Sources Sought Notice - Test and Evaluation (T&E), Security Engineering and Certification & Accreditation (C&A) and Managed Services of the Global Command and Control System - Joint (GCCS-J)
Notice Type: Sources Sought Notice
Posted Date: 25-NOV-15
Office Address: Defense Information Systems Agency; Procurement Directorate; DITCO-NCR; P.O. BOX 549 FORT MEADE MD 20755-0549
Subject: Test and Evaluation (T&E), Security Engineering and Certification & Accreditation (C&A) and Managed Services of the Global Command and Control System - Joint (GCCS-J)
Classification Code: D - Information technology services, including telecommunications services
Solicitation Number: TESTANDEVAL
Contact: Michelle Rand, Contract Specialist, Email firstname.lastname@example.org - Quinton Smith, Contracting Officer, Email email@example.com
Place of Performance (address): The contract shall be performed at Contractor and Government Offices, contingency environment(s), and include travel to CONUS and infrequent OCONUS locations.
Place of Performance Country: US
Description: Defense Information Systems Agency
SOURCES SOUGHT ANNOUNCEMENT
The Defense Information Systems Agency (DISA) is seeking sources for Test and Evaluation (T&E), Security Engineering and Certification & Accreditation (C&A) and Managed Services of the Global Command and Control System - Joint (GCCS-J).
CONTRACTING OFFICE ADDRESS:
Defense Information Systems Agency
6914 Cooper Ave.
Ft. Meade, MD 20775-7901
This is a SOURCES SOUGHT TECHNICAL DESCRIPTION to determine the availability and technical capability of large and small businesses (including the following subsets, Small Disadvantaged Businesses, HUBZone Firms; Certified 8(a), Service-Disabled Veteran-Owned Small Businesses and Woman Owned Small Business) to provide the required products and/or services.
The GCCS-J program office is seeking information for potential sources for Test and Evaluation (T&E), Security Engineering, Certification and Accreditation (C&A) and Managed Services support to the GCCS-J PMO for the GCCS-J system. T&E includes technical expertise and test execution support for GCCS-J test events; Security Engineering and C&A includes the evaluation, review securing and reporting of GCCS-J computer and network systems and infrastructure; and, Managed Services includes production release management (configuration control, license administration, etc.) and Tier-3 help desk support and problem resolution for the fielded releases, which keeps GCCS-J operating at a high level of availability and utility for the Warfighter.
THIS SOURCES SOUGHT IS FOR INFORMATIONAL PURPOSES ONLY. THIS IS NOT A REQUEST FOR PROPOSAL. IT DOES NOT CONSTITUTE A SOLICITATION AND SHALL NOT BE CONSTRUED AS A COMMITMENT BY THE GOVERNMENT. RESPONSES IN ANY FORM ARE NOT OFFERS AND THE GOVERNMENT IS UNDER NO OBLIGATION TO AWARD A CONTRACT AS A RESULT OF THIS ANNOUNCEMENT. NO FUNDS ARE AVAILABLE TO PAY FOR PREPARATION OF RESPONSES TO THIS ANNOUNCEMENT. ANY INFORMATION SUBMITTED BY RESPONDENTS TO THIS TECHNICAL DESCRIPTION IS STRICTLY VOLUNTARY.
Contract Number: HC1028-08-D-2025, Task Order VC15
Contract Type: Cost plus Fixed Fee (CPFF)
Incumbent and their size: Leidos, Large Business
Method of previous acquisition: ENCORE II Fair Opportunity
Brief description of the current program/effort: The Global Command and Control System - Joint (GCCS-J) is the Department of Defense (DoD) joint Command and Control (C2) system of record for achieving full spectrum dominance. GCCS-J is designated an Acquisition Category (ACAT) IAC Major Automated Information System (MAIS). It is a suite of mission applications that provides critical joint warfighting C2 capabilities and is the principal foundation for dominant battlespace awareness, providing an integrated, near real-time picture of the battlespace necessary to conduct joint and multinational operations. GCCS-J provides a robust and seamless C2 capability to the Commander-in-Chief (CINC), Secretary of Defense (SECDEF), National Military Command Center (NMCC), Combatant Commanders (CDRs), Joint Force Commanders, and Service Component Commanders. GCCS-J offers vital connectivity to the systems the joint warfighter uses to plan, execute, and manage military operations.
The GCCS-J is a software-based system that:
* Provides situational awareness of friendly, enemy and neutral forces, facilities and assets
* Crisis action planning
* Joint Forces and Joint Coalition interoperability
* Intelligence Community information
Anticipated Award Time Frame: Contract award NLT 30 April 2017.
Place of Performance: The contract shall be performed at Contractor and Government Offices, contingency environment(s), and include travel to CONUS and infrequent OCONUS locations.
To support the existing fielded GCCS-J software baselines as well as baselines in development the government requires support in the following three (3) capability areas: Test and Evaluation (T&E); Security Engineering, Certification & Accreditation (C&A); and Managed Services. GCCS-J primarily consists of the following baselines:
! ! Global v4.x ! Global v6.x ! Agile Client ! JC2CUI ! eHelp ! DVL !
! ISA ! SPARC ! x86 ! Server: x86, SPARC Client: x86 ! x86 ! ! x86 !
! OS ! Solaris, Windows ! RHEL, Windows ! Server: RHEL, Solaris Client: Windows ! RHEL ! ! RHEL !
! App Server ! Oracle Weblogic ! JBOSS EAP, Apache Tomcat ! ! Apache Tomcat ! ! Apache Tomcat !
! Database ! Oracle 11g, Sybase ASE 15.x, PostgreSQL ! Oracle 11g, Sybase ASE 15.x ! ! ! ! !
! Misc ! ! ! Netbeans, NASA Worldwind, Pivotal GemFire ! Ozone Widget Framework ! SharePoint ! !
Vendors may elect to respond to any or all of the three (3) listed capability areas in their submission. Responses must address the entirety of the listed capability area (eg. address all of T&E, not just a portion of T&E).
Capability Area 1: Test and Evaluation (T&E) requires:
* Test planning, execution, and reporting of each software release, to include development of test plans, test cases, test reports, functional requirement traceability, and interdependencies, hierarchical software architectures, phased configuration item delivery schedules, compliance/security/functional problem resolution, hardware requirement validation , commercial off the shelf software (COTS)requirements validation, performance metrics, development and use of automated test tools/cases and associated risk assessment development of software releases;
* Test preparation and execution requiring expertise in the system baseline attributes listed above;
* Independent Verification and Validation (IV&V) on all built systems to ensure each build conforms to its associated release baseline;
* A performance test analysis of any application on the GCCS-J and associated baselines; and,
* Reviews and evaluation and development of GCCS-J testing processes, methods, and tools in order to develop or revamp the testing program to ensure continued effectiveness.
Capability Area 2: Security Engineering, Certification & Accreditation (C&A) requires:
* Conducting and managing all C & A activities and processes in accordance with the DoD 8510 Risk Management Framework (RMF) requirements to ensure a successful Security Control Assessor (SCA) recommendation (i.e. and Authorizing Official (AO) decision (i.e. ATO, etc.) is obtained and maintained in support of the GCCS-J systems (Type and local accreditations).
* Reviewing and ensuring compliance with DoD Information Assurance (IA) and Information Technology (IT) policy, directives, and cybersecurity requirements for feasibility and applicability to the GCCS-J mission support systems.
* Providing Expert-level IA/Security Engineering support and guidance focused on the maintenance of existing and future GCCS-J systems/applications, security lockdown tools/scripts, system security/cybersecurity scans and associated IA documentation to ensure compliance with DoD directives, instructions and cybersecurity requirements.
* Conducting IV&V GCCS-J software source code security scan reviews (automated and manual), assessments, and analysis to ensure adherence to software code design and development, web development standards and best security practices/DoD application security development requirements are complied with.
* Conducting IV&V security assessments in support of the GCCS-J PMO developmental testing activities for the systems under development to ensure compliance to the security guidelines.
* Facilitating and managing the GCCS-J Information Assurance Vulnerability Management (IAVM) program/process in support of the GCCS-J community.
* Providing Network Defense Expert-level support and services such as HBSS testing, development of policies, and maintenance of the GCCS-J systems (type & local) to monitor, detect, and counter against known cyber-threats to Department of Defense.
* Supporting internal GCCS-J PMO and external IA/Security communication and collaboration activities with the GCCS-J community, National Security Agency, USCYBERCOM, etc...
Capability Area 3: Managed Services requires:
* Production management support to include software baseline verification, configuration control of software releases, managing a data store of data/records/documents and problem reports and COTS software license administration; and,
* Providing experienced Tier-3 help desk support in the GCCS-J Global Technical Assistance Center (GTAC) to provide operational subject matter expertise and coordination of problem resolution to the GCCS-J community.
* Capability Areas 1,2 and 3: All on-site personnel will maintain at least a U.S. Secret clearance with approximately 25% of personnel eligible for Top Secret/SCI
* Contractors must meet the DoD Directive 8140.01 Cyberspace Workforce Management that reissued and renumbered the DoD 8570 Information Assurance Workforce Improvement Program document. All applicable contractor personnel must meet the compliance requirements for their specific job position in accordance with this Directive. For capability area 1 and 3, personnel performing IA functions must meet the compliance requirements for their IAT level I, II, or III positions. For capability area 2, personnel must meet their compliance requirements for their IAT level II or III, IAM level I or II, IASAE level I or II positions.
* Contractor must provide personnel experienced with DoD directives and instructions such as, Chairman of the Joint Chiefs of Staff Instructions (CJCSI), GCCS-J Security Policy 6731, DoD 8500.1 Cybersecurity, DoD 8551.01Ports, Protocols, Services and Management (PPSM), DoD 8510.01 Risk Management Framework (RMF) for DoD Information Technology (IT), DoD 8520 Public Key Infrastructure (PKI) /Public Key Enabling (PKE), USCYBERCOM taskings, etc.
The anticipated North American Industry Classification System Code (NAICS) for this requirement is 541511with the corresponding size standard of $27,500,000.00. This Sources Sought Synopsis is requesting responses to the following criteria from large and small businesses that can provide the required services under the NAICS Code.
To assist DISA in making a determination regarding the level of participation by small business in any subsequent procurement that may result from this Sources Sought, you are also encouraged to provide information regarding your plans to use joint venturing (JV) or partnering to meet each of the requirements areas contained herein. This includes responses from qualified and capable Small Businesses, Small Disadvantaged Businesses, Service Disabled-Veteran Owned Small Businesses, Women-owned Small Businesses, HUBZone Small Businesses, and 8(a) companies. You should provide information on how you would envision your company's areas of expertise and those of any proposed JV/partner would be combined to meet the specific requirements contained in this announcement.
In order to make a determination for a small business set-aside, two or more qualified and capable small businesses must submit responses that demonstrate their qualifications. Responses must demonstrate the company's ability to perform in accordance with the Limitations on Subcontracting clause (FAR 52.219-14).
Responses should include:
* 1) Capability Area(s) included in the response
* 2) Business name and address;
* 3) Name of company representative and their business title;
* 4) Type of Business;
* 5) Cage Code;
* 6) Contract vehicles that would be available to the Government for the procurement of the product and service, to include ENCORE II, General Service Administration (GSA), GSA MOBIS, NIH, NASA SEWP, Federal Supply Schedules (FSS), or any other Government Agency contract vehicle. (This information is for market research only and does not preclude your company from responding to this notice.)
Vendors who wish to respond to this should send responses via email NLT December 18, 2015 at 4:00 PM Eastern Daylight Time (EDT) to mailto:firstname.lastname@example.org and mailto:email@example.com. Interested businesses should submit a brief capabilities statement package (no more than five pages, cover page not included in page limit) demonstrating ability to perform the services listed in this Technical Description. Documentation should be in bullet format.
Proprietary information and trade secrets, if any, must be clearly marked on all materials. All information received that is marked Proprietary will be handled accordingly. Please be advised that all submissions become Government property and will not be returned. All government and contractor personal reviewing RFI responses will have signed non-disclosure agreements and understand their responsibility for proper use and protection from unauthorized disclosure of proprietary information as described 41 USC 423. The Government shall not be held liable for any damages incurred if proprietary information is not properly identified.