Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF APRIL 01, 2020 SAM #6698
SOURCES SOUGHT

99 -- NOAA Training Manager

Notice Date
3/30/2020 1:01:33 PM
 
Notice Type
Sources Sought
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
DEPT OF COMMERCE NOAA NORFOLK VA 23510 USA
 
ZIP Code
23510
 
Solicitation Number
1305M220INMAN0999
 
Response Due
4/9/2020 10:00:00 AM
 
Archive Date
04/24/2020
 
Point of Contact
Jonathan Sayoc, Phone: 7574413824
 
E-Mail Address
Jonathan.Sayoc@noaa.gov
(Jonathan.Sayoc@noaa.gov)
 
Description
THIS IS NOT A SOLICITATION.� This is a Request for Information (RFI) for planning purposes only and is issued in accordance with Federal Acquisition Regulation (FAR) 52.215-3 Request for Information or Solicitation for Planning Purposes (OCT 1997). No solicitation document exists at this time. Issuance of this notice does not constitute any obligation on the part of the Government to procure these items or services or to issue a solicitation. In addition, the Government is under no obligation to pay for information submitted in response to this RFI, and responses to this notice cannot be accepted as offers. Any information that the vendor considers proprietary should be clearly marked as such. The Government shall not be held liable for any damages incurred if proprietary information is not properly identified. The Department of Commerce (DOC), National Oceanic and Atmospheric Administration (NOAA), Acquisition and Grants Office (AGO), Eastern Acquisition Division (EAD) is seeking information from industry in order to inform NOAA on different approaches and solutions to procure a commercial Information Technology (IT) product that would require minor professional services to customize for data entry options. The anticipated NAICS code for this requirement is 541519� Other Computer Related Services, with a size standard of $25,500,000.00.� The Government requests capability statements from interested sources that address the below requirements.� All interested sources shall submit a capability statement that shall be considered by the agency. To be eligible, vendors must be registered with the System for Award Management (SAM): https://www.sam.gov/portal/public/SAM/##11. Interested sources can obtain a DUNS number by calling 1-800-333-0505. Capability statements will be due on April 9, 2020 by 1:00PM EDT. Capability statements shall not exceed 15 pages in total. Capability statements will be accepted electronically (using PDF or Microsoft Word) at the following email address: Jonathan.Sayoc@noaa.gov. Submitted capability statement shall include the following: Company name and address DUNS number Size of business according to NAICS 334519 (e.g. Large Business, Small Business, 8a, Veteran Owned Small Business, Service Disabled Veteran Owned Small Business, HubZone, Small Disadvantaged Business, or Woman Owned Small Business) as validated by SAM. Company point of contact � Name, Phone Number, and Email Address Country that the proposed radiosondes and systems are manufactured in Terms of standard commercial warranty Any applicable published price list for the proposed radiosondes Any General Service Administration (GSA) schedule, Government Wide Acquisition Contract (GWAC) or Multiple Award Contract numbers and information that allow for the ordering of the proposed radiosondes General Requirements General Information Technology (IT) Requirements: Provide different permission levels for individual personnel, supervisors, and training management personnel Ability to work offline and then sync once connected to network Data synchronized between individual workstations and cloud environment Demonstrate System Reliability (system uptime and stability) and provide reports to NOAA IT detail uptime���� Application hosted using NOAA�s Cloud infrastructure; any alternate Cloud vendor must be Cloud FedRamp Certified to a moderate level and approved in advance by the government Software shall be COTS software readily available Provide historical update size and bandwidth requirements for daily operations and software updates Synchronization and or data transfer must be controllable (ability to throttle bandwidth usage, schedule transfer and or sync times) and work within a high latency low bandwidth environment (128kb or less with up to 1100 millisecond latency times)�� Section 508 compliance: Must be accessible to people with disabilities.�� IT Security Requirements: Please refer to NIST Special Publication 800-53 (Rev. 4) for compliance with referenced Access Controls (AC), System Communications (SC), Risk Assessment (RA), and System Integrity (SI) requirements below. Users (Access Controls): No Foreign National developers (or development conducted or code stored external to CONUS) per Departmental Administrative Order DAO 207-12 Access Control (AC-2): Must allow for implementation of 2 Step Verification utilizing Department of Defense Common Access Card (CAC) and certificates including PIV-I certificates Separation of Duties (AC-5): Must provide isolation of privileged & unprivileged access Least Privilege (AC-6): System configured to allow the least privileges required to fulfil the requirements Computer (System and Communications Protection): Information and Shared Resources (SC-4) Warning banners (AC-8) Application Partitioning (SC-2): Application server must separate application and user functionality (including user interface services) from information system management functionality Transmission Confidentiality and Integrity (SC-8): Application server must support VPN whenever remote connections are established from outside the system boundary Cryptographic Protections (SC-12/13): Application server must utilize encryption algorithms for sensitive information at rest and in motion must be FIPS 140-2 compliant; data must maintain encryption from endpoint to endpoint at every hop. Vulnerability Scanning (RA-5): Application server must be compatible with Tenable Nessus for vulnerability scanning Flaw Remediation (SI-2): Application server must remediate vulnerabilities and apply patches Malicious Code Protection (SI-3) Auditable Security Logs (AU) Baseline Configuration (CM-2): Application server must be Operational under DISA STIG configurations Application: All web traffic transmissions must use validated and approved certificates; site must be configured for HTTPS-only with HSTS as well as all other BOD 18-01 directives Information Input Validation (SI-10): Input forms reject buffer overflows, code injection, erroneous & unexpected input Encode HTML Output Information Retention and Handling (SI-12): Meet DOC and NOAA data retention policy for the class of data being stored Warning banners (AC-8): NOAA approved warning banners required with acknowledgement prior to access sensitive information, PII, BII and HIPAA Compatible with OMAO Data Loss Prevention (DLP) software agents� No use of Kaspersky-branded Products per 44 U.S.C. 3553(d)�(e) No foreign developed or maintained software application. All application software must be approved through the OMAO Configuration Approval Board prior to acceptance All software and sub-software must be licensed and supported Functional Requirements: Personnel Profiles: Creation and management of individual personnel profiles, e.g.: Current Position Current Organization Current Duty Station Current Assignment Medical Status Licenses & Certifications Completed Training Training Requirements: Ability to load license, certification, and training requirements by position Ability to load training requirements by assignment (e.g., individual ships) Ability to identify which requirements also necessitate an associated document for upload Document Storage Upload and storage of the following artifacts for each profile Vendor Profiles: Creation and management of vendor pool: Vendor Name Type of Training Location of Training Cost of Training Quality of Training Ability to bulk upload and associated multiple types of training with single vendor Inclusion of form for end-user to rate quality of training on scale from 1-5 Ability to generate dashboards and run reports Active and outstanding licenses and certifications Required, scheduled, completed, and outstanding trainings Organizational training plan for the upcoming fiscal year
 
Web Link
SAM.gov Permalink
(https://beta.sam.gov/opp/f02fc028294a49dc98985c29c04c89f8/view)
 
Record
SN05604953-F 20200401/200330230150 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.