Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF FEBRUARY 19, 2010 FBO #3009
SOURCES SOUGHT

D -- DISA Enterprise Mission Assurance Support Service (EMASS)

Notice Date
2/17/2010
 
Notice Type
Sources Sought
 
NAICS
541712 — Research and Development in the Physical, Engineering, and Life Sciences (except Biotechnology)
 
Contracting Office
Defense Information Systems Agency, Procurement Directorate, DITCO-Scott, 2300 East Dr., Building 3600, Scott AFB, Illinois, 62225-5406, United States
 
ZIP Code
62225-5406
 
Solicitation Number
EMASS
 
Archive Date
3/13/2010
 
Point of Contact
Donald J. Petterson, Phone: 6182299791
 
E-Mail Address
donald.petterson@disa.mil
(donald.petterson@disa.mil)
 
Small Business Set-Aside
N/A
 
Description
Request for Information (RFI) for Defense Information Systems Agency (DISA) Enterprise Mission Assurance Support Service (EMASS) <h4>Contracting Office Address:</h4> Defense Information Systems Agency, DITCO-Scott PL8313, P.O. 2300 East Drive, Bldg 3600, Scott AFB, IL, 62225-5406 Description: PURPOSE : The Defense Information Systems Agency (DISA), Program Executive Office - Mission Assurance/ (PEO-MA), is conducting this Request for Information (RFI) as market research to determine sources with comp etencies to promote information assurance by supporting t he Enterprise Certification and Accreditation program at the Defense Information Systems Agency. Services will include sustainment of the current Certification and Accreditation tools, eMASS and the Enterprise Reporting Service (ERS), as well as development of capabilities that will assist the DoD in obtaining a more complete operating picture for a system's security compliance as it pertains to DODI 8510.01 DoD Information Assurance Certification and Accreditation Process (DIACAP). These capabilities will be supplemented by existing assessment data provided by other DoD IA tools such as the Vulnerability Management System (VMS), DoD Information Technology Portfolio Repository (DITPR) and the Host Based Security System (HBSS) in hopes of providing better risk assessments for Designated Approval Authorities (DAA). THE GOVERNMENT DOES NOT INTEND TO AWARD A CONTRACT ON THE BASIS OF THIS RFI OR REIMBURSE ANY COSTS ASSOCIATED WITH THE PREPARATION OF RESPONSES TO THIS RFI. This RFI is issued solely for information and planning purposes and does not constitute a solicitation. All information received in response to this RFI marked Proprietary will be handled accordingly. Responses to the RFI will not be returned. Whatever information is provided in response to this RFI will be used to assess tradeoffs and alternatives available for determining how to proceed in the acquisition process for an eMASS contract. In accordance with FAR 15.201(e), responses to this RFI are not offers and cannot be accepted by the Government to form a binding contract. This RFI is a request for interested parties to describe their technical capabilities and demonstrate their ability to provide service for continued development, deployment, and maintenance of eMASS and ERS. All interested contractors (both large and small) are requested to provide written response to the questions below. A response to this RFI is necessary in order to assist DISA in determining the potential levels of interest, adequate competition, market maturity and technical capabilities within the Large and Small Business Community to provide the required capabilities. In addition, this information will also be used to assist DISA in establishing a basis for developing any subsequent potential subcontractor/small business participation plan and/or small business goal percentages. Sources Sought: This Sources Sought Synopsis is requesting responses to the following criteria from both large and small businesses under the North American Industry Classification System (NAICS) Codes 541519. "Small businesses are strongly encouraged to provide responses to this RFI, in order to assist DISA in determining the potential levels of interest, competition and technical capability to provide the required services within the Small Business community. In addition, this information will also be used to assist DISA in establishing a basis for developing any subsequent potential subcontract plan small business goal percentages." In addition, responses from businesses that have Commercial-Off-The-Shelf products similar to the capabilities of the current automated solution are encouraged. The product must support DIACAP automation and be a web based system and/or Service Oriented Architecture (SOA) that can operate on classified and unclassified networks. The system must perform information system registration, document management, data management, email messaging, customizable workflow and a robust reporting feature; The system must be scalable for Enterprise use of 10,000+ users; The system must have the capability to import and export data from other DoD or IA applications via XML services. Requested Information: Interested vendors are requested to submit a maximum fifteen (15) page statement of their capabilities with respect to the following: •a) Please describe your ability and experience in providing technical and analytical support to continued research into an automated C&A tool with a DoD-wide enterprise reporting service/capability. Additionally, discuss your experience with implementation methodologies and required services and the integration of these into the deployments of enterprise accessible applications, such that the deployed C&A tool will provide the following functionally: •1. Support the implementation of an IA enterprise view and core data generation through the deployment of Knowledge Service (KS) and the tool at multiple implementation sites within the net-centric enterprise services (NCES), individual instances, and specialized deployment for Intelligence Community (IC). •2. Standardize, integrate, and analyze data from multiple IA processes (e.g., C&A, vulnerability management, IA metrics, IA enterprise decision support); by using a flexible, expandable service-oriented architecture that is compliant with the IA component to the GIG architecture. Describe your technical understanding of C&A data integration needs/strategy across other IA and IT programs (to include: DITPR, DISA-Vulnerability Management System (VMS), eMASS-Enterprise Reporting Service, Host Based Security System (HBSS), Certification Forge, and DISA's Rapid Access Computing Environment (RACE)). The technical integration is paramount to the continuing