Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF SEPTEMBER 01, 2017 FBO #5761
SOURCES SOUGHT

D -- Government Off The Shelf (GOTS) Certification, Commercial Security for Classified (CSfC), and Cyber Electromagnetic Activities (CEMA) Needs and Technical Administrative and Operation Support Services - GOTS RFI

Notice Date
8/30/2017
 
Notice Type
Sources Sought
 
NAICS
541712 — Research and Development in the Physical, Engineering, and Life Sciences (except Biotechnology)
 
Contracting Office
Department of the Army, Army Contracting Command, ACC - APG (W56KGU) Division A, 6001 COMBAT DRIVE, Aberdeen Proving Ground, Maryland, 21005-1846, United States
 
ZIP Code
21005-1846
 
Solicitation Number
W56KGU-17-R-0830
 
Point of Contact
Melissa A. Bettinger, , David A. Greaves,
 
E-Mail Address
melissa.a.bettinger.civ@mail.mil, david.a.greaves4.civ@mail.mil
(melissa.a.bettinger.civ@mail.mil, david.a.greaves4.civ@mail.mil)
 
Small Business Set-Aside
N/A
 
Description
Request for Information and Questionaire THIS IS A REQUEST FOR INFORMATION (RFI) ONLY. This RFI is issued solely for information and planning purposes - it does not constitute a Request for Proposal (RFP) or a promise to issue an RFP in the future. This request for information does not commit the Government to contract for any supply or service whatsoever. Further, the Army is not at this time seeking proposals and will not accept unsolicited proposals. Responders are advised that the U.S. Government will not pay for any information or administrative costs incurred in response to this RFI; all costs associated with responding to this RFI will be solely at the interested party's expense. Not responding to this RFI does not preclude participation in any future RFP, if any is issued. If a solicitation is released, it will be synopsized on the Federal Business Opportunities (FedBizOpps) website. It is the responsibility of the potential Offerors to monitor these sites for additional information pertaining to this requirement. The U.S. Army Contracting Command-Aberdeen Proving Ground (ACC-APG), Aberdeen Proving Ground, MD 21005, on behalf of the Communications Electronics Research and Development Engineering Center (CERDEC), Space and Terrestrial Communications Directorate (S&TCD), Cyber Security and Information Assurance (CSIA) Division, is conducting a market survey to identify potential business sources for the procurement of Government Off The Shelf (GOTS) Certification, Commercial Security for Classified (CSfC), and Cyber Electromagnetic Activities (CEMA) Needs and Technical Administrative and Operation Support Services. Scope of Support - Overview The Communications-Electronics Research, Development and Engineering Center (CERDEC) Cyber Security and Information Assurance (CSIA) Division requires sophisticated, deep-level Information Assurance (IA) engineering expertise and knowledge in order to support the evaluation and development of new cryptographic solutions under the CERDEC-National Security Agency (NSA) Memorandum of Agreement (MOA) covering CERDEC's Government Off The Shelf (GOTS) Certification Support activity, and the NSA's appointment of CERDEC as a Commercial Security for Classified (CSfC) Trusted Integrator (TI). To fully support these activities in accordance with NSA agreements, requirements and policies that require CERDEC to have access to subject matter experts (SMEs) that span a variety of NSA-specific technical subjects (including NSA certification requirements and internal processes; NSA Cryptographic Modernization, Key Management Infrastructure(KMI), Army Contracting Command (ACC) requirements, strategy, and transition/fielding support; and NSA Capability Packages (CPs) and CSfC solution requirements and registration processes expertise; et.al.), as well as every part of the full product lifecycle (from requirements tailoring, to security verification testing, fielding, and maintenance support). CERDEC must retain the expertise and deep knowledge in all of these areas in order to meet the NSA's requirements and to provide low-risk continuity of technical support to ongoing certification efforts and CSfC projects in accordance with CERDEC's responsibilities as governed by the Memorandum of Agreement between the National Security Agency/Central Security Service (NSA/CSS) Information Assurance Capabilities Development (Y2D2) and the United States Army CERDEC Concerning the Evaluation Service Lab (ESL) Certification Support Program, 18 August 2016, and the (U//FOUO) Memorandum Of Understanding (MOU) Between The NSA/CSS Encryption Solutions (Y2D2) And The United States Army CERDEC Concerning The ESL Certification Support Program, dated 7 March 2017. Current Support Background CERDEC contractor currently is supporting the NSA with GOTS Certification and CSfC Trusted Integrator expertise through the Technical Administrative and Operation Support Services (TAOSS) Contract, Task Order KY05 (National Security Agency (NSA) Government Off The Shelf (GOTS) Certification and Commercial Solutions for Classified (CSfC) Support for the U.S. Army Communications Electronics Research Development Command (CERDEC), Space and Terrestrial Communications Directorate (S&TCD) Cyber Security & Information Assurance (CSIA) Division). GOTS Request for Support CERDEC is currently required to deliver the needed certification expertise for the KGV-80H and AN/PRC-158. NSA and its customers have committed an additional 12 programs for CERDEC to provide certification support over the next 2-6 months, with several more in discussion as future efforts. Most of these programs have 2-3 year total execution timelines, which with the delayed startup means that they will require support into the 2020-2021 timeframe. Support for these certification projects require continuous and stable application of the unique, niche knowledge and NSA-expertise throughout these projects' certification support timeframes in order to be successful. The need to fulfill CERDEC's responsibilities to NSA under the MOU and MOA over the duration of these certification projects' timelines presents an unusual and compelling urgency to ensure that CERDEC retains access to the contractor's unique knowledge, experience, and capabilities through the projected 2021 end date for this initial group of certification projects. To be successful in performing the GOTS Certification and CSfC work, CSIA's activities must be conducted in accordance with NSA's established processes and requirements. Success can only be achieved if a stable CERDEC team consistently delivers the following over the entire certification projects' lifecycle: • A corps of experienced NSA certification practitioners who have 5+ years or more of experience and relationships with Vendor development teams, NSA IA Certification Managers (IACMs), and NSA's cross-matrixed NSA Software, Hardware, and Systems Certification Evaluators. • Personnel with demonstrated ability navigate the complex and often confusing or conflicting NSA certification process gained through at least 5+ years of close support working with product Vendors and NSA on secure development, oversight, and certification evaluation work. • Personnel with NSA certification experience that span across the entire lifecycle of a cryptographic device, from the development of IA requirements through to certification support and fielding/maintenance support (e.g., changes/updates to certified products and baselines via the NSA's Engineering Change Proposal (ECP) process). Requirements - Some of the specific certification-relevant demonstrated expertise CERDEC should have access to as a minimum on its GOTS Certification Team include: o TS/SCI Security Clearances. o Senior technical leadership that have 20 or more years of experience with NSA certification processes, certification requirements, and a track record of successfully supporting NSA Type 1 certification of at least 15 or more GOTS COMSEC devices. o Personnel having direct experience tailoring 10 or more IASRD and TSRD documents for NSA certification security requirements for a specific evaluated product. o Staff experienced with obtaining NSA-internal CMI and CACMB approvals and registrations of security requirements and proposed algorithms o A team with staff with 5 or more years' experience with reviewing NSA-specific certification Contract Data Requirement Lists (CDRLs) (e.g., SED, WSSR, SVPP, SPLER, etc.) o Staff with at least 10+ years of Key Management experience, including 1) assisting Vendors developing KCMA and KCMP (or KMPs) and Key Specifications; 2) reviewing KCMPs (KMPs) for NSA approval; 3) directly working with NSA Central Facility engineers to create test and production key materials for new solutions o Staff experienced with providing security guidance, derived security requirements, and requirements review and feedback to vendors on 5 or more certification-track products. o Experienced team with at least 10 years of providing software security assurance evaluations as defined by NSA and in accordance with their analysis processes and reporting requirements, including performing software security code analysis using tools such as Understand, HDL Designer, Klocwork, et.al., and associated analysis scripts. Experience performing manual review of each of the findings from the tools according to NSA priorities and concerns is also a needed demonstrated expertise in order to reduce number of false positives and false negatives to a manageable level. o Team with 5 or more years' experience with working with NSA evaluators in the key areas of Memory Management (e.g., buffer overflows, memory leaks), Input validation, Error Management, Unused or unreferenced source code, Complexity, and Logic errors o Personnel experienced with review and traceability of source and derived requirements (or, analysis if against a pre-existing design) to ensure testability