Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF JULY 02, 2022 SAM #7519
SOURCES SOUGHT

70 -- License and Maintenance Services of the Lovelace Respiratory Research Institute�s Animal Management System (AMS) at Walter Reed Army Institute of Research (WRAIR)

Notice Date
6/30/2022 1:25:30 PM
 
Notice Type
Sources Sought
 
NAICS
511210 — Software Publishers
 
Contracting Office
W4PZ USA MED RSCH ACQUIS ACT FORT DETRICK MD 21702-5014 USA
 
ZIP Code
21702-5014
 
Solicitation Number
PANMRA-22-P-0000-004918
 
Response Due
7/12/2022 7:00:00 AM
 
Archive Date
09/10/2022
 
Point of Contact
Brenda Mena, Sharew Hailu
 
E-Mail Address
brenda.i.mena.civ@mail.mil, sharew.hailu.civ@mail.mil
(brenda.i.mena.civ@mail.mil, sharew.hailu.civ@mail.mil)
 
Description
Subject:�� License and Maintenance Services of the Lovelace Respiratory Research Institute�s Animal Management System (AMS) at the Walter Reed Army Institute of Research (WRAIR) THIS IS NOT A REQUEST FOR PROPOSALS (RFP) OR A REQUEST FOR QUOTATIONS (RFQ); IT IS STRICTLY A REQUEST FOR INFORMATION (RFI). NEITHER UNSOLICITED PROPOSALS NOR ANY OTHER KINDS OF OFFERS WILL BE CONSIDERED IN RESPONSE TO THIS RFI. NO CONTRACT WILL BE AWARDED PURSUANT TO THIS ANNOUNCEMENT. � 1.0� DISCLAIMER: This RFI is issued solely for information and planning purposes and does not constitute a solicitation. Neither unsolicited proposals nor any other kind of offers will be considered in response to this RFI. Responses to this notice are not offers and will not be accepted by the Government to form a binding contract. Responders are solely responsible for all expenses associated with responding to this RFI. All information received in response to this RFI that is marked Proprietary will be handled accordingly. Responses to the RFI will not be returned. At this time, questions concerning the composition and requirements for a future RFQ will not be entertained. � 2.0 SUBJECT:� �WRAIR is the largest and most diverse biomedical research laboratory in the Department of Defense (DoD). The main facility, the Daniel K. Inouye building, is located in Silver Spring, Maryland. Other laboratory and clinical facilities also carry out research studies in Asia, Africa, and Europe through cooperative partnerships with a host of other governments and militaries through the U.S. State Department. WRAIR�s greatest resources are the dedicated scientists, clinicians, and support personnel who make up the core of WRAIR today. By integrating basic research and advanced technology for the primary goal of protecting the Warfighter, WRAIR serves as the premier biomedical research organization within the DoD. 3.0 BACKGROUND: The U.S. Army Medical Research and Materiel Command�s WRAIR Veterinary Services, Forest Glen Annex, Silver Spring, MD supports biomedical research efforts on behalf of the WRAIR scientific community and the Naval Medical Research Center (NMRC) which is co-located at the WRAIR facility. The mission of the WRAIR is to conduct biomedical research that is responsive to Department of Defense and U.S. Army requirements and delivers lifesaving products including knowledge, technology, and medical materiel that sustain the combat effectiveness of the war fighter. The contractor shall provide annual licensing and maintenance services of the Lovelace Respiratory Research Institute�s Animal Management System (AMS). Specific Tasks / Requirements Assist the WRAIR Information Management Division with AMS system upgrades, updates, patches, maintenance, etc. to prevent system vs. software conflicts. Provide updates and assist with resolution of conflicts. � � � �3. Provide remote training support to select WRAIR/NMRC users when enhancements are made to the original application. � � � �4.� The contractor shall provide help desk support knowledgeable of the AMS application via telephone, email, or fax to the� � � �WRAIR Monday through Friday between 9:00 a.m. and 7:00 p.m. Eastern.�� Answering services shall be available 24/7 in the event of an emergency with no more than 1 hour response time. � � � � 5.� Provide software error processing and Error Processing Report. � � � � �6. Maintain a log of all support calls with reported problem and resolution. � � � � � 7. Provide a list of service levels and expected resolution times for each level of reported problems. No level shall exceed five (5) business days to resolve. � � � � � 8. Contractor shall provide technical assistance to mitigate breaks in service due to application conflicts with Government systems to include after normal duty hours and weekends. Assistance will include advising the WRAIR Information Management on configuration and repair of Government systems maintaining the animal management software application. This may require a remote or on-site presence by the contractor. � � � � � 9.� If the applications need to be modified, the contractor shall make those changes and retest the applications offsite. The contractor shall then provide the Government the revised application and the assistance necessary to install the application on its servers. If modifications need to be made to the server environment, those will be made in conjunction with the Government. If the applications need to be modified and the modification cannot be made within 30 days, the contractor will submit a Plan of Action and Mitigation (POA&M) to the Government for approval. The POA&M will be in accordance with (IAW) the Federal Information Management Systems Act (FISMA) standard. The POA&M will provide justification as to why the vulnerability cannot be mitigated within required time and articulate the new timeline as to when the vulnerability will be fixed and or mitigated. � � � � �10. The contractor shall assist the Government to ensure that all AMS computer system(s) are brought into compliance with the latest Risk Management Framework standard and maintained at that level according to DoDI 8500.01 Cybersecurity and DoDI 8510.01 RMF for DoD Information Technology. An example of this requirement, Microsoft Windows Server (MS) 2008 is approaching end of life.� MS 2012 is the next transition.� The contractor will migrate the existing AMS system to MS Server 2012 within 45 days of when the contractor has remote access to the WRAIR application and database servers. The contractor will assist the Government to ensure that the current servers and all future upgraded servers to include all system components (IIS web servers and SQL Server databases) are in compliance with all Defense Information Systems Agency (DISA) Security Technical Implementation Guide(s) and Information Assurance Vulnerability Management (IAVM) processes per AR 25.1 Army Information Technology. � � � � 11. The contractor shall assist the WRAIR, Information Management Division with the completion of the Certification of Networthiness (CON) type processes and track it for renewal for all AMS software programs current and future. � � � � � � � � A.� Cybersecurity Requirements: � � � � � � � � B.� System Security Requirements � � � � � � � � C.� Key System Attributes: Failure to meet any key attribute is considered a breach of contract. � � � �12.� The contractor device or system shall pass a pre-validation screening, administered within six (6) months of contract award that will be conducted by Government, and must meet criteria listed below � � � � � � � � � A.� No unmitigated Category I (CAT I), findings as described in the appropriate Defense Information System Agency� (DISA) Security Technical Implementation Guides (STIGs) * required STIG checklist will be provided by government customer. � � � � � � � � �B.� No unmitigated Category II (CAT II), findings as described in the appropriate Defense Information System Agency (DISA) Security Technical Implementation Guides (STIGs) located on * required STIG checklist will be provided by government customer. � � � � � � � � C.� No unmitigated critical or high Category I (CAT I) findings from Nessus vulnerability scans. � � � � � � � � D.� No unmitigated Category II (CAT II) findings from Nessus vulnerability scans. � � � �13. The contractor shall mitigate all CAT I and CAT II findings discovered during the A&A process according to a schedule published by Government. � � � 14.� The contractor shall appoint a contractor point of contact responsible for the cybersecurity of the contractor device or system throughout the lifecycle of the system.� The contractor shall provide Subject Matter Experts (SMEs) to support all assessments of contracted products and materials;� and meet required deliverable timelines. � � � 15.� Post Award Cybersecurity Requirements � � � � � � � �A.� The contractor shall establish appropriate administrative and technical safeguards to ensure the confidentiality, integrity, and availability of Government data under their control. � � � � � � � B.� The contractor shall provide anticipated costs and timelines required to address any inability to meet any of the security requirements. Assessment and Accreditation (A&A) � � �1.� �The contractor shall submit all RMF required documentation, as specified by Government Reps for review and approval, no later than four (4) months after request by the Government. � � � �2.� The contractor shall obtain approval from the Government for any contractor developed policies, plans, and procedures prior to implementation. � � � � 3.� The contractor shall provide any additional documentation required by Government for completion of the A&A process within thirty (30) business days of request by Government. Continuous Risk Management � � � �1.� The contractor shall maintain a duplicate of the fielded device or system in a contractor supplied lab environment at contractor location for as long as the system is operated by the Government. � � � 2.� The contractor shall maintain the duplicate system or device in operational condition with the latest security patches installed. � � �3.