Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF APRIL 23, 2022 SAM #7449
SOLICITATION NOTICE

D -- Security Assessment and Vulnerability Mitigation Service to Strategic Systems Programs

Notice Date
4/21/2022 12:08:19 PM
 
Notice Type
Presolicitation
 
NAICS
541511 — Custom Computer Programming Services
 
Contracting Office
STRATEGIC SYSTEMS PROGRAMS WASHINGTON NAVY YARD DC 20374-5127 USA
 
ZIP Code
20374-5127
 
Solicitation Number
N0003023R6003
 
Response Due
5/6/2022 2:00:00 PM
 
Archive Date
05/07/2022
 
Point of Contact
Anzhelika Grabovetskaya, Phone: 2024513247, Marge Niedzwicz, Phone: 2024513230
 
E-Mail Address
anzhelika.grabovetskaya@ssp.navy.mil, Marge.Niedzwicz@ssp.navy.mil
(anzhelika.grabovetskaya@ssp.navy.mil, Marge.Niedzwicz@ssp.navy.mil)
 
Small Business Set-Aside
WOSBSS Women-Owned Small Business (WOSB) Program Sole Source (FAR 19.15)
 
Description
The contractor shall be responsible for the security management of SSP application systems, some of which may process classified data. The contractor must possess a thorough understanding of the architecture and have experience with the SSP specific applications listed below: SSP Enterprise Archives Service (SEAS) application � SEAS is SSP�s web based records management system utilizing networked document scanners. An instance of SEAS is also running on the Navy�s classified network to support SSP�s classified record management activities.� It allows the SPHQ and PMO offices to archive both paper and electronic financial records and official correspondence.� SEAS was developed using Java, Apache Struts/Tiles framework, JSP technology and Oracle Database. Contract Action Tracking System Web (CATS Web) application � CATS Web is the Contract Branch Action Tracking System.� This system allows SSP�s contracting branch to document and track their action routing process and validate required contract artifacts for each procurement.� The new CATS Web architecture includes Java, STRUTS and J2EE components as well as Oracle database. SSP Service Desk system � SSP Service Desk is a COTS product used for the management of SSP�s service desk tickets.� SSP Service Desk system was customized to support SSP�s business processes.� It uses Microsoft SQL Server and administration suite of tools.� This application is used by the SPHQ Helpdesk as well as the SSP Program Management Offices. SSP Logistics Planning System (i.e., SPOSE) � The Logistics Planning application is primarily used to gather raw data for the production and publication of SSP�s annual budget/planning document.� This application is used by SSP to plan for their current and future program resource allocations. The application was converted from a standalone PowerBuilder system to a web based application currently operational on the Navy�s classified network.� SSP�s web based Logistics Planning System was developed using Java Framework and Oracle database. Quality and Reliability Information Management System (QRIMS) � QRIMS is a report processing application hosted at SSP and sponsored by the SSP Navigation branch for use by external contractors to track trouble and failure reports, corrective action reports as well as trouble failure repair and return reports and preventative maintenance action reports.� QRIMS was developed using Struts 2 MVC framework and Oracle database. The security management of these applications shall require detailed knowledge and a thorough understanding of the SSP information systems� business, data, applications and technical architecture. The contractor must provide subject matter expertise for the above systems in the following areas: Transitioning of applications from the DIACAP Certification and Accreditation Process to the DoD Risk Management Framework (RMF) Information Security assessments, mitigation and control monitoring Application development framework Library dependency End-of-Life management Vulnerability monitoring and mitigation Security Penetration testing and remediation Structured security patch management Application unit testing, integration testing, and automated code review testing Re-factoring and patching of source code, unit tests and integration tests Database schema design and configuration changes Application release and deployment management System audit logs analysis Port and Protocol management Maintaining application configuration management data in accordance with the Software Configuration Management Plan for SSP Enterprise Applications The above application security management actions require detailed knowledge and experience using specific technologies, interfaces, development and scripting languages, Software Development Life- Cycle (SDLC) processes and tools. The contractor shall have experience and maintain skills proficiency in the key subject areas required to perform the security management actions, which include: OpenText Livelink application Programming Interface (API) Hewlett Packard Digital Sender workflow programming HEAT trouble ticketing system database configuration and administration Business Process definition and analysis using BPMN 2.0 Fusion Charts reports (using XML, HTML5 and JavaScript) DoD Records Management application design standards Development languages & interfaces: Java, Apache Struts, Apache Tiles, PL/SQL, iText, XML, HTML5, JavaScript, CSS, SVG, UML, LDAP, SMTP Web Server Technologies: Internet Information Services (IIS) SDLC Tools: PortsWigger Burp Suite, Enterprise Architect UML, Eclipse IDE, JIRA Issue & Project Tracking, Subversion Revision Control, Unit Test, Code overage, automated Code Review DoD Information Assurance Certification and Accreditation Processes (DIACAP) and DoD Risk Management Framework (RMF) Public Key Infrastructure (PKI) Security Assertion Markup Language (SAML) Web Services XML Digital Signature Programming Common Access Card (CAC) authentication Cryptography protocols and their usage Security threat modeling and mitigation strategies HTTPS Web session monitoring The contractor must possess a complete understanding of SSP�s information systems environment and must have demonstrated knowledge and experience working with the Navy accreditation processes for the SPCIO�s application systems. The contractor�s proposed staff must be fully DOD 8570 compliant and have a complete understanding of DISA Security Technical Implementation Guidelines (STIG) and Security Requirements Guides (SRG) for hardware, software, and applications.
 
Web Link
SAM.gov Permalink
(https://sam.gov/opp/6e91728ce9f64f06bfaaf14548f700ae/view)
 
Place of Performance
Address: Washington Navy Yard, DC 20374, USA
Zip Code: 20374
Country: USA
 
Record
SN06304001-F 20220423/220421230111 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.