Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF MAY 20, 2017 FBO #5657
MODIFICATION

D -- SSP application systems security assessment and vulnerability mitigation

Notice Date
5/18/2017
 
Notice Type
Modification/Amendment
 
NAICS
541512 — Computer Systems Design Services
 
Contracting Office
Strategic Systems Programs, 1250 10th Street, SE, Suite 3600, Washington, DC, District of Columbia, 20374-5127, United States
 
ZIP Code
20374-5127
 
Solicitation Number
18-Q-0003
 
Archive Date
5/25/2017
 
Point of Contact
Lucas M. Medlock, Phone: 2024338403
 
E-Mail Address
lucas.medlock@ssp.navy.mil
(lucas.medlock@ssp.navy.mil)
 
Small Business Set-Aside
Woman Owned Small Business
 
Description
SOURCES SOUGHT NOTICE "MARKET RESEARCH" N00030-18-Q-0003 This is a SOURCES SOUGHT notice. This notice is NOT a Request for Proposal (RFP). No solicitation exists at this time. The Strategic Systems Programs (SSP) seeks a Firm-Fixed-Price (FFP-LOE) type contract with a Certified Women Owned Small Business (WOSB) for subject matter expertise regarding the SSP application systems security assessment and vulnerability mitigation. The applicable NAICS codes for this requirement is 541511- Custom Computer Programming Services or 541512 - Computer Systems Design Services. The Small Business Administration (SBA) has determined both NAICS codes have been determined that WOSB concerns are substantially underrepresented in Federal procurement, as specified on the SBA's Web site at http://www.sba.gov/WOSB and as further defined in FAR Subpart 19.15 - Women-Owned Small Business Program. Therefore, SSP is hereby requesting only qualifying WOSBs (including Economically Disadvantaged Women-Owned Small Business (EDWOSB) concerns) respond to the following market research tool for the collection and analyses of information to determine WOSB/EDWOSB's capability to provide the Security Assessment and Vulnerability Mitigation Service Requirement based on the description of the requirement provided below. PURPOSE OF NOTICE: The Sources Sought is being used as a Market Research tool to determine potential sources prior to determining the method of acquisition and issuance of a possible RFP. The Government is not obligated and will not pay for any information received from potential sources as a result of this notice. We are only requesting capability statements from potential contractors at this time. Responders should indicate which portions of their response are proprietary and should mark them accordingly. Failure to provide a response does not preclude participation in any possible future competitive RFP for which a business is eligible to participate in, if any is issued. It is the responsibility of the interested businesses to monitor the FEDBIZOPS website for additional information pertaining to any potential acquisition and provide security clearances, if necessary, to perform the statement of work (SOW). REQUIREMENT: The Strategic Systems Programs (SSP) Chief Information Officer (SPCIO) is seeking responsible, single, integrated vendor sources to support all actions associated with maintaining mission assurance and providing security vulnerability mitigation for five SSP Application systems. Potential sources must possess an understanding of the architecture and have experience with the technologies used for the five SSP specific application systems listed below: 1) SSP Enterprise Archives Service (SEAS) application - SEAS is SSP's web based records management system utilizing networked document scanners. It allows the SPHQ and PMO offices to archive both paper and electronic financial records and official correspondence. SEAS was developed using Java, Apache Struts/Tiles framework, JSP technology and Oracle Database. 2) Contract Action Tracking System Web (CATS Web) application -CATS Web is the Contract Branch Action Tracking System. This system allows SSP's contracting branch to document and track their action routing process and validate required contract artifacts for each procurement. The new CATS Web architecture includes Java, STRUTS and J2EE components as well as Oracle database. 3) HEAT trouble ticketing system - HEAT Software is a COTS product and is used for the management of SSP's IT helpdesk tickets. HEAT was customized to work with SSP's business processes. It uses Microsoft SQL Server and Heat's administration suite of tools. This application is used by the SPHQ Helpdesk as well as the SSP Program Management Offices. 4) SSP Logistics Planning System - The Logistics Planning application is primarily used to gather raw data for the production and publication of SSP's annual budget/planning document. This application is used by SSP to plan for their current and future program resource allocations. The application was converted from a standalone PowerBuilder system to a web based application currently operational on the Navy's classified network. SSP's web based Logistics Planning System was developed using Java Framework and Oracle database. 5) Quality and Reliability Information Management System (QRIMS) - QRIMS is a report processing application hosted at SSP and sponsored by the SSP Navigation branch for use by external contractors to track trouble and failure reports, corrective action reports as well as trouble failure repair and return reports and preventative maintenance action reports. QRIMS was developed using Struts 2 MVC framework and Oracle database. The security management of these applications shall require detailed knowledge and a thorough understanding of the SSP information systems' business, data, applications and technical architecture. The contactor must provide subject matter expertise for the above application systems in the following areas: 1. Transitioning of applications from the DIACAP Certification and Accreditation Process to the DoD Risk Management Framework (RMF) 2. Information Security assessments, mitigation and control monitoring 3. Application development framework 4. Library dependency End-of-Life management 5. Vulnerability monitoring and mitigation 6. Security Penetration testing and remediation 7. Structured security patch management 8. Application unit testing, integration testing, and automated code review testing 9. Re-factoring and patching of source code, unit tests and integration tests 10. Database schema design and configuration changes 11. Application release and deployment management 12. System audit logs analysis 13. Port and Protocol management 14. Maintaining application configuration management data in accordance with the Software Configuration Management Plan for SSP Enterprise Applications The above application security management actions require detailed knowledge and experience using specific technologies, interfaces, development and scripting languages, Software Development Life-Cycle (SDLC) processes and tools. The contractor shall have experience and maintain skills proficiency in the key subject areas required to perform the security management actions, which include: 1) OpenText Livelink application Programming Interface (API) 2) Hewlett Packard Digital Sender workflow programming 3) HEAT trouble ticketing system database configuration and administration 4) Business Process definition and analysis using BPMN 2.0 5) Fusion Charts reports (using XML, HTML5 and JavaScript) 6) DoD Records Management application design standards 7) Development languages & interfaces: Java, Apache Struts, Apache Tiles, PL/SQL, iText, XML, HTML5, JavaScript, CSS, SVG, UML, LDAP, SMTP 8) SDLC Tools: PortsWigger Burp Suite, Enterprise Architect UML, Eclipse IDE, JIRA Issue & Project Tracking, Subversion Revision Control, Unit Test, Code overage, automated Code Review 9) DoD Information Assurance Certification and Accreditation Processes (DIACAP) and DoD Risk Management Framework (RMF) 10) Public Key Infrastructure (PKI) 11) XML Digital Signature Programming 12) Common Access Card (CAC) authentication 13) Cryptography protocols and their usage 14) Security threat modeling and mitigation strategies 15) HTTPS Web session monitoring Potential contractor must possess a complete understanding of SSP's information systems environment and must have demonstrated knowledge and experience working with the Navy accreditation processes for the SPCIO's application systems. Potential contractor's proposed staff must be fully DOD 8570 compliant and have a complete understanding of DISA Security Technical Implementation Guidelines (STIG) and Security Requirements Guides (SRG) for hardware, software, and applications. PERIOD OF PERFORMANCE: The current proposed period of performance is estimated to be one base year plus four (4) option years. RESPONSE DEADLINE: Interested sources shall submit a capability package by COB February 6, 2017 (10 pages or less) containing: 1) company name and address, 2) company point of contact, 3) email address, 4) phone number, 5) specifics addressing the work listed above including a current list of related past performance within the past 5 years. Proposed contractor must have a Secret Facility clearance. Electronic responses are acceptable if prepared in Microsoft 2007 compatible format. Email electronic responses to Lucas Medlock (email:lucas.medlock@ssp.navy.mil) and Bina Russell (email: bina.russell@ssp.navy.mil) with "Sources Sought" in the subject line of the email. Primary Point of Contact: Contract Specialist Lucas Medlock lucas.medlock@ssp.navy.mil Alternate Point of Contact: Contract Specialist Bina Russell Bina.russell@ssp.navy.mil Added: <input type="hidden" name="dnf_class_values[procurement_notice][description][1][added_on]" value="2017-02-06 06:36:49">Feb 06, 2017 6:36 am Modified: <input type="hidden" name="dnf_class_values[procurement_notice][description][1][modified_on]" value="2017-05-18 12:37:47">May 18, 2017 12:37 pm Track Changes RESPONSE DEADLINE EXTENSION: Interested sources shall submit a capability package by COB February 9, 2017 Additional NAICS code of 541512 - Computer Systems Design Services added to this Sources Sought Market research and a new deadline to respond by COB 24 May.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DON/SSP/SSP/18-Q-0003/listing.html)
 
Place of Performance
Address: Place of Performance:, At the SSP Headquarters Building 200 Suite 3900 at Washington Navy Yard, DC United States, Contracting Office Address: Strategic Systems Programs 1250 10th Street, SE, Suite 3600, Washington, DC, District of Columbia 20374-5127 United States, Washington, District of Columbia, 20374, United States
Zip Code: 20374
 
Record
SN04514353-W 20170520/170519000216-7dff904aeb5d01c96708894595d860bd (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  © 1994-2020, Loren Data Corp.