Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF MAY 30, 2020 SAM #6757
SOLICITATION NOTICE

65 -- Circulatory Assist Unit Cardiac RT

Notice Date
5/28/2020 12:59:05 PM
 
Notice Type
Combined Synopsis/Solicitation
 
NAICS
339112 — Surgical and Medical Instrument Manufacturing
 
Contracting Office
NAVAL MEDICAL LOGISTICS COMMAND FORT DETRICK MD 21702-9203 USA
 
ZIP Code
21702-9203
 
Solicitation Number
N6264520R0027RT
 
Response Due
6/2/2020 10:00:00 AM
 
Archive Date
06/17/2020
 
Point of Contact
Richard D Taylor, Phone: 3016192314, Fax: 3016191132, Anthony Carlisi, Phone: 3016199332
 
E-Mail Address
richard.taylor35.civ@mail.mil, anthony.carlisi2.civ@mail.mil
(richard.taylor35.civ@mail.mil, anthony.carlisi2.civ@mail.mil)
 
Description
This is a combined synopsis/solicitation for commercial items prepared in accordance with FAR FAR 12.6, Streamlined Procedures for Evaluation and Solicitation for Commercial Items, as supplemented with additional information included in this notice.� Also, this acquisition is being conducted under FAR 13.5, Simplified Procedures for Certain Commercial Items.� This announcement constitutes the only solicitation; proposals are being requested and a written solicitation on an SF 1449 will not be issued.� The solicitation number is N6264520R0027-RT.� The solicitation is issued as a request for proposal (RFP). Provisions and clauses in effect through Federal Acquisition Circular 2005-97 are incorporated.� It is the contractor�s responsibility to be familiar with the applicable clauses and provisions.� The clauses may be accessed in full text at these addresses: https://www.acquisition.gov/content/regulations �The NAICS code is 339112.� This is a Full and Open Competition requirement; all qualified vendors are encouraged to submit a proposal.� The Naval Medical Logistics Command request responses from qualified sources capable of providing the following: ESSENTIAL CHARACTERISTICS ESSENTIAL CHARACTERISTICS INTRA-AORTIC BALLOON CIRCULATORY ASSIST UNITS � The proposed action is for two (2) intra-aortic balloon pump (IABP) consoles for Naval Medical Center San Diego.� The units shall be capable of providing temporary cardiac assistance by reducing heart afterload and increasing coronary and systemic blood flow.� The units shall be capable of use both in the hospital and during patient transport.� For patient transport, a smaller form factor and lighter weight are enhancing factors.� The units shall have backlit screens.� The units shall have help screen navigation.� The units shall have intra-beat timing protocols to support arrhythmic patients.� The units shall be capable of automatic deflation timing management.� The units shall utilize at least the following triggers: electrocardiograph (ECG) pattern, ECG peak, atrial-fibrillation (A-FIB), atrial paced, ventricular paced, and arterial pressure.� The systems shall be capable of continuous evaluation of ECG lead performance, heart rate, and heart rhythm.� The units shall be capable of automatic signal and trigger switching.� The units shall be capable of gas surveillance at all heart rates with no automatic alarm suspension.� The units shall be capable of synchronizing to Cardiopulmonary Resuscitation (CPR) to support coronary perfusion and cardiac output during a code.� The units shall be capable of operating in both automatic mode and manual mode.� In automatic mode, the units shall have the following features: The units shall have 1-button start up with accurate 1:1 support timing and full volume, the unit shall automatically assess and manage proper inflation and deflation timing, the unit shall have automatic trigger selection based on physiological measurements, the unit shall automatically select the best ECG leads based on signal analysis, the unit shall automatically assess and initiate arrhythmia timing as necessary.� In manual mode, the units shall allow for operator control of pump functionality.� The units shall have a minimum battery operating time on full charge of 90 minutes.� The units shall be compatible with 30mL and 40mL Maquet IABP balloons.� The power requirement is 120VAC, 60Hz.� Initial operator training is required. Training shall include face to face group education classes offered by the vendor prior to roll out.� Class content will be customized by use area and user role.� Classes shall include didactic information as well as hands on return demonstration to meet competency requirements of NMCSD.� Classes shall be offered onsite at NMCSD at selected times to include day and night time classes.� The system, including claims made for the product, shall be compliant with Food and Drug Administration (FDA) regulations, with respect to marketing and delivering medical products for use in the United States of America.� These requirements shall apply even if delivery is requested outside of the United States of America. The system shall be installed in compliance with OSHA requirements.� Proposed equipment shall not have any open FDA Class I recalls at the time of proposal submission. Contractor shall be an Original Equipment Manufacturer (OEM) authorized dealer, authorized distributor, or authorized reseller for the proposed equipment/system, such that OEM warranty and service are provided and maintained by the OEM.