Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF SEPTEMBER 18, 2015 FBO #5047
SOURCES SOUGHT

D -- RFI DEE 2.0 - RFI

Notice Date
9/16/2015
 
Notice Type
Sources Sought
 
NAICS
541512 — Computer Systems Design Services
 
Contracting Office
Defense Information Systems Agency, Procurement Directorate, DITCO-NCR, P.O. BOX 549, FORT MEADE, Maryland, 20755-0549, United States
 
ZIP Code
20755-0549
 
Solicitation Number
RFI-DEE
 
Point of Contact
Lucas B. Phalen, Phone: 3012254112
 
E-Mail Address
lucas.b.phalen.civ@mail.mil
(lucas.b.phalen.civ@mail.mil)
 
Small Business Set-Aside
N/A
 
Description
RFI for DEE 2.0 REQUEST FOR INFORMATION The Defense Information Systems Agency (DISA) / Services Development Directorate / SD3 through the Procurement Services Directorate is seeking information from industry to assist with the development and planning of a potential new requirement. THIS IS A REQUEST FOR INFORMATION (RFI) NOTICE ONLY. THIS IS NOT A REQUEST FOR PROPOSALS (RFP). NO SOLICITATION IS AVAILABLE AT THIS TIME. •1.0 Overview/Purpose/ Description of Procurement The Defense Information Systems Agency (DISA) seeks information regarding commercially proven solutions and services that can be leveraged to provide email and associated services to the Department of Defense (DoD) community and its mission partners. This Request for Information (RFI) strives to gather information on the nature of commercial offerings to support cloud based email and calendaring services that can be hosted in a commercial servicer provided data center or in a DoD on-premise deployment. DISA Development and Business Center (BDC) Services Development Directorate (SD) is seeking industry input in shaping and procuring a commercial cloud based email and calendaring service based on industry best practices and within the context of other Agencies ongoing initiatives to implement Presidential Directives, Office of Management and Budget (OMB) Mandates, and DoD Chief Information Officer (CIO) Commercial Cloud Services Directives. This RFI invites industry to submit information, comments, capabilities, and recommendations for potential development and implementation of acquisition vehicles and corresponding solutions to facilitate DISA's replacement of the current unclassified DoD Enterprise Email (DEE) 1.0 email and calendaring service functions to include Security Requirements Guide (SRG) impact levels 1-5 (refer to DoD SRG v1r1, January 2015 for jurisdiction/location requirements). The DoD has acknowledged and adopted the National Institute of Standards and Technology (NIST) definitions and responses should use NIST definitions where applicable. Small and small disadvantaged businesses are strongly encouraged to provide responses to this RFI, in order to assist DISA in determining the potential levels of interest, competition, and technical capability to provide the required services within the Small Business community. This information will also be used to assist DISA in establishing a basis for developing any subsequent potential subcontracting plan small business goal percentages. Qualified and capable Service Disabled-Veteran Owned Small Businesses, Veteran-Owned Small Businesses, Women-owned Small Businesses, Historically Underutilized Business (HUB) Zone Small Businesses, Small Disadvantaged Businesses are encouraged to respond. This RFI will assist the agency in performing market research to determine whether or not there are qualified and capable Small Businesses to provide the aforementioned service. •2.0 Scope of Effort DISA intends to replace the current Unclassified DEE 1.0 calendaring and email service capabilities with a more cost-effective commercial cloud-based service. DISA currently manages the email services aggregation, demand, and billing for more than 1.6 million DoD users. The current service is distributed across the Continental United States (CONUS) and Outside Continental Unites States (OCONUS), hosted on government Defense Enterprise Computing Center (DECC) infrastructure, and is based upon a centralized administrative model (CAM) for Active Directory and Microsoft Exchange Server 2007. Given the evolution of email and calendaring offerings since DEE 1.0 was implemented in 2012, DISA is interested in exploring all available options, including cloud technologies to offer lower-cost, highly-available services to the DoD community. DoD security policies have evolved and expanded the possible hosting options to deliver cloud-based email services (DEE 2.0) to the DoD community. These range from the current DoD on-premise approach to a commercial vendor-premise deployment. We realize that each hosting approach is associated with a number of