Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF DECEMBER 18, 2015 FBO #5138
SOURCES SOUGHT

D -- NIST Cybersecurity Research, Development and Implementation - AMDTC-16-0004 Cybersecurity Research Development and Implementation Sources Sought Notice_2015-12-16.docx

Notice Date
12/16/2015
 
Notice Type
Sources Sought
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
Department of Commerce, National Institute of Standards and Technology (NIST), Acquisition Management Division, 100 Bureau Drive, Building 301, Room B130, Gaithersburg, Maryland, 20899-1410, United States
 
ZIP Code
20899-1410
 
Solicitation Number
AMDTC-16-0004
 
Point of Contact
Chantel Adams, Phone: (301) 975-6338, Keith Bubar, Phone: (301) 975-8329
 
E-Mail Address
chantel.adams@nist.gov, keith.bubar@nist.gov
(chantel.adams@nist.gov, keith.bubar@nist.gov)
 
Small Business Set-Aside
Total Small Business
 
Description
AMDTC-16-0004 Cybersecurity Research Development and Implementation Sources Sought Notice_2015-12-16 his is a Sources Sought Notice ONLY. Requests for copies of a solicitation will not receive a response. This Notice is for planning purposes only and is not a Request for Proposal or Request for Quotation or an obligation on the part of the National Institute of Standards and Technology (NIST) for conducting a follow-on acquisition. NIST does not intend to award a contract on the basis of this Notice, or otherwise pay for the information requested. No entitlement or payment of direct or indirect costs or charges by NIST will arise as a result of submission of responses to this Notice and NIST use of such information. NIST recognizes that proprietary components, interfaces and equipment, and clearly mark restricted or proprietary components, interfaces and equipment, and clearly mark restricted or proprietary data and present it as an addendum to the non-restricted/non-proprietary information. In the absence of such identification, NIST will assume to have unlimited rights to all technical data in the information paper. NO SOLICITATION DOCUMENTS EXIST AT THIS TIME. Section I - Synopsis: The National Institute of Standards and Technology (NIST) Information Technology Laboratory's (ITL) Computer Security Division is seeking to identify sources with the capabilities to assist the Division in accomplishing its core mission of providing standards, technology, tools, and practices to protect our nation's information and information systems. Description of Requirement: Contractor support in the following general task areas and Contractor technical and scientific expertise and assistance are anticipated to be needed in the near future to assist the NIST Computer Security Division in meeting its mission. General Task Areas: 1. Provide technical inputs into, and support the development of, Standards, Guidelines, NIST Interagency Reports (NISTIRs), Models, Measures, Derived Test Requirements (DTRs), and Standard Reference Material(s) for topic areas including, but not limited to: a. Applied Cybersecurity (for example, Cyber-Physical Systems, Public Safety Communications, Health Information Technology, Electronic Voting, Critical Infrastructure, and Federal Agency Cybersecurity) b. Information and Communications Technology Supply Chain Risk Management c. Cybersecurity Awareness, Training, Education, and Workforce Development d. Cryptographic Standards, and Techniques for Emerging Applications e. Validation Programs (for example, cryptographic modules, security content automation protocols) f. Identity, Access, and Privilege Management g. Cloud Computing and Virtualization h. Mobile Security i. Network and Internet Security j. Advanced Security Testing, Measurement, and Reference Data (for example, security content automation, incident handling, vulnerability management, and information sharing) k. Technical Security Metrics (for example, roots of trust, combinatorial testing, attack graphs) l. Organizational and System Risk Assessment and Management m. Software and application development, and application modeling n. Privacy engineering and risk management 2. Development work to be conducted in the following areas: a. Automated testing and reference implementations a. Generation of STIX-expressed indicators from cyber forensic analysis tools b. Generation of SCAP-expressed content from automated indicators b. Policy Machine demonstrations and reference implementations c. Proof of concept of various PIV and derived credential implementations d. Crypto Validation Program (CVP) resolve automation system software development 3. Research work to be conducted in the following areas: a. Cyber-Physical Systems, Public Safety Communications, Health Information Technology, Electronic Voting, Critical Infrastructure, and Federal Agency Cybersecurity practices b. Information and Communications Technology Supply Chain Risk Management c. Cybersecurity Awareness, Training, Education, and Workforce Development d. Cryptographic Research, and Techniques for Emerging Applications e. Validation Programs (for example, cryptographic modules, security content automation protocols) f. Identity, Access, and Privilege Management g. Cloud Computing and Virtualization h. Mobile Security i. Network and Internet Security j. Advanced Security Testing, Measurement, and Reference Data (for example, security content automation, incident handling, vulnerability management, and information sharing) k. Technical Security Metrics (for example, roots of trust, combinatorial testing, attack graphs) l. Organizational and System Risk Assessment and Management m. Software and application development, and application modeling n. Privacy engineering and risk management 4. Support development and implementation of processes and mechanisms to enable effective outreach and communications with collaborators and stakeholders across the cybersecurity landscape, including industry, academia, standards organizations, and governments. Processes and mechanisms may include, but are not limited to: a. Planning and supporting workshops, conferences, webinars, and meetings; b. Facilitating discussions and consensus-making; c. Supporting use of communications tools including social media and innovative publishing methods; d. Creating and/or managing a web environment and web content; e. Testing web usability and efficacy; f. Preparing lessons learned from previous outreach work; g. Developing an economic and social impact evaluation of the state pilots funded under the NSTIC State Pilots Cooperative Agreement Program; h. Developing use cases and tools to enable implementation of the privacy risk management framework; and i. Supporting the preparation, analysis, and adjudication of Requests for Information and other public comment responses. 5. Program operations and analysis work to be conducted in the following areas: a. NVD analysis b. SCAP analysis c. CMVP analysis d. CAVP analysis e. SCAP support to labs and vendors f. CVP support to labs and vendors It is anticipated that the contractor will be required to have background, experience, and skills in the following: a. Access control - physical and logical b. Applied cryptography - particularly with a background in entropy and key management c. Assessment and authorization d. Attribute Exchange e. Biometrics f. Cloud-service models that can be used to influence cloud-oriented security automation approaches g. Cyber forensics and incident response h. Database architect and programmer i. DevOps development approaches j. Evaluation of economic impact of key technologies and policies k. Existing security automation approaches (e.g., SCAP, OVAL) l. Facilitation of working sessions within meetings/conferences/workshops m. Identity credentialing and management, and access management n. Information sharing (trust, data transport, data bindings, data models, XML, and general knowledge management practices) o. International standards supporting software inventory, vulnerability, and configuration management to include NETCONF, YANG, SNMP, and SWID p. Java programming q. Managing configurations and vulnerabilities in operational technology settings (e.g., power distribution, manufacturing, medical devices) r. Mobile device security, including management solutions to influence mobile application of security automation approaches s. Network protocol design and implementation t. Privacy engineering u. Product testing v. SCAP validation program report reviewing w. Security Content Automation Program (SCAP) content authoring x. Smart cards y. Software development - multiple types including Java, C#,.NET, Javascript z. Software testers familiar with software testing methodology with ability to assist in writing use cases, writing test plans, and developing automated regressions - Familiar with SCAP, XML, JSON, and other data modeling techniques aa. System integration bb. Technical writing - particularly with a background in cybersecurity, security automation, documentation, etc. cc. Testing and test procedures dd. Trust frameworks ee. Use of XML-based technologies (e.g., XPath, XQuery) and JSON-based approaches ========== NIST is seeking responses from all responsible small business concerns (SB, SDB, VOSB, SDVOSB, WOSB, EDWOSB, 8(a), HUBZone). The small business size standard associated with the NAICS code for this effort, 541519- Other Computer Related Services, is $27.5 Million. Please include your company's size classification and socio-economic status in any response to this notice. Section II - Response Instructions: After results of this market research are obtained and analyzed, NIST may conduct a competitive procurement and subsequently award a contract. Companies that can provide such services are requested to email a written response describing their abilities to chantel.adams@nist.gov and keith.bubar@nist.gov no later than the response date for this sources sought notice. Interested parties shall describe the capabilities of their organization as it relates to the services described above. The following information is requested to be provided as part of the response to this sources sought notice: 1. Name, Address, DUNS number, CAGE code, and point of contact information of your company. 2. Any information on the company's small business certifications, if applicable. 3. Description of your company's capabilities as they relate to the services and personnel qualifications described in this notice. 4. A description of your company's previous experience providing the services described in this notice. 5. Indication of whether the services described in this notice are currently on one or more GSA Federal Supply Schedule (FSS) contracts or Government-wide Acquisition Contracts (GWACs) and, if so, the applicable contract number(s). 6. Any other relevant information that is not listed above which the Government should consider in finalizing its market research. Responses are limited to a total of twelve (12) pages. The responses must be in MS Word format. Pages shall be 8½-inch x 11-inch, using Times New Roman 11 Point Font. Each page shall have adequate margins on each side (at least one inch) of the page. Header/footer information (which does not include any information to be analyzed) may be included in the 1" margin space. Please send responses via email to chantel.adams@nist.gov and Keith.bubar@nist.gov.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DOC/NIST/AcAsD/AMDTC-16-0004/listing.html)
 
Place of Performance
Address: 100 Bureau Drive, Gaithersburg, Maryland, 20899, United States
Zip Code: 20899
 
Record
SN03970859-W 20151218/151216234230-46bfde5905e1ccd02242177260c03939 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.