Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF APRIL 04, 2015 FBO #4879
SPECIAL NOTICE

70 -- RFI: Learning Management System (LMS) for United States Air Force Academy

Notice Date
4/2/2015
 
Notice Type
Special Notice
 
NAICS
511210 — Software Publishers
 
Contracting Office
Department of the Air Force, Direct Reporting Units, USAF Academy - 10 CONS, 8110 Industrial Drive, Suite 200, USAF Academy, Colorado, 80840-2315, United States
 
ZIP Code
80840-2315
 
Solicitation Number
FA7000-15-T-0053
 
Archive Date
5/5/2015
 
Point of Contact
Jan K. Christensen, Phone: 7193333587
 
E-Mail Address
jan.christensen@us.af.mil
(jan.christensen@us.af.mil)
 
Small Business Set-Aside
N/A
 
Description
SPECIAL NOTICE RFI: LEARNING MANAGEMENT SYSTEM (LMS) FOR UNITED STATES AIR FORCE ACADEMY The United States Air Force Academy (USAFA) seeks information for an acquisition to obtain a commercial Learning Management System (LMS) to meet its need as an accredited University offering a curriculum of science, technology, languages and liberal arts. Your response to these questions will help form our acquisition strategy for this requirement. In particular, as a federal component, USAFA must assess the availability of applications to meet the current DoD Cloud Security Requirements Guide (SRG) (http://iase.disa.mil/cloud_security/Pages/index.aspx) or pursue appropriate waiver. Industries’ responses are critical to our potential approaches for this acquisition. Responses should be sent to Contracting Officer Jan Christensen, 10 CONS/LGCB at jan.christensen@us.af.mil Phone 719-333-3587. Responses are requested by 20 April 15 Questions Related to Cloud Hosting and Security 1. USAFA performed a preliminary assessment of the data stored within an LMS, and based upon this assessment; the data may contain educational records and Personal Identifiable information (PII) linked to educational transactional records. This is by definition of Privacy Act of 1974, 5 U.S.C. § 552a <http://www.gpo.gov/fdsys/pkg/USCODE-2012-title5/pdf/USCODE-2012-title5-partI-chap5-subchapII-sec552a.pdf> section (a) definitions (4) is Privacy data, which is PII that the Air Force (AF) is obligated to protect. The DoD Cloud SRG <http://iase.disa.mil/cloud_security/Pages/index.aspx> specifies systems that may contain PII must follow the Cloud Security Model (CSM) level 2 or higher protections. To our knowledge, no LMS Cloud Service Provider has yet met CSM level 4. Is your product used by anyone in the federal government, Department of Defense (DoD), or in the AF? If so, whom? Do they have an Agency-level Approval To Operate for this service? Does your LMS Cloud solution currently have an approved Federal Risk and Authorization Management Program (FedRAMP) accreditation package, or a DoD/AF-level Authority to Operate (ATO) or Authority To Connect (ATC) to DoD or AF networks? If so, what is the type of Authorization and Agency? If your authorization approval is provisional or agency-level, what agency Authorizing Official has granted this approval and when does it expire? If your LMS Cloud solution has no authorization at this time, are you pursuing accreditation approval under FedRAMP, DoD, or AF Component Service? If so, when and for who? If your LMS Cloud solution has no authorization at this time and is not currently pursuing authorization, what is your current ability to meet requirements listed in the DoD Cloud SRG? 2. What is your LMS cloud-based service delivery architecture (e.g. IaaS, PaaS, SaaS)? 3. Is your LMS cloud-based service compliant with the Family Educational Records Privacy Act (FERPA)? 4. Have you adopted standard security controls that are compliant with the most current NIST 800-53 for at least Moderate Impact Controls http://csrc.nist.gov/publications/PubsSPs.html#800-53, applicable DoD Security Technical Implementation Guides (STIGs)/SRGs<http://iase.disa.mil/stigs/Pages/index.aspx>, and the DoD 8510.01, Risk Management Framework (RMF) for DoD Information Technology (IT), dated 12 March 2014? 5. Are there other security standards which your LMS cloud based service complies with to ensure confidentiality, integrity, and availability of student information other than above STIGs, SRGs, NIST, or FERPA? If so, what are these security standards? Questions Related to on premise hosted/managed service and Security USAFA would also like to consider potentially using a commercial LMS system on premise hosted in its data center and any managed service options. The below questions relate to these options. Does your LMS currently have an approved Federal, DoD, or AF Authority to Operate (ATO) or an Authority To Connect (ATC) to DoD or AF networks? If so, what is the type of Authorization and who is the Agency Authorizing Official? Is your authorization a full ATO or an Interim Approval To Operate (IATO), and if so, what agency has granted this authorization and when does it expire? If it is close to expiration, are you pursuing re-accreditation? If your LMS has no authorization at this time, are you pursuing accreditation approval under Federal, DoD, or AF Component Service? If so, when and for who? If your LMS has no authorization at this time and is not currently pursuing authorization, what is your current ability to meet requirements listed in the DoD SRG/STIGs? Do you offer a managed service option? If so, please provide market information you have which explains support options for premise hosted services. If you provide a managed service option are non-US citizens employed to provide support? Is your hosted LMS compliant with the Family Educational Records Privacy Act (FERPA)? Does your hosted LMS support standard security controls that are compliant with the most current NIST 800-53 for at least Moderate Impact Controls http://csrc.nist.gov/publications/PubsSPs.html#800-53, applicable DoD Security Technical Implementation Guides (STIGs)/SRGs<http://iase.disa.mil/stigs/Pages/index.aspx>, and the DoD 8510.01, Risk Management Framework (RMF) for DoD Information Technology (IT), dated 12 March 2014? Are there other security standards which your hosted LMS complies with to ensure confidentiality, integrity, and availability of student information other than above STIGs, SRGs, NIST, or FERPA? If