SOURCES SOUGHT
R -- Procure the delivery of a new Enterprise QualityNet Identity Management System (EQIMS) to include the implementation of mulifactor authentication for critical QualityNet systems.
- Notice Date
- 3/11/2011
- Notice Type
- Sources Sought
- NAICS
- 541511
— Custom Computer Programming Services
- Contracting Office
- Department of Health and Human Services, Centers for Medicare & Medicaid Services, Office of Acquisition and Grants Management, 7500 Security Blvd., C2-21-15, Baltimore, Maryland, 21244-1850
- ZIP Code
- 21244-1850
- Solicitation Number
- CMS-2011-8A-0010-HLH
- Archive Date
- 4/5/2011
- Point of Contact
- Herman L. Harris, Phone: 410-786-9104, Tonya D. Anderson, Phone: 410-786-4087
- E-Mail Address
-
Herman.Harris@cms.hhs.gov, Tonya.Anderson@cms.hhs.gov
(Herman.Harris@cms.hhs.gov, Tonya.Anderson@cms.hhs.gov)
- Small Business Set-Aside
- Competitive 8(a)
- Description
- This is a Sources Sought Notice to determine the availability of potential 8(a) contractors to ensure the speedy delivery of a new Enterprise QualityNet Identity Management System (EQIMS) to include the implementation of multifactor authentication for critical QualityNet systems including the CROWNWeb End Stage Renal Disease system, Hospital Reporting, Physician Quality Reporting and a number of Quality Improvement Organization programs essential to the success of the QIO 10th Scope of Work. The Centers for Medicare & Medicaid Services (CMS) is looking for an 8(a) contractor, including those that are currently on a GWAC or GSA schedule, that have the ability to team with Medicare Vendors, and possess a track record of success with project of this scope. In order to respond to this notice, contractors must be able to perform (demonstrate their experience and or an ability to provide) all of the following capabilities: 1. On a continued basis, the Contractor shall analyze its operation, and maintain and improve the quality, accuracy, reliability, efficiency, and cost-effectiveness of all services provided, with emphasis on devising and developing better methods and/or procedures to ensure the work is; high quality, accurate, reliable, timely, validated, adjudicated, and securely stored at all times. This will be accomplished by establishing and maintaining a secure environment that is in compliance with Federal Information System Manangement Act (FISMA) and CMS security standards. 2. The Contractor shall have the ability to follow and be responsible for artifacts of the CMS Investment Life Cycle (ILC) processes and methods, and to that end, have a full understanding of the CMS ILC process. 3. The contractor shall have the ability to begin work within 60 days after contract award to transition from existing CMS Identity Management (IDM) systems and deliver additional releases within the next eight months, following the full CMS ILC, to support the Quality system needs. The CMS ILC covers roughly 90 days for actual development time; everything else accommodates other ILC gate reviews and artifact deliveries. 4. The contractor shall have the ability to receive/accept the new Enterprise IDM Business Requirements for the purpose of meeting all other ILC artifacts and 90 days worth of development no later than 60 days after contract award. 5. The contractor shall have the ability to act as a systems integrator with other CMS Quality development schedules and systems in support of their IDM requirements. 6. Respondents shall include the following in your response: Business Information - a. DUNS: b. Company's Name c. Company's Address d. Company Point of Contact, Phone and Email address e. Do you have a Government approved accounting system? If so, please identify the agency that approved the system. f. Type of Company (contractors submitting capability statements for this notice must be certified 8(a) as validated via the Central Contractor Registration (CCR). All offerors must register on the CCR located at ttp://www.ccr.gov/index.asp and provide; g. Current GSA Schedules appropriate to this Sources Sought h. Name of Subcontractor(s), if any i. Ability to meet all FISMA security requirements Technical Considerations The prospective Contractor shall consider their experiences and findings under similar contracts in determining its approach and response to this sources sought notice. 