Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF JULY 30, 2011 FBO #3535
SOURCES SOUGHT

D -- USAF, AFSPC, AFNIC’s Information Assurance (IA) Support

Notice Date
7/28/2011
 
Notice Type
Sources Sought
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
Defense Information Systems Agency, Procurement Directorate, DITCO-Scott, 2300 East Dr., Building 3600, Scott AFB, Illinois, 62225-5406, United States
 
ZIP Code
62225-5406
 
Solicitation Number
MAC0041
 
Archive Date
8/20/2011
 
Point of Contact
Matthew R. Cassady, Phone: 6182299713
 
E-Mail Address
matthew.cassady@disa.mil
(matthew.cassady@disa.mil)
 
Small Business Set-Aside
N/A
 
Description
Request for Information (RFI) for USAF, AFSPC, AFNIC’s Information Assurance (IA) Support 1. Contracting Office Address: Defense Information Systems Agency, DITCO-Scott PL8313, P.O. 2300 East Drive, Bldg 3600, Scott AFB, IL, 62225-5406 2. Description: 2.1. PURPOSE : The US Air Force, AF Space Command (AFSPC), Air Force Network Integration Center (AFNIC) is conducting this Request for Information (RFI), for Information Assurance (IA) Support to the AF Certifying Authority (CA) and AF Designated Accrediting Authority (DAA). This requirement involves researching and analyzing AF, Joint, and DoD IT systems, programs and initiatives (including but not limited to AF terrestrial networks and systems, command & control systems, and voice network switches), implemented with a variety of accessibility and classification levels, to assess system security postures and residual risk of existing/remaining vulnerabilities to the AF-GIG, develop/complete Certification & Accreditation (C&A) strategy determinations, to produce C&A recommendation and technical reports, and network-related assessments. Areas of focus are: · Security engineering C&A · Information Technology (IT) system evaluation and analysis · Certification determination and accreditation decision recommendation development · Creation/processing of staffing packages for certification determinations & accreditation decisions · Integrated Solutions Management and Performance Benchmarking · Asset management 2.2. THE GOVERNMENT DOES NOT INTEND TO AWARD A CONTRACT ON THE BASIS OF THIS RFI OR REIMBURSE ANY COSTS ASSOCIATED WITH THE PREPARATION OF RESPONSES TO THIS RFI. 2.3. This RFI is issued solely for information and planning purposes and does not constitute a solicitation. All information received in response to this RFI marked Proprietary will be handled accordingly. Responses to the RFI will not be returned. Whatever information is provided in response to this RFI will be used to assess tradeoffs and alternatives available for determining how to proceed in the acquisition process for AFNIC’s IA Support. In accordance with FAR 15.201(e), responses to this RFI are not offers and cannot be accepted by the Government to form a binding contract. 2.4. This RFI is a request for all interested parties including small businesses to describe their technical capabilities and demonstrated experience with support for AFNIC’s IA Support contract needs. Interested parties should describe their technical capabilities and demonstrated experience with security engineering C&A, IA security policy and implementation, technical assessment and analysis, enterprise IT policy and planning, integrated solutions management, business process reengineering, and asset management. All interested contractors are requested to provide written response to the requirements detailed below. A response to this RFI is necessary in order to assist DISA in determining the potential levels of interest, adequate competition, and technical capability within the Small Business Community to provide the required services. In addition, this information will be used to assist DISA in establishing a basis for developing any subsequent potential subcontract/small business participation plan and/or small business goal percentages. 2.5. The acquisition has the following Objectives and tasks: - Objective 1 – Information Technology (IT) System IA Security Assessments (Staff requires DoD 8570.01-M certification(s)-IAM Level 1 [12%], 2 [75%], and 3 [13%]) -- Objective 1, Task 1 – Reviews and Assesses IT System Security Documentation -- Objective 1, Task 2 – Provides Security Assessment Reports -- Objective 1, Task 3 – Provides Security Determination Suggestions for Air Force (AF) Certifying Authority (CA) Staffing Packages (to AF Designated Accrediting Authority [DAA]) -- Objective 1, Task 4 – Performs Internal and External Communications -- Objective 1, Task 5 – Attends Technical Meetings -- Objective 1, Task 6 – Provides Technical Reviews/Comments -- Objective 1, Task 7 – Provides Status Reports -- Objective 1, Task 8 – Performs Functional User Testing (internal to AF CA/DAA organizations) - Objective 2 – IT System IA Security Assessments Support (Does NOT require DoD 8570.01-M certification) -- Objective 2, Task 1 – Builds, Staffs, and Tracks Security Determination/Recommendation Staffing Packages -- Objective 2, Task 2 – Performs Administrative Support Work Related to IT System Security - Objective 3 – Manages AF Resources and Network Requirements for this Contract (Does NOT require DoD 8570.01-M certification) -- Objective 3, Task 1 – Manages an AF-Designated Funding Line for a Dedicated Contract Equipment Account and Network Connectivity - Objective 4 – Delivery/File Management of Deliverables and Supporting Artifacts ( Does NOT require DoD 8570.01-M certification ) -- Objective 4, Task 1 – Performs File Management 2.6. To accomplish the tasks outlined, contractor will be required to support the activities of the AF Certifying Authority by providing technical expertise, conducting IA analysis, and collaboratively interfacing with internal and external customers from action officer to senior management level, who are military, civil servants, and other contractors; from AF, DoD non-DoD, Federal Agencies, and private industry; at bases, commands, Air Staff, and non-AF locations; in accordance with (IAW) local, AF, DoD, CJCS, federal, and public law; in support of all AF and many guest (non-AF) IT systems and capabilities operationalization using AF C&A tools (currently eMASS and SharePoint). This work is expected to be conducted in a contractor-controlled facility with NIPRNet connectivity on or near Scott AFB, Illinois. Work may require move to Peterson AFB based on outcome of functional reorganization. SIPRNet connectivity may be included if the contractor has or is in the process of obtaining a DSS-accredited SECRET classified facility. 3. Sources Sought: 3.1. This Sources Sought Synopsis is requesting responses to the following criteria from interested parties that can provide the required services under the North American Industry Classification System (NAICS) Code 541512 and 541519. This Synopsis is encouraging responses from any qualified and capable source, including Small Businesses, Service Disabled-Veteran Owned Small Businesses, Veteran-Owned Small Businesses, Women-owned Small Businesses, HUBZone Small Businesses, Small Disadvantaged Small Businesses, Historically Black Colleges and Universities/Minority Institutions, Small Business Joint Ventures, Consortiums and Teaming Partners. This Sources Sought Synopsis is issued to assist the agency in performing market research to determine whether or not there are two or more qualified and capable Small Businesses to provide the aforementioned service. 3.2. In order to make a determination for a small business set-aside, two or more qualified and capable small businesses must submit responses that demonstrate their qualifications. Responses must demonstrate the company’s ability to perform in accordance with the Limitations on Sub-contracting clause (FAR 52.219-14). Interested small businesses meeting the small business standard of NAICS code 541512 and 541519 are requested to submit a response to the POCs provided at the end of this release within 10 calendar days of issuance of this RFI. Late responses will not be considered. Responses should provide the business’s DUNS number and CAGE code and include a statement of self certification under the NAICS code. Additionally, responses should include recent (within the past three years or work that is on-going) and relevant experience (work similar in type and scope) to include contract numbers, project titles, dollar amounts, and points of contact with telephone numbers where the responder performed the relevant work. Marketing brochures and/or generic company literature will not be considered. Not addressing all the requested information may result in the Government determining the responder is not capable of performing the scope of work required. 3.3. Personnel will need at minimum DoD Secret clearances. 4. Requested Information: Interested vendors are requested to submit a maximum 15 page statement of their knowledge and capabilities to perform the following: 4.1. Historical/Relevant Metrics for Reference: · Performed approximately (~) 200 full system assessments and ~ 45 abbreviated circuit-enclave assessments per month in FY11 · Conducted ~ 10 collaboration conference calls; average duration 25 minutes per call; maximum duration 90 minutes, in FY11 · Responded to ~ 75 collaboration e-mails per month spending ~ 20 minutes per e-mail in FY11 · Processed ~ 300 staffing packages per month in FY11 · Less than.5% of assessment workload (actually less than 5 systems) involved TS requirements · 1-2 Surge periods annually; ~ 2-4 weeks in duration; 110-120 additional systems were evaluated; ~ 150 additional staffing packages were processed per period; surge work involved ~ 85 % DoD 8570.01-M certified personnel and 15% non-DoD 8570.01-M certified personnel · Contractor will maintain a government funded account for acquisition and implementation of contractor staff IT