Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF SEPTEMBER 15, 2011 FBO #3582
SOLICITATION NOTICE

70 -- Data Loss Prevention (DLP) - Contract Deliverables

Notice Date
9/13/2011
 
Notice Type
Combined Synopsis/Solicitation
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
Defense Logistics Agency, DLA Acquisition Locations, DLA Contracting Services Office - Philadelphia, 700 Robbins Avenue, Philadelphia, Pennsylvania, 19111-5096, United States
 
ZIP Code
19111-5096
 
Solicitation Number
SP4701-11-R-0019
 
Archive Date
10/4/2011
 
Point of Contact
Mark Sullivan, Phone: 215-737-4851
 
E-Mail Address
mark.sullivan@dla.mil
(mark.sullivan@dla.mil)
 
Small Business Set-Aside
N/A
 
Description
Contract Deliverables COMBINED SYNOPSIS/SOLICITATION DLA Contracting Services Office - Philadelphia Site intends to solicit for Data Loss Prevention software, hardware and support services on a competitive basis. A brand name is required for this requirement and a Justification & Approval will follow explaining the brand name descriptions rational. Request for Proposal SP4701-11-R-0019 contemplates a Firm Fixed Price type contract with Performance Measures. The performance period is expected to start at time of award and continue thru 12 months. This is a combined synopsis/solicitation for commercial items prepared in accordance with the format in FAR Subpart12.6 using Simplified Acquisition Procedures under FAR Part 13; as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; a proposal is being requested and a written solicitation will not be issued- PAPERCOPIES OF THE SOLICITATION WILL NOT BE AVAILABLE. The Government will not pay for information received. The NAICS code is 541519 with a size standard of $25M. The solicitation document and incorporated provisions and clauses are those in effect through the current Federal Acquisition Circular. It is the contractor's responsibility to be familiar with the applicable clauses and provisions. The clauses may be accessed in full text at this address: http://farsite.hill.af.mil. The Contract Line Items (CLINS) are as follows: CLIN 0001 SOFTWARE Part #-SW-DLPDC-40000, DLP Datacenter per User, Qty. 35,000 Part #-SW-NMEFB-40000, DLP Network Monitor + Enforce per User, Qty. 35,000 Part #-SW-EDEEB-40000, DLP Endpoint Discover + Enforce per User, Qty.35,000 Part #-AXM00001000, RSA Access Manager Core Bundle per User, Qty. 100 Part #-SSF-SOL-COM-U5-P, Archer On-Demand Application, Qty. 2 Part #-RSA-0010405, DLP Network Sensor Appliance, Qty. 14 Part #-RSA-0010406, DLP Network Interceptor Appliance, Qty. 8 Part #-RSA-0010407, DLP Network ICAP Server Appliance, Qty. 14 Part #-RSA-0010408, DLP Network Controller Appliance, Qty. 4 CLIN 0003 ANNUAL MAINTENANCE Part #-M-SW-DLPDC-40000, Basic Maintenance for DLP Data Center Software for Year 1, Qty. 35000 Part #-M-SW-NMEFB-40000, Basic Maintenance for DLP Network Bundle for Year 1, Qty. 35000 Part #-M-SW-EDEEB-40000, Basic Maintenance for DLP End Point Bundle for Year 1, Qty. 35000 Part #-M-HW-DLP-SENS Basic Maintenance for Network Sensor Appliance for 1 Year, Qty. 14 Part #-M-HW-DLP-INT, Basic Maintenance for Network Interceptor Appliance for 1 Year, Qty. 8 Part #-M-HW-DLP-ICAP, Basic Maintenance for Network ICAP Appliance for 1 Year, Qty. 14 Part #-M-HW-DLP-CONT, Basic Maintenance for Network Controller Appliance for 1 Year, Qty. 4 Part #-STD-SUP-P, Basic Maintenance for Archer On Demand Application for 1 Year, Qty. 1 Part #-AXM00001000E12, Enhanced Maintenance for Access Manager for 1 Year, Qty. 100 Part #-PS-CAS-CUS, Basic Maintenance for Archer Custom Applications for 1 Year, Qty. 1 BRAND NAME SPECIFIED IS MANDATORY The brand name maintenance referenced herein by manufacturer's name and/or part number and nomenclature shall be furnished in strict accordance with manufacturer's published data relating to this material. Complete interchangeability of parts with original equipment is mandatory. There is insufficient time to obtain and analyze data to insure interchangeability of parts if other than the brand name parts specified are furnished; therefore quotes offering other than the hardware and software referenced will be rejected. CLIN 0004: Labor Support Services. The contractor shall perform the following tasks: Task 1 - Within five (5) business days after receipt of order (ARO), the contractor shall contact the COR to arrange for a kick off meeting to initiate action and confirm requirements. The actual meeting and determination of actions to be taken must take place within five (5) days after receipt of order. Task 2 - Install RSA Data Loss Prevention Hardware and Software at 11 DLA Primary Field Sites to enable Data at Rest Scanning by end of the contract period of performance. RSA Data Loss Prevention Hardware and Software at DLA HQ field site to be installed and operational within 3 months after receipt of order (ARO). See Attachment 1 for Specific OEM Product Numbers. Task 3 - The contractor shall work with the COR with assistance from the POCs (or their proxies) to enable a rapid transition to the new EMC/RSA DLP technology platform the contractor shall use the appropriate mix of technical professional services and professional services project management to develop, test and deploy a DLA Custom PII Policy where completion of task is determined by delivery of a customized PII policy that provides detection of unencrypted Social Security Numbers with a False Positive Rate less than or equal to 10%. Task 4 - The contractor shall work with the COR with assistance from the POCs (or their proxies) to enable a rapid transition to the new EMC/RSA DLP technology platform the contractor shall use the appropriate mix of technical professional services and professional services project management to develop, test and deploy a DLA Custom PII Incident Management Workflow where completion of task is determined by integration of DLA's published PII Incident Management Workflow, and transition of existing DLP management workflow. Task 5 - The contractor shall work with the COR with assistance from the POCs (or their proxies) to enable a rapid transition to the new EMC/RSA DLP technology platform the contractor shall use the appropriate mix of technical professional services and professional services project management to develop, test and deploy DLA Custom PII Incident Reporting where completion of task is determined by transition of existing DLP incident reports and implementation of DLA DLP PII summarized dashboard reports. Task 6 - The contractor shall work with the COR with assistance from the POCs (or their proxies) to enable a rapid transition to the new EMC/RSA DLP technology platform the contractor shall use the appropriate mix of technical professional services and professional services project management to develop, test and deploy DLA Custom DLP System Reporting where completion of task is determined by transition of existing DLP system reports and implementation of DLA DLP summary dashboard reports. Task 7 - The contractor shall work with the COR with assistance from the POCs (or their proxies) to enable a rapid transition to the new EMC/RSA DLP technology platform the contractor shall use the appropriate mix of technical professional services and professional services project management to develop, test and deploy DLA DLP PKI/CAC Authentication Integration such that the EMC/RSA DLP product is fully integrated with DLA PKI/CAC authentication infrastructure where completion of task is determined by functioning integration. Task 8 - The contractor shall work with the COR with assistance from the POCs (or their proxies) to enable a rapid transition to the new EMC/RSA DLP technology platform the contractor shall use the appropriate mix of technical professional services and professional services project management to develop, test and deploy DLA DLP AD Role Based Access Control Authorization such that the EMC/RSA DLP product is fully integrated with DLA AD infrastructure where completion of task is determined by functioning integration. Task 9 - The contractor shall work with the COR with assistance from the POCs (or their proxies) to provide three (3) students of DLA's choosing comprehensive instruction in the administration and configuration of the RSA Data Loss Prevention (DLP) Suite. Each student shall be trained in and provided 1 week (36 credit hours per student) of theory and product basics such as the RSA DLP Suite architecture, integration of RSA DLP components, and the importance of various configuration parameters are discussed. The contractor shall deliver this training within thirty (30) days after receipt of order. Task 10 - The contractor shall work with the COR with assistance from the POCs (or their proxies) to provide three (3) students of DLA's choosing comprehensive instruction in the RSA Archer platform's Basic Administration capabilities. Each student shall be trained in and provided 1 week (36 credit hours per student) with detailed insights and best practices for administering the RSA Archer platform, and each student will learn how to build and develop custom applications, integrate applications with external data sources and communicate GRC information through reports, emails and dashboards. After completing this class, each student will be prepared to use the RSA Archer platform to solve common GRC problems and meet the business requirements of various enterprise stakeholders. The contractor shall deliver this training within eleven (11) months after receipt of order. Task 11 - The contractor shall work with the COR with assistance from the POCs (or their proxies) to provide three (3) students of DLA's choosing comprehensive instruction in the RSA Archer platform's Advanced Administration capabilities. Each student shall be trained in and provided 1 week (36 credit hours per student) with detailed insights and best practices for administering the RSA Archer platform, and each student will learn how to build and develop custom applications, integrate applications with external data sources and communicate GRC information through reports, emails and dashboards. After completing this class, each student will be prepared to use the RSA Archer platform to solve common GRC problems and meet the business requirements of various enterprise stakeholders. The contractor shall deliver this training within eleven (11) months after receipt of order. Task 12 - Offeror supplied Software maintenance and support to include: software upgrades and patches and five (5) days per week by nine (9) hours per day telephone technical support provided to DLA technical POCs designated by COR. Task 13 - The contractor is responsible to provide seamless transfer of knowledge from outgoing personnel to the new personnel in his staff. The contractor shall not allow change in personnel to affect productivity and timely receipt of deliverables. Deliverables may include but are not limited to technology architecture diagrams, Application STIG documentation, Web Server STIG documentation, Database STIG documentation, and Operating System STIG documentation. All documentation will be delivered in Microsoft Office file formats: Word, Excel, Visio, Project. The Performance Work Statement (PWS) is as follows: C.1 PERFORMANCE MEASURES: C.1.1 Purpose of Measure The subject procurement will be awarded using a fixed price contract with performance based measures. The performance measurements to be used to assess the Contractors performance under this contract will determine whether the Contractor is performing at acceptable levels in order to allow for a 100% payment of monthly invoices. The Government will make objective and subjective assessments of the Contractor's performance to determine whether contractor performance is acceptable. The Contractor is expected to perform all functions in a professional manner and prepare accurate and timely documentation. Progress will be tracked based on the milestone event when the Contractor receives a specific tasking. The number of completed actions will be balanced against the quality of this output. C.1.2 PERFORMANCE MEASUREMENTS: The performance measurements under this contract shall be based on timeliness and quality of the work and deliverables provided by the Contractor under the contract. These measurements are defined as: • Timeliness - The completion of taskings and/or the submission of deliverables within the schedule set forth by the government during the performance of the contract. • Quality - The quality of work completed under the resulting taskings will be measured based on the Government's determination of the validity, accuracy, clarity and usefulness of a deliverable or if the work performance met the expected outcomes as was communicated to the Contractor by the government. C.1.3 FIXED PRICE PERFORMANCE STANDARDS: The following performance standards will be applied to the resultant contract: a) The contractor shall submit a combined monthly invoice for 100% of the fixed monthly amount for each PWS tasking. As part of the Contracting Officer's Representative's (COR) monthly certification process, the COR will indicate on the invoice submitted the amounts authorized for payment for each task based on the performance measures described herein. b) The determination for payment of the performance standards will be made in accordance with the procedures set forth below. c) The COR or his/her designated representative will advise the contractor of what the authorized amount of payment will be for each month within 10 working days of submittal of the invoice. If the COR or his/her designated representative does not come to a determination or certify the invoice within 10 working days than the contractor will be provided 100% of their invoiced amount. Should the government withhold any part of the firm's monthly fee the balance of the amount withheld may be redeemable in a separate invoicing period should the contractor maintain a highly acceptable rating for a minimum of three (3) months. The Contractor may direct questions on any withholding of a payment to the Contracting Officer or Contract Specialist identified herein. If the contractor demonstrates that the firm's inability to meet performance requirements was due to a failure on the part of the Government (i.e. miscommunication of facts, failure to provide the Contractor with information or devices necessary to complete tasks, etc.) the monthly payment, or some part of the monthly payment, may be released to the contractor in a future invoicing period. C.1.4 PERFORMANCE REVIEW: Below are the Performance Standards that will be used in evaluating performance on a monthly basis and in determining the amount of the monthly payment owed to the contractor. Highly Acceptable - • Meets or exceeds contract requirements in terms of timeliness and quality requirements