Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF JANUARY 16, 2013 FBO #4071
SPECIAL NOTICE

70 -- Clientless Secure File Transfer Solution

Notice Date
1/14/2013
 
Notice Type
Special Notice
 
NAICS
541490 — Other Specialized Design Services
 
Contracting Office
Department of Commerce, Office of the Secretary, Commerce Acquisition Solutions, Office of the Secretary, 14th & Constitution Avenue NW, Room 6521, Washington, District of Columbia, 20230
 
ZIP Code
20230
 
Solicitation Number
RFIForSecureFileTransferSolution
 
Point of Contact
Kirk D. Boykin, Phone: 2024822292
 
E-Mail Address
Kboykin@doc.gov
(Kboykin@doc.gov)
 
Small Business Set-Aside
N/A
 
Description
This Request for Information (RFI) is issued to survey the commercial market for potential clientless secure file transfer solutions to improve the current operations within the Department of Commerce. Contracting Office Address: U.S. Department of Commerce (DOC) Office of Acquisition Management (OAM) Commerce Acquisition Solutions (CAS) 14th Street and Constitution Avenue NW, Room 6521 Washington, DC 20230 This is not a solicitation for proposals. Request for Information for a Clientless Secure File Transfer Solution THIS IS A REQUEST FOR INFORMATION (RFI) ONLY - Solicitations are not available at this time. Requests for a solicitation will not receive a response. This notice does not constitute a commitment by the United States Government. All response and response contents to this RFI will be considered information only and will not be binding on the parties. Contractors responding to this request will not be obligated to provide the services described herein and it is understood by the United States Government that the costs provided as a result of this request are "best" estimates only. All information submitted in response to this announcement is voluntary; the United States Government will not pay for information requested nor will it compensate any respondent for any cost incurred in developing information provided to the United States Government. Statement of Work Clientless Secure File Transfer 1.0 PURPOSE The purpose of this statement of work is to gain information on FIPS 140-2 validated secure file transfer solutions for the Office of the Secretary (OS) and Department of Commerce (DOC) Operating Unit (OU) users. 2.0 SCOPE The Office of Networking and Telecommunications Operations (ONTO) within the Department of Commerce, Office of the Chief Information Officer (OS-OCIO) operates and maintains the current clientless secure file transfer solution for Department of Commerce users. The scope of this task order includes the following: • The Contractor shall provide planning, design, testing and implementation support to replace the current clientless secure file transfer solution. • The Contractor shall provide testing, and implementation support to implement authentication using HSPD-12 Personal Identity Verification (PIV) cards to the secure file transfer solution. 3.0 TASKS The Contractor shall provide a secure file transfer solution. OITS encourages vendors to propose implementation matrix to provide best proactive solutions. OITS will assign federal Task Manager(s) to oversee the various tasks and subtasks within this Task Order. 3.1 The contractor shall: • The Industry Partner shall provide a clientless solution that provides an encryption method for the transfer of files and documents for the Department of Commerce users. • The Industry Partner shall provide a clientless product that is FIPS 140-2 validated. • Clientless solution must be IPv6 compliant; • Clientless solutions must be HSPD-12 compliant; • Customizable policy engine for regulatory compliance: • Centralized policy management; • Support multiple authentication methods (i.e. Active Directory, LDAP, PIV credentials, etc); • Web interface that is customizable for configuring to Department of Commerce logo, warning banner, additional informational text, and hyperlinks for additional user guides, FAQs, etc; • Customizable file size or file type restrictions up to no limitations; • Licensing purchasing options should be in groups of 5 or more; • Licensing options should permit other Department of Commerce Operating Units to purchase for themselves but allow the Office of the Secretary to manage in the same solution; • The application should provide a comprehensive user and administrative manual and support environment; • Functioning the application should not require administrative privileges; • Ability for senders to receive notifications when documents are downloaded; • The application should be compatible for use on multiple operating systems (Windows, MACOS, tablets, Smartphones and blackberries); and • User interface but be as simple as possible. 3.2 Other considerations: • The application should be scalable up to 40,000 users; • Provide a secure, FIPS 140-2 validated Outlook Plugin for the encrypted transfer of electronic documents and files for the Department of Commerce; and • Provide a command-line utility for hands-off automated/scheduled sending and receiving of files. 4.0 Deliverables The Industry Partner shall provide the following deliverables: • Secure File Transfer Solution o The Industry Partner shall provide the Government with information and quote for a clientless FIPS 140-2 validated, secure file transfer solution that is IPv6 and HSPD-12 compliant. o The Industry Partner could provide the Government with a clientless solution for the Government to try free of charge for a limited period of time. 4.1.2 Reports Weekly Report. The Industry Partner will provide weekly electronic word document progress reports, which will include but not be limited to the following information: (a) Breakdown of project by individual tasks. (b) Discussion of work performed to date. Each discussion will contain a detailed narrative or analysis of the work performed or of the completed phases of study. Charts, tables, or diagrams relevant to the subject will also be included. The IP will present negative as well as positive findings and identify any areas that may require special attention. (c) Conclusions and recommendations drawn from the results to date. (d) The Industry Partner shall notify OCIO when expenditures have reached 80% of the allocated funding of the agreement. 4.1.3 Period of Performance Base contract of 1 year with 4 option years. 4.1.6 Deliverable Acceptance Criteria The Government requires ten (10) business days to complete a review of each deliverable to either accept or reject the deliverable in writing. When the Government fails to complete the review within this period, the deliverable will become acceptable on an interim basis for payment only. If deficiencies are discovered after this period, the Government shall provide in writing a description of all discrepancies to be corrected by the Industry Partner. The corrected deliverables shall be submitted to the Government within ten (10) business days at no additional cost to the Government. For work performed under the Task Order, the Government shall evaluate the work performed based on the degree to which the Industry Partner fulfills the objectives identified in the Work Description and Deliverables sections. Adherence to due dates for deliverables is viewed as a major performance indicator. Failure to adhere to the due dates for the deliverables could be cause to cancel the remaining work under the Task Order without cost impact over the amount obligated and incurred through the date of cancellation. If at any time during this portion of the Task Order, the PTM finds that the quality of service does not fulfill the requirements of the deliverables under the Task Order, the PTM will inform the OCIO COR of the poor performance. The OCIO COR will inform the CO, who shall provide official written notification to the Industry Partner of the poor performance issue(s). If the cause of the performance problem is attributed to Industry Partner's personnel, the CO shall provide cure notice with a maximum of 10 working days to resolve the performance issue. If after 10 working days the issue is not resolved, a show cause notice will be issued by the CO. If there is no further improvement in the performance of work, a request for the removal of the Industry Partner's person or persons will be requested or the Task Order will be terminated for cause. The Industry Partner without disruption of critical functions shall provide replacement personnel. Termination of the Task Order will be without cost impact over the amount obligated and incurred through the date of cancellation. 5.0 PLACE OF PERFORMANCE Work performed by the Industry Partner under this task order shall be performed at the Department of Commerce, Office of the Chief Information Officer, 14th & Constitution Ave. NW, Washington DC 20230 and the Industry Partner's facility. 6.0 GOVERNMENT FURNISHED INFORMATION, PROPERTY, AND EQUIPMENT The Government shall provide office space, equipment and local telephone service for any on-site Industry Partner personnel, as appropriate. The Government shall provide system access for on-site and off-site work in accordance with agency standards, local security regulations and rules of conduct. 7.0 SECURITY The Industry Partner shall be responsible for properly protecting all information used, gathered, or developed as a result of this SOW. The Industry Partner shall implement procedures that ensure that appropriate administrative, technical, and physical safeguards are established to ensure the security and confidentiality of sensitive government information, data, and/or equipment. The Industry Partner's procedures shall be consistent with Government and Department of Commerce policies, OMB Circular A-130, Management of Federal Information Resources, the Computer Security Act of 1987, the Federal Information Security Management Act of 2002 (FISMA), and the Privacy Act, and In addition, during all activities and operations on government premises the Industry Partner shall comply with the policies, rules, procedures and regulations governing the conduct of personnel or protection of government facilities and data as expressed by Department of Commerce, written or oral. IT Security requirements of Commerce Acquisition Regulation (CAR) 1352.239-73- Security Requirements for Information Technology Resources shall apply to the work performed under this SOW as requirements pertain to the use of Commerce computing equipment by Industry Partner personnel. In addition, identity verification requirements of Procurement Memorandum 2006-01, Guidance for Implementation of Homeland Security presidential Directive 12 in Contracts, shall apply. 7.1 Personnel Background Investigation Requirements The nature of the work performed under this SOW constitutes a High designation of risk as defined by Commerce Acquisition Manual (CAM) 1337.70, Security Processing Requirements for Onsite Contracts. Therefore, it shall contain and be subject to the requirements of CAR 1352.237-71 (text follows): "1352.237-71 Security Processing Requirements for Industry Partner/SubIndustry Partner Personnel Working on a Department of Commerce Site (High Risk Contracts) A. Security Processing Requirement All Industry Partner (and subIndustry Partner) personnel proposed to work on the premises of a Department of Commerce site under this contract must undergo security processing by the Department's Office of Security (OSY) before he or she is eligible to work on the premises of the Herbert C. Hoover (HCH) Building or other buildings used for Department operations. B. Additional Requirements for Foreign Nationals (Non-U.S. Citizens) Non-U.S. citizens to be employed under this contract must: (1) Have legal visa status with the Immigration and Naturalization Service (INS); (2) Have advance approval from the servicing Security Officer in consultation with the Office of Security. (The Office of Security routinely consults with appropriate agencies regarding the use of non-U.S. citizens on contracts and can provide up to date information concerning this matter.) C. Submittal Requirements The Industry Partner must complete and submit the following forms to the Contracting Officer's Technical Representative (COTR), who will review and forward them to the cognizant Security Officer: • Standard Form 85P (SF-85P)--Questionnaire for Public Trust Positions • Form FD-258 (Fingerprint Chart with OPM ORI number) Upon completion of the security processing, OSY, through the Security Officer and the COTR, will notify the Industry Partner in writing of the individual's eligibility to be given access to the HCH Building or other DOC buildings. Security Processing shall consist of limited personal background inquiries pertaining to verification of name, physical description, marital status, present and former residences, education, employment history, criminal record, personal references, medical fitness, fingerprint classification, and other pertinent information. It is the option of OSY to repeat the security processing on any contract employee at its discretion. D. Notification of Disqualifying Information If OSY receives disqualifying information on a contract employee, the Industry Partner, upon notification of such, must immediately remove the employee from duties which require access to DOC facilities. Individuals may be barred from working on the premises of a facility for any of the following: 1. Conviction of a felony of a crime of violence or of a misdemeanor involving moral turpitude. 2. Falsification of information entered on security screening forms or of other documents submitted to the Department. 3. Improper conduct once performing on the contract, including criminal, infamous, dishonest, immoral, or notoriously disgraceful conduct or other conduct prejudicial to the Government regardless of whether the conduct directly related to the contract. 4. Any behavior judged to pose a potential threat to departmental personnel or property. Failure to comply with the requirements may result in termination of this contract, or removal of some contracted employees from DOC facilities. Compliance with these requirements shall not be construed as providing a contract employee clearance to have access to classified information." The Industry Partner shall provide only fully qualified and properly cleared personnel for the work to be performed under this task order. Security clearance costs shall be the responsibility of the Industry Partner. Personnel shall have, at a minimum, the appropriate security clearance/investigation of an NACI. Personnel who will have access to national security documentation and systems shall possess a Top Secret clearance and the cost of the clearance shall be the responsibility of the Industry Partner. The Industry partner shall ensure all industry partner, and sub-Industry Partner personnel (hereinafter "industry partner personnel") having access to information on DOC's security programs and systems received or generated under this task order are United States citizens and specifically authorized access by the PTM. 7.2 Sensitive Information Storage and Disclosure For Official Use Only (FOUO) information, data, and/or equipment will be disclosed only to authorized personnel on a Need-To-Know basis. The holder shall ensure that appropriate administrative, technical, and physical safeguards are established to ensure the security and confidentiality of this information, data, and/or equipment is properly protected. When no longer required, this information, data, and/or equipment will be returned to Government control; destroyed; or held until otherwise directed. Destruction of items shall be accomplished by tearing into small parts; burning; shredding or any other method that precludes the reconstruction of the material, consistent with DOC guidelines. 7.3 Protection of Information All information about the DOC networks and/or the security posture of any DOC information assets gathered or created under this SOW will be considered as FOUO information. It is anticipated that this information will be gathered, created and stored within the primary Government work location. If the Industry Partner personnel must remove any information from the primary work area they should protect it to the same extent they would their proprietary data and/or company trade secrets. If the Industry Partner must remove any materials from the primary work location prior approval must be obtained by the OCIO task lead, CO and COTR. 7.4 Security and Privacy The use of any information that is subject to the Privacy Act will be utilized in full accordance with all rules of conduct as applicable to Privacy Act Information. 7.5 Security Classification The preparation of the deliverables in this delivery order will be completed at a FOUO level unless otherwise stated by the OCIO task lead, CO and COTR. 7.6 Facility Access All Industry Partner personnel who work at the Department of Commerce must have approval for facility access; the Industry Partner must supply the names of those employees selected to perform the work. 8.0 Other Special Requirements 8.1 The Industry partner shall perform the tasks and provide documentation consistent with the guidelines in the following references and other pertinent Department of Commerce, OCIO, and government wide regulations: Computer Security Act of 1987 Federal Information Security Management Act (FISMA) OMB Circulars A-11, A-123, A-127, A-130 Homeland Security Presidential Directives 7 & 12 NIST's Special Publications 800-Series guidance documents U.S. Government "Plain Language" Guidelines 8.2 Confidentiality and Nondisclosure The Industry Partner may have to access proprietary information and shall be required to sign non-disclosure and conflict of interest statements (see NDA attachment). The preliminary and final deliverables and all associated working papers, and other material deemed relevant by the agency that have been generated by the Industry Partner in the performance of this task order are the property of the U.S. Government and cannot be reproduced, or retained by the Industry Partner. When no longer required, this information, data, and/or equipment will be returned to Government control. All documents and information pertaining to network vulnerabilities, security policy, operational procedures or related functions shall be maintained under absolute accountability and relinquished to the OCIO Task Manager upon completion of the task 8.3 Task Order Special Instructions All work performed under this task order must meet and comply with all National Institute of Standards & Technology (NIST), other government-wide laws and regulations, and Department of Commerce and OCIO directives, guidelines, and requirements for protection and security of Information Technology. Such directives and guidelines include but are not limited to: Computer Security Act of 1987 Federal Information Security Management Act (FISMA) of 2002 OMB Circulars A-11, A-123, A-127, A-130 Homeland Security Presidential Directives 7 & 12 GSA Order CIO 2100.1 NIST's Special Publication 800-series guidance documents 8.4 Section 508 - Accessibility Compliance All Electronic and Information Technology (EIT), as defined at FAR 2.101, supplied under this contract, must conform to the Architectural and Transportation Barriers Compliance Board Electronic and Information Technology Accessibility Standards (36 CFR Part 1194). The Industry Partner shall have readily available a comprehensive list of all offered EIT products (supplies and services) that fully comply with Section 508 of the Rehabilitation Act of 1973, per the 1998 Amendments, and the Architectural and Transportation Barriers Compliance Board's Electronic and Information Technology Accessibility Standards at 36 CFR 1194. The Industry Partner shall also identify the technical standards applicable to all products proposed. Additionally, the Industry Partner shall clearly indicate where this list with full details of compliance can be found (e.g., vendor's or other exact web page location). The Industry Partner shall ensure that the list is easily accessible by typical users beginning at time of award. At time of award, the list provided by the Industry Partner shall be included as an attachment. The Industry Partner shall ensure that all EIT products that are less than fully compliant are offered pursuant to extensive market research, which ensures that they are the most compliant products available to satisfy the solicitation's requirements. If any such EIT product proposed is not fully compliant with all of the standards, the Industry Partner shall specify each specific standard that is not met; provide a detailed description as to how the EIT product does not comply with the identified standard(s); and shall also indicate the degree of compliance. Full details demonstration compliance with Section 508 requirements shall be provided as a separate attachment to the technical proposal. This information will be made a part of any resulting award. 8.6 KEY PERSONNEL CLAUSE The Industry Partner personnel assigned to this task will be considered as key personnel. The Industry Partner shall assign and identify the full-time key personnel for the duration of the task order period of performance and provide resumes for these personnel. The Industry Partner agrees that such personnel shall not be removed, diverted, or replaced from work without the approval of the Contracting Officer (CO) and OCIO On-Site Task Manager (OTM). Any personnel the Industry Partner offers as a substitute shall posses experience and qualifications equal to or better than the personnel to be replaced. Requests to substitute personnel shall be approved by the CO and OCIO task lead. All requests for approval of substitutions in personnel shall be submitted in writing to the CO and OCIO task lead within 30 calendar days prior to making any change in key personnel. The request shall provide a detailed explanation of the circumstances necessitating the proposed substation. The Industry Partner shall submit a complete resume for the proposed substitute, any changes to the rate specified in the order (as applicable) and any other information requested by the CO needed to approve or disapprove the proposed substitution. The CO and OCIO task lead shall evaluate such requests and promptly notify the Industry Partner of approval or disapproval. 9.0 Travel There is the possibility of out-of-area travel required for this task. The Industry Partner shall be reimbursed for local and out-of-area travel for ticket and room only in accordance with the Federal Travel Regulation (FTR). All travel must be approved by the CO or designated representative prior to the travel. 10.0 Training The Industry Partner shall not require any additional training.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DOC/OS/OAM-OSBS/RFIForSecureFileTransferSolution/listing.html)
 
Place of Performance
Address: Department of Commerce, Office of the Secretary, 1401 Constitution Ave NW, Washington, DC 20230, Washington, District of Columbia, 20230, United States
Zip Code: 20230
 
Record
SN02964988-W 20130116/130114234309-3665724e5af2879fcd2f38389f2cb34f (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.