Loren Data's SAM Daily™

fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF JULY 19, 2024 SAM #8270
SPECIAL NOTICE

R -- ERDC CyberSecurity SecureStrux Notice of Intent to Sole Source

Notice Date
7/17/2024 10:35:35 AM
 
Notice Type
Special Notice
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
W2R2 USA ENGR R AND D CTR VICKSBURG MS 39180-6199 USA
 
ZIP Code
39180-6199
 
Solicitation Number
W912HZ24N0001
 
Response Due
7/24/2024 8:00:00 PM
 
Archive Date
08/08/2024
 
Point of Contact
Zavien Beal, Phone: 6019402470, LaShanda Areghan
 
E-Mail Address
Zavien.T.Beal@usace.army.mil, lashanda.d.areghan@usace.army.mil
(Zavien.T.Beal@usace.army.mil, lashanda.d.areghan@usace.army.mil)
 
Description
The US Army Corps of Engineers, Engineer Research and Development Center (ERDC) intends to negotiate on a sole source basis (IAW FAR 13.106- lb) with SecureStrux LLC, 245 E. King St., Lancaster, PA 17602-2960, as the�only responsible source can provide authorized personnel, equipment, supplies, facilities, transportation, tools, materials, supervision, and other items and non-personal services necessary to provide IT (cybersecurity) preparedness and IT vulnerability management support, specifically to address preparation for Cybersecurity Readiness Inspection (CCRI). This support includes, but not limited to: Network Infrastructure, Active Directory, Windows DNS, Microsoft SQL, McAfee HBSS, ACAS, physical security, and development of all applicable supporting documentation. The SMEs will re-evaluate the security posture using the current CCRI compliance standards and scoring criteria, provide documentation of the findings to the CCRI team lead to include by not limited to a completed DISA CCRI Grading Criteria Worksheet, JFHQ-DoDIN EndPoint Security OPORD 16-0080 Compliance Worksheet, and Risk Indicator Scoring, and provide continued support to UROC SMEs by assisting with implementation of prior recommendations required for mitigation and remediation efforts. Provide qualified personnel, management, supervision, and quality control necessary for the technology SME to perform assessments within their area of expertise and provide reports to the team lead, in the format specified by the team lead, in MS Word, MS Excel, or Adobe PDF. Provide updates on mitigation and remediation efforts in the format required. Ensure that personnel have the proper and current Information Assurance certification(s) to perform the functions in accordance with DoD 8570.01-M, Information Assurance Workforce Improvement Program. All SMEs must be certified in Information Assurance Technology (IAT) Level Ill and the appropriate Computing Environment (CE) for their specialty area. In addition, SMEs must possess a current certification by the JFHQ-DODIN in CCRI policies and practices for their subject area. There is no flexibility on the training and certification requirement. The Contractor shall provide documentation supporting the certification and training requirements of all SMEs. All SMEs must hold an appropriate clearance for the network assessed. For SIPRNet, personnel must possess a SECRET or higher clearance level. Technology areas must be evaluated by separate SMEs because multiple USACE personnel, in the categories listed below, who will be the subjects of�team make-up will be different based on the areas being assessed on the specific mission and the local site personnel available for the interviews. One person may work on the technologies combined on a single line as follows: SME for Network Boundary/Wireless/Ports, Protocols, and Services Service Management (PPSM) SME for Internal Network/Video and Voice over Internet Protocol (WOIP) SME for Database/Sharepoint/Operating Systems (OS)/IE/Mobility SME for Exchange/Active Directory (AD) SME for Web/Sharepoint SME for Windows/Web/Domain Name System (DNS) SME for Unix/Oracle/Linux SME for Traditional Security STIG SME SME for ACAS SME for Host Based Security System (HBSS) SME for CND Directives: Insider Threat Data Transfer Activity (DTA)/Cross Domain Solution (CDS) SME for Documentation/Policy Reviewer Revalidate all required assessments, scans, and walk-throughs for all or a portion of the three major CCRI inspection areas, as defined by the scoping document, to include: (1) Technology Areas (2) Computer Network Defense (CND) Directives, (3) Contributing Factors and provide the results to the CRIA/CSAV team lead in the requested format and time frame. Provide technical assistance, guidance, and implementation efforts to local site POCs for actions needed to remediate findings or mitigate associated threats. Perform a thorough and comprehensive preparatory assessment of current information security posture and CCRI inspection requirements IAW all applicable, current DoD STIG checks and provide independent assessment for each technology area's current STIG checks to include Category I, Category II, and Category Ill checks. Provide results to the CRIA/CSAV team lead; inclusive of a gap analysis, compliance strategy, implementation plan, and recommend courses of action to remediate the non-compliant condition. Requires detailed knowledge of all DOD and Army standards, policies, and guidance as well as Operational Orders (OPORDs), Fragmentary Orders (FRAGOs), Task Orders (TASKORDs), Information