SOURCES SOUGHT
D -- SD13 Cyber Sec SB - Sources Sought
- Notice Date
- 6/22/2017
- Notice Type
- Sources Sought
- NAICS
- 541330
— Engineering Services
- Contracting Office
- Defense Information Systems Agency, Procurement Directorate, DITCO-NCR, P.O. BOX 549, FORT MEADE, Maryland, 20755-0549, United States
- ZIP Code
- 20755-0549
- Solicitation Number
- SD13CyberSecSB
- Archive Date
- 7/21/2017
- Point of Contact
- WAYNE FAGAN, Phone: (301) 225-4505, Kane Leedy, Phone: (301) 225-4153
- E-Mail Address
-
wayne.j.fagan.civ@mail.mil, kane.e.leedy.civ@mail.mil
(wayne.j.fagan.civ@mail.mil, kane.e.leedy.civ@mail.mil)
- Small Business Set-Aside
- Total Small Business
- Description
- Sources Sought Announcement SD13 provides Cybersecurity support across DISA SD's portfolio of C2 capabilities, Enterprise-wide Services, and Business Systems, as well as the Joint C2 Reference Architecture. The C2 portfolio consists of the programs, projects, and initiatives that support the joint Warfighter's planning and execution of joint military and coalition operations. The C2 portfolio currently contains: •· Global Command and Control System - Joint (GCCS-J). GCCS-J is the Department of Defense (DoD) premier joint C2 system of record. GCCS-J provides the joint Warfighter with an integrated picture of the battlespace supporting all stages of military operations. GCCS-J has completed its last acquisition development cycle and has transitioned into the operations and support phase of the acquisition life cycle, in which it will be modernized, synchronized with other members of the GCCS Family of Systems (FoS), and sustained. GCCS-J is a post-Acquisition Category (ACAT) 1AC Major Automated Information System (MAIS) acquisition program. The GCCS-J Portfolio Management Office manages GCCS-J. GCCS-J is migrating to a loosely coupled, service-oriented architecture as part of the GCCS-J Enterprise modernization project. The GCCS-J Enterprise effort will be executed as an ACAT 3 program and managed by the new C2 Portfolio PMO. •· Global Combat Support System - Joint (GCSS-J). GCSS-J is the DoD joint logistics C2 system of record. GCSS-J provides Combatant Commands (COCOMs) and Joint Task Force Commanders with critical logistics information and in-transit visibility to support warfighting operations. GCSS-J is a post-ACAT 1AC MAIS acquisition program. The GCSS-J PMO manages GCSS-J. •· Joint Planning and Execution Services (JPES) Portfolio. JPES is the DoD portfolio that supports the policies, processes, procedures and reporting structures needed for planning, execution, mobilization, deployment, employment, sustainment, redeployment, and demobilization during joint operations. JPES capabilities are focused on changing the overarching processes to transform the way DoD plans and executes joint operations through the JPES Solution modernization initiative. The JPES PMO manages JPES. Business Systems Portfolio. DISA is a Combat Support Agency that provides Services to the DoD. DISA's Business Systems Division allows for efficient and agile service delivery and streamlined and transparent operations. The mission of the Business Systems portfolio is to develop DISA business systems that enable agile, transparent and streamlined service delivery to the Department, while the vision is to automate, consolidate and innovate DISA business operations. The primary elements of the portfolio include: •· DISA Storefront and other entrances that provide access to DISA's business systems •· Financial Management Systems •· Human Resource Management Systems •· Internal DISA User Portals and Dashboards •· DISA SD will support upcoming Business Services modernizations. Two examples of these include the Telecom Services Financial Service Modernization, which will modify the financial system that manages the Telecom Services Defense Working Capital Fund that tracks over $10 Billion/year, and the CRM Modernization, which will modernize the order entry system across the agency. Enterprise-Wide Services Portfolio. The Enterprise-Wide Services Portfolio Office manages a portfolio of collaborative tools, services, and environments that enable rapid communications, information sharing and agile software development. Mission partners and customers include the Department of Defense, traditional and non-traditional partners of the DoD including coalition nations and non-government organizations, and other federal government agencies. The development and integration of new services falls under four separate branches: Collaboration, Unified Capabilities, Applications Development, and Medical Management. Once fully integrated or developed, services are transitioned to DISA's Implementation and Sustainment Center for fielding and operational support and monitoring. EnterprisE and Joint C2 Reference Architecture (JC2 RA). SD supports the DoD Enterprise Architecture through implementation of the Joint Information Environment (JIE) as well as the Joint C2 Reference Architecture (JC2RA). The JC2 RA