� All software licensing, warranty, and service associated with the equipment/system shall be in accordance with the OEM terms and conditions. Upon delivery, the contractor shall be responsible for uncrating the unit/system, transporting it through the facility to the location of intended use for installation, and removing of all trash created in this process. If interim storage is required, the vendor shall make arrangements for the storage. BASIS FOR AWARD The government intends to award one (1) firm-fixed price contract resultant from the issuance of this solicitation to the responsible offeror submitting a proposal that is determined most advantageous to the Government, price and other factors considered.� Awards under this procurement will be made to the offeror determined to be the best value to the Government.� The evaluation of proposals will be based on the following factors: Volume I: Technical ������������� Evaluation Factor A: Conformance to the Essential Characteristics ������������� Evaluation Factor B: Conformance to Information Assurance ������������� Evaluation Factor C: Design Quality and Capability Volume II: Past Performance ������������� Evaluation Factor D: Past Performance Volume III: Business ������������� Evaluation Factor E: Price Relative Importance of Factors.� The relative importance of each factor is as follows: Evaluation Factor A and Evaluation Factor B will be evaluated, individually, on a pass/fail basis.� If an offeror�s technical proposal is determined to have failed under Evaluation Factors A or B, either initially or following discussions if they are conducted, the offeror�s proposal will receive no further consideration for award unless there are no other technically acceptable proposals.� If an offeror�s technical proposal is determined to have passed Evaluation Factors A and B, then the offeror�s proposal will be further evaluated on a trade-off basis taking into consideration evaluation Factors C through E.� In doing so, Factor C � Design Quality and Capability is more important than Factor D � Past Performance.� The combination of Evaluation Factors C and D will be more important than Factor E � Price.� Since an award will be made on a best value basis, the Contracting Officer reserves the right to award to other then the lowest priced offeror providing the prices are determined fair and reasonable. The Government intends to evaluate proposals and award a single contract without discussions with offerors.� Offerors are therefore cautioned that their initial proposal should contain the offeror�s best terms.� The Government reserves the right to conduct discussions if the Contracting Officer later determines them to be necessary. The evaluation factors for Technical, Past Performance and Price are listed below; proposals shall include sufficiently detailed information to enable evaluation based on the following factors: Volume I � Technical. Evaluation Factor A: Conformance to the Essential Characteristics - Evaluation shall include ability to meet the essential characteristics of this requirement. Vendors not meeting all requirements will not be further considered for award unless there are no other technically acceptable offerors.� This will be rated either Pass or Fail. Evaluation Factor B: Conformance Information Assurance � The Government will evaluate the capability of the contractor to meet Navy Information Assurance (IA) requirements.� This evaluation will be based on the information provided in the completed Medical Device Risk Assessment. Evaluation Factor C: Design Quality and Capability � The Government will evaluate the design quality and capabilities of the proposed intra-aortic balloon pump (IABP) for use during treatment of cardiogenic shock. Also, the Government will evaluate enhancing factors. The Government will not assume that the offeror possesses any capability or knowledge unless it is specified in the Technical volume. Volume II � Past Performance. Evaluation Factor D: Past Performance - The Government will evaluate the offeror's recent relevant past performance record as to (1) the functional performance of the proposed or similar IABP systems that the offeror has delivered to previous customers, and (2) the quality and timeliness of the technical assistance and hardware and software updates/upgrades that the vendor has supplied to its customers following the initial fielding of those systems.� Offerors shall provide past performance data for all similar contracts for the last 3 years, up to 3 data points, or 3 data points for delivery starting with the most recent contracts for which delivery occurred at least 3 months prior to the closing of this solicitation.� The data shall include: Organization/Location, POC/Number, Contract Reference Number, Contract Date, Value of the Contract (rounding to the nearest $5K is acceptable), and affirmative or negative response to �Has the POC agreed to be contacted as a reference?