Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF DECEMBER 05, 2010 FBO #3298
SOURCES SOUGHT

D -- Cybersecurity Support Services

Notice Date
12/3/2010
 
Notice Type
Sources Sought
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
United States Senate, Office of the Sergeant at Arms, Finance Division, United States Senate, Washington, District of Columbia, 20510-7207, United States
 
ZIP Code
20510-7207
 
Solicitation Number
2011-S-009
 
Archive Date
1/6/2011
 
Point of Contact
Kathleen M. Haddow, Phone: NA
 
E-Mail Address
Acquisitions2010@saa.aenate.gov
(Acquisitions2010@saa.aenate.gov)
 
Small Business Set-Aside
N/A
 
Description
DESC: MARKET SURVEY AND BIDDERS LIST DEVELOPMENT - SOURCES SOUGHT REQUEST FOR CYBER SECURITY INFRASTRUCTURE SUPPORT SERVICES. The purpose of this sources sought notice is to gain knowledge of potential qualified industry sources for providing cyber security infrastructure support services for the United States Senate (Senate), Office of the Sergeant at Arms (SAA). The Office of the CIO within the SAA has a broad range of responsibilities that include providing for a secure cyber environment in which to carry out Senate business. These cyber security infrastructure support services are primarily carried out in the Senate's Security Operations Centers (SOCs) using Senate furnished equipment (SFE) and systems. All requirements listed below are mandatory unless otherwise noted. This sources sought notice is not a request for proposal and in no way obligates the Senate to an award of a contract. This sources sought notice is based on currently available information. This information is subject to change at any time. Requirements are stated in terms of minimum capabilities and characteristics required by the Senate. Mandatory Tasks The key functional areas under consideration include, but are not limited to, the following: (1) Program Management: Provide program management services to organize, manage, and provide regular reporting on all of the SOC operations described herein. (2) Network Security Monitoring/Analysis and Security Incident Reporting : Monitor networks to assist the SAA in ensuring the integrity, availability, and confidentiality of the Senate Information Technology (IT) infrastructure. Provide around-the-clock monitoring at Senate facilities under prescribed service levels, with an experienced, high-level analyst on-site during business hours performing threat and operational information fusion analysis. (3) SOC and Process Management: Enhance, optimize existing workflow processes, and develop sophisticated analysis methods to identify, scope, and track potential security events, escalating, as appropriate, to a Senate incident response team. Develop new and enhance existing sophisticated analysis methods to detect and assess anomalies. Using methods developed previously, streamline existing monitoring processes using the Security Information Management (SIM) console and develop and/or assist in development of reporting dashboards. (4) Cyber Threat Analysis: Provide enhanced cyber security analysis services to include indications and warnings (i.e., situational awareness) of threats and potential threats to the Senate's network using both open and classified sources. Perform advanced technical analyses and operational security analyses of computer and network systems 3using network security monitoring systems. Perform short and long-term security event trend analysis. (5) Security Research and Engineering: Research, evaluate, test, and deploy security technologies, products, and integrated systems for safeguarding, monitoring, assessing, and investigating the security posture of Senate IT assets. (6) SOC Automation and Monitoring Systems: Improve SOC performance through process development and implementation utilizing web portal technology, as appropriate, for automation, and perform resource analysis for new security services. (7) Vulnerability Analysis: Conduct and further optimize, through continual quality improvement, existing processes of the Senate's ongoing comprehensive vulnerability assessment program using the Senate's in-house enterprise vulnerability assessment system. Generate reports, conduct trend analysis, and produce recommendations for the customer for the purpose of reducing individual and enterprise risk. Create and maintain an inventory of Senate IT assets. Integrate data gathered from vulnerability assessments with SIM database. For the SOC, perform security configuration verification, application configuration verification, and on-site security assessments to maintain prescribed service levels. This work specifically excludes performance of vulnerability remediation except in the case where the vulnerabilities in question are associated with the SOC hardware, software, and systems. (8) Security Operations Center IT Engineering and Operations: Provide around-the-clock IT engineering and operations support at the Senate's facilities conforming to mandated service levels for specified security technologies. Manage and operate the network monitoring/intrusion detection sensor network. Assess, implement, and manage all relevant data sources for the SIM system and manage and operate the SIM infrastructure. Manage SOC IT infrastructure. Use knowledge gained in functional area (2) to optimize, tune, and augment these technologies to enhance event detection, identification, and investigation. Develop and run a test and development computing environment to support the deployment of SOC-related technologies and systems. Develop and support script software as required to administer the SOC IT environment. (9) Enterprise client security infrastructure: Operate and manage enterprise-wide client security software systems (including anti-virus, spyware, and firewall components) to meet or exceed prescribed service levels. Test new versions and capabilities of these systems, manage their deployment, perform second and third level support, generate and distribute reports, and perform trend analysis as directed by Senate IT Security staff. Optional Tasks The Contractor may be required, at the Senate's request, to provide the following support: (10) Enterprise Technology Assessment: Conduct security test and evaluation of commercial off-the-shelf products and enterprise-wide IT solutions to determine potential risks, provide implementation recommendations, and establish security configuration standards. (11) Security Policy and Standards: Develop or assist in development of computer security and communications security guidelines and computer security policies and standards as required. (12) Forensics: Provide media analysis and computer forensics capability as needed. (13) Software Engineering: Provide backend support for SOC operations. Provide system and service integration services in the event that Senate hardware and software supplier shortcomings have possible or actual present or future operational impact. Prototype and develop customized security portals/dashboards for Senate business units. (14) Application Code Review: Provide services to test application and/or review source code using automated and manual processes. REQUIREMENTS: The Senate is seeking vendors who can meet its needs using commercial practices performing under 1) fixed-price, performance-based task orders for support and 2) fully burdened fixed labor hourly-rates (inclusive of travel, material and ODCs) to perform services on a time and materials basis. The vendors must be located no more than 50 miles driving distance to the US Capitol Building. In responding to this notice, state your qualifications to perform each of the mandatory and optional requirements listed above. The effort will require some personnel who can obtain and maintain Defense Security Systems (DSS) clearances up to and including Top Secret/SCI. Vendor response to each requirement must include paragraph numbering that can be directly mapped to the requirements listed above. In addition, submissions must include: a) past performance experience information for a minimum of three contracts of a similar scale that are less than two years old and that involve use of capabilities and products relevant to those necessary for meeting the requirements and tasks contained herein, including contract number, customer name and address, and brief synopsis of work performed relevant to requirements 1-12 listed above, b) description of capabilities to support the Senate's ability to continue essential functions conforming to a business continuity plan which is modeled on Federal Preparedness Circular # 65, Federal Executive Branch Continuity of Operations (FPC-65), dated June 15, 2004, and c) Organizational information including Dun and Bradstreet number and point of contact with telephone, fax, and e-mail address. After receipt and review of the responses to this notice, the SAA intends to issue a solicitation for these services. The information contained in this notice will be the only information provided by the Senate during the Sources Sought process. All qualified sources should respond to this Market Survey - Sources Sought by submitting an information package in accordance with the instructions provided. Vendors responding to this notice and deemed qualified by the SAA may be requested to submit a proposal in response to a solicitation. Only firms deemed qualified by the Senate will be considered. If suitable responses to this notice are received from one or more qualified sources, the SAA anticipates release of a solicitation during the second quarter of Fiscal Year 2011. Neither the SAA nor the Senate will be responsible for any costs for the preparation of responses to this request. INSTRUCTIONS: Responses to this Market Survey-Sources Sought request are due to the POC no later than January 5, 2011 at Noon EST and shall be submitted electronically via email only to the attention of Kathleen M. Haddow at Acquisitions2010@saa.senate.gov The subject line of the email message shall be: SSN 2011-S-009 Cyber Security Infrastructure Support. No other method of transmittal will be accepted. The response shall not exceed twenty-five pages. Unnecessarily elaborate submissions are discouraged. Pages over the page limitation may be discarded. Access by the SAA to information in any files attached to the response is the responsibility of the submitting party. Neither the SAA nor the Senate is responsible for any failure to access vendor's information. THIS IS NOT A REQUEST FOR PROPOSAL. THIS NOTICE CONSTITUTES THE ENTIRE SOURCES SOUGHT NOTICE AND IS THE ONLY INFORMATION PROVIDED BY THE SAA OR SENATE. ANY REQUESTS FOR ADDITIONAL INFORMATION WILL NOT BE HONORED.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/Senate/SAA/SAAFD/2011-S-009/listing.html)
 
Place of Performance
Address: Washington, District of Columbia, 20510, United States
Zip Code: 20510
 
Record
SN02338107-W 20101205/101203233954-2a92ff472bd1f23994b5fb14a9319d0c (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  © 1994-2020, Loren Data Corp.