Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF MAY 09, 2009 FBO #2721
SOURCES SOUGHT

D -- NGEN Information Assurance

Notice Date
5/7/2009
 
Notice Type
Synopsis
 
Contracting Office
4301 Pacific Highway Bldg OT4 Code 02, San Diego CA 92110-3127
 
ZIP Code
92110
 
Solicitation Number
SPAWAR_Headquarters_MKTSVY_733CE
 
Response Due
5/27/2009
 
Archive Date
6/11/2009
 
Point of Contact
Point of Contact - Dave Murree, Contract Specialist, 571-289-5480
 
Small Business Set-Aside
N/A
 
Description
The Space and Naval Warfare SystemsCommand (SPAWAR) in support of theNext Generation Enterprise Network(NGEN) program is seeking industrycomments in the area of InformationAssurance (IA).THIS IS A REQUEST FOR INFORMATION(RFI) ONLY. This RFI is issued solelyfor information and planningpurposes it does not constitute aRequest for Proposal (RFP) or apromise to issue an RFP in the future.This request for information does notcommit the Government to contract forany supply or service whatsoever.Further, the Navy is not at this timeseeking proposals and will not acceptunsolicited proposals. Respondentsare advised that the U.S. Governmentwill not pay for any information oradministrative costs incurred inresponse to this RFI; all costsassociated with responding to this RFIwill be solely at the interested partysexpense. Not responding to this RFIdoes not preclude participation in anyfuture RFP, if any is issued. If asolicitation is released, it will besynopsized on the Federal BusinessOpportunities (FedBizOpps) websiteand the SPAWAR E-Commerce Centralwebsite at https://e-commerce.spawar.navy.mil. It is theresponsibility of the potential offerorsto monitor these sites for additionalinformation pertaining to thisrequirement.1.0 BackgroundGeneral background information on theNext Generation Enterprise Network(NGEN) can be located at the publiclyaccessible website:https://portal.peoeis.navy.mil/main/by clicking on the NGEN ReferenceLibrary link.Independent Security OperationsOversight and Assessment (SOO&A) isa reliable technique used to increasethe efficiency and effectiveness of aprojects IT components. IndependentSOO&A can be used to assess theprobability that a proposed ITcomponent will address all factorsrequired for successful projectmanagement, development, andimplementation. These factors include:a. Meeting the stated projectrequirements,b. Being cost effective,c. Providing an industry acceptedapproach to information security,d. Providing an industry acceptedapproach to technical and ITimplementation,e. Accounting for maintenancef. Providing for adequate training andstaffing within the proposed projectenvironment.g. Mapping test and evaluations to thedeveloped requirements and testobjectives, andh. Allowing for the achievement of DoDGIG IA Campaign end states.Independent SOO&A provides for theearly detection and identification of riskelements within a program whichenables a Project Manager to takeaction to mitigate risks early in theproject life cycle.The DoN anticipates using IndependentSOO&A within the NGEN environment tomeet the following objectives:a. Deliver secure core enterpriseapplications to the war fighter andthose who support them.b. Ensure planning, development,management and support processesare in place and working properly.c. Ensure project managementdisciplines are incorporated into DoNskey IT-related projects throughoutNGENs project lifecycle.d. Provide leadership overarchingvisibility into enforcement levels,effectiveness and viability of theinformation technology securityprocesses as implemented in the NGENenvironment.e. Determine the technical feasibilityand soundness (i.e. from a securityperspective) of proposed projects. (i.e.virtualization, cloud computing, andother leading-edge technologies thatmay be applicable to an IndependentSOO&A effort).To accomplish these objectives, theDoN is developing a requirement toconduct Independent SOO&A. Thesegoals will be applicable to the COSC,to any follow on NGEN contract actions,and to any other applicable Navalnetwork. The DoN anticipates thisrequirement will include the followingtypes of testing and/or services:Red Team Testing: Unannounced,security posture assessment of theenterprise (hardware, software,processes, procedures, and people)and its response to unauthorizedactivities. Testing will identify gaps inthe system design, promote userawareness, and provide opportunitiesto evolve and enhance securityprocedures. Testing will facilitateperiodic system re-accreditation.Blue Team Testing: Continuoussecurity posture assessment of theenterprise. Testing will includecooperative vulnerability scanning andfull spectrum Operational Security(OPSEC) assessments to routinelyexamine and analyze the efficacy ofthe implemented defenses.Green Team Testing: Scheduledsecurity posture assessment of theenterprise. Testing will determine theeffectiveness of contract fulfillment byvendors against a pre-determined andagreed upon range of SLAs. Testing willverify configuration management andaid in maintaining the security integrityof the network.Vendor Support: Support relationshipswith NGEN software or service providersto provide problem resolution in areaslike virus infection and InformationAssurance Vulnerability Management(IAVM) implementation.Technical Consultant Services: SubjectMatter Experts (SMEs) who can provideoversight in