� The Government reserves the right to consider other past performance information at its disposal, in addition to any information obtained from the references provided above. The Government is likely to randomly select references provided for contact and does not commit to contact every reference Volume III � Business. Evaluation Factor E: Price - Adequate price competition is expected for this acquisition.� The Business volume will be evaluated with consideration to the following factors: COMPLETENESS. The offeror�s Business volume will be examined to ensure all items required in the Instructions to Offeror�s have been submitted and are complete. REASONABLENESS. The offeror�s proposed price will be evaluated separately to determine the degree to which the total proposed price compares to the price a reasonable prudent person would expect to incur for the same or similar equipment.� The offeror�s total proposed price will be used to evaluate price reasonableness.� Since awards will be made on a best value basis, the Contracting Officer reserves the right to award at a premium, provided that the proposed price is determined to be reasonable. In accordance with FAR 15.306(c), �Competitive Range�, the Government will evaluate all proposals and, if discussions are to be conducted, the Government will establish a competitive range.� Based on the ratings of each proposal against all evaluation criteria, the Contracting Officer will establish a competitive range comprised of all the most highly rated proposals.� The Contracting Officer may further reduce the competitive range for purposes of efficiency. Offerors shall be registered in the System for Award Management (SAM) database in accordance with FAR 52.212-3. The offeror shall verify its online representations and certifications are current, accurate, complete and applicable to this solicitation as of the date of its offer and are incorporated in its offer by reference.� The offeror shall also be registered in SAM under the applicable NAICS code for this solicitation; 334516. Registration is free and can be completed on-line at https://www.sam.gov/portal/public/SAM/ .� No documentation is required to be submitted in response to this paragraph. Questions Any questions must be addressed to Mr. Richard Taylor at richard.taylor35.civ@mail.mil� by e-mail only, no later than 1700 Eastern Time, 01 June 2020. Use N6264520R0027 RT in the subject line of the email. No phone calls will be accepted. File Submission Only electronic files will be accepted.� All responses should be submitted to Mr. Richard Taylor at richard.taylor35.civ@mail.mil no later than 1300 EDT, Tuesday, June 02, 2020. Subject line should read: Solicitation #N6264520R0027 RT Emails shall be no larger than 10 MB The Technical, Past Performance and Business volumes shall be submitted via e-mail only.� Files shall be in Microsoft Word, Microsoft Excel or Adobe PDF only. All proposals shall include the following information on its cover page: ������������� Complete company name and address ������������� Company POC including title, email address and phone number ������������� Cage Code ������������� DUNS Number ������������� Place of Manufacture � � � � � � � � � INFORMATION ASSURANCE � � � � � DHA Cyber Logistics Center of Excellence � � Defense Health Agency (DHA) Cyber Logistics (CyberLOG) Cybersecurity/Risk Management Framework (RMF) Requirements Updated: March 25, 2019 � � Version Matrix � Version Date Author Description 1.0 16 November 2018 Completed initial draft of Cybersecurity Language. 1.1 31 January 2019 Updated document to reflect vendor comments/suggestions. 1.2 06 February 2019 CyberLOG Final Document 1.3 25 March , 2019 CyberLOG Addition of Section B 1.11. � � � � � � � � � � � � � � � � � � � � Table of Contents A.��� General Overview of DHA Cybersecurity Requirements. 1 1.���� New Equipment/Product systems, equipment and software under RMF: 1 2.���� Pricing for Cybersecurity: 2 3.���� Maintenance and upgrades: 2 B.��� DHA Cybersecurity/Risk Management Framework (RMF) Requirements. 2 1.���� System Security Requirements. 2 2.���� RMF Assessment Timeframes. 5 3.���� Assessment and Authorization (A&A) 8 4.���� Privileged User Training and Certification Requirements. 8 5.���� Warranty and Post-Warranty Service Maintenance Agreement Cybersecurity Requirements. 10 Appendix A: Cybersecurity Regulations and Guidance. 12 1)��� Cybersecurity Regulations and Guidance. 12 � � � General Overview of DHA Cybersecurity Requirements � New Equipment/Product systems, equipment and software under RMF:� The vendor shall agree to comply with References listed in Appendix A. � Software patches and updates: Many enterprises within the DoD automate patch updates and software updates for operating systems and DoD standard software applications. For applications such as databases and developed applications, updates are scheduled. Vendors shall notify the assigned CyberLOG analyst of any updates/changes to the system prior to installation, to include but not limited to software updates, Operating System, or Application upgrades, patches, addition/removal of components.� If the CyberLOG analyst is unknown, the vendor shall submit all requests to dha.detrick.med-log.mbx.cyberlog@mail.mil.