hardware/software assets and network connectivity (NIPR/possibly SIPR) 4.2. Describe your experience conducting IA security assessments on the complete spectrum of IT systems/capabilities (enclaves, systems, real time services, telephony, etc.) with emphasis on analytical determinations in the areas of system/capability security postures; IA security control compliance levels; accuracy, effectiveness and appropriate technical configuration of implemented security measures; accuracy of ports, protocols and services submissions; risk and vulnerability levels based on severity categories, impact codes, and effectiveness of mitigation strategies; residual risk impacts to major backbone transport networks (e.g.,.mil,.edu,.com, etc) based on unmitigated vulnerabilities; and recommendations for certification determinations, accreditation decisions, and connection authorizations. Experience prioritizing a high volume workload based on multiple government provided indicators (e.g., MAC level, urgency level, visibility level, etc.) should also be included. Describe your experience producing a variety of reports, utilizing a variety of reporting methods, and production of assessment products and analytical findings, C&A determinations, and recommendations to System CAs and/or DAAs. The experience should include, but not be limited to: experienced technical staffing which possesses, at a minimum, a current DoD 8570.01-M IAM level I, 2, or 3 certification (CompTIA Security+, GIAC GISF, GIAC GSLC, (ISC)2 CAP, ISACA CISM, (ISC)2 CISSP, GIAC GSLC) certification and a current NACLC investigation. NOTE: Response to this item may be divided into a 2 part answer—the first focusing on the assessments themselves and the second focusing on analysis of the assessment findings and products/determinations/recommendations made as a result. 4.3. Describe your experience in performing the administrative support activities related to item a) (previous factor), to include processing system staffing packages between contractor personnel and system/ base/MAJCOM POCs, CAs, DAAs, Service-level Headquarters and other DoD and federal agencies POCs. Also include experience in successfully managing tight, high volume workload schedules, and experience turning a variety of raw data into meaningful, value-added process measures/metrics/trends and improvement opportunities. 4.4. Describe your experience in supporting or implementing system Certification and Accreditation (C&A) efforts through the DoD Information Assurance Certification and Accreditation Process (DIACAP) by providing examples of successfully fielded system deployments. 4.5. Describe your experience and working knowledge of the enterprise Mission Assurance Support Service (eMASS) and Microsoft SharePoint. 4.6. Describe your experience and working knowledge of successfully architecting and implementing (to include obtaining appropriate inter- and intra-agency approvals) connections to the NIPRNet in contractor-controlled and/or non-government facilities. Include experience with managing budgetary accounts and equipment/asset inventory accounts. 4.7. Describe your experience and ability to perform general administrative support, to include but not limited to, file delivery and storage management, production of a variety of monthly status products, briefings, reports, etc, tracking of assessments/staffing packages/work product elements, conversion of raw data into production as well as administrative metrics with the goals of realizing/improving efficiencies, catching issues as they develop, and process improvement on both current processes and potential initiatives. Responses: Interested vendors should forward their capabilities and other information to be considered to michelle.hammell@us.af.mil. Responses to this RFI are to be submitted by and RECEIVED by 12:00 PM EST, 5 August, 2011. Responses must be single-spaced, Times New Roman, 12 point font, with one inch margins, and compatible with MS Office Word 2003. Proprietary information and trade secrets, if any, must be clearly marked on all materials. All information received that is marked Proprietary will be handled accordingly. Please be advised that all submissions become Government property and will not be returned. All government and contractor personal reviewing RFI responses will have signed non-disclosure agreements and understand their responsibility for proper use and protection from unauthorized disclosure of proprietary information as described 41 USC 423. The Government shall not be held liable for any damages incurred if proprietary information is not properly identified. Points of Contact: Project Manager: Michelle Hammell E-Mail: michelle.hammell@us.af.mil
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DISA/D4AD/DITCO/MAC0041/listing.html)
 
Record
SN02514313-W 20110730/110728235853-a690383c9bf2592d1935268e825a1e0a (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.