Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF DECEMBER 10, 2021 SAM #7314
SOURCES SOUGHT

D -- Rogue Blue Cybersecurity Accreditation Service

Notice Date
12/8/2021 1:01:06 PM
 
Notice Type
Sources Sought
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
FA8730 DIGITAL DIRECTORATE AFLCMC H HANSCOM AFB MA 01731-2100 USA
 
ZIP Code
01731-2100
 
Solicitation Number
FA873022R85XX
 
Response Due
1/5/2022 10:00:00 AM
 
Archive Date
01/20/2022
 
Point of Contact
Jeremy Peppler, Phone: 4029127536, John Burmester, Phone: 402-912-7534
 
E-Mail Address
jeremy.t.peppler.civ@mail.mil, john.t.burmester.civ@mail.mil
(jeremy.t.peppler.civ@mail.mil, john.t.burmester.civ@mail.mil)
 
Description
SOURCES SOUGHT CYBERSECURITY ACCREDITATION SERVICE Contracting Office: AFLCMC/HBCK, 55 Videmus Omnia Way, Ste 3A7D, Offutt AFB, NE 68113 INTRODUCTION This is not a solicitation. This synopsis is for information and planning purposes only. This Sources Sought synopsis is being conducted pursuant to FAR Part 10, Market Research; a solicitation is not available at this time. This synopsis does not constitute a Request for Proposal (RFP) or Invitation for Bid (IFB). The Government will neither award a contract solely on the basis of this notice, nor will it reimburse the contractor for any costs associated with preparing or submitting a response to this notice. This posting is for information gather and planning purposes only, and in no way restricts the Government�s final acquisition strategy. Any information provided by the Government at this time is preliminary and may be updated or changed prior to release of a formal RFP. BACKGROUND AND DESCRIPTION The Air Force Life Cycle Management Center (AFLCMC) Combatant Command, Command and Control Division (HBC) is seeking qualified sources to assist with building an accreditation package for the Rogue Blue Software (RBS) Unclassified enclave (RB-U). In general, RB-U consists of a data center utilizing NetApp H615C servers and storage, a CommVault backup capability also using NetApp storage, a VMWare virtual environment hosting a variety of infrastructure, platform, and development virtual servers, and a Windows VDI server cluster, all connected to a campus network with all traffic routed through a Palo Alto 5200 firewall.� The campus network utilizes Cisco ACI switches to connect to Dell Wyse zero clients.� RBS is located in Bldg. 500, Offutt AFB, NE. The purpose of RB-U is to support approximately 150 on-premises developers utilizing rapid, high quality, continuous software deliveries (e.g. Agile software development methodologies).� A key aspect of this support is providing a data ingest point for external software required for development (e.g. open source software repositories), vendor patches (Red Hat, Microsoft, Oracle, etc.), and HBC off-premises developers� software deliveries.� Within the environment, supported development tools include the Atlassian Suite (JIRA, Confluence, BitBucket), GitLab, Sonatype Nexus, Jenkins, Ansible, VMware vRA, Fortify, SonarQube, WebInspect, and others. In addition to RB-U, RBS also includes two isolated, classified networks.� The effort contemplated under this Sources Sought does not include those networks. Tasks include, but are not limited to, project management, software/system engineering, and comprehensive cybersecurity support. The contractor shall possess a SECRET Security clearance and have access to SIPRNET eMASS. The contractor shall have extensive knowledge and experience in assisting other Government organizations with building their cybersecurity accreditation package and show success in obtaining an ATO. ADDITIONAL INFORMATION The Government contemplates the use of the North American Industrial Classification System (NAICS) code is 541519, Other Computer Related Services which has a small business size standard of $27.5M. A small business firm competing as a prime contractor must be able to perform at least 50% of the total requirement within its own company (reference FAR 52.219-14, Limitations on Subcontracting). Respondents are encouraged to provide feedback concerning this NAICS selection as well as provide alternative suggestions if a more appropriate NAICS exists. INFORMATION AND INSTRUCTIONS Respondents are requested to submit capability packages as instructed below: Capability packages shall be delivered in one electronic copy.� Capability package files should be in MS Office format (Word, Excel or PowerPoint) or Adobe pdf format, and should not exceed 5 MB on one email.� Capability packages shall contain UNCLASSIFIED material only. Capability packages should not exceed 8 pages, each single side counting one page, 8.5 x 11 inch, with one-inch margins, and font no smaller than 10 point Times New Roman.� All capability packages must be received no later than 12:00pm (Central Time) on 5 Jan 2022. Capability package responses, and all questions, shall be sent via email to the Contracting Officer, Mr Jeremy Peppler, at jeremy.t.peppler.civ@mail.mil and the Contract Specialist, Mr.John Burmester, at john.t.burmester.civ@mail.mil. Respondents must include the following information within their capability packages: Company Information:� Provide company name, address, a point of contact with e-mail address and telephone number, Federal Cage Code, Data Universal Numbering System (DUNS), business size, and security clearance level.� Your company must be registered in System for Award Management (SAM).