planning, technical, and contracting considerations and we solicit vendor feedback and recommendations on approaches that would maximize effectiveness and cost efficiency. Below are examples of two (2) cloud-based email deployment approaches which will be considered as possible alternatives to DEE 1.0. While we recognize that shared cloud environments may provide significant opportunities, they also present unique risks to DoD data and systems that must be addressed. •A. DoD-Premises Deployment Approach In the DoD-premises deployment approach, the vendor would offer the cloud-based email services from within DoD facilities. The vendor will define their requirements for being hosted in those facilities. •B. Vendor-Premises Deployment Approach In the Vendor-premises deployment approach, the vendor would offer the cloud-based email services from its facilities. Interconnection with DoD networks will be interoperable IAW engineering requirements that meet cybersecurity guidance and controls. •3.0 Technical Characteristics: The following requirements define DISA's DEE service provider role to optimize delivery of email service for mission partners. •3.1 Functional Requirements: These functional requirements represent the core services being sought. The vendor solution may have services beyond those listed below, but must include these core services to support DoD Cloud-based Email services: •3.1.1 Ability to send, receive, store, and search through email messages •3.1.1.1 Records management functions including legal search and hold (The Legal search and hold capability is intended to provide the Government with the ability to perform ad-hoc searches across all Government stores (i.e., active, archived, journaled, etc.) •3.1.1.2 Classification marking •3.1.2 Calendar services •3.1.3 Contact management •3.1.4 Global Address Lists •3.1.5 Records Information Management such as the records life-cycle from creation to retention to disposal •3.2 Service Delivery : DEE 2.0 will include support for Service Delivery functions and processes to include: •3.2.1 Manage an integrated service desk of multiple cloud service provider service desks using best practices for service desk operations. This service desk should be the single point-of-contact for IT users or intermediaries. •3.2.2 Include appropriate DoD Cyber security requirements, such as encryption, key management, auditing, and integration with DoD's emerging Identity and Access Management (IdAM) services. •3.2.3 Enable automatic and rapid provisioning of email and calendaring services to selected DoD consumers based upon their technical needs, policy requirements, and funding relationships. •3.2.4 Manage and monitor user's access to and usage of email and calendaring services and the performance and delivery of services. •3.2.5 Transition/Migration Planning •3.2.6 Access Management- Managing authorized user or intermediary access. •3.2.7 Technical Management- Technical expertise and overall management of the IT Infrastructure and applications. •3.2.8 Service Level Management- Provides frameworks by which services are defined, service levels required to support business processes are agreed upon, Service Level Agreements (SLAs) and Operational Level Agreements (OLAs) are developed to satisfy the agreements, and costs of services are developed. •3.2.8.1 Availability Management- Ensures application systems are up and available for use according to the conditions of the SLAs. •3.2.8.2 Capacity Management- Ensures that business needs and service definitions are fulfilled using a minimum of computing resources. •3.2.8.3 Performance Management- Ensuring that technical resources in the infrastructure provide the best possible value for money and that they are behaving in the manner assumed or described in technical documentation. •3.2.9 Information Security Management- Ensures organizational information is evaluated, risks assessed, and appropriate policies to control access and dissemination are put in place that meet regulatory agency requirements, such as Sarbanes-Oxley, Federal Deposit Insurance Corporation (FDIC), Securities Exchange Commission (SEC) and/or Health Insurance Portability and Accountability Act (HIPAA). Additionally, the proposed service will be SRG Level 4/5 compliant (refer to DoD SRG v1r1, January 2015 for additional requirements). •3.2.10 IT Service Continuity Management- Ensures plans and alternative service options are in place to meet Business Continuity Management (BCM) needs in the event of a significant business outage or disruption. •3.2.11 Change Management- Ensures that standardized methods and procedures are used for efficient and prompt handling of all changes to