Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF MARCH 20, 2021 SAM #7051
SPECIAL NOTICE

D -- Sole Source Special Notice concerning Centech

Notice Date
3/18/2021 10:33:23 AM
 
Notice Type
Special Notice
 
NAICS
541512 — Computer Systems Design Services
 
Contracting Office
693JK4 OST WASHINGTON DC 20590 USA
 
ZIP Code
20590
 
Solicitation Number
693JK421Q500004
 
Response Due
4/1/2021 5:00:00 PM
 
Archive Date
04/16/2021
 
Point of Contact
James Mowery, Phone: 7038365924
 
E-Mail Address
james.mowery@dot.gov
(james.mowery@dot.gov)
 
Description
This notice is NOT a Solicitation.� This is instead a SOLE-SOURCE Special Notice announcing the intention of the U. S. Department of Transportaton�s (DOT�s) Office of Security to award, to a company named The Centech Group, Inc., a new 5-year Indefinite Delivery / Indefinite Quanty (IDIQ) contract under which DOT would thereafter award, to Centech, Task Orders for the types of contractor-support-work mentioned in the Statement of Work appearing below in this SOLE-SOURCE Special Notice, including support-work for the continual maintenance, development,� monitoring and updating of DOT�s Personnel Security Enterprise System (PSES), which is Centech's already-developed and already�proven Personnel Security Management System that has been installed, deployed and adapted for DOT Headquarters and Operating Administrations to perform personnel and administrative security functions. It is crucial to note that the PSES enterprise solution that is in use by DOT is indispensable to the Department and has already been developed, installed, meticulously tested, and successfully deployed by Centech to the DOT Common Operational Environment (COE). Centech�s Personnel Security Management System in which PSES is based, is also deployed and in use by other Federal Agencies including, among others, the U.S. Department of Homeland Security, the U.S. Department of Commerce, the U.S. Department of Veterans Affairs, U.S. Department of Education and the US Department of Health and Human Services. Further, Centech is the only entity, known to DOT, which possesses all of the foundational knowledge, all of the technical expertise, and all of the already-on-board staffing that are crucial to the successful performance and maintenance of the DOT PSES system. DOT cannot take the risk of contracting for a new and not-yet-proven Personnel Security Management System that would be able to seemlessly connect with the existing Personnel Security Enterprise System and maintain all connections, services, enhancements, updates and provide the cost savings that Centech does by sharing developements by other agencies and system owners. Because of the signififcant importance and high visibility of the PSES program, there is an absolute zero tolerance for uncertainty or for even partial failure. DOT is not aware of any enterprise solution Personnel Security Management system that crosses multiple agencies in the way that Centech's solution does.� And accordingly the legal authority for this intended SOLE-SOURCE procurement of Centech-services is 41 U.S.C. 253(c)(1), (FAR section 6.302-1(a)) (only one qualified source). Under the contract resulting from this procurement, the contractor will be required to continue providing an enterprise solution to track all Personnel Security processes to include the Pre-appointment determinations, background investigations, adjudication determinations, National Security clearances and all mandatory training associated with holding a clearance or accessing DOT systems. The DOT PSES must be able to maintain existing communication with the Defense Counterintelligence and Security Agency�s (DCSA�s) IT systems, and with DOT' Human Resources IT systems. Additional connection services will include maintaining the system software with DOT branding and providing onsite training to the users. The contractor will maintain established data connections to existing systems requiring the data from such partners as OPM, CVS, WTTS, FAA IR, DCSA, DOJ, CMS, IDMS and current HR systems. In 2016 DOT purchased the Centech Personnel Security Management System. Developement and installation of the PSES system allowed DOT to meet key recommendations which included closing information gaps; continuous evaluation; investigation oversight and accountability; common standards; and reducing vulnerabilities in current processes to name a few and mandatory new Federal Investigative Standards (FIS) that make it clear that the Department must leverage technology and modernize its processes to meet the new 21st century suitability and security reform requirements. DOT did this by procuring a Centech�s commercially available off-the-self (COTS) product, now known as PSES. DOT proposes to continue using Centech as the contractor to provide continual support, licenses and development of their enterprise system which has been proven and supports the eGovernment initiative to reduce or eliminate paper, and which promotes the Federal Identity, Credential, and Access Management Roadmap (FICAM) goal of using technology to increase efficiency and cost savings. Because of the complexity of the needed contractor-work as described above, the need for the type of coordination described above, and the high stakes associated with the contractor's success or failure in performing the contract, DOT cannot accept the risk of purchasing any Personnel Security Management System or manager other than one which has already been developed and meticulously tested and successfully deployed in a Federal environment. DOT�s Office of Security would normally obtain capability�information and cost-estimates from other companies (i.e., from companies other than Centech). But in this case there is no other known company that can provide, to DOT, the same kind of already�developed and already-successfully-tested and already-successfully-deployed Personnel Security Management System that is owned by Centech. And so the Office of Security has relied instead upon its long general experience in purchasing security systems.� And, underlying the statements made above is the fact that DOT�s Office of Security� possesses a considerable working knowledge regarding available Personnel Security Management systems, and the further fact that DOT�s Office of Security is certain that that Centech's already-developed and already-proven security management system is the only one that can fully meet the Office of Security�s complex needs for the contemplated new contract. The Office of Security�s currently-anticipated Statement of Work for its intended new sole-source Centech contract is as follows: REQUIRING ORGANIZATION U.S. Department of Transportation (DOT) Office of the Secretary, Office of Security M-40 INTRODUCTION The objective of this Statement of Work (SOW) is to provide technical support, program updates, system licenses and maintain system connections to the DOT Personnel Security Enterprise System (PSES)also known as Personnel Security Management System which is a personnel and administrative security software solution compliant with Federal regulations, standards and requirements and will continue to implement existing and future solutions to PSES within the DOT environment and support all components and requirements of PSES. BACKGROUND The Office of Security purchased a COTS/GOTS based personnel administrative software solution called Security Manager which was developed by The Centech Group Inc. which is now used by DOT Headquarters and the DOT Operating Administrations to perform personnel and administrative security functions.� This enterprise-wide solution once configured and installed was called the DOT Personnel Security Enterprise System (PSES). DOT PSES supports the entire lifecycle of DOT�s personnel and administrative security cases and enterprise security functions.� This includes capturing the data related to all aspects of pre-appointments, suitability determinations, security clearance processing, briefings, foreign travel, foreign contacts, official passports, information security including container management, facilities risk assessments, investigations, intelligence and anti-terrorism assessments.� DOT PSES has the capability to interface with existing DOT IDMS systems that support the PIV Card Program.� DOT PSES integrates with several DOT external and internal systems as well as varies Non-DOT systems. DOT PSES is a solution based product that has been implemented successfully at other Federal Executive Departments. The incumbents (The Centech Group Inc.) Security Manager System customizations, extensions and development of new modules by these other Federal Agencies are made available to DOT without development costs, resulting in savings and benefits. SCOPE The Contractor shall provide technical support and user licenses for the PSES software system that will continue to meet the personnel and administrative security needs of the DOT Office of Security.� The Contractor shall perform continual monitoring of the PSES system and perform continuous system analysis to determine that all components are configured and properly working to meet the PSES functional requirements.� The Contractor will document its findings and proposed solutions, and update processes and modules to the system upon DOT approval.� Contractor shall work with the DOT Office of the CIO to perform annual security assessments of the system in both a production and test environment on DOT-owned servers used by the PSES system. The Contractor shall implement a training system to facilitate web-based training for end-users. AGENCY AND CONTRACTING ACTIVITY US DOT/OST/M40 Attn: Linda Guier OST Office of Security (M40) 1200 New Jersey Avenue SE Washington, DC 20590 US Department of Transportation Attn: James H. Mowery III OST, Acquisition Services (M63) 1200 New Jersey Avenue SE Washington, DC 20590 PERIOD OF PERFORMANCE The Tasks agreed upon by DOT and the offeror will remain in effect for the life of the contract.� The offeror shall provide technical support, and shall recommend equipment for these Tasks. The term of the order will be from the date of award through a base period plus four option periods. The overall period of performance is specified in the following table. Table 6.1: Date of Task Order Award Start Date End Date Base Year 01 October 2020 30 September 2021 Option Period 1 01 October 2021 30 September 2022 Option Period 2 01 October 2022 30 September 2023 Option Period 3 01 October 2023 30 September 2024 Option Period 4 01 October 2024 30 September 2025 PLACE OF PEFORMANCE The offeror shall comply with the geographic requirements specified in this solicitation to provide support. The Place of Performance will be at: United States Department of Transportation Headquarters 1200 New Jersey Avenue SE Washington, DC 201590 TASKS Provide Program Management Support � The Contractor must update and deliver a revised program management plan for the DOT PSES system within 30 days after award.� Additionally, the Contractor must deliver monthly performance reports and participate in Change Control Boards and Risk Reviews.