� Software updates will be analyzed by the Government to determine if reauthorization is required by Department of Defense Instruction (DoDI) 8510.01 Risk Framework (RMF) for DoD Information Technology (IT). Patches normally address bug fixes and cybersecurity issues. Applying patches usually does not trigger reauthorization. Per the DoDI 8500.01 Cybersecurity, Enclosure 3, paragraph 9.b. (11), �All CYBERSECURITY products and IA-enabled products that require use of the product�s CYBERSECURITY capabilities will comply with the evaluation and validation requirements of Committee on National Security Systems Policy 11, National Policy Governing the Acquisition of Information Assurance (IA) and IA-Enabled Information Technology Products, June 2013, as amended.� � Vendors shall comply with the National Information Assurance Partnership (NIAP) Common Criteria Cybersecurity Evaluation and Validation Scheme (CCEVS) evaluation (https://www.niap-ccevs.org) which is published on the NIAP-CCEVS Products Compliance List. The NIAP-certified products have been assessed from a security perspective, helping to reduce the existence of potential vulnerabilities. Vendors are required to continually maintain their products, mitigating vulnerabilities and distributing fixes to licensed users. � Reauthorization in accordance with DoD RMF requirements: Per DoDI 8510.01, Enclosure 6, para 2.f.(6).(a), �In accordance with Appendix III of Office of Management and Budget (OMB) Circular A-130, systems must be reassessed and reauthorized every 3 years or as a result of a system update that negatively affects the security posture (whichever is less).� Program Offices or appropriate logistics organizations plan for this activity. The results of an annual cybersecurity review or a negative change to the system or environment at any time (i.e., a change increasing the residual risk) may result in a need for reauthorization prior to the regular three-year reauthorization. � The vendor shall maintain all equipment/product versions provided pursuant to this contract, to include the supported operating system, by issuing patches/updates to mitigate vulnerabilities [e.g., Information Assurance Vulnerability Alerts (IAVA) or Information Assurance Vulnerability Bulletins (IAVB)] and network security configurations [e.g., Defense Information System Agency (DISA) Security Technical Implementation Guides (STIGs)].� The vendor must adhere to DHA guidance for remediation or mitigation of vulnerabilities associated with the equipment/product.� Vendors shall be responsible for providing CYBERSECURITY maintenance support for six (6) years, or until the end of life date of the equipment identified by the vendor, whichever is longer. The vendor shall include, in its pricing to the Government the cost of patching their equipment throughout its lifecycle. � All costs to achieve the initial Authority to Operate (ATO) and maintain it during the equipment�s warranty shall be included in the initial quote/offer price. � The cost of updating, and upgrading the vendor�s equipment to maintain the ATO throughout its lifecycle, shall be covered in the vendor�s post warranty maintenance offering. At a minimum, vendors must offer RMF only maintenance which shall cover only actions related to maintaining the ATO and providing continuous monitoring of the system. The Government would need to purchase the RMF maintenance on an annual basis, either individually or as part of their normal maintenance packages, in order to maintain the RMF coverage on a system. The vendor shall be required to provide RMF only maintenance option pricing or RMF coverage as part of higher level maintenance coverage, as required by the Request for Offer (RFO) or Request for Proposal (RFP), in their quote/offer, broken out by each year. This option pricing shall at a minimum be used in the evaluation/selection of vendors. The Government may choose to exercise the RMF only maintenance pricing or use the vendor�s normal maintenance offering under their contract, if it includes Cybersecurity maintenance coverage. Vendors shall be required to have RMF only maintenance coverage on their multiple award basic contract or offer it on any single award contract in order to receive an order/contract, unless they agree to provide the patching, updates, upgrades, and monitoring at no charge to the Government for six (6) years or as long as the system is commercially available, whichever is longer. Furthermore, the vendor agrees they will offer RMF only maintenance coverage on their contract for six (6) years or as long as the system is commercially available, whichever is longer. Maintenance and upgrades: Vendors shall agree to the DHA Cybersecurity requirements as outlined in this document for all systems and medical devices, unless an exception has been granted for a system by the Government prior to award/order issuance. � DHA Cybersecurity/Risk Management Framework (RMF) Requirements � System Security Requirements � The vendor shall submit to the Government, included in the offer/quote, all sections of the Medical Device Equipment Risk Assessment (MDERA Questionnaire), which is provided by the government. Additionally, a vulnerability assessment/report is required from a NESSUS scanner as this is the DoD standard.