Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF JUNE 15, 2017 FBO #5683
AWARD

70 -- FY17 SpiderOak CloudSync SW Maintenance - Brand Name Justification

Notice Date
6/13/2017
 
Notice Type
Award Notice
 
NAICS
541511 — Custom Computer Programming Services
 
Contracting Office
Department of the Navy, Naval Air Systems Command, Naval Air Warfare Center Aircraft Division Pax River, Building 441, 21983 Bundy Road Unit 7, Patuxent River, Maryland, 20670, United States
 
ZIP Code
20670
 
Solicitation Number
N00421-17-C-0039
 
Archive Date
6/23/2017
 
Point of Contact
Kimberly M Wilkins-McClane, Phone: 3017575645, Colleen G Coombs, Phone: (301) 757-9718
 
E-Mail Address
Kimberly.Wilkinsmccl@navy.mil, colleen.coombs@navy.mil
(Kimberly.Wilkinsmccl@navy.mil, colleen.coombs@navy.mil)
 
Small Business Set-Aside
N/A
 
Award Number
N00421-17-C-0039
 
Award Date
6/8/2017
 
Awardee
SpiderOak Inc., 555 Huehl Rd<br />, Northbrook, Illinois 60062, United States
 
Award Amount
$240,800.00
 
Description
Brand Name Justification In performance of this contract, the contractor may have access to Department of Defense (DoD) information. The contractor agrees (a) to use and protect such information from unauthorized disclosure in accordance with DoD Instruction 8582.01: Security of Unclassified DoD Information on Non-DoD Information Systems; (b) to use and disclose such information only for the purpose of performing this contract and to not use or disclose such information for any personal or commercial purpose; (c) to comply with other current Federal and DoD information protection and reporting requirements for specified categories of information (e.g., medical, proprietary, critical program information (CPI), personally identifiable information, export controlled); (d) to obtain permission of the Government Requiring Activity before disclosing/discussing such information with a third party; (e) to return and /or electronically purge, upon Government request, any DoD information no longer required for contractor performance; and (f) to advise the Contracting Officer and/or Contracting Officer's Representative of any unauthorized release of such information. NAVAIR's Cybersecurity Program is a unified approach to protect unclassified, sensitive or classified information, and is established to consolidate and focus efforts in securing that information, including its associated systems and resources. Cybersecurity is required operationally throughout the DON. The DON CIO is responsible for IT within the Navy, as mandated by the Clinger-Cohen Act, and is the lead for departmental compliance with the Federal Information Security Management Act of 2002. All Cybersecurity shall be in compliance with the following listed instructions: a. ASD (NII) Directive-Type Memorandum (DTM) 08-027 - Security of Unclassified DoD Information on Non-DoD Information Systems, 31 July 2009 Source IRM Office UPDATED: July 29, 2014 Page 6 b. Chairman of the Joint Chiefs of Staff Instruction CJCSI 3170.01H (series), Joint Capabilities Integration and Development System, 10 January 2012 c. CJCSI 6211.02D Defense Information System Network (DISN): Policy and Responsibilities, 24 Jan 2012 d. CJCSI 6212.01F Net Ready Key Performance Parameter (NR KPP), 21 March 2012 e. CJCSI 6251.01D Narrowband Satellite Communications Requirements, 30 Nov 2012 f. CJCSI 6510.01F, Information Assurance (IA) and Support to Computer Network Defense (CND), 09 Feb 2011, certified current 10 Oct 2013 g. Chairman of the Joint Chiefs of Staff Manual CJCSM 6510.01B - Incident Handling Program 10 July 2012 h. Chief of Naval Operations/Headquarters, United States Marine Corps CNO N614/HQMC C4 - Navy-Marine Corps Unclassified Trusted Network Protection (UTNProtect) Policy, Version 1.0, 31 October 2002 i. Defense Acquisition Guidebook - Chapter 7, Acquiring Information Technology, Including National Security Systems, Section 7.5 Information Assurance (IA) j. DoD 5220.22-M, National Industrial Security Program Operating Manual, February 28, 2006 (NISPOM) k. DoD 8570.01-M, Information Assurance Workforce Improvement Program, 19 Dec 2005 (Incorporating Change 3, 24 Jan 2012) l. DoDD 8000.01 Management of the Department of Defense Information Enterprise, 10 February 2009 m. DoDD 8100.02, Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense (DoD) Global Information Grid (GIG), 14 April 2004, Certified Current as of 23 April 2007 n. DoDD 