Active

Contract Opportunity

Procurement Technical Assistance Centers (PTACs) are an official government contracting resource for small businesses. Find your local PTAC (opens in new window) for free government expertise related to contract opportunities.

The Defense Information Systems Agency (DISA) is seeking sources for the Comply to Connect (C2C) Integration Support

CONTRACTING OFFICE ADDRESS:

Defense Information Systems Agency

DITCO-Scott PL8331

2300 East Drive

Bldg 3600

Scott AFB IL 62225-5406

INTRODUCTION:

This is a SOURCES SOUGHT TECHNICAL DESCRIPTION to determine the availability and technical capability of small businesses (including the following subsets, Small Disadvantaged Businesses, HUBZone Firms; Certified 8(a), Service-Disabled Veteran-Owned Small Businesses and Woman Owned Small Business) to provide the required products and/or services.

C2C is defined as a framework of tools and technologies organized to

• Restrict device and user access to networked resources based on device identity and compliance with security configuration policies


• Act as the DoD first-line sensing capability to detect and identify all devices connecting and attempting to connect to DoD resources


• Provide a DoD sensor feed to report a device baseline for all detected devices to DoD central repositories


• Interrogate devices to acquire data required by the DoD Master Endpoint Record document and for compliance with C2C standard compliance policies


• Orchestrate remediation tools and capabilities to resolve non-compliant conditions as established by a remediation policy

Continuous discovery, monitoring, and reporting of traditional and non-traditional endpoints.

The C2C Program Management Office (PMO) is seeking information from potential sources for:

Engineering Subject Matter Expert (SME) support, C2C laboratory integration, capabilities, development, and maintenance of C2C policies and artifacts to include administrative guidance and technical implementation guides, enterprise license management capabilities including data acquisition, knowledge management, analysis, and visualizations necessary to stand up, operate and sustain an Enterprise Reporting Manager capability. The Contractor shall dedicate resources in the PMO’s interest to help execute DISA first implementation including 4th Estate agencies.

The anticipated Period of Performance

Base Year: 27 January 2024 – 26 January 2025

Option Year 1: 27 January 2025 – 26 January 2026

Option Year 2: 27 January 2026 – 26 January 2027

Option Year 3: 27 January 2027 – 26 January 2028

Option Year 4: 27 January 2028 – 26 January 2029

The anticipated Place of Performance for most of the work is the contractor’s facility. The Contractor must be local to the National Capital Region with NO EXCEPTIONS. Key personnel for the contract include, Program Manager , Information System Security Manager, Lead Engineer and Tier 1 Help Desk. A portion of the work will require contractor physical presence at the DISA Headquarters facilities (including the Government laboratory and Security Network) at Ft. Meade, MD.

DISCLAIMER:

THIS SOURCES SOUGHT IS FOR INFORMATIONAL PURPOSES ONLY. THIS IS NOT A REQUEST FOR PROPOSAL. IT DOES NOT CONSTITUTE A SOLICITATION AND SHALL NOT BE CONSTRUED AS A COMMITMENT BY THE GOVERNMENT. RESPONSES IN ANY FORM ARE NOT OFFERS AND THE GOVERNMENT IS UNDER NO OBLIGATION TO AWARD A CONTRACT AS A RESULT OF THIS ANNOUNCEMENT. NO FUNDS ARE AVAILABLE TO PAY FOR PREPARATION OF RESPONSES TO THIS ANNOUNCEMENT. ANY INFORMATION SUBMITTED BY RESPONDENTS TO THIS TECHNICAL DESCRIPTION IS STRICTLY VOLUNTARY.

CONTRACT/PROGRAM BACKGROUND:

Contract Number: NNG15SD25B TO HC1028-20-F-1278

Contract Vehicle: NASA SEWP

Incumbent and their size: Three Wire Systems, LLC (Small Business)

Method of previous acquisition: Set aside

Period of Performance: September 28 2020 – September 27 2023

The primary objective of SME Support is to support the C2C PMO Enterprise-wide implementation and Infrastructure Strategy in the continued evolution of C2C. In support of the physical infrastructure which includes IT equipment and corresponding services, the SME will help facilitate the continued delivery of C2C policies and administrative support commensurate with the rollout of licensing and implementation of C2C software across DoD. This includes:

• Requirements analysis


• Beta testing and oversight


• Acceptance testing for new software deliveries


• Cyber Security analysis, Assessment & Authorization (A&A) artifact generation and entry into the Enterprise Mission Assurance Support (eMASS), Department of Defense Information Technology Portfolio Repository and DISA Requirements Tracking System systems


• Integration with both Commercial Off the Shelf (COTS) and Government Off the Shelf (GOTS) products and services (Secure Configuration Management), Thunderdome, Big Data Platform, Unified Data Platform


• Quality assurance/system evaluation


• Installation support


• Documentation


• Configuration management process implementation, tracking, and reporting


• Training for DoD implementation-specific issues


• Meeting moderation


• SME support for government meetings and other interactions


• Chart and maintain roadmap strategy


• Travel supporting outreach and implementation strategy


• Laboratory and production C2C system administration

REQUIRED CAPABILITIES:

The contractor shall assume configuration management and lifecycle evolution of C2C policies that have already been deployed across the Department of Defense Information Network (DoDIN), to include those that have been developed to support the integration and orchestration between DISA core cyber services and endpoint management tools elsewhere in DoD. These orchestration policies shall enable automated enforcement and remediation of approved DISA, Joint Forces Headquarters DoDIN and USCYBERCOM- C2C policies, as well as automate the ability of the services to execute scans, deployment of Enterprise Patch Management Solution designated patches as well as deploy/fix broken endpoint agents.

