Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF OCTOBER 18, 2023 SAM #7995
SOURCES SOUGHT

D -- CISOBox Incident Management Software

Notice Date
10/16/2023 2:05:13 PM
 
Notice Type
Sources Sought
 
NAICS
541511 — Custom Computer Programming Services
 
Contracting Office
COMMANDER QUANTICO VA 22134 USA
 
ZIP Code
22134
 
Solicitation Number
M00264-24-RFI-0001
 
Response Due
11/1/2023 10:00:00 AM
 
Archive Date
11/16/2023
 
Point of Contact
Ligaya Wallace, Phone: 7034322316, Monica L. Curley, Phone: 7037810081
 
E-Mail Address
ligaya.wallace@usmc.mil, monica.curley@usmc.mil
(ligaya.wallace@usmc.mil, monica.curley@usmc.mil)
 
Description
See attached document for the complete Request for Information (RFI) notice. This is an RFI notice only.� This is not a solicitation or Request for Quote/Proposal/Bid, and no contract or purchase order will be awarded as a result of this notice.�� The Marine Corps Intelligence Surveillance Reconnaissance Enterprise (MCISRE) Insider Threat Program�s (InTP) requires a CISOBox Incident Management Software and additional development services and/or system administration activities for remediation of Information Assurance Vulnerability Alert (IAVA) List and off-site phone support are required when necessary. MCISRE InTP is seeking information for potential sources for CISOBox (Cyber Incident Management Software) and annual maintenance and security system upgrades. The tasks the contactor will be performing are described in the attached draft PWS. The anticipated North American Industry Classification System Code (NAICS) for this requirement is 541511 -� Custom Computer Programming Services. The Product Service Code (PSC) for this requirement is DA10, IT and Telecom - Business Application/Application Development Software as a Service. The Marine Corps Intelligence Surveillance Reconnaissance Enterprise (MCISRE) Insider Threat Program�s (InTP) requires a CISOBox Incident Management Software and additional development services and/or system administration activities for remediation of Information Assurance Vulnerability Alert (IAVA) List and off-site phone support are required when necessary. MCISRE InTP is seeking information for potential sources for CISOBox (Cyber Incident Management Software) and annual maintenance and security system upgrades. The tasks the contactor will be performing are as follows: a. CISOBOX secure information security incident & case management software that includes but it not limited to the following: i. Securely manage comprehensive incident records using industry-standard incident meta-data based on National Institute of Standards and Technology (NIST) 800-61r2 and United States Computer Emergency Readiness Team (U.S. CERT) standards. ii. Ability to create incident response journals with automatic date and time stamps, user attribution, attach evidence and files. iii. Ability to manage incident-related messages. iv. Dashboard overview with status, summary, and assigned incident response leader. v. Hypertext Markup Language (HTML) 5 interface without Flash or Java. vi. Time-based one-time password. vii. Two-factor authentication. viii. Compatible with Duo Mobile and Google Authenticator. ix. Ability to assign role-based access and privileges. x. Provides immutable incident records and meta-data with detailed audit trails. xi. Shared simultaneous access to incident records that allows for collaborative incident handling and collection of incident data. xii. Shall have the ability for pre-configured incident data analysis reports to include incidents by type, impact, and by compliance. xiii. Reporting shall provide for pie, bar, and tabular displays of data analysis reports. xiv. Comprehensive reports of incident data for management, compliance, and audit reporting shall have ability to be exported and shared to standard formats, including comma-separated values (CSV) and HTML. xv. Preserve the confidentiality of sensitive information stored in CISOBOX, while also permitting shared access and collaboration needed for effective incident handling. b. Support Services for CISOBOX when necessary, as follows: i. The vendor must acknowledge and respond within 48 hours of the initial request for support. ii. Additional software development services and/or system administration activities for remediation of Information Assurance Vulnerability Alert (IAVA) List. The contractor shall customize the software as needed to address the MCISRE�s unique mission process requirements including Insider Threat and Computer Network Defense needs. iii. Provide off site/phone support when necessary to address service maintenance issues. iv. Provide onsite support when required, all on-site visits must be approved by the Contracting Officer Representative (COR). c. Upgrade the server hardware when it is necessary to keep the application operating within the proper security standards. Services will be performed at the contractor�s location and at the Government facility, the address is shown below: �� Marine Corps Intelligence Activity 2033 Barnett Avenue Quantico, VA CONTRACT/PROGRAM BACKGROUND: Contract Number: M00264-21-P-0012 Contract Type: Firm-Fixed Price Incumbent and their size:� Yakabod Federal Solutions, LLC (Small Business) Method of previous acquisition: Sole Source VENDOR RESPONSE SUBMISSION: Feedback on this requirement is encouraged. This is a market research tool used to identify market capability and solutions (to include performance work statement revisions), as well as the availability and adequacy of potential small business sources prior to determining the method of acquisition and issuance of award. The Government is not obligated to and will not pay for any information received from potential sources as a result of this notice. Information submitted by respondents to this notice is strictly voluntary. It is requested that firms submit answers to the MCINCR-RCO at the below email address. A vendor�s response should address, at a minimum the following: Name of Organization, Unique Entity ID (UEI) or CAGE Code, Telephone Number, Address, and Email address for primary point of contact. Also provide the organization�s size status and socioeconomic status that applies. Appropriate NAICS code and PSC (if other than what is listed above) for the services described in this notice with an explanation as to why this code(s) would be a better supported option. Description of your organization�s capabilities / experience with regards to the draft PWS requirements. This description should demonstrate ability to perform the services in the