and final evaluation as development proceeds o Team with 10 or more years' Security Evaluation experience, including review of Security Evaluation Documents (SED, including review of Theory of Compliance, Theory of Design and Operation, Covert Channel Analysis, Fail-Safe Design Assurance (FSDA) review, and Unallowable Events List (UEL) review), Cryptographic Verification (CV) and Security Verification Test (SVT) Plans, Procedures, and Reports, including the witnessing of SVT events. o Experienced staff that have reviewed 10 or more Engineering Change Plans (ECPs) for NSA to determine re-certification and testing needs o Team leadership by highly experienced personnel with a 10 or more year background of evaluating architectures and implementations against the NSA requirements and having a deep understanding of the rationale behind the IA requirements. o Senior staff with TS/SCI clearances and NSAnet high-side accounts in order to engage NSA SMEs directly on threats, vulnerabilities, concerns, or other certification risks. o Practitioners who have met with the NSA Risk Assessment Panel (RAP) or Technical Review Board (TRB) 3 or more times for certification briefings, to include in-person briefings to the RAP on the NSA-defined technical security points. CEMA and C-STAF Support Requirements Cyber Electromagnetic Activities (CEMA) Scientific Technical Analytic Framework (C-STAF) support continuation is also required as a Low Risk Option to maintain the Domain Knowledge and C-STAF Project Subject Matter Expertise (SME) critically needed by CERDEC. C-STAF Project Execution with the Booz Allen Team provides the lowest risk to execution for continuing the C-STAF Program, and its Scientific Technical Objective (STO) is one of the highest visibility tasks currently under S&TCD's charter. The Booz Allen Team SMEs are providing critical support in the following areas from C-STAF project inception (2015), and continuation of this support is needed to be also maintained without disruption to CERDEC's customers in accordance with the following requirements: • TS/SCI Security Clearances. • Data Collection and Analysis Expertise. Team that has authored multiple BCT Data architecture surveys and C-STAF data analysis strategies, and continues to pursue essential data. Staff with experience performing as a C-STAF primary data analysis SME for 2 or more years. • Staff with multiple years' of U.S. Army Active Duty CEMA Operational Experience, Relationships and Domain Knowledge. With fulltime Senior Army military retired (some 70 years collective active duty Army experience) representatives at the Maneuver COE and Cyber COE, C-STAF; although a CERDEC R&D project, C-STAF is ‘plugged-in' the various cyber/CEMA communities of interest engagement (active duty and contractor relationships) for informing and better understanding war fighter maneuver, C4ISR and CEMA warfighting cyber requirements functions in an operational or Commander's context. Staff with 1 or more years' experience performing as C-STAF primary defensive cyber/CEMA mission operations analysis SME(s). • Staff with 2 or more years' experience serving as a Deputy PM and possessing C-STAF Project Management Domain Knowledge. Serving as a D/PM role to establish project operations, documentation (Schedule, project plans, and deliverables) battle rhythms, relationships and Sharepoint knowledge base to serve out current base contracting option, but more importantly laying the foundation for future C-STAF STO and CERDEC CEMA portfolio projects programs. Our contractor(s) currently perform as C-STAF Dep PM, primary project management SME(s). CSfC Support Requirements CSfC is a groundbreaking NSA concept that allows commercial components to be used in layered solutions to protect classified National Security Systems (NSS) information. As such, CSIA needs system, network, and test engineers with leading-edge knowledge and hands-on experience to develop, document, and deliver successful solution implementations. CERDEC's CSfC engineering support staff must have experience with designing, developing, implementing, testing, and maintaining communication networks within organizations and between organizations, and must be able to work closely and synergistically with client organization staff to deliver successful and sustainable CSfC solutions. The CSfC team must also have the relationships, and familiarity, with NSA and its National evaluation and approval authorities. This familiarity and relationships is useful in helping CMB's CSfC customers and their Approving Official navigate the often confusing NSA approval processes, as well as to have the relationships to help shape the NSA's direction to reflect Army concerns and needs. The goal is to ensure the integrity and confidentiality of high assurance network infrastructure in order to provide maximum performance to users in the strategic and tactical environments. Requirements - CSfC SME's providing