Assurance Vulnerability Alerts (IAVMs), issued from JFHQ-DoDIN, US Cyber Command (USCC) and ARCYBER. For the Scanning and remediation technology area, guide the performance of all required vulnerability management scans to include DISA ACAS IAW the CCRI scoring methodology and current ACAS BPG. Perform an assessment of the compliance with the CND directives, [PKI CTO 07-xx, ACAS CND directive], and provide the results to the CRIA/CSAV team lead. Provide guidance and technical assistance on methods to remediate deficiencies. For the HBSS technology area, assess the compliance with OPORD 16-0080 (or current version) by the applicable SME and provide the results to the CRIA/CSAV team lead. Provide SME support to UROC HBSS SME in support of mitigation and remediation of deficiencies. Perform all required walk-throughs of physical security requirements IAW DISA ""Traditional Security"" checks for traditional and physical security in coordination with the Security Manager, Provost Marshall, and/or G2 at the site; the cyber personnel for IT-related checklist items in the ""Traditional Security STIG"" and provide the results to the CRIA/CSAV team lead. Provide SME support to UROC Traditional Security SME in support of mitigation and remediation of deficiencies. Perform all required reviews of personnel training, tracking, roles and responsibilities to include but not limited to audits of Duty Appointment Letters (DAL), training records, tracking systems, and certification records for validation and currency. Check the Army Training Certification Tracking System (ATCTS) for completeness and accuracy against ""privileged users"" lists and provide the results to the CRIA/CSAV team lead. Provide guidance on methods to remediate deficiencies. documentation development for gap areas as required by the most recent and applicable versions of ""DoDIN Inspections Scoping Workbook"" and ""JFHQ-DODIN Inspection Coordination Guide"" to include but not limited to network diagrams, Authority to Operate (ATO) packages, Connection Approval packages, risk assessments, and Plan of Action & Milestones (POA&Ms), processes, procedures, Standard Operating Procedures (SOPs), and Tactics, Techniques, and Procedures (TTPs). Provide the results to the CRIA/CSAV team lead. Provide guidance on methods to remediate deficiencies. Perform all required reviews of ACE-IT policies, guidance, OPORDs, FRAGOs, Daily Task Orders (DTOs), Standard Operating Procedures (SOPs), and Tactics, Techniques, and Procedures (TTPs) for validation and currency against CCRI requirements and provide the results to the CRIA/CSAV team lead. Provide guidance on methods to remediate deficiencies. Perform all required reviews of the organization's strategies, programs, processes, operations, communications, and culture for compliance and currency against CCRI requirements to include but not limited to cyber security programmatic overview, alignment with a Cyber Security Service Provider (CSSP), incident management, vulnerability management, change management, configuration management, and Continuity of Operations (COOP). SIPRNet findings are classified and must be handled accordingly on SIPRNet. All unclassified ""CorpsNet"" findings are FOUO and must be encrypted in transport and at rest. Perform an assessment of Windows Server OD architecture. Provide guidance and technical assistance on methods to remediate deficiencies. Perform an assessment of SharePoint architecture. Provide guidance and technical assistance on methods to remediate deficiencies. Perform an assessment of SQL architecture. Provide guidance and technical assistance on methods to remediate deficiencies. Perform an assessment of USACE CIO/G6 cloud architecture. Provide guidance and technical assistance on methods to remediate deficiencies. This acquisition is being conducted under simplified acquisition procedures. There are no set-aside restrictions for this requirement. The intended procurement will be classified under North American Industry Classification System (NAICS) 541519 with a Small Business Size Standard of $30,000,000.00. This notice of intent is not a request for competitive proposals and no solicitation document exists for this requirement. Parties interested in responding to this notice shall submit capability statements and references. All capability statements received by the closing date of this publication of this synopsis will be considered by the Government. A determination by the Government not to compete based on responses to this notice is solely within the discretion of the Government. Information received will normally be considered solely for the purpose of determining whether to conduct a competitive procurement. Capability statements shall be submitted only by e-mail as a Microsoft Office Word, Microsoft Office Excel, or Adobe PDF attachment to zavien.t.beal@usace.army.mil. Statements are due by 1000 a.m. Central Standard Time 24 July 2024. No phone calls will be accepted.
 
Web Link
SAM.gov Permalink
(https://sam.gov/opp/cbb7893002aa4b7f946c75e71e31c8cb/view)
 
Place of Performance
Address: Vicksburg, MS 39180, USA
Zip Code: 39180
Country: USA
 
Record
SN07131385-F 20240719/240717230115 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)

FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.