8570.01 Information Assurance Training, Certification, and Workforce Management, 15 August 2004, Certified Current as of 23 April 2007 o. DoDI 4630.8, Procedures for Interoperability and Supportability of Information Technology (IT) and National Security Systems (NSS), 30 June 2004 p. DoDI 8500.1, Cybersecurity, 14 March 2014 Source IRM Office UPDATED: July 29, 2014 Page 7 q. DoDI 8510.01, Risk Management Framework (RMF) for DoD Information Technology (IT), 12 March 2014 r. DoDI 8520.2, Public Key Infrastructure (PKI) and Public Key (PK) Enabling, 01 April 2004 s. DoDI 8551.1, Ports, Protocols, and Services Management (PPSM), 13 August 2004 t. DoDI 8580.1, Information Assurance in the Defense Acquisition System, 9 July 2004 u. DoDI 8581.01, Information Assurance (IA) Policy for Space Systems Used by the Department of Defense, 8 June 2010 v. DON CIO Memo 02-10, Department of the Navy Chief Information Officer Memorandum 02-10 Information Assurance Policy Update for Platform Information Technology, 26 April 2010 w. DON letter 5239 NAVAIR 726/2322 of 18 Feb 09, NAVAIR Data at Rest Policy x. Federal Information Processing Standards Publications (FIPS PUB) http://www.nist.gov/itl/fips.cfm y. National Security Telecommunications and Information Systems Security Policy NSTISSP No. 11, Revised Fact Sheet National Information Assurance Acquisition Policy, July 2003. aa. Office of the Chief of Naval Operations OPNAV INST 5239.1C, Navy Information Assurance (IA) Program, 20 Aug 08 bb. SECNAV M-5239.1, Department of the Navy Information Assurance Program; Information Assurance Manual, November 2005 cc. SECNAVINST 5230.15, Information Management/Information Technology Policy for Fielding of Commercial Off the Shelf Software, 10 April 2009 dd. SECNAVINST 5239.3B, Department of the Navy Information Assurance Policy, 17 June 2009 ee. SECNAVINST 5239.19, Department of the Navy Computer Network Incident Response and Reporting Requirements, 18 March 2008 ff. The National Security Act of 1947 Source IRM Office UPDATED: July 29, 2014 Page 8 gg. Title 40/Clinger-Cohen Act hh. Title 44/ Federal Information Security Management Act Approved contractor-owned equip m ent shall be per m itted connections to NAV A IR/DoD Networks in order to carry out the perfo r m ance of this contr a ct. All C ontr a ctor-owned hardw a re and/or software shall m eet DoDI 8500.1. Cybersecurity, is subject to validation scanning and m ust be approved by the NAVA I R site IA Manager prior to connection. Contractor Furnished Equipment (CFE) employed for remote access to a Government network must meet or exceed equivalent Government Furnished Equipment (GFE) cyber security computing requirements. The contractor shall ensure that all CFE (hardware and software) employed to access these environments meet the following minimum Government cyber security requirements and provide periodic certification of compliance as a pre-requisite to being granted network access. •(1) Use of personally owned systems is prohibited; •(2) Operating systems and applications must be configured for compliance with the applicable Security Technical Implementation Guides (STIGs); •(3) DoD approved anti-virus and anti-spyware software must be installed and signatures must be configured to automatically update on a daily basis; •(4) DoD approved host-level firewall must be utilized and configured to permit traffic by exception only, dropping all other traffic. If the host-level firewall provides intrusion detection or prevention, the signatures or rules must be updated at the same intervals as the anti-virus software; •(5) Computers must be Information Assurance Vulnerability Management (IAVM) compliant; •(6) Computers must be scanned with the currently approved DoD scanner solution at a minimum of every 30 days. All vulnerabilities must be remediated and reported to the cognizant Information Assurance Manager; •(7) Contractor employees must possess a current Government issued Common Access Card (CAC) and install Government certified CAC readers; and •(8) Verification of compliance with these requirements must be provided to an appointed government representative on a monthly basis. The following specific criteria m u st be m et bef o re the contractor can be connected to any DoD or NAVAIR network in support of this contract. Require m ents include: Network Vulnerability S canning. NAVAIR De p uty CIO for Info r m ation Assurance m aintains