1. The Contractor shall have the ability to accommodate all current system development and Investment Lifecycle (ILC) processes and work flows required to successfully leverage the QualityNet infrastructure 2. The prospective Contractor services shall include: the review of existing requirements for the design and development of the QualityNet Identity Management System (QIMS), the review of existing requirements for the design and development of the other Quality Systems Identity Management Systems such as OARS, the ability to interact with CMS Government Task Leads (GTLs), Federal Program Managers, support IT Help Desk(s) and infrastructure contractors, as well as the ability to partner with other Application Development Organizations (ADOs). The Contractor will provide technical expertise in identity management, identity provisioning, project management, as well as all technologies employed to-date in the development to the QIMS system. In the continued development and delivery of an Enterprise Quality Identity Management System (EQMIS), the contractor must follow rules and guidelines established in the appropriate National Institute Standards and Technology (NIST) special publications suite that address the development of IT systems, identity management systems, and application of security requirements, including, but not limited to; NIST Special Publication 800-53, NIST Special Publication 800-63, and NIST Special Publication 163. The Contractor must also follow guidelines established in the CMS Information Security (IS) "Virtual Handbook", which is the set of all CMS policies, standards, procedures, and guidelines which implement the CMS Information Security Program. See http://www.cms.gov/informationsecurity/. The specific set of CMS IT security standards that must be met are the Acceptable Risks and Safeguards (ARS) and any IT security standards established by FISMA, e.g, the Federal Information Processing Standards (FIPS). In addition, the Contractor must have a command of technologies employed as a requirement of the CMS Technical Reference Architecture (TRA) as employed by the systems with which legacy Quality Identity Management systems must be integrated. 3. The Contractor shall consider that the requirement for this effort is to review and accept project requirements and ensure that the delivered application meets those established requirements. In addition, the application must be available to be integrated with a large number of OCSQ program deliverables. Attached is a partial listing of QCSQ QualityNet projects and their associated development timelines. 4. The contractor must have the capability to assume responsibility, if needed, for any previously developed QIMS code as soon as the contract is awarded and have the ability to correct any findings from the CMS Verification and Validation (V&V) and Security Test & Evaluation (ST&E) testing to be corrected, and released no later than 7/7/2011. 5. The contractor must have the capability to also intake the next release of Business Requirements for the Enterprise IDM no later than 45 days after the award of the contract to ensure a Quality Systems Enterprise IDM release. The contract must account for all CMS ILC gate reviews, processes and artifacts. 6. The contract must have the ability to intake a set of IDM requirements for the various Quality Programs, collaborate with the CMS Phase 1 Project Management and Business Requirements (PMBR) contractor to establish a set of Enterprise IDM BR's, coordinate with the Phase 4 Development Environment Consolidation Contract (DECC) contractor to align timelines, and to develop, test, and release a full blown Enterprise IDM to integrate with all Quality systems developed under the CMS Phase 4 DECC contract as identified in the attached integration timeline. An example of this is that the IDM must be in V&V no later than 8/9/2011 in support of the Hospital Reporting Program. These programs include Hospital Reporting, Physician Quality Reporting, End Stage Renal Disease Reporting and the Quality Improvement Program. The contractor must meet Phase 4 DECC development and V&V timelines from an interface perspective of having the Enterprise IDM ready by the dates in the attached integration timeline. The contractor must have the ability to meet the below high level timelines: Integration Deliverables March,April 2011 Final enterprise IDM Requirements collaborated and Accepted May, June, July 2011 PDR,DDR and Development of Enterprise IDM August 2011 Delivered Code set Enterprise IDM to V&V Transition From the initial start of the contract award, the new contracotr will accommodate transition activities from the incumbent Contractor, within an agreed upon time period established by CMS. Responses must be submitted not later than 10:00AM, ESD, Monday, March 21, 2011. Capability statements will not be returned and will not be accepted after the due date. The maximum number of pages for submission is 10 pages. This Sources Sought Notice is for informational and planning purposes only and is not to be construed as a commitment by the Government. This is not a solicitation announcement for proposals and no contract will be awarded from this Notice at this time. No reimbursement will be made for any costs associated with providing information in response to this Notice. Respondents will not be notified of the results of this evaluation.
- Web Link
-
FBO.gov Permalink
(https://www.fbo.gov/spg/HHS/HCFA/AGG/CMS-2011-8A-0010-HLH/listing.html)
- Place of Performance
- Address: Contractor's Facility, United States
- Record
- SN02398919-W 20110313/110311234337-d0e1f4eb19799ed1298176f7886bef74 (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |