Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF APRIL 06, 2013 FBO #4151
SOURCES SOUGHT

70 -- Cyber Security and Technology Support Services

Notice Date
4/4/2013
 
Notice Type
Sources Sought
 
NAICS
541513 — Computer Facilities Management Services
 
Contracting Office
Department of Labor, Division of Acquisition Management Services, OASAM/BOC/DPP, S1519-B, 200 Constitution Ave., N.W., Washington, District of Columbia, 20210-001
 
ZIP Code
00000
 
Solicitation Number
DOL131RI21689
 
Archive Date
4/27/2013
 
Point of Contact
KAREN L BARTON, Phone: 2026934585, Carmeliat Lariba, Phone: 2026934584
 
E-Mail Address
BARTON.KAREN.L@DOL.GOV, Lariba.carmelita.c@dol.gov
(BARTON.KAREN.L@DOL.GOV, Lariba.carmelita.c@dol.gov)
 
Small Business Set-Aside
N/A
 
Description
THIS IS A REQUEST FOR INFORMANTION (RFI) BEING RELEASED PURSUANT TO FEDERAL ACQUISITION REGULATION (FAR) PART 10: MARKET RESEARCH DOL131RI21689 This RFI is issued solely for informational, market research, and planning purpose only. It does not constitute a Request for Proposal (RFP) or a promise to issue an RFP in the future. This is RFI does not commit the Government to contract for any supply or service whatsoever. Further, Department of Labor (DOL) is not at this time seeking proposals, and will not accept unsolicited proposal. Respondents are advised that the Government will not pay for any information or administrative cost incurred in response to this RFI. All costs associated with responding to this RFI will be solely at the responding party's expense. Responses to the RFI will not be returned. Not responding to this RFI does not preclude participation in any future RFP, if any is issued. Responses to this notice are not offers and cannot be accepted by the Government to form a binding contract. It is the responsibility of the interested parties to monitor the Federal Business Opportunities (www.fbo.gov) site for information pertaining to this RFI. The U.S. Department of Labor, the Office of the Chief Financial Officer has a recurring requirement for Cyber Security and Technology Support. These services are critical to the on-going operations and support of the IT infrastructure. This RFI is being issued to ascertain the availability of interested qualified contractors that can demonstrate the skills experience, knowledge and capabilities necessary to perform the referenced Cyber Security and Technology Support Services at the Department of Labor (DOL) facilities in Washington, DC. The Office of the Chief Financial Officer (OCFO) has identified a variety of IT requirements that include data management, facilities management and inventory of IT hardware, hardware and software maintenance, storage administration, project systems support, software as a service, and database administration. See the attached draft statement of work for further details. RFI Requirement: Please respond with your company qualification only (teaming arrangements are not requested at this time). Respondents must submit their responses via email in Adobe.pdf no later April 12, 2013, 4p.m.; the response should be no more than 12 pages in length and no larger than 5 megabytes. The document must have: 1. A cover page 2. One page company overview that provides a brief description of your company years of experience in federal performing similar services business size, applicable NAICS codes, DUNS number and point(s) of contact, including name, phone number (s), and e-mail address. RFI Response: Please submit information via e-mail to Karen Barton, Contract Specialist, at barton.karen.l@dol.gov or Carmelita Lariba, Contracting Officer, at Lariba.carmelita.c@dol.gov. RFI Response Contact: Respondents to this RFI shall designate a primary and one alternate point of contact with the company (Name, address, Email, and Telephone Number). It is anticipated that a single award will be made with a base year period of 12 months with four 1-year options. Prospective contractors must be registered in the Systems for Award Management (SAM) database prior to award of a contract. STATEMENT OF WORK FOR TASK ORDER OCFO Applications CyberSecurity and Technology Support Services 1. Background In accordance with A-76 regulations, the OCFO has traditionally used contract staff to provide information security and technology services to support its application requirements for Federal Information Management Security Act (FISMA) compliance and office support. This work will be performed for the Office of the Chief Financial Officer (OCFO) under the guidance and direction of the Associate Deputy Chief Financial Officer for Financial Systems in the Office of Financial Systems (OFS). The New Core Financial Management System (NCFMS) and PeoplePower are the OCFO major applications and there are many minor applications hosted within the OCIO data center but operated and administered by OCFO. PeoplePower is destined to be retired in 2014 while the workload for NCFMS is anticipated to increase due to cybersecurity, technology, and other departmental requirements. OCFO is required by FISMA to assess, monitor, respond, and remediate applicable security controls and policies as defined by the Office of Management and Budget (OMB), National Institute of Standards and Technology (NIST), the Department of Labor (DOL), and the Office of Chief Information Officer (OCIO) Security. 2. Scope All tasks support the Associate Deputy Chief Financial Officer (ADCFO) for Financial Systems; however, the Director for Security and Technology is the federal PM for this order. Each task may be assigned a primary point of contact within the Office of Financial Systems. The general scope of this order is to provide cybersecurity and technology services support as titled. This scope is further defined as task below. While OCFO is seeking support, all tasks under this order will be compliance and service oriented. The contractor shall utilize the CyberSecurity Assessment Module (CSAM) version 2 or later as its security assessment and validation system of record for support under this order. None cybersecurity work shall be tracked and recorded utilizing FOOTPRINT ticketing and change management if not explicitly provided through some other OFS application framework. a. Task One (1) Application CyberSecurity Assessor The contractor shall author, review and update application documentation and assessments within CSAM. Continuous monitoring plans require regular review of artifacts, procedures and operations to ensure full compliance with required policies and security controls. Examples of reviews are vulnerability assessment reports requiring actions of systems owners to patch and/or update application or system components to remediate potential risks. Site or location visit shall be required typically monthly within the commuting area to inspect and assess controls of share service providers. The contractor shall support the information security management system (ISMS) within the scope defined by Senior Information Security Officer (SISO). The contractor shall take immediate action to respond to internal and external findings striving to resolve all such findings in less than 180 days from notification as required by OMB A-50 and DLMS 500. The contractor shall support any FedRAMP initiative that OCFO undertakes. The contractors for this task shall be experts as designated by GIAC, CISSP, or CISM as well as substantial experience in network, systems, and application certification and accreditation work. The contractor shall support the Information Systems Security Officers (ISSO's) and the Senior Information Security Officer (SISO) for OCFO for this task. b. Task Two (2) Information Technology Auditing The contractor shall perform independent validation of OCFO information systems following generally accepted audit protocols to ensure full compliance to FISMA, FISCAM, and A-123 requirements. The audit work shall remain separate of the other tasks to ensure segregation of duties and independence. The contractor shall record findings into CSAM as an independent validator. The contractor shall support OCFO OFS during the annual Office of Inspector General (OIG) audits for FISMA and/or FISCAM. The contractor shall support OFS A-123 internal review and audit program as well. The contractor shall record findings for other sources such FedRAMP, SSAE16, or OIG into the CSAM tool. The contractor for this task shall be certified information system auditor with substantial experience in IT compliance auditing. The contractors shall support the OFS Director for Performance Management and Quality Assurance for this task. c. Task Three (3) Account and Change Management The contractor shall perform NCFMS account and change management record keeping and processing in accordance with established procedures. The contractor shall provide document and procedure updates as needed by OCFO OFS to ensure operations and operating procedures are consistent and effective. The contractor shall offer business process improvements anytime for the account and change management practices. The contractor shall track user inactivity, suspend accounts, recertify accounts and conduct other reviews and analysis to ensure users accounts are valid and are not stale. The contractor shall track permissions, roles, and responsibilities to ensure user accounts are and remain validly provisioned. The contractor shall note on a weekly basis any discrepancies and seek to have them resolved. The contractor shall track all NCFMS baseline change request through production release and note any discrepancies. The contractor shall participate and support the NCFMS standup (currently Wednesday 8:30 am - 9:30 am) and the NCFMS CCB (currently Friday 2:00 pm - 3:00 pm) reporting on change request status. The contractor shall take immediate action to respond to internal and external findings striving to resolve all such findings in less than 180 days from notification as required by OMB A-50 and DLMS 500. The contractor shall demonstrate experience in this task area and be able to operate independently day-to-day following established procedures and timeframes. The contractor shall report metrics weekly and notify OFS of problems immediately. The contractor shall support the OFS Director for Customer Service although today, most of the operational tasks are managed through the OFS Director for Security and Technology for this task. d. Task Four (4) Network and System Administration The contractor shall provide system administration for predominately Microsoft Windows server operating systems within a VMware virtual hosted environment. The contractor shall provide network services as needed on CISCO switches (infrequent task). The contractor shall provide OCFO customer support and troubleshoot issues for any OCFO applications including those hosted by cloud or shared service providers. The contractor shall work closely with the network and desktop services provider within the OCIO to ensure superior service and timeframes for OCFO mission and staff. The contractor shall conduct regular asset inventory, patch management and vulnerability scanning to ensure systems under their administrator remaining compliant and operational. The contractor shall be industry certified by Microsoft to administer OCFO current Windows platforms and have pertinent and recent experience supporting OCFO applications. The contractor shall support the OFS Infrastructure Management Branch for this task. e. Task Five (5) OCFO Application and Tools Support The contractor shall provide application and tools support. OCFO relies on various Microsoft and Oracle applications (custom and COTS) and databases. While the user populations are small, their functions are essential to effective and efficient operations of the OFS. The contractor shall provide programmers and database administrators to support the Java, Web, ESSBASE, FOOTPRINTS and ORACLE DATABASE application processing. The contractor shall support the daily, weekly, bi-weekly, monthly, bi-monthly, quarterly processing cycles required with OFS. The contractor shall provide, maintain, and enhance the tools and applications necessary to support account and change management. The contractor shall submit all work through change management to ensure compliance to all OFS policies and procedures. The contractor shall provide regularly as planned and ad hoc as requested executive dashboards charts, graphs etc., indicating current, historical and future trends and results of data mined from OCFO and directed external sources. The contractor shall support the OFS Executive Reporting Team. f. Task Six (6) OCFO Program Support Contractor is to provide project management support for the OCFO. This includes project management office support services pursuant to all pertinent federal, departmental and agency guidelines and policies for all OCFO information systems and configurable items, including but not limited to, NCFMS, EMPS, FDS, FDS-BDEM, FDS Password Change Page, ETSI, ETSI Electronic Fund Transfer Notification, PeoplePower, and the OCFO LAN. This task also includes Resource Planning and Analysis; Budget Forecasting; Budget Analysis; Budget Operations; Spend Plan Formulation and Analysis; and Continuity of Operations Planning (COOP).   Application Environment Application Hardware Platform Operating System Software Tools Used New Core Financial Management System (NCFMS) Cloud Service Provider Cloud Service Provider Oracle Federal Financials; MarkView Document Storage and Application Server; Informatica PowerAnalyzer and PowerCenter Express Mail Processing System (EMPS) VMware MS Windows Server 2008 Apache Tomcat ; JBoss; Sun Java Development Kit; CollabNet Subversion; MS SQL Server; Oracle Database; TOAD for Oracle Financial Data Store (FDS) VMware MS Windows Server 2008 Oracle Enterprise Edition; Oracle Business Intelligence; Informatica PowerCenter Financial Data Store Budget Data Entry Module (FDS-BDEM) Sun SunFire V440; Sun SunFire V240 Sun Solaris 10 Apache Tomcat 4; Sun Java Development Kit; CollabNet Subversion; MS SQL Server Financial Data Store Password Change Page Sun SunFire V440; Sun SunFire V240 Sun Solaris 10 Apache Tomcat; Sun Java Development Kit; CollabNet Subversion; MS SQL Server E-Gov Travel Service Interface (ETSI) Sun SunFire V440; Sun SunFire V240 Sun Solaris 10 Apache Tomcat; Sun Java Development Kit; CollabNet Subversion; PGP Command Line; UNIX Shell Scripting Language Oracle Database Standard Edition; TOAD for Oracle ETSI Electronic Fund Transfer Notification Sun SunFire V440; Sun SunFire V240 Sun Solaris 10 Apache Tomcat; Sun Java Development Kit; CollabNet Subversion; PGP Command Line; UNIX Shell Scripting Language; Oracle Database Standard Edition; TOAD for Oracle PeoplePower N/A N/A ESSBASE FOOTPRINTS Solaris and VMware Solaris and Windows BMC FOOTPRINTS used for internal ticketing and change management OCFO LAN VMware MS Windows Server 2008 MS Active Directory; MS Operations Manager; Veritas BackupExec; Veritas NetBackup; Nessus Vulnerability Scanner; Passport PC-to-Host 2007 3. Place and Standards of Performance The primary place of performance will be the Frances Perkins Building at 200 Constitution Ave., NW, Washington, DC 20210. Labor performed off-site (telework), overtime, or during holidays and weekends must be approved in writing by either the Program/Project Manager or Contracting Officer Representative in advance. The Core Hours of work will be from 0700-1800 hours. The contractor agrees the performance of work and services pursuant to the requirements of this contract shall conform to high professional and ethical standards. The contractor also agrees to remove any employees whose conduct or performance is such that retention would not be in the best interest of the Government as determined by the Project Manager, Contracting Officer Representative, or Contracting Officer. 4. Period of Performance Period of performance shall be date of award plus twelve months, with four (4) 12-month options. 5. Deliverables/Estimated Timeframes The following items shall be delivered or performed under this contract: Status and/or activity report in the OCFO/OFS directed format. Item # Deliverables When 1 Status and/or activity report in the OCFO/OFS directed format. Weekly 2 Invoices itemizing hours worked by staff person within labor hour category. Monthly 3 Program/project management plan update. Monthly 4 System documentation and life cycle products in accordance with the DOL System Development Life Cycle Management Manual (SDLC). As needed 5 Security Related Documentation As needed 6 IT Support tickets, lessons learned, problem resolution As needed 7 Operating Procedures for Process Functions As needed 8 Completion of DOL Contractor training requirements As prescribed 9 Annual Security Self-Assessment for assigned systems Annual due April 30th 10 Audit Requests provided by client Few business days of requests 11 Resolution of Audit Findings and completion of POA&M Immediate up to Six month after finding 12 Corrective action plans for any issued findings Within 30 days 13 DOL Computer Security Program Calendar Monthly, Quarterly, and Annually 6. Government Furnished Equipment and Resources The work will be done both on-site at DOL locations and off-site. On-site work will be performed using government furnished equipment connected to DOL network resources. Any exceptions preventing the normal execution of on-site duties are covered under the OCFO COOP. 7. Travel Authorized Travel and Per Diem will be reimbursed in accordance with the Federal Travel Regulations (FTR) in effect at the time travel is authorized by OCFO. All travel requirements must be met using the most economical form of transportation available and must be scheduled sufficiently in advance to take advantage of offered discount rates unless waived by the Contracting Officer. 8. Notice to the Government of Delay Problems are to be reported immediately to the Contracting Officer Representative4 or Contracting Officer verbally, followed by a written notification within one full workday. 9. Contractor Personnel a. Availability of Personnel. The Contractor shall provide qualified personnel within 14 calendar days after receipt of a fully executed Purchase Order or Purchase Order modification. Replacement Personnel. The Contractor shall only submit replacement personnel with credentials equal to the statement of work. b. Personally Identifiable Information. The personnel assigned to this task will be working with sensitive, but unclassified, and privacy act information. The Contractor will be notified, in writing, which clearance and/or security forms are required, including but not limited to OMB Form SF-85P, as a condition of assignment to this task. The Contractor will ensure that any and all forms are completed within 30 days after written notification is received. Such forms will be kept on file with the Contractor (or COR as appropriate). Each employee will read and sign acknowledgement of a ‘PROPRIETARY DATA AGREEMENT' form. 10. Key Personnel a. The key personnel positions required for this contract will be 100% dedicated to this contract; will perform duties under this contract. The proposed Labor categories such as Senior Information Systems, Engineer, Program Director/Principle II and Principle Program Manager and Consultant. The proposed key personnel are considered by the Department of Labor to be essential for the successful completion of all work assigned under the Task Order. The contractor shall give at least 14 calendar days advance notice if these key persons are to be removed or diverted from Task Order, and shall supply written justification as part of this notice as to why these key personnel are being removed or diverted and shall provide the name(s) of the proposed substitute or replacement and shall include such information on each new person as education, work experience, etc. 11. Quality Assurance Surveillance Plan (QASP) The Contractor shall develop and maintain a QASP that documents the contractor quality assurance process and covers all aspects of quality management to include corrective actions. The plans shall include the contracto's approach pertaining to contract deliverables, approach to delivering conforming services with minimal government oversight, approach to personnel and sub-contractor evaluations, approach to measuring customer satisfaction, approach to risk management to include risk mitigation; approach to cost control; approach to schedule adherence; approach to incentives for personnel,. Metrics in the QASP should include project management metrics such as; schedule budget & expenditures reporting, Poor performance may affect award to any future task orders and continuance of contract. a. The contractor shall not, under any circumstances, remove or divert such persons unless the Contracting Officer has granted prior written authorization. Funds to be expended under this contract are subject to the appropriation of funds by the Congress of the United States. It is understood by the Department of Labor and by the Contractor that no funds will be expended beyond the point at which funds have been appropriated.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DOL/DPP/DPP/DOL131RI21689/listing.html)
 
Place of Performance
Address: U.S. Department of Labor, 200 Constitution Avenue, NW, Washington, District of Columbia, 20210, United States
Zip Code: 20210
 
Record
SN03029365-W 20130406/130404235316-4be5fe2fe9146f6df38019c46e5d136e (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.