Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF FEBRUARY 24, 2022 SAM #7391
SOLICITATION NOTICE

R -- DRAFT: Cybersecurity Compliance and Risk Management

Notice Date
2/22/2022 11:24:43 AM
 
Notice Type
Presolicitation
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
MISSILE DEFENSE AGENCY (MDA) HUNTSVILLE AL 35898 USA
 
ZIP Code
35898
 
Solicitation Number
HQ085822R0009
 
Response Due
3/1/2022 3:00:00 PM
 
Archive Date
02/22/2023
 
Point of Contact
Anthony Fisher, Phone: 256-450-1461
 
E-Mail Address
anthony.fisher@mda.mil
(anthony.fisher@mda.mil)
 
Small Business Set-Aside
WOSB Women-Owned Small Business (WOSB) Program Set-Aside (FAR 19.15)
 
Awardee
null
 
Description
This pre-solicitation notice is posted in accordance with FAR 5.204. The Missile Defense Agency (MDA) intends to issue a solicitation to procure Cybersecurity Compliance and Risk Management advisory and assistance services to support MDA and the Office of Chief Information Officer. The Cybersecurity Compliance and Risk Management requirement consists of conducting numerous cybersecurity test and risk assessment services across all MDA information systems (Business, Mission Support, and Warfighter), their connections and associated test events in support of Agency Security Control Assessors (SCA). The requirement includes the development, implementation, sustainment, and execution of Agency Risk Management Framework (RMF) functions and processes to include: cybersecurity controls validation, software assurance, cybersecurity risk assessment, cybersecurity training; and providing fee-for-service management and event scheduling support. The cybersecurity controls validation requirement involves performing technical and non-technical evaluation of: 1) information systems authorized or to-be authorized by the MDA Authorizing Official; 2) internaland external MDA information systems connections; and 3) classified sites connecting to MDA information systems. The software assurance requirement involves: 1) assessing internal and external Commercial-Off-The-Shelf (COTS) and Government-Off-The-Shelf (GOTS) software code analysis (static, dynamic); results and risk assessment reports for all major software builds/updates of the Operational Capacity Baseline of the MDS and information systems authorized or to-be authorized by the MDA Authorizing Official; 2) assessing Program(s) compliance with Agency software development, test, and cyber requirements; and 3) conducting static and dynamic code reviews on MDA-developed software. The cybersecurity risk assessment requirement involves the RMF control and system-level assessments of: 1) all major hardware and software updates of the Operational Capacity Baseline of the MDS; 2) all MDA flight and ground test event architectures; 3) information systems authorized or to-be authorized by the MDA Authorizing Official; 4) internal and external MDA information systems connections, 5) classified sites connecting to MDA information systems; 6) cybersecurity test results from official Development and Test Evaluations (DTE) of MDA developed acquisition systems; 7) cybersecurity test results from official Operational and Test Evaluations (OTE) of MDA developed acquisition systems; and 8) internal and external COTS and GOTS software vulnerability reports or analysis. The cybersecurity training requirement involves: 1) organizing and developing curriculum for Agency-level cybersecurity workforce training, education, and leadership development; and 2) provide management support in tracking Agency-wide cybersecurity certifications and training requirements. Activities also include the development, implementation, and execution of a fee-for-service catalog, five-year master test plan, project schedule, and program-specific metrics to orchestrate and communicate all activities described above.This requirement will be solicited as a Women Owned Small Business (WOSB) set-aside using source selection procedures in FAR Part 15. The North American Industry Classification System (NAICS) code for this acquisition will be 541519 (Other Computer Related Services) and the Small Business Size Standard will be $30M. It is anticipated that the award will result in a single, Cost-Plus-Fixed-Fee (CPFF) contract for a base period of three (3) years, one (1) three-year option, and one (1) six-month option to extend. This requirement will use best value trade off procedures in determining the successful offer. The places of performance primarily include: Fort Belvoir, VA; Huntsville, AL; and Colorado Springs, CO.It is anticipated that the solicitation will be posted to the Procurement Integrated Enterprise Environment (PIEE) solicitation module at: https://piee.eb.mil/ on or about 45 days from the date of this pre-solicitation notice. The closing date of the solicitation will be 30 days from the posting date. Offerors interested in submitting a proposal after the solicitation is posted to PIEE are responsible for downloading their own copy of the solicitation from the website and frequently monitoring the site for any amendments. MDA will not directly send offerors the solicitation or any amendments. It is the interested offerors responsibility to periodically check this website for updates. When a solicitation is issued, failure to respond to the electronically posted solicitation and associated amendments prior to the date and time set for receipt of proposals as stated in the solicitation, may render the proposal non-responsive and result in rejection of the same. The release of this synopsis and issuance of the RFP, when posted, is not a commitment by the Government to award a contract. The Government will not pay any costs incurred by an interested offeror as a result of the posting of this synopsis or the release of the RFP, when posted Offerors interested in submitting proposals must be registered in the PIEE system. If offerors notice that the direct labor rates contained in the EPW are not realistic to perform the effort, offerors are requested to provide recommended rates along with supporting data. See Draft Section L paragraph 2.10 for Offerors Library and Restricted Documents. The Government intends to hold one-on-one meetings with industry covering the CCRM solicitation. These meetings will be limited to 30 minutes and will be held via teleconference. Please submit a request NLT close of business on February 25, 2022 at TN-CYBERCOMP@mda.mil to schedule a session with your company. The Government prefers to meet with prime offerors only. Questions and MDA responses to questions asked during the one-on-one meetings will be posted on piee.eb.mil.Any questions must be emailed to: TN-CYBERCOMP@mda.mil no later than March 1, 2022.The PIEE help desk can be reached Monday - Friday, 6:30 a.m. ? 12:00 a.m. EST at phone: 866-618-5988, Email: disa.global.servicedesk.mbx.eb-ticket-requests@mail.mil or fax Fax: 801-605-7453. Approved for Public Release 22-MDA-11062 (1 Feb 22) *Visit 'https://piee.eb.mil/sol/xhtml/unauth/search/oppMgmtLink.xhtml?solNo=HQ085822R0009' to obtain more details.*
 
Web Link
SAM.gov Permalink
(https://sam.gov/opp/69e4de8a9c844d468a53120b0e6c85d2/view)
 
Record
SN06248147-F 20220224/220222230106 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.