Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF OCTOBER 07, 2017 FBO #5797
SOURCES SOUGHT

99 -- (IT) Connectivity Solution

Notice Date
10/5/2017
 
Notice Type
Sources Sought
 
NAICS
541512 — Computer Systems Design Services
 
Contracting Office
Department of the Army, U.S. Army Medical Command, MEDCOM, North Atlantic Regional Contracting Office, 8901 Rockville Pike, Bldg 54, Bethesda, Maryland, 20889, United States
 
ZIP Code
20889
 
Solicitation Number
W91YTZ-17-T-0353
 
Archive Date
10/31/2017
 
Point of Contact
Mary A. Mitchell-Martin,
 
E-Mail Address
mary.a.mitchellmartin.civ@mail.mil
(mary.a.mitchellmartin.civ@mail.mil)
 
Small Business Set-Aside
N/A
 
Description
The Womack Army Medical Center (WAMC) Contracting Cell, Regional Health Contracting Office - Atlantic, Fort Bragg, NC 28310, is looking for sources to provide an Information Technology (IT) Connectivity Solution For Test Result Entry Into The Composite Health Care System (CHCS), Department of Pathology, at Womack Army Medical Center (WAMC). The IT solution must be able to support data from the Accriva Avoximeter 1000e System and Roche CoaguChek XS Plus. The contractor will provide all printers, educational materials & literature, Inpatient IT connectivity solution with CHCS, equipment replacement, and system implementation. Please see PWS All responses will be received no later than 16 Oct 2017 at 2:00 PM EST. For more information please contact Ms. Mary A. Mitchell- Martin at mary.a.mitchellmartin.civ@mail.mil Performance Work Statement (PWS) 1. General. Contractor is to provide an Information Technology (IT) connectivity solution for test result entry into the Composite Health Care System (CHCS). The IT solution must be able to support data from the Accriva Avoximeter 1000e System and Roche CoaguChek XS Plus.. The contractor will provide all printers, educational materials & literature, Inpatient IT connectivity solution with CHCS, equipment replacement, system implementation and required license. 1.1. This contract is for the initial base year to begin on or about 1 Nov, 2017 with four (4) one-year option years. 1.2. The Government shall not be responsible and the Contractor expressly agrees not to hold the Government liable for the loss, damage or destruction of material while in the possession of the Government. 1.3. The Government shall not be held responsible for any cost associated with shipping material to Fort Bragg and any other required locations. 1.4 - 1.5. RESERVED 1.6. Prior to any material being placed into operation the Department of Information Management (DOIM) will coordinate on any system which becomes part of the facility Network (CHCS). Serial Numbers of the equipment will be provided to the customer and DOIM at each facility. 1.7. The contractor will ensure that all devices are checked for IT connectivity to ensure test results at each download site are interfaced with the CHCS. The contractor will ensure prior to departure that this interface is verified by a government official and/or representative. 1.8 - 1.9. RESERVED 1.10. Statement of Work for Information Technology (IT) Connectivity Solution: 1.10.1. Telecommunication: a) All contractor systems that will communicate with Department of Defense (DoD) systems will interconnect through the established Military Healthcare System (MHS) Business to Business (B2B) gateway. For all Web applications, contractors will connect to a Defense Information Systems Agency (DISA)-established Web Demilitarize Zone (DMZ). b) In accordance with contract requirements, contractors will connect to the B2B gateway via a contractor procured Internet Service Provider (ISP) connection. Contractors will assume all responsibility for establishing and maintaining their connectivity to the B2B gateway. This will include acquiring and maintaining the circuit to the B2B gateway and acquiring a Virtual Private Network (VPN) device compatible with the MHS VPN device. c) Contractors will comply with DoD guidance regarding allowable ports, protocols and risk mitigation strategies. d) All costs for VPN hardware and software will be incurred by the contractor. 1.10.2. Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) Implementation Plan: a) The contractor will provide all required information to support and initiate the DIACAP Implementation Plan. This will also include the required information for the System Identification profile. b) The contractor will provide information for the Risk Assessment Analysis to the government for all networking IT applicability. 