development of interfaces and data standards, in order to maintain schedule of existing data integration efforts. Identify/describe your ability to provide Service Oriented Architecture (SOA) expertise in the development and alignment of a SOA strategy in line with DISA enterprise IA vision for reporting to the Enterprise Reporting Service and incorporation of SOA standards into system architecture. •3. Describe your approach to implementing Electronic Digital Signatures, for authentication and electronic signatures, to be applied to DIACAP Package deliverables. •4. Provide Implementation to consume, maintain & support civilian and Department of Defense control sets within the solution in preparation for the NIST C&A transformation. Supporting efforts require extensive history and background in understanding and fielding of DIACAP Policy initiatives, such as; reciprocity, NetCentric-IA principles, inheritance of controls, and automation of the DIACAP package reports. •5. Provide support for Cross Domain Solution activities to enable transfer of data from low-to-high and high-to-low networks. •6. Support the seamless transition of SIPR users' current software PKI certificates to the new hard token PKI cards that will be distributed in FY10. •b) Please describe your ability and experience in providing functional integration of C&A solutions and DoD Information Assurance Certification and Accreditation Process (DIACAP) Knowledge Service (KS). •c) Describe your ability and experience in conducting developmental testing and pre-deployment testing (Developmental Test & Evaluation [DT&E] and Operational Test and Evaluation [OT&E] as appropriate) on new or upgraded versions of traditional and SOA applications in support of the developmental process and software life-cycle requirements (ref DIACAP and the DoD 5000 and 8500 series.) •d) Please describe your ability and experience in providing analytical, technical, engineering, and programmatic support for the efficient and reliable operations and maintenance of large enterprise wide applications, including measurable and targeted performance parameters for accuracy, availability, reliability, response times, supportability, interoperability, and IA compliance. An assessment of the current technologies used in the ERS and eMASS shall be conducted to determine end-of-life periods for the software products used and if a technology refresh is required because of lack of support. •e) Describe your ability and experience in providing analytical, technical, engineering, and programmatic support into emerging technologies and best practices to provide state-of-the-art operational performance and efficiencies in all user interface operations, with special emphasis on service support functions (human and machine), computer service training, and system maintenance, including backup procedures during integration of upgrades and real-time approved automated software modifications and/or responses for encountered errors or system failures, as deemed necessary. •f) Please describe your ability and experience in providing analytical, technical, engineering, and programmatic support to ensure solution compliance with identity management and protection requirements, including implementation of DoD public key infrastructure and research and development for integration with identification discovery services that support web service registries in accordance with DoD policy and to operate in a net-centric GIG environment •g) Please describe your ability and experience in providing evolutionary acquisition through incremental development and delivery of new capability. Provide analytical, technical, engineering, and programmatic support for phased development for the current solution using the DoD-defined incremental/evolutionary approach for development (reference DoD 5000 series) to provide for the development and integration of new functionalities in a systematic approach. •h) Please describe your ability and experience in implementing best practices in determining optimum hosting environments and licensing agreements with commercial vendors to support assured compatibility, accessibility, interoperability, and interconnectivity in accordance with DoD policy for DoD user communities and external communities, including federal, civil, and coalition partners. •i) Please describe your ability and experience in developing deployment parameters for eMASS (or eMASS similar tools) and the ERS for enterprise, organizational level, classified, and deployable versions of the service. Deployment services include organizational change management, training, site evaluation, installation support, system configuration support, and service support. j) Describe your ability to plan for future deployments include eMASS (or eMASS similar tools) fielding to DoD component and agencies, Intelligence Communities, federal agencies, allies, partners, and coalition allies. Organizations operating under non-DISA provided or funded instances of eMASS (or eMASS similar tool) will cover costs incurred for training, installation, configuration, and maintenance of the eMASS that fall outside the support of DISA services. k) Describe your ability and experience in deploying development parameters for migration of data of current eMASS instances to future releases or solutions. Migration efforts must include 100% transfer of all data during upgrade including, but not limited to users, artifacts, and DIACAP package system information. •l) Please describe you ability and experience in supporting the Data Integration for DoD-wide, Portfolio-Serviced Information Assurance Decision Support. Provide analytic and engineering support to research methodologies for capturing, analyzing, and reporting return on IA investment for integration into ERS as part of its reporting capability. m) Describe your ability to support Special Studies. Provide support in addressing changes in the internal and external IA and C&A decision making environments. As the DoD IA and information operations communities identify their needs for information or activities, which would benefit from the client's expertise, these activities ensure that expert personnel are available to support special issue projects as they are identified. This support should include developing drafts for proposed policy, white papers, plans, data calls, analytical papers, assessment tools, models, data services, and information management applications and processes for supporting the studies. n) Describe your ability to