Loren Data's SAM Daily™

fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF DECEMBER 14, 2012 FBO #4038
SOLICITATION NOTICE

99 -- No. 12499 Q and A For - Notice of REQUESTS FOR INFORMATION for Information- Technology Systems Security Support Services (ISSS) FAA Program Open Date: November 21, 2012Close Date: December 20, 2012

Notice Date
12/12/2012
 
Notice Type
Presolicitation
 
Contracting Office
FEDERAL AVIATION ADMINISTRATION, AAQ-230 HQ - FAA Headquarters (Washington, DC)
 
ZIP Code
00000
 
Solicitation Number
12555
 
Response Due
12/13/2013
 
Archive Date
12/28/2013
 
Point of Contact
Stephanie McKnight-Bailey, 202-385-8450
 
E-Mail Address
stephanie.mcknight-bailey@faa.gov
(stephanie.mcknight-bailey@faa.gov)
 
Small Business Set-Aside
N/A
 
Description
Question and Answers for Announcement Number 12499 - Request For Information for ISSS Recompetition. Questions Received from Offerors in Response to the ISSS RFI 1.Our question is in regards to the resumes. In the RFI it states "The Contractor shall provide resumes with their response to this RFI for each employee. Employee resumes will be part of the evaluation process." The contract that this will replace is not due until late 2013, thus as a small business we cannot guarantee that any resume submitted will still be available as that is a major overhead cost that small business cannot afford. Talking to the FAA Small Business Office, they agree that the requirement is a bit stringent on Small Business and will stifle competition. This will give an unfair advantage to the incumbent and will hinder competition. We ask that the government remove the requirement to submit resumes, unless only used as samples, in order to qualify this as an SDVOSB set-aside.Resumes are not required for the RFI this was an error. 2.I was hoping to confirm who the incumbent is for this requirement? If you could provide the Contractor and Contract # that would be most helpful. Thank you for your time!Metters Industries is the incumbent. 3.Is this a new or follow on requirement? If it is a follow on, please let us know the current contract number and contract value? Who is the incumbent? Is it still eligible to bid as a prime for this contract? What is the NAICS Code for this contract?This is a follow-on effort that is being expanded. See question 2 for incumbent. The incumbent is eligible to re-bid. NAICS Code is 541512 4.Is there an incumbent currently providing these services to the FAA? If so, are they eligible to re-bid? What is the level of effort in terms of FTEs and dollar amount per year and total? See question 2 and 3 for incumbent. The number of FTEs and dollar amount are still under development. 5.As we read the qualifications above, it seems that FAA is limiting competition to only those companies that have prior experience supporting US Air Traffic Control Systems with additional preference given to firms that have either FAA or FAA NAS experience. Our company has experience supporting FAA with IT security services but we do not have experience supporting a United States Air Traffic Control (ATC) System. Are we interpreting the qualifications correctly in determining our company does not meet the minimum requirements? All companies that demonstrate experience in Information Security Systems will be considered.If SecureIT teams with another company that has ATC experience and together the companies meet all the qualifications, does the team then qualify to be considered for a SIR if all other requirements of the RFI are met? Yes 6.I was emailing you to find out on who the incumbent is currently on the contract ? See question 2. 7.Who is the current incumbent for this effort? See question 2. 8.Correspondence related to the ISSS RFI seems to imply that this support is a re-competition. If so, are you able to share the incumbent company name/contract #? See question 2. 9.Can two or more companies team together? If so, should they submit the technical Capabilities statement as one or should they submit them separately? Only one capabilities statement is acceptable. 10.In regards to the ISSS RFI, are respondents being asked to include resumes in the RFI response? This requirement is cited in the SOW, but I am unsure if you are seeking comments on the SOW or a response to the SOW. See question 1. Not accepting comments of the SOW at this time. 11.The Government has not indicated in section C8.0 of the SOW if a CISSP certification is required for the information security engineer labor category. Please clarify this requirement. The Information Security Engineer must demonstrate proficiency in the information security and be certified in one or more of the items listed in C.1.0. 12.The Government has not indicated in section C8.0 of the SOW if a PMP certification is required for Project/Program manager labor category. Please clarify this requirement. The PMP is not required to be PMP Certified, but also keep in mind resumes will be evaluated. 