is based on the DoD enterprise architecture and is the capstone technical document for JC2 systems development. JC2 RA is currently in version 3.0, signed by the DISA SD Technical Director, transmitted by DoD CIO and ASD for Acquisition, and approved as a Reference Architecture of the DoD Information Enterprise Architecture (DoD IEA). It provides guidance and direction for the proper construction of all JC2 Tier 1 systems and is recommended for Tier 2 and Tier 3 systems as well. Each of the approximately two-dozen Tier 1 systems is annually assessed for its compliance to the RA. The JC2 RA is the foundation for all next generation C2 capability and ensures affordable interoperability. Within DISA SD, Agile Cybersecurity is applied throughout the lifecycle of a system. Security requirements are defined in the requirement baseline activity, verified in the design as part of the design reviews, assessed for compliance once the system is delivered, monitored for compliance, and updated as required once fielded. All DISA SD IT capabilities that receive, process, store, display or transmit DoD information must comply with all US Cybersecurity statutes and DoD/DISA Cybersecurity regulations. This includes protecting and defending DoD Information and DoD controlled IT that is operated by a Contractor or other entity on behalf of the DoD. (DoD Instruction (DoDI) 8500.01 and DoDI 8510.01) Cybersecurity supports traditional software development as well as the Agile Development cycle. Design requirements leverage assigned Risk Management Framework (RMF) controls as well as Security Technical Implementation Guides (STIGs), Security Requirement Guides (SRGs) and other applicable DoD Policies, Instructions and Memorandums and take into consideration the sensitivity of the information processed, the user base and the deployment environments. Security Engineering activities focus on ensuring security is considered within system design. Participation in requirements development, requirement reviews, design reviews and preliminary demonstrations help to ensure the system implements the security requirements as required. The Risk Management Framework (RMF) Assessment and Authorization (A&A) process is employed to manage a risk-based approach to the implementation of Cybersecurity. It also supports the integration of Cybersecurity in the systems design process, resulting in a more trustworthy system that can dependably operate in the face of a capable cyber adversary. DISA SD uses automated and manual Cybersecurity tools and processes currently in place to assist with managing and reporting risk in a timely manner. Tools used include, but are not limited to, the Enterprise Mission Assurance Support Service (eMASS), Assured Compliance Assessment Solution (ACAS), Host Based Security System (HBSS), Continuous Monitoring Risk Scoring (CMRS), Security Readiness Review Evaluation Scripts, Security Content Automation Protocol (SCAP) tools as well as code assessment tools such as HP Fortify, Sonar and the Eclipse Integrated Development Environment (IDE). Manual tools include DISA's Security Checklists and Security Technical Implementation Guides (STIGs). Processes for the use of these tools to permit agile A&A include (but are not limited to) managing the Plan of Actions and Milestones (POA&M) reviews as needed, weekly schedule reviews, daily assessment reviews (when assessing a system), and penetration testing. Within DISA SD, additional agile security processes are implemented due to the nature of agile development and the desire to field systems and capabilities in a timely manner. These processes permit the swift A&A of capabilities for risk and Authorizing Official (AO) approval. These processes are developed in cooperation with the Security Control Accessor (SCA) and support agile Cybersecurity. They include the Application Security Process (ASP) (for plug-ins, data services, and web applications or 'Apps') and the Change Notification (CN) process (for all systems) to capture minor updates to existing accredited capabilities. These processes make fielding small applications (plug-ins, data services, or apps) or changes to already deployed systems faster and more efficient. Development and Operations (DevOps) processes associated with continuous Cybersecurity monitoring are conducted within DISA SD. Automated Cybersecurity tools that detect changes to software endpoints may be applied for implementing this monitoring. Anticipated Time Frame: Fiscal Year 2018-Fiscal Year 2021 Place of Performance: DISA Headquarters, 6914 Cooper Avenue, Fort Meade, MD 20755
- Web Link
-
FBO.gov Permalink
(https://www.fbo.gov/spg/DISA/D4AD/DTN/SD13CyberSecSB/listing.html)
- Place of Performance
- Address: DISA Headquarters, 6914 Cooper Avenue, Fort Meade, MD 20755, Ft. Meade, Maryland, 20755, United States
- Zip Code: 20755
- Zip Code: 20755
- Record
- SN04554930-W 20170624/170622235458-ae154c31484e35ded1d3e40d6b7e6ada (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |