Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF FEBRUARY 03, 2024 SAM #8103
SOURCES SOUGHT

70 -- External Assessment Services (SAVD EAS) and Perimeter Defense - New (VA-24-00032846)

Notice Date
2/1/2024 12:58:03 PM
 
Notice Type
Sources Sought
 
NAICS
541512 — Computer Systems Design Services
 
Contracting Office
TECHNOLOGY ACQUISITION CENTER NJ (36C10B) EATONTOWN NJ 07724 USA
 
ZIP Code
07724
 
Solicitation Number
36C10B24Q0174
 
Response Due
2/8/2024 1:00:00 PM
 
Archive Date
04/08/2024
 
Point of Contact
Sean Doyle, Contract Specialist
 
E-Mail Address
sean.doyle@va.gov
(sean.doyle@va.gov)
 
Awardee
null
 
Description
Request for Information Technical Evaluation Security Testing (TEST) VA-24-00032846 Introduction This RFI is for planning purposes only and shall not be considered an Invitation for Bid, Request for Task Execution Plan, Request for Quotation or a Request for Proposal. Do not submit a TEP. Additionally, there is no obligation on the part of the Government to acquire any products or services described in this RFI. Your response to this RFI will be treated only as information for the Government to consider. You will not be entitled to payment for direct or indirect costs that you incur in responding to this RFI. This request does not constitute a solicitation for proposals or the authority to enter into negotiations to award a contract. No funds have been authorized, appropriated or received for this effort. The information provided may be used by the VA in developing its acquisition strategy and PWS. Interested parties are responsible for adequately marking proprietary, restricted or competition sensitive information contained in their response. The Government does not intend to pay for the information submitted in response to this RFI. Be advised that set-aside decisions may be made based on the information provided in response to this RFI. Responses should be as complete and informative as possible. 2. Submittal Information: All responsible sources may submit a response in accordance with the below information. There is a page limitation for this RFI of 20 pages. The Government will not review any other information or attachments included, that are in excess of the 20 page limit. NO MARKETING MATERIALS ARE ALLOWED AS PART OF THIS RFI. Generic capability statements will not be accepted or reviewed.  Your response must address capabilities specific to the services required in the attached PWS and must include the following: Interested Prime Contractors shall at a minimum, provide the following information in the initial paragraph of the submission: Name of Company Address Point of Contact Phone Number Fax Number Email address Company Business Size and Status For VOSB and SDVOSBs, proof of verification in SBA VetCert NAICS code(s) Socioeconomic data Data Universal Numbering System (DUNS) Number Provide a summary of your capability to meet the requirements contained within the draft PWS for the following areas: Indicate whether you have experience creating a Red Team program with documentation at CMMI Level 3 Describe your approach for ensuring that your reports and documentation are clear, concise, and actionable. Provide a description of your direct experience supporting cyber planning and program development at large scale Federal (i.e., Cabinet Level agency) and/or commercial industry organizations (i.e., Fortune 500 companies), as prime contractor. Provide a description of your direct experience providing cybersecurity services to large scale commercial life sciences and healthcare organizations (e.g., hospital systems, medical device companies, insurance, or benefit providers), as prime contractor. Provide a description of your ability to provide dedicated virtual lab and innovation spaces, such as IoT labs, innovation labs, and /or cyber fusion centers, where new concepts and capabilities may be explored and tested, and stakeholder workshops and engagement may occur. Provide a description of your digital assets and products that can apply machine learning techniques and open-source monitoring capabilities to monitor, track, and analyze changes in emerging technologies and Federal policy that may impact the VA. Please summarize your existing partnerships with and / or memberships in leading cybersecurity in Government and healthcare industry organizations (e.g., Cloud Security Alliance; Health-ISAC; Advamed). Describe of your ability to maintain a pipeline of sufficiently qualified cybersecurity professionals, including those with relevant leading industry certifications such as PMP, CISSP, CISA, CEH, CISM, OSCP, CompTIA Security+, Comp TIA A+, COMPTIA Advance Security Practitioner (CASP+), CompTIA Cyber Security Analyst (CySA+), CompTIA Network+.  