� The Contractor must provide task updates and task resolution information to the DOT Office of Security. The plan must be agreed to by the DOT Office of Security. The specific deliverables for this task are: Project Management Plan (PMP) � This document describes the Contractor�s recommended approach for analyzing, configuring, and deploying the Personnel Security Enterprise System.� The document should include a schedule for configuration analysis, testing, and deployment of all updates, enhancements and new Modules.� The PMP should describe the Contractors approach for management of PSES and how they will support DOT in deploying it to the participating Modes.� The document should also include the Contractor�s approach to managing changes to the functional requirements, identifying and mitigating risk, and managing changes to an integrated project schedule.� The document should identify government dependencies and a description of any tasks that the Contractor believes are the Government�s responsibility. This plan is subject to the approval of the DOT Office of Security. Periodic Performance and Quality Assurance Reports � The Contractor is required to deliver a monthly performance and status report to the System Owner and Contracting Officer�s Representative (COR) that describes its performance to date, outstanding tasks, outstanding Government dependencies, as well as newly identified risks and issues. Test Plan - This document will define the testing environment, dependencies, stakeholders and acceptance criteria. This plan must be approved by DOT Office of Security. Program Management Demonstration � The Contractor shall present and demonstrate its understanding of the desired objective, its methodology for completing this work, its project plan, its plan for reporting quality assurance metrics, and its plan for successfully managing risks. Testing and Training Environment � The Contractor shall maintain the PSES test and training environment on Government equipment.� This environment will be used to demonstrate the capabilities of the system, test upgrades, enhancements and new Modules before being moved to the Production Environment. This environment will subsequently be updated to reflect the Operational state of PSES to facilitate end-user training. Ongoing Gap Analysis and Configuration Analysis for PSES� The Contractor must continue to perform a detailed Gap and Configuration Analysis to determine the specific detailed configuration that will need to be performed to the PSES software in order to meet DOT specific requirements.� The Contractor shall meet with DOT HQ and Modes Subject Matter Experts to fully elicit the details of each requirement and recommend configuration/customization choices that preserve the integrity of the underlying product upon which PSES is based.� The Contractor must also document the configuration decision selected by DOT for each requirement based on the Contractor�s detailed recommendations resulting from the Gap Analysis.� The Contractor must provide a recommended phasing sequence for deployment to the DOT Modes.� The deliverables for this task are: Gap Analysis and Configuration Document � This document must describe the Contractor�s full understanding of each requirement, identify and describe the gaps between the specific requirements and the baseline product, and provide detailed recommendations of how each requirement can be implemented within the PSES application.� Configuration Decision Document and Revised Data Dictionary � This document must fully describe and document the configuration decisions selected in response to the Contractor�s recommendations in the Gap Analysis and Configuration Document.� The document must contain the specific changes/amendments that will be made to the baseline PSES design and include an updated PSES Data Dictionary and PSES Entity Relationship (ERD). GAP Analysis and Configuration Analysis Demonstration � The Contractor shall present and demonstrate its understanding of the requirements, its understanding of the solution it is proposing, and the impact on the core PSES application based on the selected configuration choices. Updated PMP � The Contractor shall update the Project Management Plan to address any changes in the proposed phasing approach resulting from the Configuration Analysis. Perform Detailed Data Migration Analysis and Design � The Contractor must analyze and design a solution that allows data to be migrated into PSES based on a predefined format that can be used by HQ and the Modes.� The Contractor must perform a detailed data analysis of DOT personnel systems, and new external connections to determine how to best map the data to the predefined data migration format.� The specific deliverables for this task are: DOT PSES Universal Data Migration Format Data Mapping Document This document shall describe the design and the required data format of a DOT PSES Universal Data Migration approach.� The document shall be intended to serve as a guide to be used by the DOT HQ and Modes when determining how to feed data into the DOT PSES from their new systems.� The document shall address the specific DOT PSES processes that can be populated, the field mappings, and any data value and type transformations, error logging and resolution protocols. DOT PSES Universal Data Migration Format Demonstration � The Contractor shall be required to present and demonstrate its understanding of the objectives of the DOT PSES Universal Data Migration Format approach. DOT HQ to DOT PSES Universal Format Data Mapping Document � This document must identify and describe the specific field mappings DOT PSES using a Universal Format.