� The contractor shall maintain the authorized security configuration and notify the government within forty- eight (48) hours of any major changes. � � �4.� The contractor shall ensure the contractor�s device or system is in compliance with the Department of Defense (DoD) Information Assurance Vulnerability Management (IAVM) program upon each deployment. � � �5.� The contractor shall ensure any new deployment (including rebuilds) deploy with a fully patched, accredited version maintained in a lab environment. � � �6.� The contractor shall make the duplicate device or system available for periodic security reviews, within forty-five (45) business days of notification by Government. The contractor shall perform monthly vulnerability scans using the most recent and updated version of approved DoD scan tools. � � �7.� The contractor shall maintain the system and perform updates to comply with updated STIGS as made available by the Government within three (3) months of notification by the Government. � � �8.� The contractor shall assist the Government with resolving any vulnerabilities identified during monthly vulnerability and SCAP scans. � � �9.� The contractor shall assist the government so all discovered vulnerabilities can be closed within three (3) months of discovery. � �10.� The contractor shall submit to Government detailed explanations for the inability to close discovered vulnerabilities. � �11..The contractor shall submit to Government for approval of any mitigation that addresses any open vulnerabilities. � �12.� The contractor shall review all required policies, plans, and procedures documentation on an annual basis and submit changes to Government for approval. � �13.� The contractor shall use Government approved methods and procedures for remote access administration of system or device. Intrusion Detection and Prevention, Antivirus, and Antimalware � � � 1.� The contractor shall ensure that the contractor device or system is capable of supporting the use of DISA approved intrusion detection and prevention, antivirus, and antimalware applications.� The contractor shall provide technical specifications that clearly demonstrate whether the proposed solution can integrate and support, either fully or partially the operation without performance degradation of the medical system/device. In cases where the operation of security applications are not technically achievable, the contractor shall provide detailed justification and a Plan of Actions and Milestones (POA&M) describing steps towards compliance with this requirement. � � � 2.� The contractor shall ensure that the contractor device or system is configured in such a way that allows the updating of malware definition signatures on a scheduled basis. Scanning shall encompass the entire system (file system, operating system, real-time processes), by default. In cases where scanning of the entire system may negatively affect its operation, the contractor shall provide a detailed list of exclusions with justifications. Confidentiality: This project and all materials provided to the contractor by the Government and results, conclusions and recommendations obtained thereof should be considered confidential in nature and treated with the same level of care that the contractor treats its own confidential business information.� The information shall not be disclosed, copied, modified, used (except in the completion of this project) or otherwise disseminated to any other person or entity at any time to include, but not limited to inclusion in any database external to the Government without the Government�s expressed written consent. Management Reports and Plans Summarized Final Report.��The Contractor shall provide a final report of all feature implementations, technical support activities, upgrades, and other activities completed. � � 4.0 RESPONSE INSTRUCTIONS:� �Respondents should address the following in their capabilities statement:� � The purpose of this requirement is to provide scheduled and unscheduled maintenance procedures in order to protect the operational performance on the Government-owned equipment. The services will consist of routine preventative maintenance procedures and will also cover general breakdowns (unscheduled maintenance). The requested services will include free labor and travel services for both the routine and unscheduled maintenance repairs. Service is required on an annual basis during a specified month, with an exception to the Automated PCR instrument which requires semi-annual services. 5.0 CONTACT INFORMATION:� ��All information regarding Capabilities Statements or any other proprietary information relative to this RFI shall be submitted via email to brenda.i.mena.civ@mail.mil no later than 10:00 a.m. E.S.T. on Tuesday, 12 July 2022.
 
Web Link
SAM.gov Permalink
(https://sam.gov/opp/82718720dfc34e53ae99fbcca19fe2da/view)
 
Place of Performance
Address: Silver Spring, MD 20910, USA
Zip Code: 20910
Country: USA
 
Record
SN06376116-F 20220702/220630230214 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.