Please provide the number of professionals who currently hold these certifications within your organization. What are your experiences with successfully executing Red Team operations with other Federal Agencies? Provide a description of your approach to emulating VA adversaries from the internet, similar to a Nation-State Advanced Persistent Threat (APT) group and utilizing all known and custom Tactics, Techniques, Procedures (TTP) as required in section 5.2 of the PWS. Provide a description of your approach to maintaining at least four continuous ongoing operations per Period of Performance (PoP) as required in section 5.2 of the PWS. Provide a description of your approach to determining the most effective team size and structure, with qualifications for each team member, to perform the tasks in PWS section 5.2, 5.3, and 5.4. Describe your approach to maintaining 25 Red Team operations per performance quarter for a total of 100 per PoP as required in section 5.3 of the PWS. Describe your approach to developing attack techniques and operational objectives as listed in PWS section 5.3. Provide your approach to support security testing, including agile fast attack Red Teaming, penetration testing, Web Application Security Assessment (WASA), Mobile Application Security Assessment (MASA), Physical and Logical Perimeter Security testing as required in section 5.4 of the PWS. Provide your approach to support flexible and agile tasking(s) from the government within 72 hours (including weekends) to include travel to locations when required by the Government, as required in section 5.4 of the PWS. Describe your approach to ensuring Red Teaming activities are always Safe, Legal and Ethical Describe your approach to how Red Teaming will be customized to VA s needs. Describe your plan for managing potential conflicts of interest or ethical dilemmas that may arise during a Red Team engagement. Describe your mechanisms for continuously improving your red team training capabilities and for staying current with threats and proven methods and practices. Describe your approach for ensuring that Red Team activities are aligned with VA s goals and priorities. Include examples of how this was done for other large scale Federal (i.e., Cabinet Level agency) and/or commercial industry organizations (i.e., Fortune 500 companies), as prime contractor. Describe the extent to which you are familiar with relevant VA policies, Federal legislations, executive orders, and mandates that supports the need for cybersecurity in VA? NOTE: Technical questions may be submitted as part of your response, however, questions directed to the customer are prohibited. Small businesses should also include information as to: Your company s intent and ability to meet the set aside requirement in accordance with VAAR 852.219-73 (JAN 2023) (DEVIATION) VA Notice of Total Set-Aside For Certified SDVOSBs and 13 CFR §125.6, which states the contractor will not pay more than 50% of the amount paid by the government to the prime for contract performance to firms that are not certified SDVOSBs listed in the SBA certification database (excluding direct costs to the extent they are not the principal purpose of the acquisition and the SDVOSB/VOSB does not provide the service, such as airline travel, cloud computing services, or mass media purchases). When a contract includes both services and supplies, the 50 percent limitation shall apply only to the service portion of the contract. Your response shall include information as to available personnel and financial resources; full names of proposed team members and the PWS requirements planned to be subcontracted to them, which must include the prime planned percentage or the names of the potential team members that may be used to fulfill the set aside requirement. Has the draft PWS provided sufficient detail to describe the technical requirements that encompass the software development and production operations support services to be performed under this effort. ______ YES _______ NO (if No, answer question c) If NO , please provide your technical comments/recommendations on elements of the draft PWS that may contribute to a more accurate proposal submission and efficient, cost effective effort. Responses are due no later than 4:00PM Eastern Time, Thursday February 1st via email to Contract Specialist Sean Doyle at sean.doyle@va.gov, and Contracting Officer Evan Schlisserman at evan.schlisserman@va.gov.  Please note RFI VA-24-00032846 Technical Evaluation Security Testing (TEST) in the subject line of your response.  Mark your response as Proprietary Information if the information is considered business sensitive.  The email file size shall not exceed 5 MB.
 
Web Link
SAM.gov Permalink
(https://sam.gov/opp/0d16336d17fb46358a71a84dc8686883/view)
 
Record
SN06952938-F 20240203/240201230045 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.