so, what are these security standards? Questions Related to Use in an Accredited University Setting The Air Force Academy’s Bachelor of Science degree is accredited by The Higher Learning Commission, The North Central Association of Colleges and Schools. USAFA majors in Engineering Sciences are accredited by ABET. The Chemistry, Biochemistry, and Materials Science are approved by the Committee on Professional Training of the American Chemical Society. The Management majors are accredited by the Association to Advance Collegiate Schools of Business (AACSB). Has your LMS been in use at a 4 year degree granting institution accredited by the Higher Learning Commission, The North Central Association of Colleges and Schools through a complete accreditation cycle? Is it used to provide artifacts required to support accreditation? If so, please identify one or more institutions. Has your LMS been in use at an Accreditation Board for Engineering and Technology (ABET) accredited 4 year degree granting institution through an accreditation cycle and used to support artifacts required for accreditation? If so, please identify one or more institutions. Has your LMS been used at a 4 year degree granting institution accredited by the Association to Advance Collegiate Schools of Business (AACSB) through an accreditation cycle and used to support artifacts required for accreditation? If so, please identify one of more institutions. USAFA requires the ability to measure learning outcomes/objectives (and sub-outcomes/objectives) across various levels to include Institutional, Department, and Course levels. Does your LMS support this? USAFA requires a Learning Management System that will easily integrate to its custom Student Information System (SIS). Likewise, USAFA must be able to historically track performance against established outcomes/objectives with other data contained only in the SIS. Has your LMS system been successfully integrated to provide export capability to custom systems? Standards 1. Is your LMS compliant with Section 508 of the Vocational Rehabilitation Act? 2. Is your system IMS Learning Tool Interoperability (LTI) Compliant? What level(s) and with what products/learning tools? 3. Does your product support IMS Global (imsglobal.org) OneRoster, IMS LIS, IMS ES for integration with Student Information System(s)? Which standards and levels? 4. Does your product support Common Cartridge, SCORM, or other standards for import and export of course content? What standards and levels? 5. Does your LMS have an Open Source offering? 6. Does your application support integration the following publishers learning tools? And what level of integration is supported? a. McGraw Hill (Connect and ALEKS) b. Pearson (MyLabs and Mastering) c. Wiley (WileyPlus) d. Others? Please identify ____________________ 7. Does your application provide for establishment of roles and access controls based on function? 8. Certifications a. Security: Is your LMS or company ISO 27001 certified or 27002 compliant? b. Maturity: Is your LMS or company CMMI certified? What level? 9. What browsers does your LMS support? 10. What devices does your LMS support? 11. Can your LMS support client certificate based authentication using DoD Common Access Cards (CAC) / Smart Card PKI for logon? If no, can your LMS set minimum password complexity length & number of special characters? Likewise, can your LMS set frequency of when a password must be changed? 12. Can your LMS support data encryption with a FIPS 140-2 compliant algorithm? If so, which algorithms are in use? Do you implement data-at-rest and data-in-transit encryption, IAW the above listed STIG requirements? Questions Related to selection of NAIC code and Your Company The North American Industrial Classification Code of 511210 Software Publishers with small business size standard of $38.5M is being proposed for this acquisition. Are you a small business under NAICS 511210? If not a small business, do you sell your application and support services through a small business reseller? If you operate with small business resellers can they offer a complete support package of training, on line help, and system maintenance? If you operate with small business resellers are there any proprietary aspects of a hosted solution which a reseller would be unable to provide? Is your company a US business? If not, list country of incorporation __________________ Questions Related to Pricing: Although many factors may impact final pricing, please provide a rough order of magnitude price for web based/ cloud hosted LMS for approximately 7-10,000 users to include implementation, training, on line support and maintenance for a 7 year life cycle. Vendors may feel free to provide price breakdown of ROM per user, or any other vendor specific pricing mechanism. Do you offer a solution for on-site premise and/or managed service deployment? If so what would be a rough order of magnitude price for implementation, training, on line support and maintenance for a 7 year life cycle? Vendors may feel free to provide price breakdown of ROM per user, or any other vendor specific pricing mechanism. Market Literature: Please provide any market based literature appropriate for conveying a better understanding of your LMS. Please provide a copy of your Software Development Kit (SDK) or link to the SDK so USAFA may review information related to such elements as application program interfaces, software package interfaces, interfaces to programing language, software framework, hardware platforms, operating systems, etc. Questions to improved performance work statement What information regarding our requirement would be most helpful to your company based on the questions presented above? Specifically, what kind of information regarding our custom Student Information System (SIS) would be required to evaluate the potential your LMS will be able to export data to our system?
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/USAF/DRU/10ABWLGC/FA7000-15-T-0053/listing.html)
 
Place of Performance
Address: USAF Academy, Colorado, 80840, United States
Zip Code: 80840
 
Record
SN03686947-W 20150404/150402235632-101ddd1d20e73589c487404a609d90ac (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.