SOURCES SOUGHT
A -- Request for Information for Defensive Cyber Operations for Space
- Notice Date
- 10/18/2023 12:02:48 PM
- Notice Type
- Sources Sought
- NAICS
- 541511
— Custom Computer Programming Services
- Contracting Office
- FA8806 BATTLE MNGMNT C3 SSC/BCK EL SEGUNDO CA 90245-2808 USA
- ZIP Code
- 90245-2808
- Solicitation Number
- 24-28
- Response Due
- 10/24/2023 3:00:00 PM
- Archive Date
- 11/08/2023
- Point of Contact
- Lakisha Porter, Phone: 3106531517, Jordan Feliciano, Phone: 310-653-2233
- E-Mail Address
-
Lakisha.porter@spaceforce.mil, jordan.feliciano.1@spaceforce.mil
(Lakisha.porter@spaceforce.mil, jordan.feliciano.1@spaceforce.mil)
- Small Business Set-Aside
- SBA Total Small Business Set-Aside (FAR 19.5)
- Description
- 1.0 General Information: Disclaimer: This Request for Information (RFI) is issued solely for information and planning purposes (market research). This RFI does not constitute a solicitation (Request for Proposal (RFP) or Request for Quotations (RFQ) or a promise to issue a solicitation in the future. This RFI does not commit the Government to contract for any supply or service whatsoever. Furthermore, the Government is not, at this time seeking proposals and will not accept any unsolicited proposals. Respondents are advised the Government will not pay for any information or administrative costs incurred in response to this RFI. All costs associated with responding to this RFI will be solely at the responding party�s expense. Not responding to this RFI does not preclude participation in any future RFP, if any is issued. Any information submitted by respondents to this RFI is strictly voluntary. All submissions become Government property and will not be returned. Questions relating to this RFI should be directed exclusively by email to the contracting POCs listed in Section 3.0, Submission details. Companies wishing to respond to this RFI should send responses via electronic mail no later than 24 October 2023 at 3:00 PM Pacific to the POCs listed in Section 3.0. 2.0 Description: The United States Space Force (USSF) Enterprise requires advanced persistent cyber defenses against nation state threats to operations. Given the stove-piped nature of the space enterprise, the Defensive Cyber Operations (DCO) for Space (DCO-S) approach must be multipronged. The long-term strategy involves a common ground architecture providing centralized management and control of satellite operations through Enterprise Ground Services (EGS), resulting in a truly integrated space enterprise. Collaboration and cooperation across space acquisition, space and cyberspace operations, and commanders at all levels is required to apply a risk-based approach (both mission and system risk) to establish enterprise-wide situational awareness in the cyberspace domain resulting in effective, prioritized DCO-S. The USSF is leading the effort in defensive cyber operations and continues to codify command and control (C2) roles and responsibilities to facilitate rapid identification / reporting / response of anomalous cyber activity within the space enterprise and integrate threat-based intelligence at all operational levels. In 2016, the Air Force directed the stand-up of the Cyber Squadron Initiative, and Air Force Space Command�s 50th and 460th Space Wings were among the Air Force�s first to field Mission Defense Teams to provide persistent defense with 24/7 DCO capability. The effort continues to scale across USSF through Space Delta 6�s cyber squadrons, equipped with an enterprise level DCO-S suite of tools. In addition to executing the DCO-S mission, space cyber squadron operators provide the feedback necessary to continuously evolve that suite of tools to counter sophisticated, determined, and persistent adversarial threats against the USSF space enterprise in, through and from the cyberspace domain. 2.1 RFI Approach The PCO documenting responsibilities and personnel management for the office and is preparing an Acquisition Strategy Plan. This RFI will inform the PCO of available businesses with an interest and capability to support this mission set. 2.2 DC0-S Desired Capabilities The Space Systems Center Enterprise Cross-mission Ground�s Defensive Cyber Operations for Space Branch (SSC/SZYO) is designated as the responsible office to provide enterprise level DCO capability to the Space Enterprise. To accomplish the mission, SSC/SZYO contracted with multiple vendors to prototype key defensive cyber features, through prototype OTA awards under the Space Enterprise Consortium base agreement. SZYO now requires a single vendor to produce and enhance these features on a production scale that will: Deliver space enterprise protection and threat detection, identification, protection, and response capabilities. Continuously integrate and develop Manticore and Kraken to accommodate EGS and future space systems. Provide operationally relevant cyberspace capabilities with Manticore and Kraken through iterative development to meet mission needs today. Manticore is an out-of-band defensive cyber solution designed to provide enterprise-level cyber �Identify and Detect� capabilities for USSF legacy and future Space Mission Systems. Manticore duplicates data and analyzes the data passively with no ability to impact mission data or mission systems in real time. Kraken is an in-band defensive cyber solution that provides enterprise-level cyber �Protect/Respond� capabilities for USSF legacy and future space mission systems.