1. Describe your experience with the following cybersecurity and endpoint management tools: McAfee ePolicy Orchestrator with all associated modules; Forescout; CISCO ISE; Configuration and Management of vendor switches such as Cisco (Meraki, Catalyst etc.), Juniper, Dell, HP etc.; Directory Services - Active Directory/LDAP, Novel eDirectory, Oracle Directory, IBM Lotus Notes, and Open LDAP; Tenable Security Center; Symantec Endpoint Manager and Anti-virus; Microsoft Systems Center Configuration Manager; Microsoft Windows Server Update Service; and Microsoft Defender for Endpoint


2. Describe your experience in providing contracted services to DoD, Federal or State US Government customers deploying, operating, and maintaining solutions in an enterprise environment with varying philosophies, resource challanges, and demanding timelines. Deployment includes support of the system in all applicable environments, to include: on-premises, as well as government and commercial cloud environments.


3. Describe your experience configuring or testing the capabilities of GOTS and COTS products to include unit, integration, operational, and systems testing of an integrated solution, and any necessary regression testing after incorporating new components or changes to the system. Provide a description of your Government Acceptance Testing experience and provide a description of the most well planned and executed User Acceptance Testing event your team has conducted, with descriptions of why it was effective. Also include descriptions of the Configuration Management and Incremental release processes to resolve bugs fixes or vulnerabilities that your team has implemented.


4. Describe your team’s expertise and implementation history implementing A&A and using the DoD A&A solutions. Any potential acquisition effort will require the vendor provide A&A artifact generation and data entry as required to meet the Risk Management Framework . ID3 solutions require consistent monitoring to address vulnerabilities, creation of A&A documentation, Plans of Actions and Milestones (POAMs) and submit change requests for minor releases and full Authority to Operate before it is placed on any DoD network and when new functionality is implemented. Also provide a summary of your team’s demonstrated expertise conducting Continuity of Operations exercises.


5. Describe your expertise configuring and operating a test lab that heavily leverages VMware virtualization and provides infrastructure services including user account management in Active Directory, remote access VPN, and different “sandbox” environments to enable concurrent testing of multiple products.


6. Describe your expertise supporting transformational goals with Zero Trust Perimeter-based approaches to enterprise network security. Knowledge of controlling access to applications and data with Zero Trust, the security paradigm for the modern digital enterprise

SPECIAL REQUIREMENTS

Personnel must have a SECRET Clearance on day one of the contract period of performance. The offeror must also have a SECRET facility clearance. Please provide your current FCL.

All personnel supporting A&A or other Cyber Security functions will have the appropriate IA certification in accordance with DoDD 8570.01-M.

SOURCES SOUGHT:

The anticipated North American Industry Classification System Code (NAICS) for this requirement is 541511 – Custom Computer Programming Services, with the corresponding size standard of $34M. This Sources Sought Synopsis is requesting responses to the following criteria ONLY from small businesses that can provide the required services under the NAICS Code.

In order to make a determination for a small business set-aside, two or more qualified and capable small businesses must submit responses that demonstrate their qualifications. Responses must demonstrate the company’s ability to perform in accordance with FAR clause 52.219-14, Limitations on Subcontracting.

To assist DISA in determining the level of participation by small business in any subsequent procurement that may result from this Sources Sought Notice, provide information regarding any plans to use joint ventures (JVs) or partnering. Please outline the company's areas of expertise and those of any proposed JV/partner who combined can meet the specific requirements contained in this notice.

SUBMISSION DETAILS:

Responses should include:

1. Business name and address.


2. Name of company representative and their business title.


3. Small Business Socio-economic status ;


4. CAGE Code.


5. Prime contract vehicles; to include ENCORE III, SETI, NIH CIO-SP4, NASA SEWP V, General Service Administration (GSA): OASIS, ALLIANT II, VETS II, STARS III, MAS (including applicable SIN(s), groups or pools), or any other Government Agency contract vehicle that allows for decentralized ordering. (This information is for market research only and businesses with a valid cage that lack prime contract vehicles are still encouraged to respond to this notice.)

Businesses who wish to respond must send a response via email NLT, March 10, 2023, at 2:00 PM Eastern Daylight Time (EDT) to Contract Specialist, Tara S. Simmons-Gulck at tara.s.simmons-gulck.civ@mail.mil and Contracting Officer, Kenric L. Phillips at kenric.l.phillips.civ@mail.mil. Interested businesses should submit a brief capabilities statement package addressing the specific questions above (no more than five pages) demonstrating the ability to perform the services listed under Required Capabilities.

Proprietary information and trade secrets, if any, must be clearly marked on all materials. All information received that is marked Proprietary will be handled accordingly. All submissions become Government property and will not be returned.

All government and contractor personnel reviewing submitted responses will have signed non-disclosure agreements and understand their responsibility for proper use and protection from unauthorized disclosure of proprietary information as pursuant to 41 USC 423. The Government shall not be held liable for any damages incurred if proprietary information is not properly identified.

Attachments/Links

Download All Attachments/Links