Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF MARCH 26, 2022 SAM #7421
SOURCES SOUGHT

99 -- National Institute of Standards and Technology (NIST), Back-Up Care Program Support

Notice Date
3/24/2022 11:47:55 AM
 
Notice Type
Sources Sought
 
NAICS
518210 — Data Processing, Hosting, and Related Services
 
Contracting Office
DEPT OF COMMERCE NIST GAITHERSBURG MD 20899 USA
 
ZIP Code
20899
 
Solicitation Number
AMD-SS-NB01002203242022_MHB
 
Response Due
4/25/2022 9:00:00 AM
 
Point of Contact
Monica Brown, Phone: 3019750642
 
E-Mail Address
monica.brown@nist.gov
(monica.brown@nist.gov)
 
Description
General Information The National Institute of Standards and Technology has a requirement for back-up care services. Back-up care is defined as an alternative childcare or dependent arrangement made in response to an emergency, an unexpected event, or a disruption in regular, pre-arranged child or dependent care and serves as a safety net for when a childcare or dependent care emergency happens, or normal child or dependent care arrangements fall through. This is a benefit offered by employers to ensure happy and productive working parents. REQUIREMENTS - Cybersecurity/Privacy Requirements NIST seeks a solution which provides security and privacy protection consistent with requirements defined by applicable federal laws, regulations, policies, and standards (e.g., the Federal Information Security Management Act (FISMA), OMB Circular A-130, and FIPS Publication 200). The solution provider (including subcontractors) may meet these requirements through various means including but not limited to; FedRAMP authorization, current third-party assessments (e.g., SSAE, PCI) and/or responses to NIST special publication control set SP 800-171. ? Minimally Acceptable Controls System security plan describing physical, technical, and administrative controls implemented to protect systems and sensitive personally identifiable information (SPII). IT management processes to establish and manage secure configuration baselines including routine patching for all operating systems and applications. Access to SPII is restricted to those with a need to know. Personnel with access to SPII have background investigations performed (e.g. criminal, financial etc.), and are trained on secure handling of SPII. Access Controls for SPII meet or exceed industry best practices for access and identification control including, but not limited to, connectivity to servers and databases, multi-factor authentication for remote accesses for administration, secure configurations for any devices accessing the system, and strong physical security for any place where the data is accessed. The solution supports multifactor authentication for users and/or supports integration with customer federation services for Single-Sign capability. Processes for scanning on a continual basis for vulnerabilities and proper configurations for all aspects of the system, as well as processes for timely mitigation of findings. Auditing and Incident Response processes including customer notification of suspected or actual incidents and logging with sufficient information to perform forensics on any incident. Processes for notifying and providing appropriate mitigations, including but not limited to credit monitoring services, for subsidy applicants in the event of suspected or actual incidents. SPII is encrypted in transit using TLS 1.2 or better and encrypted at rest in all places the SPII is stored.� All encryption algorithms and modules are FIPS 140-2/140-3 validated. If unable to meet any of the requirements listed above, solution provider may provide details of mitigations or alternative protections in place to ensure the appropriate handling and protection of SPII. If the solution provider provides services to other Federal agencies, provide a general description of the security risk management approach and client point of contact. Functional/Programmatic Requirements � TASKS Kick-off Meeting The Contractor shall attend a kick-off meeting, via conference call or video conference, with NIST no later than one week after award. The Contractor shall contact the Contracting Officer�s Representative (COR) to schedule a date and time for the meeting. The meeting venue (conference call or video conference) will be determined at this time. Attendees shall include, at a minimum, the Contracting Officer�s Representative, the Contracting Officer or Contract Specialist, the Contractor�s Program Manager, and all Contractor personnel that will be working on this project. The meeting will review the contract requirements, summarize contract rules, review the background and objectives of the NIST back-up care program, and discuss the tasks required by the statement of work. The Contractor shall provide a summary of the meeting via email no later than three days after the meeting date. �Functional Support Provide a vetted and certified network of both in-home and in-center care options where backup caregivers are required to complete orientation and health and safety training, and their screening process includes childcare reference checks, interviews, criminal background checks, national sex offender public website checks, name and address verification, and U.S. work eligibility verification. Develop a Website The Contractor shall develop, host, and maintain a website for the backup care program that is secure for a federal agency. Minimum requirements for the website: Be live 24/7 Provide a link to the application for back-up care Be accessible through NIST�s VPN only, require a NIST e-mail address to access NIST specific program Outline costs of care by category Provide a link to FAQs List Contractor POCs List COR name and contact information List Information on customer support and how to reach a live representative The contractor shall maintain a telephone number for employees to contact in the event back-up care is needed. Must allow applicants to reserve back-up care one month in advance of their need. Contracting Office Address Department of Commerce, National Institute of Standards and Technology, Acquisition Management Division, 100 Bureau Drive, Building 301, Room B121, Mail Stop 1640, Gaithersburg, MD, 20899-1640 NIST is seeking responses from all responsible sources. Small businesses are defined under the associated NAICS code for this effort, 518210 Computing Infrastructure Providers, Data Processing, Web Hosting, and Related Services as those domestic sources having $35M. Please include your company�s size classification and socio-economic status in any response to this notice. Instructions to Responders: Interested parties that have the capabilities to meet the Government�s basic requirements are requested to email capabilities statement of no more than 20 pages, describing their abilities to meet all requirements to monica.brown@nist.gov no later than the response date of April 25, �2022, 12:00 p.m. EST for this sources sought notice. The report should include relevant information to your capabilities including any requirements that cannot be met or is deemed close to but not meeting an identified requirement. Also, the following information is requested to be provided as part of the response to this sources sought notice: Name of company(ies), their addresses, and a point of contact for the company (name, phone number, fax number and email address) that provide the services for which specifications are provided. Indication if the company(ies) are small business and/or any other social economic category(ies).� Please highlight if company is an 8(a) and/or owned by an Alaska Native Corporation, Indian Tribe, Native Hawiian Organization, Community Development Corporation; HUBZONE, SDVOSB, EDWOSB or WOSB. Indication of whether the services required are currently on one or more GSA Schedule (i.e. Multiple Award Schedules [MAS]) contracts and, if so, the GSA MAS contract number(s). Indication if the company(ies) can provide all, or some, of the services. Any other relevant information that is not listed above which the Government should consider in developing its minimum specifications and finalizing its market research.
 
Web Link
SAM.gov Permalink
(https://sam.gov/opp/4abf88e2634c4ad6a0685a1a6cb94f23/view)
 
Record
SN06278943-F 20220326/220324230114 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.