� Ultimately, this allows data and mission systems to have real time ability to demonstrate �active� defense against cyber threats. 2.2.1 Onboarding The contractor shall work with the government and/or any delegated authorities to obtain access to the development environment(s), This includes any related systems such as task management platforms, required network devices, authentication systems, government furnished equipment, Common Access Cards (CAC�s), etc. The contractor shall review the existing Manticore product, encompassing technologies, developed code, and/or integration and configuration artifacts. This includes a review of the Manticore product line backlog items. The contractor shall review the existing Kraken product, encompassing technologies, developed code, and/or integration and configuration artifacts. This includes a review of the Kraken product line backlog items 2.2.2 Prototyping The contractor shall participate in Government led DCO-S Product Increment (PI) planning process. The contractor shall assist Government PO in analyzing stories from the product backlog to prioritize and present detailed options for delivery during the next PI. The contractor shall assist Government PO in applying Agile principals to the PI objectives to increase quality and quantity of objectives. The contractor shall assist Government PO in determining objectives to be completed at each iteration throughout the PI. The contractor shall conduct and participate in all Manticore and Kraken product lines scrum team activities. The contractor shall follow the standard agile practice when assigning labels to JIRA issue, such as features, user stories, tasks, and spikes. The contractor shall support the Government DevSecOps pipeline over the contract period of performance using SAFe practices. The contractor shall support the delivery of capabilities for the Manticore and Kraken product lines in accordance with the Government schedule: 2-week sprints, 3-month PIs, and an 18-month Epic. The contractor shall develop designs required to support the Manticore and Kraken product lines. These designs may include but are not limited to an analysis of alternatives, network flow diagrams, data flow diagrams, schemas, etc. Design documents or artifacts will be stored in a government-provided repository. The contractor shall institute secure coding practices into all phases of development, delivery, and operation. The contractor shall commit, and merge developed code into feature branches at frequent intervals and merge into the release branch at the completion of developed capabilities. The contractor shall ensure developed code works with existing Manticore and Kraken configuration management capabilities to facilitate regular deployment to test and staging environments. The contract shall ensure all developed code and artifacts used during development are kept at the CUI security level. The contractor shall ensure all newly developed code follows industry best practice, such as removing unused code, secrets management, and error handling. In additional, legacy code will be reviewed for outstanding instances that go against standards. The contractor shall incorporate automated quality checks enforcing industry best practice into the development pipeline. The contractor shall develop hardened code following industry best practices and in accordance with applicable DoD and DISA policy and guidelines. All code and configuration items will be stored in a government-provided repository. The contractor shall maximize the use of COTS, GOTS, and FOSS products providing the products fit within the targeted environment�s defined security needs. At the conclusion of each sprint, the contractor shall collect operator feedback and conduct a sprint retrospective.� Findings will be documented and shared with the project POs. The contractor shall perform testing on code, configurations, and software prior to integration to demonstrate that the products provide the required capabilities. Test reports will be generated and will be stored in a government-provided repository. The contractor shall incorporate linting and unit tests into the development pipeline ensuring automation of quality checks of checked-in code. The contractor shall ensure testing on developed capabilities will under-go testing from an end user�s standpoint in the form of behavior-driven development tests and from a functional testing standpoint in the form of test-driven development. The contractor shall have all developed code follow be peer reviewed, pass automated security testing, and functional testing before merging into the main release branch. The contractor shall support GAT and UAT processes as defined by the government. The contractor shall collaborate with the Platform team for the delivery of executable code into the Government environment. The contractor shall support the generation of ATO package artifacts under Risk Management Framework. The contractor shall develop detailed release notes for delivered capability. At the conclusion of each PI, the contractor shall collect operator feedback and conduct a PI retrospective.� Findings will be documented and shared with the project POs. The contractor shall demonstrate its DevSecOps pipeline and its ability to deliver capabilities for the Manticore and Kraken product lines prototypes. The contractor shall be ready to adjust and modify its original proposed Product Increment (PI) deliverables and solution approach based on the backlog discussion outcome. The Contractor shall present a revised plan to the USSF PM that provides new PI deliverables that clearly align with the backlog and customer�s priorities. This new plan shall be presented to the USSF PM and AO representative, in conjunction with the completion of PI planning. The contractor shall collaborate with members of the other product lines as directed by the Government to facilitate the implementation of capability that may span multiple product lines. The contractor shall, at the direction of the government, develop and test urgent changes (patches) to fielded software in order to address bugs and/or broken operational issues, meet new security issues, and/or incorporate external interface changes. All urgent changes will be coordinated with the PO for anticipated impact to sprint and Product Increment deliveries. The contractor shall develop, utilize and maintain process flow diagrams, guidelines and other reference materials to assist in troubleshooting problems and resolving outages quickly. The contractor shall provide Tier 3 support to address break/fix items as directed by the government. 3.0 Submission Details: Responses to this RFI shall be sent to the POCs identified at the bottom of this section and include a cover page and the following information: � Email Subject Line: �DCO-S RFI: Response� � Submitter�s Name and Parent Company, if applicable � Business Address: Street, City, State, NINE-digit zip code � Commercial and Government Entity (CAGE) Code � Unique Entity ID � Company socio-economic status � POC (i.e., company representative) � POC telephone number and email address Responses, in entirety, shall be limited to 5 single-sided pages. Documents shall be formatted in accordance with the following: � Single-spaced, � One-inch margins � US letter-size (8.5� x 11�) � 12-point font (Times New Roman), and � Be formatted with Microsoft Word 2016 or Adobe Acrobat Reader Version 7.0 (or later) Submissions shall not exceed a 5 MB email limit for all items associated with the response. Hard copy responses will not be accepted. The Government will not accept company literature or marketing materials. Proprietary information will be safeguarded in accordance with applicable regulations. Respondents shall indicate which portions of its response are Intellectual Property (IP) and mark IP accordingly. Classified submittals will not be accepted. The PCO has entered into agreements with Federally Funded Research and Development Center (FFRDC) and/or Systems Engineering and Technical Assistance staff working for the Government. These include: The Exigo Corporation. These companies support the Government by performing technical reviews, systems engineering and integration analyses, cost estimation, and other advisory services. Respondents are hereby notified that all responses will be provided to R2C2 support contractors. Please include a statement in your submission acknowledging that the submitted document(s) can be provided to DCO-S support contractors. If respondents disagree to the release of its RFI response to any of the aforementioned firms, the respondent shall clearly state this restriction in the cover letter accompanying the RFI response. Foreign firms cannot participate in this acquisition at the prime contractor level. However, foreign firms can participate in this acquisition at the subcontractor level if they are eligible to do business with the US Government. The research and test data produced under a resultant contract may contain Military Critical Technology List (MCTL) information whose export is restricted by the Export Control Act (Title 22, U.S. Sec 2751, et seq.) or the Export Administration Act of 1979, as amended (Title 50, U.S.C., App. 2401, et seq.). Request certification and registration from the Defense Logistics Services Center (DLSC), Federal Center, 74 North Washington, Battle Creek, MI 49016-3412 as soon as possible. POCs: Submit all responses and inquiries to: Primary Contracting: Mrs. Lakisha Porter Lakisha.porter@spaceforce.mil Alternate Contracting: Capt Jordan Feliciano Jordan.feliciano.1@spaceforce.mil
- Web Link
-
SAM.gov Permalink
(https://sam.gov/opp/4382d00091844d34920c93beceeb5943/view)
- Place of Performance
- Address: USA
- Country: USA
- Country: USA
- Record
- SN06862567-F 20231020/231018230042 (samdaily.us)
- Source
-
SAM.gov Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's SAM Daily Index Page |