draft PWS (Maximum length: 12 pages). Contract vehicles (GSA Federal Supply Schedule, GSA GWAC, or any other Government Agency contract vehicle), of which your business is a contract holder, for the requirements in the draft PWS. (Lack of does not preclude a business from responding to this notice.). Answers to the below specific questions regarding the requirement:� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � a. Are the required services considered a commercial product or commercial service IAW FAR 2.101 Definitions? For reference, the commercial product and commercial service definitions are included below: Commercial product means - (1) A product, other than real property, that is of a type customarily used by the general public or by nongovernmental entities for purposes other than governmental purposes, and� ���� (i) Has been sold, leased, or licensed to the general public; or ���� (ii) Has been offered for sale, lease, or license to the general public; (2) A product that evolved from a product described in paragraph (1) of this definition through advances in technology or performance and that is not yet available in the commercial marketplace, but will be available in the commercial marketplace in time to satisfy the delivery requirements under a Government solicitation; (3) A product that would satisfy a criterion expressed in paragraph (1) or (2) of this definition, except for- ���� (i) Modifications of a type customarily available in the commercial marketplace; or ���� (ii) Minor modifications of a type not customarily available in the commercial marketplace made to meet Federal Government requirements. �Minor modifications� means modifications that do not significantly alter the nongovernmental function or essential physical characteristics of an item or component or change the purpose of a process. Factors to be considered in determining whether a modification is minor include the value and size of the modification and the comparative value and size of the final product. Dollar values and percentages may be used as guideposts, but are not conclusive evidence that a modification is minor; (4) Any combination of products meeting the requirements of paragraph (1), (2), or (3) of this definition that are of a type customarily combined and sold in combination to the general public; (5) A product, or combination of products, referred to in paragraphs (1) through (4) of this definition, even though the product, or combination of products, is transferred between or among separate divisions, subsidiaries, or affiliates of a contractor; or (6) A nondevelopmental item, if the procuring agency determines the product was developed exclusively at private expense and sold in substantial quantities, on a competitive basis, to multiple State and local governments or to multiple foreign governments. Commercial service means� (1) Installation services, maintenance services, repair services, training services, and other services if� ���� (i)Such services are procured for support of a commercial product as defined in this section, regardless of whether such services are provided by the same source or at the same time as the commercial product; and ���� (ii)The source of such services provides similar services contemporaneously to the general public under terms and conditions similar to those offered to the Federal Government; (2) Services of a type offered and sold competitively in substantial quantities in the commercial marketplace based on established catalog or market prices for specific tasks performed or specific outcomes to be achieved and under standard commercial terms and conditions. For purposes of these services� ���� (i) Catalog price means a price included in a catalog, price list, schedule, or other form that is regularly maintained by the manufacturer or vendor, is either published or otherwise available for inspection by customers, and states prices at which sales are currently, or were last, made to a significant number of buyers constituting the general public; and ���� (ii) Market prices means current prices that are established in the course of ordinary trade between buyers and sellers free to bargain and that can be substantiated through competition or from sources independent of the offerors; or (3) A service referred to in paragraph (1) or (2) of this definition, even though the service is transferred between or among separate divisions, subsidiaries, or affiliates of a contractor. b. Does your company have the capability of successfully providing all the requirements in the draft PWS to include the CISOBox software and all required services? c. Please provide (rough cost) the unit price to allow the U.S. Government to adequately project the estimated value of this requirement. d. What additional or historical information do you need to propose FFP for this requirement? e. What areas of the requirement seem vague? Why? Please identify what they are and a recommended remedy. f. What obstacles would prevent your business from submitting a future quote for this requirement? What are the solution(s)? g. Are the required services considered professional or are they subject to the Service Contract Act? h. What are the key cost drivers to fulfill this requirement? i. Does your company have any questions or recommendations regarding the required software and services outlined in this RFI? Please provide them in your response so that we may consider them. j. Does your firm have any suggestions online item structure? (Note: firms are encouraged to share contract numbers of same/similar contracts you may have with the Government to support line-item structure suggestions). k. Currently, MCISRE InTP is using CISObox Incident Management Software, and the incumbent contractor modified the software based on the MCISRE InTP�s needs. Does your company �have other recommended software that has the same or equal salient characteristics as that of CISObox software as described in the draft PWS? How long will it take for the recommended software to be integrated into the MCISRE InTP analytical tools without causing function or services interruption? Vendors who wish to respond to this notice should send its response via email no later than November 1, 2023, 1:00 PM Eastern Time to monica.curley@usmc.mil and ligaya.wallace@usmc.mil
 
Web Link
SAM.gov Permalink
(https://sam.gov/opp/20db2672508d4d7da5b32902f0fa0542/view)
 
Place of Performance
Address: Quantico, VA, USA
Country: USA
 
Record
SN06860637-F 20231018/231016230050 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.