SPECIAL NOTICE
70 -- Cybersecurity Cost Estimation Methodologies
- Notice Date
- 7/20/2018
- Notice Type
- Special Notice
- NAICS
- 541330
— Engineering Services
- Contracting Office
- Other Defense Agencies, Washington Headquarters Services, WHS, Acquisition Directorate, 4800 Mark Center Drive, Suite 09F09, Arlington, Virginia, 22350-3400, United States
- ZIP Code
- 22350-3400
- Solicitation Number
- WHSOSBP-EATL-002
- Archive Date
- 10/5/2018
- Point of Contact
- Tequilla N. Wheeler,
- E-Mail Address
-
WHS.OSBP@mail.mil
(WHS.OSBP@mail.mil)
- Small Business Set-Aside
- N/A
- Description
- The Washington Headquarters Services (WHS) Office of Small Business Programs (OSBP) on behalf of the Department of Defense, Office of the Deputy Assistant Secretary of Defense Energy [DASD(E)] invites feedback from Industry, in particular Control Systems vendors and integrators, on specific cybersecurity implementation costs and cybersecurity compliance cost estimation methodologies for operational technology (OT), platform information technology (PIT), industrial control systems (ICS), and/or Facility-Related Control Systems (FRCS) and the DFARS 252-204.7012 regulations. NAICS Codes: 541-Professional, Scientific and Technical Services 541330 Engineering Services 541350 Building Inspection Services 541511 Custom Computer Programming Services 541512 Computer Systems Design Services 541513 Computer Facilities Management Services 541519 Other Computer Related Services 541611 Administrative Management Consulting Services 541618 Other Management Consulting Services 541620 Environmental Consulting Services 541690 Other Scientific and Technical Consulting Services 541990 All Other Professional, Scientific, and Technical Services 561210 Facilities Support Services Recent implementation of the DFARS 252-204.7012 regulations require contractors to plan, implement, and document their own cybersecurity. DASD(E) seeks information from industry that supports OT, PIT, ICS and FRCS on cybersecurity costs to the Defense Industrial Base. This call for information is widely scoped and includes OEM, Integrators, FFRDC, other non-profit, industry advocacy groups, academia, and related service-sector disciplines such as law and contracting. DASD(E) seeks information in two areas: 1) Cybersecurity Implementation Costs. Specifically, a. What costs has industry incurred for cybersecurity prior to 7012 regulatory implementation? b. What additional costs for 7012 regulatory implementation will industry incur? c. How is your organization or your industry baselining and tracking these costs? d. How did you learn about the requirement? e. IT and OT/PIT/ICS/FRCS distinctions. What critical distinctions or dependencies exist between Information Technology (IT) and OT/PIT/ICS/FRCS for purposes of costs incurred for implementation? f. Extensibility. The 7012 regulations cover Defense Critical Information (DCI) which includes Controlled Unclassified Information (CUI). If regulatory scope increases to cover, broadly, data at rest and data in motion under performance of any DoD contract, is your current 7012 practice extensible? g. Other factors. What other factors, processes, or regulatory requirement pertaining to cost of cybersecurity requirements implementation are relevant to 7012 regulatory implementation? h. What is your entity's size, based on its primary NAICS code? 2) Cybersecurity Implementation Cost Estimation Methodologies. Specifically, a. Sector-specific practice standards. What cost estimation methodologies are used in your specific sector? b. Industry standards. What cost estimation methodologies are used, industry-wide? c. IT and OT/PIT/ICS/FRCS distinctions. What critical distinctions or dependencies exist between Information Technology (IT) and OT/PIT/ICS/FRCS in cost estimation methodologies or practices? d. Extensibility. The 7012 regulations cover Defense Critical Information (DCI) and Controlled Unclassified Information (CUI). If regulatory scope increases to cover, broadly, data at rest and data in motion under performance of any DoD contract, and/or any Federal contract, is your current cost estimation methodology extensible? e. Other factors. What other factors, processes, or regulatory requirement pertaining to cost estimation methodologies of cybersecurity requirements implementation are relevant to 7012 regulatory implementation? f. What is your entity's size, based on its primary NAICS code? Customer Office Address: Office of the Deputy Assistant Secretary of Defense for Energy 4800 Mark Center Drive Suite 16F18 Alexandria, VA 22350-3605 Customer Point of Contact: Mr. Daryl Haegley 571-372-6857 Contractors who wish to respond to this announcement should send responses via email with Subject Line: RFI- Cybersecurity Cost Estimation Methodologies no later than Thursday, September 20, 2018 at 3:00 PM EASTERN to WHS.OSBP@mail.mil. Proprietary information and trade secrets shall NOT be submitted as part of a response. Please be advised that all submissions become Government property and will not be returned. All government and contractor personal reviewing RFI responses will have signed non-disclosure agreements and understand their responsibility for proper use and protection from unauthorized disclosure of proprietary information as described in 41 USC 423. The Government shall not be held liable for any damages incurred if proprietary information is submitted, as it is clearly stated this type of information shall NOT be submitted.
- Web Link
-
FBO.gov Permalink
(https://www.fbo.gov/spg/ODA/WHS/REF/WHSOSBP-EATL-002/listing.html)
- Record
- SN05000933-W 20180722/180720230833-c6492bd7de882c7bf35394a83aee6579 (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |