Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF JULY 05, 2024 SAM #8256
SOURCES SOUGHT

99 -- REQUEST FOR INFORMATION (RFI): ATO Cybersecurity Program, Engineering & Technical Services

Notice Date
7/3/2024 10:05:51 AM
 
Notice Type
Sources Sought
 
NAICS
541330 — Engineering Services
 
Contracting Office
693KA8 SYSTEM OPERATIONS CONTRACTS WASHINGTON DC 20591 USA
 
ZIP Code
20591
 
Solicitation Number
698KA8-24-RFI-ATO
 
Response Due
7/17/2024 2:00:00 PM
 
Archive Date
08/10/2024
 
Point of Contact
Elizabeth H. Williams, Phone: 202-267-1155
 
E-Mail Address
elizabeth.h.williams@faa.gov
(elizabeth.h.williams@faa.gov)
 
Description
1. INTRODUCTION In accordance with Federal Aviation Administration Acquisition Management System (AMS) Policy 3.2.1.2.1 - this announcement is to conduct a Market Survey for the purpose of soliciting statements of interest and capabilities from interested vendors.� This is not a Screening Information Request (SIR) or Request for Proposal (RFP).� The FAA is not seeking or accepting unsolicited proposals.� This announcement is for information and planning purposes and is not to be construed as a commitment of any type by the Government.� The Government will not reimburse any costs incurred by vendors in responding to this notice.� Any costs associated with this Market Survey will be the sole responsibility of the vendor.� Since this is a Sources Sought announcement, no evaluation letters and/or results will be issued to the respondents.� The information received will not be released, except as required under the Freedom of Information Act (FOIA); proprietary information will be protected if appropriately marked. At this time, the nature of the competition has not been determined. This Market Survey is intended to seek information from interested vendors of all sizes and types including large businesses. Both large and small businesses are encouraged to respond.� The FAA may request that one, some, all, or none of the respondents to this Market Survey/Sources Sought provide additional information, and vendor participation in any information session is not a promise for future business with the FAA. 2. BACKGROUND The Federal Aviation Administration (FAA) National Airspace System (NAS) Security and Enterprise Operations (NASEO) (AJW-B) have a requirement to minimize the impact of cyber security events or incidents in support of availability and restoration requirements for Air Traffic Organization (ATO) systems and services. The FAA runs a multi-faceted cybersecurity program to protect the NAS in accordance with Federal Information Security Management Act (FISMA). The ATO Cybersecurity Group (ACG), a line of business under NAS NASEO within the ATO, is the lead organization for governing, implementing, and managing cybersecurity controls for NAS. The President has declared that the �cyber threat is one of the most serious economic and national security challenges we face as a nation� and that �America�s economic prosperity in the 21st century will depend on cyber security�. The ATO Cybersecurity Strategic Plan advances progress toward a NAS mission space in which critical infrastructure remains secure and resilient; where critical and essential services continue to function under a range of cyber conditions; where NAS cyber security capabilities adapt to changing cyber threats and NAS operations withstand or rapidly recover from disruptions. The ever-increasing capability of cyber adversaries demand in-depth institutional knowledge of the critical infrastructure, which must be maintained to ensure resiliency of the mission space. The ATO Cybersecurity Group (ACG) is responsible for the overall management of the ATO Cybersecurity. Their role is to integrate cybersecurity functions into NAS and ATO operations and provide an enterprise-wide view of cybersecurity risk with cybersecurity strategic planning. ACG secures NAS and ATO operated systems through authorization, continuous monitoring and ensuring compliance. The foundation for ATO Cybersecurity is about understanding and managing the risk in order to protect and enable the operational mission. 3. PURPOSE The purpose of this market survey is to solicit statements of interest from businesses capable of providing the following services (below) for the ATO Cybersecurity Program, Engineering & Technical Services. 4. DESCRIPTION/SCOPE The FAA anticipates that the following will be covered as part of the requirements scope: Program Control & Governance: Program Management Cybersecurity Policy Management Privacy Data Calls Audits Authorization Management (System Security Officers (SSOs), Cyber Security Assessment and Management (CSAM), Memos) Enterprise Architecture, Design & Solutions Enterprise and System Architecture Cyber Supply Chain Risk Management Cybersecurity Strategic Planning & Analysis Future technology and capability insertion Operating environment definitions Cybersecurity Engineering Cyber engineering requirements development System domain subject matters experts Risk Management Framework Software Development Enterprise Solutions Development Integration, Outreach & Planning Training Workforce Development Cybersecurity outreach and communication Cybersecurity Tabletops (TTX) Operation Risk Management (ORM) All tasks noted (above) shall be in accordance with the following: ATO Cybersecurity Program, Engineering & Technical Services, Statement of Work (SOW) dated June 25, 2024. 5. LOCATION OF WORK Support under the contract may be performed on-site at FAA Headquarters (HQ) in Washington, DC, or the Mike Monroney Aeronautical Center (MMAC) in Oklahoma City and/or the William J. Hughes Technical Center in Egg Harbor Township, NJ and vendor facilities to accomplish the tasks. 6. NAICS CODE The North American Industry Classification System (NAICS) code for this procurement has not yet been finalized, but the predominate effort is 541330 - Engineering Services Except Military and Aerospace Equipment and Military Weapons. � 7. SUBMITTAL REQUIREMENTS FOR RFI Interested sources should respond to this RFI/Market Survey by providing a Capability Statement in accordance with the requirements below: A. One (1) cover page that includes: name of the vendor/firm/corporation available NAICS, Unique Entity Identifier (UEI), and CAGE code(s) business size and socioeconomic status point of contact (i.e., name, title, telephone, email) Capabilities Statement should NOT include: Generic sale brochures, videos, and other marketing information materials are not solicited and therefore will not be reviewed. B. The Capabilities Statement (maximum of 12 pages including a cover sheet) should demonstrates: A company's capabilities to meet the performance objectives and of the customer's requirement (above). A company�s ability to provide personnel with security clearance levels of SECRET and/or Top Secret (TS). A company�s ability to identify and resource allocate personnel for the requirement. This includes a company�s ability to staff, recruit, train and retain personnel. A company�s experience with (or a high-level summary) of consistent and timely performance in communications management. Specifically, messaging regarding threats, vulnerabilities, and emerging requirements levied by external Provide a high-level summary of your company�s experience complying with the National Institute of Standards and Technology, Special Publication (SP) 800-53 Rev. 5, Security and Privacy Controls for Federal Information Systems and Organizations. A high-level summary from a company about effective solution sets under one (or more) of the following Cyber Security Framework (CSF) categories: Identify Protect Detect Respond The company�s list of capabilities. The company�s best practices. The company�s list of metrics and/or measures and/or required inputs and/or dependencies and/or outputs for each solution. The company�s advances in technology with new or innovative approaches/strategies for solutions. The company�s tool sets. The details of the company�s socio-economic status. Large Businesses- identify intentions for subcontracting, small business utilization, (and/or) potential mentor-prot�g� arrangements that may be implemented to meet this requirement. In your estimation what percent of this potential requirement would your company need to subcontract to other companies? Small Businesses- identify interests as a potential prime contractor (or) subcontractor. In your estimation what percent of this potential requirement would your company need to subcontract to other companies? A company�s relevant and applicable reference(s) to examples of previous work and/or solution implementations that relate to the FAA�s objectives and topics of interest. If applicable, the company�s number of Federal Contracts (awards) held as a Prime Contract Holder for Enterprise Cybersecurity Program Services. This includes any contracts with an enterprise management approach, in similar to the size, scope, and complexity of the potential FAA ATO Cybersecurity Program requirement. � If applicable, a company�s experience, as a contractor in managing and staffing System Security Officer support with significant annual growth. If applicable, example(s) of a company�s service contract(s) with Cybersecurity Support (i.e., Security Officer Support, and National Institute of Standards and Technology (NIST). If applicable, provide a high-level summary of a company�s experience in developing software which included systems documentation (e.g., administration manuals and software code documentation). If applicable, a description of similar and/or related services currently provided or provided within the past five (5) years of any experience your company has performed. � project description (contract or subcontractor number, if applicable) dollar value period of performance (POP) D. �Capabilities Statement Format Responses should be provided in 12-point font in Microsoft Office or Adobe PDF (portable document file) format. 8. DELIVERY OF SUBMITTALS Responses must be submitted via email to: Elizabeth H. Williams Contracting Officer, AAQ-320 elizabeth.h.williams@faa.gov The email subject line must state the SAM.gov announcement number followed by the company name. Individual e-mail message size (i.e., email body text plus any attachments) must not exceed 10 MB. If more than one email is required to complete a respondent�s submission, then in the email subject header following the company name, state which submission in the sequence is contained in the given email and the total number of email submissions being made by respondent (i.e., Email 1 of 2, Email 3 of 3, etc.) Any proprietary or confidential information contained in the market survey submissions must be appropriately marked.� All submissions in response to this announcement must be submitted by email to the address above by 5:00 PM EDT on July 17, 2024. Submissions prior to the requested submission date are encouraged and will be accepted. Telephone calls or paper submissions will not be accepted. Submission of electronic files on digital data storage media (i.e., Blu-ray, DVD or CD; flash drives) will NOT be accepted. Comments and questions on the Market Survey are not considered part of the response submission.� The FAA will not provide feedback on any of the submitted materials. For questions, requests for additional information, etc. regarding this market survey, contact Elizabeth H. Williams at the email address listed above.
 
Web Link
SAM.gov Permalink
(https://sam.gov/opp/b88379bae733409fab23f1ea1e2e71a3/view)
 
Place of Performance
Address: Washington, DC, USA
Country: USA
 
Record
SN07117841-F 20240705/240703230118 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.