a u thorized au d iting tools a nd shall p r o vide f or f i r e wall/p o r t s c ans, devi c e discovery scan, vulnerability assessment, and other require m ents as required to ensure secure int e r operability with DoD networks. T h e contract o r shall b e res p onsible for the re m ediation of any equip m ent that fails these audits pri o r to t h e connection of the system t o the networks; Results of approvals shall be docu m ented via Me m o randum of Agree m ent with the Fa c ility Secu r i ty o f f i cer and the De f e nse Security Service Re pr e s entative for that co n t ractor; Extent of Validation Scanning. T o prevent scanning of corporate assets, all such networks, equip m ent and connections sh a ll be physically segregated from a ny govern m ent/contractor corpora t e networks that are not in direct support of DoD contracts; Circuit P rovisioning. Any circuit or connecti o n bet w een NAVAIR and / or DoD site and the contractor s i te shall be provisioned via the De f ense in f or m ation Security Agency and co m ply with C J CSI 6211.02D, De f ense Info r m ation System Network (DISN): Policy and Responsibilities, 24 Jan 2012. Servicing Syste m s from a R e m o t e Contractor Site. Re m o t e Access Service connections that allow off-station operation and/or ad m i nistration of contractor owned syste m s, lo c ated a t a n y NAVAIR f acility o r s i te, shall n o t b e per m itted, w ith t h e e x c eption of those sy s t e m s connecting to the C o mmand via the Outreach Services identified in Section 6, E nterprise Architecture; Me m orandum of Agree m ent and Inter-conn e ction Agre e m ents. A Cybersecurity Me m orandum of Agree m ent (MO A ) between the contractor owning the equip m ent and AIR-7.2.6 shall be develop e d and signed before the equip m ent can be connected to NAVA I R network s. Failure to co m p ly with the signed MOA shall be grounds for disconnection from the network. Information Technology Security The DON Automated Data Processing (ADP) Security Program outlined in SECNAVINST 5239.3A, 'DON Information Assurance Policy' and SECNAV M-5239.1, 'DON Information Assurance Manual,' applies to efforts under this task order. Contractor personnel providing services under this task order shall comply with all federal, DOD, and DON IA policies. The Contractor shall comply with SECNAVINST5510.30B and SECNAV M-5510.30 to assure that the proper investigation (SSBI) is conducted for those contractor personnel that require IT Level 1 access. The Contractor shall coordinate with the TPOC to identify applicable positions. System Authorization Access Request (SAAR) The Contractor shall submit a Systems Authorization Access Request (SAAR-N) Form (OPNAV 5239/14 Sep 2011 or latest version thereof) for each contractor employee tasked under this task order that requires access to Government IT systems in accordance with NAVAIR Clause 5252.204-9505. The Contractor shall submit Privileged Access Authorization forms and System Administration letters as dictated in the policies mentioned within this paragraph and any follow-on policies released. DOD Directive 8570.01-M Information Assurance Workforce Improvement Program DOD Directive 8570.01-M provides guidance for the identification and categorization of positions and certification of personnel conducting IA functions within the DOD Workforce supporting the DOD Global Information Grid (GIG) per DOD Instruction 8500.2 (Reference (b)). The DOD IA Workforce includes, but is not limited to, all individuals performing any of the IA functions described in Directive 8570.01-M. All contractor personnel performing under this contract must comply with DOD Directive 8570.01-M, where applicable, and any training required to comply with this directive is at the expense of the Contractor. The TPOC will assign the appropriate certification category based on the duties and responsibilities being performed, relative to the current published DOD 8570 Manual. Upon subsequent release of DODI 8140.01, the contractor shall adhere to updated guidance on cyber security workforce qualifications and comply with all the necessary submission of paperwork and submission for access approval.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DON/NAVAIR/N00421/Awards/N00421-17-C-0039.html)
 
Record
SN04543182-W 20170615/170613235257-533d83ec188cc09d3d6bfd6900747f59 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.