thecreation/implementation of enterprisesecurity controls, templates andpolicies.2.0 Requested InformationBased upon the backgroundinformation located in the NGENreference library and in paragraph 2above, the DoN requests industryprovide comments and offer technicalsolutions and/or alternatives to theIndependent SOO&A approach andscope of the anticipated requirement.The DoN is interested in currentindustry standards and cutting edgetechnologies in the areas ofInformation Assurance.Responses to this RFI should take intoaccount regulations, policies, directivesand instructions associated with theDoD IT environment.Specific areas of interest include:a. Estimated skill sets and manninglevels needed to support the scope ofthe defined requirement to support anetwork of over 370,000 seats,700,000 users.b. How a potential IA service providermight support and implementIndependent SOO&A across the DONenterprise.c. Solutions on how Red, Blue, andGreen team methodologies could beincluded and used in the IndependentSOO&A framework to harden andensure the confidentiality, integrity,availability, and accountability of allspecified DON enterprise wide networks.d. How a potential IA service providermight implement current and futureDoD/DON IA policies across the DoNenterprise.e. Insight into whattechnical/developmental information,equipment, and or tools may berequired.f. Sampling methodologies available.g. Performance indicators ofIndependent SOO&A available.h. What additional elements outside ofthe scope of DoD 8500 series ofdirectives should the DoN reviewi. Citations and examples of projects ofa similarly sized and scope that utilizedthe suggested approach.4.0 ResponsesInterested parties are requested torespond to this RFI with a white paper.All submissions should be in MicrosoftWord for Office 2003 compatibleformat and are due no later thanWednesday, 27 May 2009. Responsesshall be limited to 15 pages andsubmitted via e-mail only to NGENDeputy PCO CDR Dave Murree at[dave.murree@navy.mil]. Proprietaryinformation, if any, should beminimized and MUST BE CLEARLYMARKED. To aid the Government,please segregate proprietaryinformation. The Government intendsto use various military and civilian Navyand Marine Corps personnel inreviewing and evaluating thesewhitepapers along with DON supportcontractors to include Center for NavalAnalyses (CNA); BearingPoint, BoozAllen Hamilton, Falconwood, WyleLaboratories, Analex ComGlobal, TAIC,as well as others. The DON contractswith each company include theappropriate organizational conflict ofinterest and nondisclosureagreements, but any concerns relativeto participation by these companiesmust be raised to the PCO prior tosubmitting any information. Allquestions related to this RFI should bedirected to the following email address:NGEN_Questions@bah.com..Section 1 of the white paper shallprovide administrative information, andshall include the following as aminimum:a. Name, mailing address, overnightdelivery address (if different frommailing address), phone number, faxnumber, and e-mail of designatedpoint of contact.b. Business type (large business, smallbusiness, small disadvantagedbusiness, 8(a)-certified smalldisadvantaged business, HUBZonesmall business, woman-owned smallbusiness, very small business, veteran-owned small business, service-disabledveteran-owned small business) basedupon North American IndustryClassification System (NAICS) code541512, Computer Systems DesignServices. Small business concernmeans a concern, including itsaffiliates, that is independently ownedand operated, not dominant in thefield of operation in which it is biddingon Government contracts, and qualifiedas a small business under the criteriaand size standards in 13 CFR part121. Please refer to FederalAcquisition Regulation FAR 19 foradditional detailed information onSmall Business Size Standards. TheFAR is available athttp://www.arnet.gov.The number of pages in Section 1 ofthe white paper shall not be included inthe 15-page limitation.Section 2 of the white paper shall belimited to 15 pages.5.0 Industry ExchangesBased upon the content of theresponses received, the Governmentmay choose to meet with one or moreof the respondents. If the Governmentchooses to meet with the respondentsit would be for the purpose of obtainingfurther clarification of potentialcapability to meet Governmentrequirements. The Government willutilize the information contained insection 1 of the white paper responsesto contact respondents.6.0 QuestionsQuestions regarding thisannouncement shall be submitted by e-mail to the Contracting Officer, atNGEN_Questions@bah.com. Verbalquestions will NOT be accepted.Questions will be answered bothindividually via e-mail and by postinganswers to the PEO-EIS Portal websiteathttps://portal.peoeis.navy.mil/main.Accordingly, questions shall NOTcontain proprietary or classifiedinformation. NOTE: THIS NOTICE WAS NOT POSTED TO FEDBIZOPPS ON THE DATE INDICATED IN THE NOTICE ITSELF (07-MAY-2009); HOWEVER, IT DID APPEAR IN THE FEDBIZOPPS FTP FEED ON THIS DATE. PLEASE CONTACT 877-472-3779 or fbo.support@gsa.gov REGARDING THIS ISSUE.
 
Web Link
Link To Document
(https://www.fbo.gov/spg/DON/SPAWAR/SPAWARHQ/SPAWAR_Headquarters_MKTSVY_733CE/listing.html)
 
Record
SN01811534-F 20090509/090508101059 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  © 1994-2020, Loren Data Corp.