1.10.3. Security Clearances 1.10.3.1. Personnel to be assigned to an Automated Data Processing (ADP)/IT position must undergo a successful security screening before being provided access to DoD information technology resources. Prior to an employee being granted interim access to DoD sensitive information, WAMC must receive notification that the Office of Personnel Management (OPM) has scheduled the employee's investigation. This requirement must be met by contractors, subcontractors and other who have access to information systems containing information protected by the Privacy Act of 1974 and protected health information under Health Insurance Portability and Accountability Act (HIPPA). Background checks are required for all ADP/IT personnel who receive, store, display, or transit sensitive information. Employees must have at a minimum an ADP Sensitivity Designation of Level II to access the DoD Network. 1.10.3.2. ll contractors that use the DoD gateways to access government systems must submit a DISA Form 41 or equivalent in accordance with Contracting Officer guidance. In addition, Form 41s are required for each system administrator responsible for each host-to-host interface. Contractors shall complete and submit to TMA one Form 41 for their organization, attached to which shall be a listing of those individuals for whom background checks have been completed, submitted to the OPM, and acknowledgements have been received from OPM that the applications are complete and are pending action by OPM. The request must clearly delineate the ports and protocols used for each Internet Protocol (IP) address. The contractor shall complete the form and submit to the government for final processing. 1.10.3.3. All costs for the background investigations are the responsibility of the contractor. 1.10.4.. Business to Business (B2B) Partners and 3rd Party Vendors 1.10.4.1 1 General Security Requirements. The Contractor shall establish appropriate administrative, technical, and physical safeguards to protect any and all Government data, to ensure the confidentiality, integrity, and availability of government data. As a minimum, this shall include provisions for personnel security, electronic security and physical security as listed in the sections that follow. 1.10.4.2 Personnel Security. 1.10.4.2.1. he contractor shall comply with DoD Directive 8500.1, "Information Assurance (IA)," DoD Instruction 8500.2, "Information Assurance (IA) Implementation," DoD Directive 5400.11, "DoD Privacy Program," DoD 6025.18-R, "DoD Health Information Privacy Regulation," DoD 5200.2-R, "Personnel Security Program Requirements." AR25-1, "Army Knowledge Management and Information Technology", AR25-2 "Information Assurance." And local regulations as deemed appropriate by the activity Information Assurance personnel. 1.10.4.2.2. Contractor responsibilities for ensuring personnel security include, but are not limited to, meeting the following requirements: 1.10.4.2.2.1. Follow the Army guidelines for submittal of Automated Data Processor/Information Technology (ADP/IT) background investigations and ensure all contractor personnel are designated as ADP/IT-I, ADP/IT-II, or ADP/IT-III where their duties meet the criteria of the position sensitivity designations outlined in AR25-2. 1.10.4.2.2.2. Initiate, maintain, and document personnel security investigations appropriate to the individual's responsibilities and required access to Information Systems within the logical boundaries of the facility LAN. 1.10.4.2.2.3. Immediately report to the Womack Army Medical Center Security Office Dennis Lamberth at 910.907.6009 and deny access to any automated information system (AIS), network, or information if a contractor employee filling a sensitive position receives an unfavorable adjudication, if information that would result in an unfavorable adjudication becomes available, or if directed to do so by the appropriate government representative for any reason. 1.10.4. 2.2.4. Ensure that all contractor personnel receive information assurance (IA) training before being granted access to DoD AISs/networks and information. 1.10.5 Electronic Security. 1.10.5.1. Contractor Information Systems (IS)/networks that are involved in the operation of systems in support of Womack Army Medical Center shall operate in accordance with controlling laws, regulations, DoD, Army, and local policy. 1.10.5.2. Certification & Accreditation (C&A) requirements apply to all DoD and contractor's IS/networks that receive, process, display, store or transmit DoD information. The contractor shall comply with the C&A process for safeguarding IS. Certification is the determination of the appropriate level of protection required for IS/networks. Certification also includes a comprehensive evaluation of the technical and non-technical security features and countermeasures required for each system/network. 