� In additions to the mappings, this document must identify and describe the required data transformations (i.e. both data type and data value) as well as the recommended default values required to successfully migrate the data from existing DOT systems, new internal and external databases and/or connections. Perform Integration Analysis and ICD Development � The Contractor must perform a detailed Data Integration analysis to identify the information transaction types and data elements that will be exchanged with the external systems identified during the Gap analysis.� The Contractor shall schedule meetings and analysis sessions to define the specific interface requirements.� The deliverables for this task are: Detailed Integration Plan � This document describes the recommended approach for integrating with the external systems identified in the PSES Functional Requirements. DCSA CVS Interface Control Document � This document describes the transaction types, data elements, and business rules that define the interface with the OPM CVS system. DOI FPPS Interface Control Document � This document describes the transaction types, data elements, and business rules that define the interface with the DOI FPPS system. DOT IDMS Interface Control Document - This document describes the transaction types, data elements, and business rules that define the interface with the DOT Identity Management System. DOT CMS System Interface Control Document � This document must describe the transaction types, data elements, business rules, business processes, and error reporting and resolution protocols that define the interface with the DOT Card Management System (CMS). DOD National Background Investigation Services (NBIS)- the federal wide information technology (IT) service used to conduct suitability, security, and credentialing investigations for all federal civilians, military members, and government contractors Office of the Director of National Intelligence (ODNI) � National Security Partnerships optimizes ODNI�s extensive partnerships to synchronize activities and engagements on whole-of-nation challenges, leveraging the capabilities, information, and expertise from ODNI partners within the agency and beyond. DOJ Civil Applicant System (CAS) � Allows participating federal agencies to electronically capture civil applicant fingerprints and biographical data and to transmit the data to the Federal Bureau of Investigation�s (FBI) Integrated Automated Fingerprint Identification System (IAFIS) as part of their background investigations of potential DOT employees, political appointees, and contractor personnel. NOTE: Repeat for as many Interfaces within the scope of this contract. Maintain the configured and system tested PSES solution with customizations and integration � The Contractor must deliver the configured PSES solution including customizations, integration software, and data migration software required to meet the functional requirements.� The contractor shall provide the following deliverables: Configured and system-tested PSES software solution � This deliverable consists of the configured software application and related customizations, integration software, and data migration software required to meet the functional requirements. System Testing Report � This document describes the test cases that were performed as a result of a software enhancement.� This document should describe the testing results for each test case and provide a list of outstanding defects. Updated Requirements Traceability Matrix (RTM) � This document describes the functional requirements of the system and maps any test cases generated to test new or enhanced features. System Security Plan (SSP) � This document will be compliant with NIST Special Publications 800-18, Guide for Developing Security Plans for Information Technology Systems.� The Contractor shall include in the SSP a detailed description of the system to include the system boundaries and a thorough discussion of the management, operational, and technical controls used to protect the information. Risk Assessment (RA) � This document is based on NIST 800-30.� The Contractor shall conduct a Risk Assessment of the system to include collecting information, performing interviews, data analysis, and documenting findings for the Risk Assessment (RA).� The risk assessment process shall adhere to NIST 800-30 and Federal guidelines (NIST 800-37, Guide for System C&A for Federal Information Systems; FIPS 199, Standards for Security Categorization of Federal Information and Information Systems). Conduct End-to-End Testing � The Contractor must support DOT Office of Security conducting an end-to-end acceptance test of the configured software solution that fully tests the solution in the production environment including migrated data.� The deliverables for this task are: Acceptance Testing Report � This document describes the test cases that were performed by the vendor prior to submission for end-to-end testing to determine whether the system meets the functional requirements.