control IT infrastructure, in order to minimize the number and impact of any related incidents upon service. •3.2.11.1 Release Management- Protection of the production environment by procedure. •3.2.11.2 Configuration Management- Identifies maintains and verifies information on an ongoing basis on IT assets and configurations in the enterprise. •3.3 Non-Functional Requirements: The following should be considered when responding to the RFI: •3.3.1 Accessible via virtual desktops, zero clients, thin clients, desktop clients, web browsers, and mobile devices •3.3.2 Highly available (99.7%) •3.3.3 Achieve significant (50% or more) cost reductions beyond the current per seat rate [1] charged to DEE customers. •3.4 Security: This RFI is focused on Unclassified DoD email content only. This email content may include Controlled Unclassified Information (CUI) of a variety of types as used by the DoD. [2] Technical solutions for this RFI must meet the controls appropriate for Level 5 as defined in the DoD SRG [3] impact level 4/5. •3.5 Size and Scale: The following notional planning values should be used for discussion in the RFI questions. •· Support approximately 2 million users (potentially expanding to 4.5 million users) •· A global address list (GAL) scaled to support 10 million personas and non-person entities (NPEs) •4.0 Requested Information: The following are a detailed list of questions for which the Government is seeking information. •4.1 General •4.1.1 Describe your primary business and market penetration within the commercial cloud industry with specific attention to your email and calendaring service offerings. •4.1.2 Provide insight on how you recommend DoD best acquire and deploy e-mail and calendaring services to minimize costs and optimize performance / security. If possible, discuss contract vehicles, deployment models (e.g. on premise, cloud service, etc.), and lessons learned. •4.2 Solutions and Service Offerings •4.2.1 Provide a brief overview of the solutions or services your Company offers that can provide email and associated capabilities described in Section 3 with the ability to support a minimum of 500K users and scale to the user volume of the DoD. Discuss whether these capabilities are offered separately or bundled with additional functionality (e.g. office automation or other services not listed in section 3.0). •4.2.2 Describe your experience with user and data migration (e.g. scale, duration, automation, lessons). If possible, describe the user provisioning and data migration required to transition from DEE 1.0 to a new service based upon your solution. •4.2.3 Please cite one or more examples where your firm's technical solution is being used for an implementation of an electronic mail and calendaring service for at least 500K users (preferably in the Government or highly regulated environment). Include any relationships you have with Commercial Cloud Service Providers (CSPs) for which your email and calendaring solution is configured to provide an enterprise service. •4.2.4 Explain how your solution supports enterprise-level records management and archival capabilities including records retention and management (e.g., implementing National Archives and Records Administration rules). •4.2.5 Describe how your service supports eDiscovery as defined by the Federal Rules of Civil Procedures. •4.2.6 List the clients, browsers, and mobile devices are supported by your solution. Please identify any that support bandwidth limited users. •4.2.7 List and describe any planned future capabilities and services that may be included in your commercial service offering. •4.3 Service Delivery •4.3.1 Describe your deployment model (e.g. commercial cloud hosting, or customer on premise). •4.3.2 Explain whether or how your solution supports cloud or multi-site redundancy and failover. •4.3.3 Describe the typical SLAs that are included in your cloud computing service offerings. Please detail SLAs on the overall service as well as SLAs for the specific customer instances in use. Do you offer the flexibility of negotiated customer-specific SLAs or only fixed offerings. •4.4 Security •4.4.1 List any accreditations (e.g. DoD Provisional Authorization (PA), DoD component Authorization to Operate (ATO), FedRAMP [4], etc.) that your solution has for government or DoD operations. If none are currently in-place, what are your challenges and timelines for obtaining certifications necessary for the DoD (e.g. SRG compliance and the Email Services Policy STIG). •4.4.2 Explain whether or how your solution supports public key infrastructure (PKI) or biometrics for user access and message encryption (e.g. common access cards (CACs) and / or HSPD 12 