� Vendors must provide a fully-credentialed NESSUS scan with RFO submission, and monthly Nessus scans provided by the tenth (10th) day of the month after award. � Vendor agrees to comply with security regulations and guidance listed in Appendix A: Cybersecurity Regulations and Guidance and all RMF requirements. � Failure to meet the requirements may result in termination of the delivery order for cause, in accordance with Federal Acquisition Regulation (FAR) 52.212-4(m). � The vendor device or system shall pass pre-validation technical screening (vulnerability scans utilizing NESSUS, Security Content Automation Protocol (SCAP) scans, and Security Technical Implementation Guides (STIGs) checklists) within 6 months of contract award. All technical scans will be provided by the vendor to the Government PM for review.� Vendor Medical Device and Equipment (MDE) shall pass fully credentialed screening given DHA approved template. Successful pre-validation technical screening must meet the Cybersecurity criteria listed below: � No unmitigated Very High or High Severity/ Category I (CAT I), vulnerabilities as described in the appropriate Defense Information System Agency (DISA) Security Technical Implementation Guides (STIGs) located on http://iase.disa.mil/stigs/Pages/index.aspx No unmitigated Moderate Severity/Category II (CAT II), vulnerabilities described in the appropriate Defense Information System Agency (DISA) Security Technical Implementation Guides (STIGs) located on http://iase.disa.mil/stigs/Pages/index.aspx No unmitigated Very High or High Severity/ Category I (CAT I) vulnerabilities from Nessus vulnerability scans. No unmitigated Moderate Severity/ Category II (CAT II) vulnerabilities from Nessus vulnerability scans. � The government will provide templates of all requested technical documentation no later than twenty (20) days from date of initial contact from the vendor.� Initial response and acknowledgement from the vendor is due within ten (10) working days of delivery of the templates. The Vendor shall remit all requested technical documents to the requestor no later than one hundred and thirty (130) days from the Date of Order. � The vendor shall mitigate all Very High, High, and Moderate Severity/CAT I, and CAT II vulnerabilities discovered during the RMF Assessment process according to the associated Plan of Action & Milestone (POA&M). � The vendor shall provide a Point of Contact (POC) responsible for the cybersecurity of the vendor device or system, throughout the lifecycle of the system. The vendor shall provide Subject Matter Experts (SMEs) to support all assessments of contracted products and materials outlined in the chart in paragraph 2. � For all equipment requiring a full Independent Verification and Validation (IV&V) test, the vendor shall not make any delivery and shall not receive payment for the system until the Program Management Office (PMO) has completed a self-assessment, and the IV&V has been scheduled.� IV&V cannot be scheduled until all documentation requirements, and technical requirements have been completed to the PMO�s satisfaction.� Additionally, all identified POA&Ms must have been identified, and been appropriately mitigated to reduce the risk to the Government network and Protected Health Information (PHI)/Personally Identifiable Information (PII)/For Official Use Only (FOUO) data housed within the system. Delivery may take place prior to this milestone (IV&V scheduling) only if written permission is provided by the Contracting Officer. � For all equipment requiring an Assess Only certification, the vendor shall not make any delivery and shall not receive payment for the system until the PMO has completed a self-assessment, and the system has been submitted for an Assess Only ATO/APL.� Submission cannot be scheduled until all documentation requirements, and technical requirements have been completed to the PMO�s satisfaction.� Additionally, all identified POA&Ms must have been identified, and been appropriately mitigated to reduce the risk to the Government network and PHI/PII/FOUO data housed within the system.� The vendor must receive written confirmation from the PMO or Contracting Officer that the system has been submitted for an assess only ATO/APL and that the vendor may proceed with delivery. Delivery may take place prior to this milestone only if written permission is provided by the Contracting Officer. � The vendor shall obtain a recommendation of ATO from a Government-appointed third party validator within twelve (12) months of contract award for technologies processed through an Assessment & Authorization (A&A). Additionally, the vendor shall obtain an authorization from a Government official to be added to an APL for systems/devices processed through an RMF Assess Only. � Prior to final acceptance and installation, the vendor shall ensure that the delivered device matches the DoD authorized configuration.� The vendor shall coordinate running Nessus and SCAP scans with the site and the assigned CyberLOG Analyst to verify compliance. Any deviations will require the vendor to bring the system into compliance before final acceptance. � Pursuant to subsequent warranty period and Service Maintenance Agreements (SMAs), the vendor shall, after the issuance of an ATO or APL approval, ensure that the vendor�s device or system maintains its ATO or operating system platform and patches/updates for six (6) years or as long as the vendor commercially supports the equipment/product, whichever is longer. � The vendor shall maintain an ATO or APL approval on all equipment/product versions owned by the Defense Health Agency (DHA) and Services and originally purchased through the vendor�s contract.� If a vendor cannot support the ATO or APL approval for all DHA/Service owned versions of the equipment/product, the vendor can meet this requirement by offering to provide all upgrades to the equipment/product that are required to maintain the ATO or APL approval, either at no cost to the Government or at a fixed price that is included in a RMF only maintenance offering under the vendors contract. During the period of time the vendor has a product installed on the network, the vendor shall provide all required cybersecurity patches/updates. Maintaining the RMF ATO or APL approval shall be included as part of the vendor�s warranty period. For updates/patches, executable files should be distributed by the manufacturer accordingly, or implemented by the manufacturer�s technical staff, dependent on the Service Agreement processes. � The vendor shall establish appropriate administrative and technical safeguards to ensure the confidentiality, integrity, and availability of Government data under their control. � The vendor shall notify the PMO and Contracting Officer POCs in writing with any inabilities to comply with DoD security requirements. Vendor will provide anticipated costs and timelines required to address any vulnerabilities in question. � The vendor shall contact the IA/RMF Office Representative, no later than five (5) business days after delivery order issuance or contract award, to start the process. Failure to do so would be considered a vendor-caused delay. � The proposed system shall be Internet Protocol version 6 (IPv6) capable or the vendor shall provide a detailed project, migration or planning documentation to show when the proposed system shall be IPv6 capable. Minimum IPv6 capabilities include: Conformant with the IPv6 standards profile contained in the DoD IT Standards Registry (DISR); Maintaining interoperability in heterogeneous environments with IPv4; Commitment to upgrade as the IPv6 standard evolves; Availability of vendor IPv6 technical support. The contractor shall be able to demonstrate or provide documentation to prove that their product is IPv6 capable. � Assessment Timeframes � Required Vendor Timeframes: The Government shall complete its required actions within the following referenced timeframes but no later than one year after order/contract issuance. If the vendor has completed all required actions in a timely manner and acceptable manner while the Government experiences delays, the vendor would be given additional time for future actions corresponding to the amount of Government delay. � Vendor Requirements: Initial Draft Date Due Final Date Due Vendor to contact Gov POC dha.detrick.med-log.mbx.cyberlog@mail.mil 10 business days post award - Hardware/Software/Architecture Documents 15 business days post award 20 business days post award RMF Documentation Production 6 weeks post award 4 months post award Technical Nessus Scans 1 month post award 6 months post award Technical STIG Checklists 1 month post award 6 months post award Technical SCAP 1 month post award 6 months post award Required Vendor Timeframes: The Government shall complete its required actions within the following referenced timeframes but no later than one year after order/contract issuance. If the vendor has completed all required actions in a timely manner and acceptable manner while the Government experiences delays, the vendor would be given additional time for future actions corresponding to the amount of Government delay. Government Requirements Initial Draft Date Due Final Date Due Kickoff Meeting 15 business days post award - Security Assessment Plan Generation 20 business days post award 30 days post award RMF Templates sent to Vendor 5 business days post vendor initial contact - Copies of Applicable STIGs sent to Vendor 17 business days post award 30 days post award Authorization to Operate with Conditions (ATO-C) Recommendation ATO-C recommendation submitted to 3rd party validator 2 weeks after final documentation/technical scans received Independent Verification and Validation (IV&V) Scheduling Scheduling request to 3rd party validator 3 weeks after final documentation/technical scans received Informational Overview of the RMF Process: The following diagrams provide a summary overview of the entire process to obtain approval under DHA Cybersecurity requirements. These diagrams are for informational purposes only, are not contractually binding, and subject to change without notice. Above tables contain the contractual requirements that must be met.
 
Web Link
SAM.gov Permalink
(https://beta.sam.gov/opp/a8beb8d5eeda42b0a680faae9ab35a54/view)
 
Place of Performance
Address: San Diego, CA 92134, USA
Zip Code: 92134
Country: USA
 
Record
SN05673652-F 20200530/200528230203 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.