA schedule, etc.) 5. Small business standing (i.e. large or small business, specific category of small business) 6. Additional comments or questions about the specifics of this requirement. VENDORS WHO WISH TO RESPOND TO THIS SOURCES SOUGHT SHOULD SEND RESPONSES VIA EMAIL NLT 20 MARCH 2018 AT 3:00 PM (LOCAL D.C. TIME) TO ERIKA.CHAVARRIA@USMC.MIL. Proprietary information and trade secrets, if any, must be clearly marked on all materials. All information received that is marked Proprietary will be handled accordingly. Please be advised that all submissions become Government property and will not be returned. All government and contractor personal reviewing RFI responses will have signed non-disclosure agreements and understand their responsibility for proper use and protection from unauthorized Disclosure of proprietary information as described 41 USC 423. The Government shall not be held liable for any damages incurred if proprietary information is not properly identified.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/notices/3d7293771051b9466d0da7934fa0bb0c)
 
Record
SN04843961-W 20180308/180306230949-3d7293771051b9466d0da7934fa0bb0c (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.