Cards). •4.4.3 Describe how you would recommend the Government could integrate with the Government enterprise services such as IdAM and the Global Access List (GAL). •4.5 Cost •4.5.1 Please describe the approximate cost to provide a service based upon your technical solution. Identify important assumptions and, if possible, distinguish between non-recurring and recurring costs, as well as user-dependent (costs/user) and user-independent ("fixed") costs. •4.5.2 Please cite any existing contracts or catalogs where your technical solution or service is currently being provided to the government. Response Guidelines Interested parties are requested to respond to this RFI with a white paper. Submissions shall not exceed 15 pages, single spaced, 12-point type with at least one-inch margins on 8 1/2" X 11" page size. The response should not exceed a 5 MB e-mail limit for all items associated with the RFI response. Responses must specifically describe the contractor's capability to meet the requirements outlined in this RFI. Oral communications are not permissible. FedBizOpps will be the sole repository for all information related to this RFI. Companies who wish to respond to this RFI should send responses via email no later than 5:00PM on October 15, 2015 to the Contracting Officer and Contract Specialist cited in the FedBizOpps announcement. Responses should include the following information: •- Primary Point of Contact •- Address •- Telephone Number •- DUNS •- E-mail address for Point of Contact (POC) •- GSA Schedule if applicable •- All contract vehicles this solution is accessible on •- Ensure you reference the RFI # in response As applicable, provide any additional information on services that the company provides along with a brief description of the approach the firm would take in providing the services contemplated in this RFI. Industry Discussions Based on the responses and feedback received from this RFI, DISA representatives may choose to meet with potential offerors and hold one-on-one discussions. Such discussions would only be intended to obtain further clarification of potential capability to meet the requirements, including any development and certification risks. Questions: Questions regarding this announcement shall be submitted in writing by e-mail to the Contracting Officer and Contract Specialist cited in the FedBizOpps announcement. Verbal questions will NOT be accepted. Answers to questions will be posted to FedBizOpps. The Government does not guarantee that questions received after 5:00 PM on October 8, 2015 will be answered. The Government will not reimburse companies for any costs associated with the submissions of their responses. Disclaimer This RFI is not a Request for Proposal (RFP) and is not to be construed as a commitment by the Government to issue a solicitation or ultimately award a contract. Responses will not be considered as proposals nor will any award be made as a result of this synopsis. All information contained in the RFI is preliminary as well as subject to modification and is in no way binding on the Government. Federal Acquisition Regulation (FAR) clause 52.215-3, "Request for Information or Solicitation for Planning Purposes", is incorporated by reference in this RFI. The Government does not intend to pay for information received in response to this RFI. Responders to this invitation are solely responsible for all expenses associated with responding to this RFI. This RFI will be the basis for collecting information on capabilities available. This RFI is issued solely for information and planning purposes. Proprietary information and trade secrets, if any, must be clearly marked on all materials. All information received in this RFI that is marked "Proprietary" will be handled accordingly. Please be advised that all submissions become Government property and will not be returned nor will receipt be confirmed. In accordance with FAR 15.201(e), responses to this RFI are not offers and cannot be accepted by the Government to form a binding contract. [1] http://www.disa.mil/Enterprise-Services/Applications/DoD-Enterprise-Email [2] http://www.archives.gov/cui/registry/category-list.html [3] http://iase.disa.mil/cloud_security/Documents/u-cloud_computing_srg_v1r1_final.pdf [4] https://www.fedramp.gov/files/2015/03/fedrampmemo.pdf
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DISA/D4AD/DTN/RFI-DEE/listing.html)
 
Place of Performance
Address: 6914 Cooper Avenue, Fort Meade, Maryland 20755, United States, Fort Meade, Maryland, 20755, United States
Zip Code: 20755
 
Record
SN03889667-W 20150918/150916235920-24c3ed77b989602e4fb2621733456e3f (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.