CERDEC CMB and their customers with expertise in critical requirements areas: • TS/SCI Security Clearances. • 2 or more years understanding the CSfC process life cycle and the roles and responsibilities of the NSA, Trusted Integrator, and Customer. • 2 or more years' experience designing, developing, implementing, and maintaining CSfC solutions (via available Capability Packages). • A team with whose firm includes staff and experience from being one of the original CSfC Trusted Integrators and having over 12 registered CSfC solutions with NSA. • A team with 2 or more years' experience demonstrating and implementing and configuring products on the CSfC Components List, including, but not limited to: o IPSec Gateway Vendors - Aruba, Cisco, and Juniper. o WLAN Access Systems Vendors - Aruba o Certificate Authority Vendor - Microsoft and ISC CertAgent o IPSec VPN Client Vendor - Aruba, Cisco, Microsoft. o Mobile Platform Vendors - Samsung Customers require full time CSfC support. Some of the time sensitive engagements include: • Large scale deployments, specifically the installation of CSfC Mobile Access Solution to address a critical and immediate Protected Distribution System (PDS) issue across the APG campus that must be resolved over the next year. This solution is expected to expand to multiple follow-on CSfC solutions over the next 2 years, including CSfC solutions that will allow for secure wireless SIPR and Data-at-Rest (DAR). Furthermore, as a pilot implementation for the Army, the APG CSfC solution set is expected to be also rolled out to other Army Posts, Camps, and Stations over the next few years. • Becoming the official TI for all of PM WIN-T's multiple CSfC registrations, which includes registration of five CSfC solutions over the next 2-3 years. • Multiple customers that require DAR CSfC Solutions that range from 10 to 1000 users, and whose registrations and follow-on re-registrations will occur over the next 2-3 years. • Research and development areas of CSfC that include developing small form fit factor solutions, and new capabilities like CSfC Radio and CSfC Mesh. This will require working with NSA over the next year to establish a prototype system for review, development of a new Capability Package documentation, and finally actual registration of systems over a 2-3 year period. Interested parties are requested to respond to this RFI with a Capabilities Statement in Word or PDF format and complete the enclosed questionnaire. In addition to your technical experience and Questionnaire your Capabilities Statement should address the following: Corporate Experience: demonstrate how it meets or exceeds the requirements as an entity (not individual employees performing on the contract). Experience shall include contracts of similar size and scope of experience to support the CERDEC Government Off The Shelf (GOTS) Certification Support activity, and the NSA's appointment of CERDEC as a Commercial Security for Classified (CSfC) Trusted Integrator (TI). To fully support these activities in accordance with NSA agreements, requirements and policies that require CERDEC to have access to subject matter experts (SMEs) that span a variety of NSA-specific technical subjects (including NSA certification requirements and internal processes; NSA Cryptographic Modernization, KMI, CEMA, C-STAF ACC requirements, strategy, and transition/fielding support; and NSA Capability Packages (CPs) and CSfC solution requirements and registration processes expertise; et.al., as well as every part of the full product lifecycle (from requirements tailoring, to security verification testing, fielding, and maintenance support). Personnel Resume: Provide one resume (not to exceed three (3) pages each) for each of the key area; Commercial Security for Classified (CSfC), GOTS, CEMA, C-STAF. Submitted resumes of personnel shall demonstrating that the personnel each meets or exceeds the requirements/criteria of the requirements. If possible, each resume shall include the dates of employment (i.e., month/year to month/year or month/year to present) and the organization/employer. Resumes do not count as part of the overall white page limit. In addition, a narrative (not to exceed one (1) page) should be included for each resume specifically citing the applied experience as it relates to the requirements. Responses shall be limited to 25 pages (excluding the questionnaire), Times New Roman Font Size 12. Due no later than 30 September 2017, 17:00 EST. submitted via e-mail only to Kevin.M.Ha.civ@mail.mil and David.a.greaves4.civ@mail.mil. Proprietary information, if any, should be minimized and MUST BE CLEARLY MARKED. To aid the Government, please segregate proprietary information. Please be advised that all submissions become Government property and will not be returned. Responses shall not be above the level of Unclassified/For Official Use Only (FOUO). The NAICS classification for this potential requirement