support Conference Planning and Meeting Support. Provide support for designated government and for interagency conferences, symposia, and workshops. Support should comprise pre-event planning, onsite coordination, and post-event activities. Pre-event planning should include site selection, development and distribution of announcements, creation of the agenda and support material, and registration. Onsite coordination should include attendee check-in, security problem resolution, document control, and coordination with host facility. Post-event support should include developing and mailing the conference proceedings and generating a lessons learned report. •o) Describe your ability and experience in providing Training, Outreach, and Awareness. Produce and disseminate client products and services, including current awareness products, new technology announcements, creation of training materials, survey and summary reports, review and analysis reports, resulting in paper or electronic handbooks/data books, or write articles and technical papers for publication. Support outreach, education, training, and awareness activities. Provide development and support for working groups for data integration efforts for eMASS and ERS with industry and coalition partners. Support includes development of schemas and data standards to publish to the DIACAP Knowledge Service as well as updates to current eMASS/ERS architecture in order to support associated information assurance tools. Also provide continued support of current hands-on and computer based training materials for current and new version and baseline releases. Computer based training materials must be 508 and SCORM compliant. The support team must work closely with the government representative to ensure all finalized materials are acceptable. The ability of the offeror to scale eMASS knowledgeable staffing support up or down, on-demand for CONUS and OCONUS support, is critical to program success. p) Please state your experience in providing Help Desk support. Tier 3 Technical Support Engineers are responsible for the highest order of technical escalations in support. Tier 3 Support Engineers isolate and escalate software bugs. Tier 3 will only be contacted by Tier 2 engineers at the Help Desk. Tier 3 engineers may not contact end users or be contacted directly by end users or anyone other than the Tier 2 engineers unless Tier 2 and Tier 3 engineers agree that direct communications are needed to resolve some issue. (All Tier 3 calls received during normal business hours (Monday through Friday, 8 am EST to 5 pm EST) will be routed directly to the DoD support person. Sample Response Outline: This outline is intended to minimize the effort of the respondent and to structure the response for consistent analysis by the Government. The Government will not be liable for or suffer any consequential damages for any proprietary information not properly identified. Proprietary information will be safeguarded in accordance with applicable Government regulations. Responses to this RFI should be formatted as follows. Responses should include the (1) business name and address; (2) name of company representative and their business title; (3) cost estimate for providing the capabilities described above (including a breakout between initial procurement costs and follow-on maintenance costs); and (4) contract vehicles available that would be available to the Government for the procurement of the product and service, to include General Service Administration (GSA), NASA SEWP, Federal Supply Schedules (FSS), or any other Government Agency contract vehicle. Capability Statement (Limit response to 10 standard pages including diagrams or references) Describe the recommended solution such that the team-member structures, number of personnel required, capabilities of the teams, assessment methodologies, and a description of the measurable, reliable, and useful output results that leverages the expertise, capabilities and recommendations of the team and supporting security expertise are articulated. Describe how you would support DISA Customers (DoD commands, agencies, and services) with dedicated personnel. Describe the level of effort needed and expected timelines necessary within the teams' capabilities, and any additional or un-identified support necessary. This should include Help Desk support. Include contractor support required for deployment, installation and operations, annually. Cost Estimate (Limit response to 2 standard pages including diagrams or references) Define any limitations to your cost estimate. Describe how the estimate applies for four option years. Describe the manpower required to support the program. Corporate Experience (Limit response to 2 standard pages including diagrams or references) Briefly describe your company or team, your products and services, your history and ownership, your public financial information, and any other information deemed relevant. Describe any similar scope projects or clients, including commercial equivalents. Contract Vehicle (Limit response to 1 standard page including diagrams or references) Provide a list of the current contract vehicles that your service may be purchased from by the government. Submission Instructions Firms who wish to respond to this should send responses via email NLT 31 January 2010. Response should not exceed a 5 MB mail limit. Interested vendors should forward their capabilities and other information to be considered to PEO_IANACQUISITION@disa.mil. Contact Information Proprietary information and trade secrets, if any, must be clearly marked on all materials. All information received that is marked Proprietary will be handled accordingly. Please be advised that all submissions become Government property and will not be returned. All government and contractor personal reviewing RFI responses will have signed non-disclosure agreements and understand their responsibility for proper use and protection from unauthorized disclosure of proprietary information as described 41 USC 423. The Government shall not be held liable for any damages incurred if proprietary information is not properly identified. Point of Contact: Program Manager: Jason Wilson Phone: 703-882-1047 E-Mail: jason.wilson@disa.mil
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DISA/D4AD/DITCO/EMASS/listing.html)
 
Place of Performance
Address: TBD, United States
 
Record
SN02067757-W 20100219/100217235451-3c0c47172afb5fca31a85d864e7ea656 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.