� To register, go to https://www.sam.gov. Type of Interest:� Is your company likely to propose as a prime contractor?� Is your company looking for subcontracting opportunities? Are you interested in exploring possible teaming arrangements? Small Business:� Small businesses are encouraged to respond to this announcement.� Small business respondents should indicate whether they are a small business, 8(a) concern, veteran-owned small business, service-disabled veteran-owned small business, HUB Zone small business, small disadvantaged business, women-owned small business, or historically black college or university (HBCU) or minority institution (MI) (as defined by the clause at DFARS 252.226-7000). Information regarding any Federal Supply Schedules, Government Wide Acquisition Vehicles, or other streamlined, enterprise solutions to which you are a party. CAPABILITY PACKAGE CONTENTS Please address as much of the following information as possible in your response. 1.� Location and Clearance Information: What level Facility Clearance does your company currently possess? Does your company have the capability to perform on-site at Offutt AFB, NE? 2.� Describe experience with current DoD cybersecurity and information assurance (IA) directives, instructions, procedures and policies to include best practices, tools, countermeasures, and integrated processes for software development. 3. Describe experience with building a cybersecurity accreditation package for the Department of Defense. 4. �The Government is contemplating what core competencies/technical experience evaluation factors would ensure the highest probability of accreditation success. The Government is requesting feedback on the potential evaluation factors identified below. What items would represent the most critical indicators of successful performance? What other criteria not included below might also be of value for the Cybersecurity Accreditation Service evaluations?� -��� Experience with STIG�ing Windows and Linux virtual machines and generating POAMs and other security accreditation documents from the results. Experience with STIG�ing data center and campus hardware, to include servers, storage, firmware, switches, etc. and generating POAMs and other security accreditation documents from the results. Experience/expertise with securing software development tools and disciplines to support microservice-based applications and the building of CI/CD pipelines, including but not limited to: Collaboration using Atlassian tools JIRA, Confluence, Crucible, Fisheye or similar tools supporting open collaboration Configuration Management / Version Control using BitBucket, GitLab, Nexus NDE, or similar SCM tools Container Management Platforms such as D2iQ, Tanzu, or similar tools Databases such as Oracle, MySQL, Cassandra NoSQL DBMS or similar systems Pipeline Automation using Jenkins, Maven, GitLab, or similar tools Quality / Security testing using Fortify, SonarQube, Prisma Cloud (Twistlock), OWASP Dependency Checker, or similar tools Continuous Monitoring tools such as SolarWinds, HBSS, Elastic Stack, or similar tools 5.� In addition to identifying the delineating factors that would provide the highest value return in evaluations in question 4, respondents should also discuss their own knowledge, capabilities, and experience with regard to those factors identified. For example, which of the above methods have you used? �You may additionally describe in detail the projects on which these methods/tools/processes were used, why the methods/tools/processes were chosen, and what were the results? ORGANIZATIONAL CONFLICT OF INTEREST The Government would also like to remind companies deciding to pursue proposing on the Cybersecurity Accreditation Service, in any prime, subcontractor, or teaming arrangement capacity, of their responsibility to avoid and/or mitigate, any potential Organizational Conflict of Interest (OCI). This initiative is especially important for companies supporting Government entities in Advisory and Assistance Services (A&AS) contracts. Guidance is found in the Federal Acquisition Regulation (FAR) Part 9.5. A potential OCI issue exists for any company that has personnel in any of its divisions working under contract for the Government and, therefore, through them has access to ISPAN or NC2 program information originating either from the Government or from other interested companies. Interested companies should also examine any support contracts it has in place with the Government for provisions addressing OCI issues. A company finding it has a potential OCI situation must submit and have an approved mitigation plan prior to the Government�s consideration of any proposal for award. Since the approval process can be lengthy and approval of any plan is not assured, it is highly recommended that potential OCI identification and resolution processes begin as soon in this pre-award phase as possible. An OCI could result in the canceling of a contract or determining an Offeror ineligible for award. Potential OCI issues, and mitigation plans if developed, shall be included as an attachment to technical capability package.� This OCI attachment will not be considered in the total page count.
 
Web Link
SAM.gov Permalink
(https://beta.sam.gov/opp/fa348feb453641b799b2d6dcf744fac0/view)
 
Place of Performance
Address: Offutt AFB, NE 68113, USA
Zip Code: 68113
Country: USA
 
Record
SN06194203-F 20211210/211208230135 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.