� This document should describe the testing results for each test case and provide a list of outstanding defects. Security Assessment & Authorization (SA&A) package for Approval � � 8.1 DOT CIO/ITSS/ISSM conducts annual Security Assessments of systems on the DOT COE which includes PSES. The contractor will take part in all security assessments and perform other tasks as necessary (e.g., support vulnerability scanning and analysis) to support the security assessment of the PSES system. The package shall include following documents. Document / Data Guidance/References 8.1.a System Inventory (Registration) DOT Cybersecurity Compendium DOT FISMA Inventory Guide Inventory Change Request Form NIST SP 800-37 OMB A-130 8.1b System Categorization (part of System Security Plan) DOT Cybersecurity Compendium NIST SP 800-37 FIPS PUB 199 NIST SP 800-60 8.1c Information System Security Plan DOT Cybersecurity Compendium NIST SP 800-37 NIST SP 800-18 NIST SP 800-53 Rev4 NIST SP 800-128 8.1d Privacy Threshold Analysis DOT Cybersecurity Compendium http://privacy.dot.gov/ 8.1e Privacy Impact Assessment DOT Cybersecurity Compendium http://privacy.dot.gov/ 8.1f e-Authentication Determination and Risk Assessment (part of System Security Plan) DOT Cybersecurity Compendium OMB M?0404 NIST SP 800-63 8.1g Interconnection Security Agreements / MOUs (part of System Security Plan) DOT Cybersecurity Compendium NIST SP 800-47 8.1h Security Assessment Plan DOT Cybersecurity Compendium NIST SP 800-37 NIST SP 800-53A NIST SP 800-115 8.1i Security Assessment Report DOT Cybersecurity Compendium NIST SP 800-37 NIST SP 800-137 NIST SP 800-30 8.1j Risk Assessment (part of Security Assessment Report) NIST SP 800-30 NIST SP 800-37 NIST SP 800-137 8.1k Plan of Action and Milestones DOT Cybersecurity Compendium NIST SP 800-37 8.1l Authorization Recommendation DOT Cybersecurity Compendium NIST SP 800-37 NIST SP 800-39 8.1m Authorization Decision Letter DOT Cybersecurity Compendium NIST SP 800-37 NIST SP 800-39 8.1n Information System Contingency Plan (ISCP) DOT Cybersecurity Compendium NIST SP 800-34 8.1o ISCP Test Report DOT Cybersecurity Compendium NIST SP 800-34 NIST SP 800-84 8.1p Incident Response Plan DOT Cybersecurity Compendium NIST SP 800-61 8.1q Continuous Monitoring Plan DOT Cybersecurity Compendium NIST SP 800-37 NIST SP 800-137 8.2 Independent Security and Privacy Assessment. DOT shall subcontract with an independent information security assessment organization to conduct and SA&A and present findings and recommendations for government review and approval.� The COR, in conjunction with the OST Information Security Information Manager (ISSM), will approve the selection of the independent successor and the mechanism by which the Contractor will ensure total independence of the assessment subcontractor.� The Contractor shall be required to mitigate all findings and recommendations from the independent assessment to the satisfaction of the COR, the OST ISSM and the DOT Chief Privacy Officer sufficient to support issuance of an Authority to Operate (ATO) by the PSES Authorizing Official Conduct DOT HQ Production Deployment � The Contractor will install the Acceptance-tested software solution including customizations, integration software, and data migration software required to meet the functional requirements on the DOT production hardware.� The deliverables for this task are: Product System Report � This document describes the status of the installation including the documented installation results (i.e., administrative accounts, IP addresses, database instances, etc.) DOT PSES Run Book � This document provides the procedures necessary to administer the DOT PSES system and perform any required maintenance duties associated with monitoring DOT PSES logs, executing interface tasks, troubleshooting interfaces, creating user accounts, resetting user accounts, etc. Provide On-Going Post Deployment Support � The Contractor shall provide ongoing support services for the DOT PSES system.� The Contractor shall provide the following services: Modification and Configuration Management � The Contractor shall modify and test the system in response to changes in DOT requirements resulting from user feedback, interface changes, reporting requirements and outstanding data migration issues.� The hours and dollars expended in support of this task must be contained in the Periodic Performance reports.� The Contractor shall comply with DOT configuration management policies and procedures. Any customized coding should be carefully considered and approved by DOT in advance of any work by the vendor, and will include a full understanding of the costs and risks of making the changes. Operations and Maintenance (O&M) O&M tasks include installing software upgrades, database administration, support for Continuous Monitoring and FISMA evaluations, transaction logging, and defining and assigning role-based access to users to be further defines by DOT Cyber Security requirements. Full Source Security Manager System Document Provide a full source document that describes all data elements, components, capabilities and modernization of the software already proven and developed for the Security Manager Software System. To include all updates, enhancements, future modules, capabilities and any other developments that would be a benefit to all Federal stakeholders and allow them to work together on engineering projects.� Nevertheless, any entity, OTHER than Centech, which believes that it is fully capable of meeting ALL of DOT�s needs as described in the Statement of Work given above, AND which ALSO believes that it is fully-capable of meeting those needs at the HIGH level of QUALITY indispensable to DOT, may, not later than 8:00 PM Pacific Daylight Time April 1st, 2021, e-mail, to james.mowery@dot.gov and to Terry.Brewster@dot.gov, and to Ellen.Polsky@dot.gov, and to Avi.Lopin@dot.gov, a Statement of Qualifications attempting to PROVE the submitter�s full capabilities for meeting DOT�s needs.
 
Web Link
SAM.gov Permalink
(https://beta.sam.gov/opp/9b334b89cd234fdaae4c1b9e6c6f06a9/view)
 
Record
SN05946492-F 20210320/210318230107 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.