is 541712 with a size standard of 500 people or less. Both large and small businesses are encouraged to apply. Small business concerns that comply with the aforementioned NAICS classification standard are encouraged to respond, indicating their status under the subordinate subcategories, if applicable ( i.e., small disadvantaged small business, women-owned small business, service disabled veteran owned small business, etc.). The information provided and received in response to this announcement is subject to the conditions set forth in FAR 52.215-3 -- Request for Information or Solicitation for Planning Purposes. Questionnaire 1. Please identify your company's business size standard based on the primary North American Industrial Classification System (NAICS) code of ____ and 2 secondary NAICS codes of ______ & _______. The Small Business Size Standard for this NAICS code is ____ million. For more information, refer to http://www.sba.gov/content/table-small-business-size-standards. Place an X in front of the appropriate size standard: ___ Large Business ___ Small Business (SB) Concern ___ 8(a) ___ Small Disadvantaged Business (SDB) ___ Woman-Owned Small Business ___ Historically Underutilized Business Zone (HUBZone) ___ Veteran-Owned Small Business ___ Service-Disabled Veteran-Owned Small Business 2. If you identify your company as a Small Business or any of the SB subcategories as stipulated in Question # 2, then is your company interested in a prime contract for the ? 3. Under the current SB recertification regulations, do you anticipate your company remaining a small business, under primary NAICS Code _____ and secondary NAICS codes ______? If you are a SB answer questions 3A. All others skip to Question #4. A. If your company is awarded the contract, will you be able to perform at least 50% (percent) of the work? 4. Does your company have experience as a prime contractor administering Multiple Award Contracts (MACs) in similar scoped efforts? A. If you answered "yes" to Question # 4, please provide as much of the following information as possible: B. MAC contract number(s); C. aggregate dollar value of entire MAC contract; D. aggregate dollar value of task orders you prime on each MAC; E. number of task orders you prime on MAC; 5. Is your company planning on business arrangements with other companies, please list the process used in selecting the members? 6. Please provide details regarding proposed joint ventures, teaming arrangements, strategic alliances, or other business arrangements to satisfy requirements identified in this RFI. Offerors are encouraged to identify teams, indicating each team member's size based upon the NAICS code of the work that the team member may be doing. 7. Is your company currently providing similar services to another government agency (you may also include contract #s for government) or other non-government customer? If so, please identify the agency or non-government customer. If you are unwilling to share your customer's identity, please address whether your company offers the same or similar services commercially. 8. Has your Company performed this type of effort or similar type effort (to include size and complexity) in the past, if so provide Contract Number, Point of Contact (POC), e-mail address, phone number, and a brief description of your direct support of the effort? 9. What are the core competencies of your employees that would support the requirements of this RFI? Also, provide the total number of individuals currently employed by your company that are capable of supporting the requirement. 10. Does your company have a facility clearance should it be required? __________YES ___________NO A. If you answered YES to the previous question, please state the level of facility clearance and location of that facility within the proximity to APG, MD. 11. Do your employees, that would support this effort, have at a minimum a SECRET level clearance for off-site and TOP SECRET/SCI for on-site? 12. Does your firm possess an approved Defense Contract Audit Agency (DCAA) accounting system? 13. Has your firm contracted with foreign companies in the past? If so, which ones? 14. Does your firm have personnel with the required IA certificates (Security+, Network+, A+, CCNA/CCNP/CCIE, MCP/MCSA/MCSE)? A. If so, are they locally in the Aberdeen Proving Ground area? B. Are they registered in AT&CTS? 15. Teaming arrangements - please fill in the table below Company # of Employees # of Employees in APG locale % cleared at TS/SCI % cleared at SECRET Your Company here Sub-k#1 here Sub-k#2 here Sub-k#3 here Sub-k#4 here
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/notices/42410b008e908d96a5ae91da62ec0651)
 
Place of Performance
Address: Aberdeen Proving Ground, Aberdeen, Maryland, 21005, United States
Zip Code: 21005
 
Record
SN04654713-W 20170901/170830232610-42410b008e908d96a5ae91da62ec0651 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.