Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF MAY 19, 2012 FBO #3829
SOURCES SOUGHT

R -- Certification and Accreditation (C&A) Support of OVERARCHING INFORMATION SYSTEMS(OIS)

Notice Date
5/17/2012
 
Notice Type
Sources Sought
 
Contracting Office
ACC-APG - Aberdeen Division B, HQ CECOM CONTRACTING CENTER, 6001 COMBAT DRIVE, ABERDEEN PROVING GROU, MD 21005-1846
 
ZIP Code
21005-1846
 
Solicitation Number
W15P7T-12-R-CAOIS
 
Response Due
5/29/2012
 
Archive Date
7/28/2012
 
Point of Contact
Catherine Blount, 443-861-8020
 
E-Mail Address
ACC-APG - Aberdeen Division B
(catherine.a.blount.civ@mail.mil)
 
Small Business Set-Aside
N/A
 
Description
W15P7T-12-R-CAOIS Market Research QuestionnairePage 1 of 6 This is a Request for Information (RFI) only. Do not submit a proposal or quote. Interested capable contractors are invited to response to the information request and questions in Appendix A. Responses should follow this format and be submitted electronically as one complete document. This RFI is for informational purposes only and is not to be construed as a commitment by the Government to procure any items/services, or for the Government to pay for the information received. The information requested is to assist the Government in the development of the acquisition strategy for the satisfaction of the stated requirements. DESCRIPTION OF REQUIREMENTS The contractor will be expected to perform tasks including, but not limited to: REQUIREMENTS The contractor shall provide certification and accreditation related engineering services to support this effort by providing technical support and recommendations for implementing, verifying, and validating secure architecture, design, and configuration; regulation compliance assessments; meeting and briefing support, and engineering support necessary to the development of a securely configured system to achieve system certification, approval to deploy on to the DoD Global Information Grid (GIG), approval to deploy in to the Army LANDWARNET, or approval to operate as necessary to deploy the mission application to already accredited servers, platforms, and enclaves such as deployment or hosting on Army Area Processing Centers (APCs) or Defense Information Systems Agency (DISA) server facilities. Perform Independent Validation of Information Assurance (IA) Controls oIndependently verify and validate that the system is compliant with IA controls and requirements are implemented in accordance (IAW) DoD and Army policy as they apply to the system under evaluation. Conduct Preliminary Validation Assessments oWithin 30 days of initial notification, the contractor shall conduct preliminary validation assessments, prior to the formal certification test and validation noted above, and makes recommendations to mitigate identified security shortcomings to an acceptable level. The initial assessment report shall be provided not later than 20 calendar days after completion of initial assessment in order to provide the customer with an opportunity to rectify the vulnerabilities before final testing. Subsequent to customer implementation of the recommendations, the contractor shall test the modifications as part of the overall certification test and complete the analysis. Review System Documentation oThe contractor shall review system documentation related to the IA controls applicable to a particular system and provide comments as required. QuestionnairePage 2 of 6 Produce and Provide DIACAP Artifacts oAfter completing the testing for independent verification and validation of a systems compliance with established IA controls, the contractor shall provide certification and accreditation artifacts that are compliant with AR 25-2 and the DIACAP. Any tools used in the assessment shall be those that are approved by the Army. Artifacts provided and procedures used shall meet the requirements of Army and DoD guidance for DIACAP. Provide Consultation and Briefings to the ACA and Other Senior Leaders oBased on the contractor's assessment of a particular system, the contractor shall provide the Chief of the Software Assurance Division (SwAD) Software Support Services Directorate(S3D), Software Engineering Center (SEC), in their role of Agent of the Certification Authority (ACA), and other senior leaders, the consultation and briefings required to thoroughly understand issues uncovered during independent assessments and potential solutions so that they can make informed recommendations and decisions relevant to Army and DoD C&A processes. This support shall include preparation of the decision briefings as required. Provide a Properly Trained and Certified IA Workforce to Perform C&A oConsistent with the Defense Federal Acquisition Regulation Supplement (DFARS) 252.239-7001, Information Assurance Contractor Training and Certification, the contractor shall ensure that personnel accessing information systems have the proper and current information assurance certification required to perform information assurance certification and accreditation in accordance with DoD 8570.01-M, Information Assurance Workforce Improvement Program as implemented by Army policy and Best Business Practice (BBP). Consistent with Army policy, new personnel may perform work on this task order for up to six months while they are being trained and certified as long as they are under the proper supervision of a properly trained, certified, and experienced person from the contractor's staff. The Contractor shall meet the applicable information assurance certification requirements, including: DoD-approved information assurance workforce certifications appropriate for each category and level as listed in the current version of DoD 8570.01-M; and Appropriate operating system certification for information assurance technical positions as required by DoD 8570.01-M. Upon request by the Government, the Contractor shall provide documentation supporting the information assurance certification status of personnel performing information assurance functions. Contractor personnel who do not have proper and current certifications shall be denied access to DoD information systems for the purpose of performing information assurance functions. QuestionnairePage 3 of 6 Monthly Progress Reports oMonthly progress reports shall detail the progress to date when compared to specified milestones and be presented during the first bi-weekly progress meeting of each month between the SEC Software Assurance Division Chief and the contractor Project Managers. Support Resource Estimation and Tracking oThe contractor shall provide resource estimation and tracking. Monthly Performance and Cost Reports shall contain detailed project or system information for each task, as well as the entire Task Order. Support Coordination oThe contractor shall coordinate all direct contact with the system owner, the ACA, and DAA staff with the SEC project leader or the SEC ACA. Provide a Preliminary Plan of Action and Milestones (POA&M) oThe contractor shall provide a preliminary POA&M for the system to aid the system owner in submitting the document in support of an approval decision. This preliminary POA&M is provided to help the system owner fulfill their responsibilities and it will not be maintained by the contractor or ACA. The system owner (also known as program or project manager) will complete finalize the POA&M and will submit it to the Army Certification Authority (ACA). Refer to AR 25-2 and the associated Army Best Business Practices (BBPs). A generic POA&M will be submitted as part of the Task Execution Plan (TEP) developed during the proposal process. Security Recommendations Document (SRD) oThe contractor shall provide a Security Recommendations Document (SRD) which will provide technical configuration guidance based on applicable commercial practices, Defense Information Systems Agency (DISA) and National Security Agency (NSA) guidance, and BBPs to customers. Assess Compliance oThe contractor shall assess compliance of the mission application, system, network, or enclave with the Information Assurance Vulnerability Management (IAVM) program to include implementation of and compliance with Alerts (IAVAs), Bulletins (IAVBs), and Technical Tips. Any IAVAs that occur after test and through package submission for DAA approval shall be analyzed for applicability to the system and documented in the IA Risk assessment artifact that is part of the C&A package. This analysis shall include an assessment of the acceptability and suitability of the project manager's or system owner's plan for maintaining IAVM compliance while considering the system's mission and operational environment. oThe contractor shall provide follow-up assessment of the implementation of the fixes as identified in the POA&M, post approval. Consistent with the DIACAP, this is required up to six months post an approval decision. Validation of fixes identified in the POA&M may be required even for a system that achieves full Approval to Operate (ATO). This assessment will include validation of the system owner's implementation of their IAVM process for their system. QuestionnairePage 4 of 6 ANTICIPATED PLACES OF PERFORMANCE: Performance will take place at the contractor's location for analysis of test results and production of DIACAP artifacts. The hands-on testing of the test artifacts will take place at the location that the test article is located. Performance will take place at the contractor's location for analysis of test results and production of DIACAP artifacts. The hands-on testing of the test artifacts will take place at the location that the test article is located. the SwAL operations site will be located at Aberdeen Proving Ground (APG), Maryland or other CONUS location for the overarching information systems that the system owner/project manager, such as the vicinity of Huntsville, Alabama, Fort Rucker, Alabama, Picatinny Arsenal, New Jersey, Fort Irwin, California, Fort Bliss, Texas, Fort Hood, Texas, and Detroit Michigan. QuestionnairePage 5 of 6 APPENDIX A Page 1 of 2 1. Please provide the following Point of Contact information: Company: Address: Point of Contact: Phone Number: Fax Numbers: Email Address: 2. Please identify your company's business size standard based on the applicable Small Business Size Standard, NAICS code of 541330. For more information refer to http://www.sba.gov/content/table-small-business-size-standards. Large Business Concern Small Business (SB) Concern 8(a) Small Disadvantaged Business (SDB) Woman-Owned Small Business Historically Underutilized Business Zone (HUBZone) Veteran-Owned Small Business Service-Disabled Veteran-Owned Small Business 3. If you identify your company as a Small Business or any of the SB subcategories as stipulated in Question # 2, then is your company interested in a prime contract for the Certification and Accreditation (C&A) Support of Overarching Information Systems (OIS)? 4. Under the current SB recertification regulations, do you anticipate your company remaining a small business, under NAICS Code 541330? If you are a SB answer questions 4A.through 4C. All others skip to Question #5. A.If your company is awarded the contract, will you be able to perform at least 50% (percent) of the work required in house? B.If you are a small business, can you go without a payment for 90 days? C.Do you meet the non-manufacturer rule of FAR Clause 52.219-14? If so, how? D.Has your company performed this type of effort or similar type of effort (to include size and complexity) before? If so, provide Contract Number, Point of Contac (POC), e-mail address, phone number and a brief description of your direct support of the effort? E.Are you are planning on teaming with other companies? Please list the process used in selecting the members. 5. Does your company possess the capabilities to independently provide the entire range of services called for in the above requirements? ______ YES _______ NO 6. If you answered YES to Question # 5, what services called for in the above requirements can your company provide? Please provide specific examples. QuestionnairePage 6 of 6 APPENDIX A Page 2 of 2 7. If you answered NO to Question # 5, what services called for in the above requirements can your company provide? Please provide specific examples. Please identify how the services which you cannot provide will be provided if the full range of services is required in any subsequent acquisition (link to question 9 as appropriate). 8. Can you acquire enough space to perform this task prior to contract award or within 15 calendar days after contract award? 9. Please provide details regarding proposed joint ventures, teaming arrangements, strategic alliances, or other business arrangements to satisfy requirements of the above requirements. Offerors are encouraged to identify teams, indicating each team member's size status based upon the North American Industrial Classification System (NAICS) code of the work that the team member may be doing. 10. Is your company currently providing similar services to another government agency (you may also include contract #s for government) or other non-government customer? If so, please identify the agency or non-government customer. If you are unwilling to share your customer's identity, please address whether your company offers the same or similar services commercially. 11. Interested companies may also provide a "White Paper" (no more than 10 pages in length) describing how its products and technical expertise could produce and deliver such a capabilities as described in the requirements above. Also, identify your company's past and current customers to which you provided similar products, including a customer/company name and point of contact, phone number and address/e-mail where they can be contacted. 12. Describe any experience operating in hostile, contingency or combat environment, in support of military operations worldwide. 13. Does your company have a SECRET facility clearance and a SECRET safeguarding capability or access to one should it be required? If not, can you acquire a SECRET facility clearance and SECRET safeguarding capability prior to performance (note if the facility clearance is to be provided by a team member)? 14. Does your company have a DCAA approved accounting system to accommodate Cost-Plus-Fixed-Fee Contracts? ***All information should be provided via electronic mail to Catherine Blount at Catherine.a.blount.civ@mail.mil, at no later than close of business, 29 May 2012.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/notices/ccec8b70255904d1c6d00c1d499281c5)
 
Place of Performance
Address: ACC-APG - Aberdeen Division B HQ CECOM CONTRACTING CENTER, 6001 COMBAT DRIVE ABERDEEN PROVING GROU MD
Zip Code: 21005-1846
 
Record
SN02751450-W 20120519/120518001046-ccec8b70255904d1c6d00c1d499281c5 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.