13.Is there a specific reason why the Government has included CAP and security+ certifications in the selection criteria (section C1.0 SOW), as both certifications provide less professional experience than a CISSP? The CISSP was the first information security credential accredited under ANSI/ISO/IEC Standard 17024 and, as such, has led industry acceptance of this global standard and its stringent requirements and inspired other information security certification providers to follow suit. The type of certifications will be evaluated so CISSP may be evaluated higher then CAP. 14.Could the Government elaborate on why it requires penetration testing and forensic investigator certifications when the tasks outlined in the SOW do not explicitly support need for such certifications? The SOW is a draft and scope being revised. 15.Educational requirements in the Posting (brief abstract) PDF document are more detailed and restrictive than the Government issued SOW. Could the Government please confirm which document is binding? See C.8.0. 16.Is this a new effort or is there an incumbent for this effort? If there is an incumbent, who are they? See question 2. 17.If there is an incumbent, approximately how many FTE's do they require to provide the support? See question 2 for incumbent. Total FTEs are being expanded and will be available in future notices. 18.With the NIST's increased emphasis on the Risk Management Framework RMF) and tasking in SOW Tasks C.5.1 d,f,g&i and C.5.2.3 encompassing RMF efforts and expertise the recently ISACA instituted certification for Certified in Risk and Information Systems Control (CRISC) would seem to be a fit for this effort. According to ISACA, CRISC certification is "designed for IT professionals who have hands-on experience with risk identification, assessment, evaluation, response and monitoring." Would the FAA consider adding this certification as one of the acceptable certifications for this opportunity? Yes 19.Our experience in working with multiple FAA systems has shown that contingency and disaster recover planning is an important part of providing information technology systems security support. This is validated by the tasking in SOW Tasks C.5.1 i and C.5.2.1 d that specifically require contingency planning expertise. The Disaster Recovery Institute (DRI) International provides the only known certification process for business continuity professionals - BCP. Would the FAA consider adding this certification as one of the acceptable certifications for this opportunity? Yes 20.How many systems are included in the SOW scope for A&A? Scope is still being developed. 21.Have the systems been through the SA&A process and do they have current authorizations to operate (ATO)? All systems are certified by FISMA and NIST standards annually 22.Is this a new program/contract or is there an incumbent? See question 2 23.Is there a page restriction on the Capabilities Statement? Please limit your Capabilities Statement to 10 pages. This notice is for information gathering purposes only. 24.What is the Government's estimated level of effort by labor category for this requirement? See question 17 25.On Page 4 of the RFI it states that "The Contractor shall provide resumes with their response to this RFI for each employee. for each employee, at least one of the following nationally recognized information systems security certifications for performance on this contract." Please clarify: See question 1 26.Is a certification required for the Technical Writer/Editor, Document Production Technician and Administrative Support labor categories? No 27.How many resumes for each labor category are required to be submitted? The number of resumes for each labor category will be up to each Contractor based on the final SOW and other documents included in the final RFP. 28.Will this be a single award contract or a multi-award contract? The Government reserves the right to make a single award or multiple. 29.What is the acq Need more information on this. 30.Our team has a BPA on eFAST, FAA's preferred acquisition vehicle for fulfilling Agency Small Business goals. Will the procurement be through eFAST as companies are already vetted by the FAA with fixed ceiling rates; and the FAA can reduce its procurement costs by issuing task orders under the MOA holder's BPA, as opposed to issuing a new contract? This will not be a eFAST competition. eFAST labor rates were reviewed and determined to be much higher then the current incumbent Contractor. eFAST demonstrated only having one company with Information Security experience that was Service-Disabled Veteran-Owned Business. 31.Is there an incumbent? See question 2. 32.How many NAS systems are in scope? Scope is being expanded and can not be determined at this time. \ 33.Section C.4.4 Internal Audit Reviews: is there any form of evidence that the contractor has to produce to demonstrate compliance? The information will be provided in the final RFP. 34. Does each employee have to have one of the listed certifications or does the organization have to have at least one employee with certification? Not all employees have to hold certifications. See question 26 35.How many SDVOSB applicants would be considered a sufficient pool of candidates that would not require the FAA to engage the second level RFI for Certified Small Businesses? Three 36.Will the chosen pool of candidates, who will receive the SIR/RFP, be publically announced? No 37.It is our understanding that the work described in the SOW is currently being performed by multiple contractors - is the intent to consolidate all the work, on all NAS systems under one contract vehicle or task order? Yes, the FAA does intend to incorporate some expiring contracts into this effort. To what extent has not been determined. 38.How many systems will the new contract contain? See question 20 39.Will a list of the systems be provided? See question 20 40.Per SOW Section C.1.0 Introduction - the Government requests the following: "The Contractor shall provide resumes with their response to this RFI for each employee. Employee resumes will be part of the evaluation process. Besides having the required education and work experience sited in Section 8.0 of this Statement of Work (SOW), participants must list for each employee, at least one of the following Nationally recognized information systems security certifications for performance of this contract." There is no request within the separate RFI instructions (separate from the SOW) for resumes to be submitted; the request is only stated in the SOW. Does the Government wish to receive resumes with the responses to the RFI or is this intended only for the future RFP? Given that prospective bidders are in the process of forming teams to respond to this, and may not have staff fully determined at this stage, would it be acceptable to include a general summary of staff and qualifications, in place of resumes? Do not provide resumes, this was an error 41.Is the requirement for each person assigned to the contract to have at least one of the certifications listed in the SOW? No, see question 26 42.Please clarify what type of certification the FAA is referring to with the mention of "certified" small business contractors. Must be certified SDVOSB and the appropriate NAICS Code of 541512 43.eFAST is the FAA's preferred acquisition vehicle for fulfilling agency Small Business goals. We recommend this procurement use eFAST, through which contractors have already been vetted and deemed responsible, experienced, and having pre-negotiated, reasonably-priced fixed ceiling rates. Will the Government consider procuring this contract under eFAST? If not, how does the Government intend to release this procurement? See question 30 44.Please confirm our understanding that ONLY SDVOSB submissions are due for 'Tier one' by 12-20-2012? It is our impression that the Government will determine at that time based on the number and quality of the responses received, if the 'Second Tier' for submissions from Small Business only is invoked. No, all interested companies including Tier 1 and Teir 2 should submit capabilities. 45.Does the RFI response have any page limitations? No more than ten (10) pages. 46.How many copies of the RFI response are needed? Request RFI be sent via email to Stephanie.McKnight-Bailey@FAA.Gov 47.Will there be another RFI for small businesses if FAA does not get the number of qualified SDVOSBs (This question is because your RFI document states you will not pursue information and capabilities from Certified Small Business if you get enough SDVOSBs)? No. 48.Is the FAA ITSSS program going to be separate from the Shared Services Program? Will the Shared Services IT security program and the ITSSS program work together? Yes. Like in all FAA operations, when required, organization work together to achieve the objectives of the organization. 49.Who is the incumbent for this project? See question 2. 50.Which organization / Line of Business (LOB) will this ISSS program be reporting into? The PMO. 51.In reference to SOW Section C.1.0, paragraph 11, will resume submission be limited to the prime contractor, or can subcontractor resumes also be submitted? No applicable at this time. Do not submit resumes. 52.Can subcontractor experience and qualifications be utilized to satisfy RFI requirements? If so, will that carry the same weight as the experience and qualifications of the prime? Yes. 53.Will the scope of this effort be restricted to NAS operational systems or also include administrative systems support? NAS and Administrative System Support. 54.Are Contractors required to include a resume for every labor category with the response to this RFI. Do not submit resumes. 55.The RFI states that submissions should not be emailed or faxed, and a physical address is given for submission, but there is no quantity attached to the submission. We would assume that 1 hard copy submission is required to be delivered to the following address: Submit RFI via email as stated in 46.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DOT/FAA/HQ/12555/listing.html)
 
Record
SN02947595-W 20121214/121212234834-a03f162c3dd9ff48b4b189a451da4895 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)

FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.