1.10.5.3. creditation is the formal approval by the government to operate the contractor's IS/networks in a particular security mode using a prescribed set of safeguards at an acceptable level of risk. In addition, accreditation allows IS/networks to operate within the given operational environment with stated interconnections; and with appropriate level of protection for the specified period. 1.10.5.4. contractor shall comply with C&A requirements, as specified by the government that meet appropriate DoD Information Assurance requirements. The C&A requirements shall be met before the contractor's system is authorized to access DoD data or interconnect with any DoD IS/network that receives, processes, stores, displays or transmits DoD data. The contractor shall ensure the proper contractor support staff is available to participate in all phases of the C&A process. They include, but are not limited to: • Attending and supporting C&A meetings with the government • Supporting/conducting the vulnerability mitigation process • Supporting the C&A Team during system security testing 1.10.5.5. Contractors must confirm that there is/networks are locked down prior to initiating testing. 1.10.5.5.1. Conformation of system lock down shall be agreed upon during the definition of the C&A boundary and be signed and documented as part of the System Security Authorization Agreement (SSAA) 1.10.5.5.2. Locking down the system means that there shall be no changes made to the configuration of the system (within the C&A boundary) during the C&A process 1.10.5.5.3 - 1.10.5.5. RESERVED 1.10.5.6. Any re-configuration or change in the system during the C&A testing process will require a re-base lining of the system and documentation of system changes. 1.10.5.7. Information Assurance (IA) mitigation strategies include security updates, service packs, and changes to operating procedures as physical and cyber vulnerabilities are detected. Operating system, routers, servers, development platforms and the application being delivered to the government shall be in compliance with all known applicable Department of Defense Computer Emergency Response Team (DoD-CERT) Alert, Bulletin, and Technical Advisory Notices published during the past 36 months. 1.10.5.8. isposing of Electronic Media. Vendors shall follow the DoD standards, procedures, and use approved products to dispose of unclassified hard drives and other electronic media, as appropriate, in accordance with DoD Memorandum "Disposition of Unclassified Computer Hard Drives," June 4, 2001. Vendors are required to also follow DoD guidance on sanitization of other internal and external media components in DODI 8500.2 "Information Assurance (IA) Implementation," 6 Feb 2003 (see PECS-1 in enclosure 4 Attachment 5) and DoD 5220.22-M "Industrial Security Program Operating Manual (NISPOM)," (Chapter 8). 1.10.5.9. Information Assurance Vulnerability Management (IAVM) The contractor shall implement an information assurance vulnerability management program for all AIS and corresponding subnets that are connected to or intermittently connect to Army networks. The program shall meet the scope and intent of AR25-2 and (Insert MTF Name) IA policies to provide protection against known threats and vulnerabilities. Compliance with Army IAVM alerts and bulleting is required for these systems, and shall be completed within the specified timeframe. 1.10.6 Information Systems (IS)/Networks Physical Security. The contractor shall employ physical security safeguards for IS/Networks involved in processing or storage of Government Data to prevent the unauthorized access, disclosure, modification, destruction, use, etc., and to otherwise protect the confidentiality and ensure use conforms with DoD regulations. In addition, the contractor will support a Physical Security Audit performed by the Government of the contractor's internal information management infrastructure. The MHS Physical Security Audit Matrix is available at: http://www.tricare.osd.mil/tmis_new/Policy/PSA_Matrix_%20012304%200930%20clean%20version.xls. The contractor shall correct any deficiencies identified by the Government of the contractor's physical security posture. 1.10.7 Special Requirements for Protected Health Information. Whenever a contract is awarded that requires the vendor to collect, use, copy, access or store Protected Health Information (PHI) in commercial office space, the contractors must: 1.10.8 Notify the Womack Army Medical Center Ms. Dina Lankford Swaby 910.907.8609 HIPAA Security Manager. 1.10.9 Follow all DUA and DoD requirements for secure disposal, destruction, and/or sanitization of all equipment that contained PHI. 1.10.10 Invoices will be submitted via Wide area Work Flow.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/USA/MEDCOM/DADA15/W91YTZ-17-T-0353/listing.html)
 
Record
SN04708022-W 20171007/171005231605-7073c2bd2daeaea319aef66b2f592f11 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.