in the Performance Work Statement. • COR will make a determination to pay the contractor 100% of the monthly invoice amount. Acceptable - • Meets all deliverable requirements of the PWS but required minor revisions necessary and the revisions do not adversely impact the PWS requirements • The COR will make a determination to pay the contractor 95% or more of the monthly invoice amount. Marginally Acceptable - • Have two or more issues that were not minor, such as missed deliverables, poor quality levels of work, or services that did not comply with the intended and agreed to requirements. • The level of authorized payment will be based on the level of the severity the revisions or delayed deliverables cause. • The COR will make a determination to pay the contractor from 85% to 94% of the monthly invoice amount. Unacceptable - • Performance has been Marginally Acceptable for more than one month. • Performance has been at a level where the Contracting Officer has had to issue one or more cure notices regarding performance. • Payment for the month will be withheld pending resolution of cure notice(s). Upon satisfactory resolution of issues related to the cure notice(s), payment for the month in question will be made at the Marginally Acceptable rate. • If issues are not resolved No payment will be made. • Continually monthly performance at the unacceptable level will be at a level where a termination will be considered if the performance is not improved. C.2 INTRODUCTION: DLA requires a suite of enterprise-scalable information technology (IT) tools to provide data loss prevention (DLP) capabilities which includes the brand name specific EMC / RSA Inc. products and support. C.3 GENERAL REQUIREMENTS: Automate the detection, remediation, movement, and quarantine, of unencrypted files containing PII from Network Share drives, unauthorized SharePoint repositories, Microsoft Exchange Public folders, Internet egress points, and e-mails thereby reducing risk to the DLA Enterprise of unauthorized disclosures of, or access to, PII. This requirement will be achieved to minimize risk of unsecured PII being stored on unauthorized file locations within the DLA "Firewall," and detect, prevent, and quarantine unsecured PII in e-mail from leaving DLA, thereby minimizing the risk of that PII ever being lost, stolen, or compromised to anyone outside of DLA. This requirement will also be achieved to maximize DLA compliance with the Privacy Act of 1974, as amended; the Federal Information Security Management Act of 2002; OMB Memorandum M-07-16, "Safeguarding Against and Responding to the Breach of Personally Identifiable Information;" DoD 5400.11-R, "DoD Privacy Program Regulation," Appendix 1, "Safeguarding Personally Identifiable Information;" DoDI 8500.2, "Information Assurance (IA) Implementation;" NIST SP 800-53, Rev 3., "Recommended Security Controls for Federal Information Systems and Organizations;" and CNSS Instruction No. 1253, "Security Categorization and Control Selection for National Security Systems." The offeror shall work with J-64, DGA, as well as J6F employees and contractors to customize the EMC/RSA DLP product to meet J-64's requirements as detailed below. This effort will not be considered complete until the customer signs off for completion of each requirement defined below. Offeror will also provide technical support to EMC/RSA DLP users. Visits to the Andrew T. McNamara Building must be arranged ahead of time to establish an escort. Any offeror personnel to work on location shall come with appropriate identification (a valid driver's license). Offeror personnel will be signed in and must stay with an escort while in the building. Questionable individuals may be refused entrance into the complex. Database administrator, and any contract personnel who have direct access to the DLA EMC/RSA DLP system, will be in a position classification of IT 2 which requires a National Agency Check with Law and Credit Checks (NACLC). The NACLC must be favorably adjudicated by DoD and should show in the DoD Joint Personnel Adjudication System (JPAS). The contractor must ensure that there accreditation is completed. C.4 CONTRACT DELIVERABLES: See Attached table "Contract Deliverables" C.5 CONTRACT TYPE: Firm Fixed Price with Performance Measures C.6 PERIOD OF PERFORMANCE: The period of performance shall be for 12 months after award. The contract period of performance will be considered to have started when the contract is signed by both parties and all badges and clearances have been issued. C.7 PLACE OF PERFORMANCE: Defense Logistics Agency (DLA) DLA Information Operations (J6) 8725 John J. Kingman Road Fort Belvoir, VA 22060-6221 C.8 CONTRACTING OFFICERS REPRESENTATIVE: To be named at time of award. C.9 CONTRACT SPECIALIST: Mark Sullivan Phone #: (215) 737-4851. FAX #: (215) 737-7942. Email Address: Mark.Sullivan@dla.mil C.10 SUBMISSION OF QUESTIONS: Questions with respect to this RFP should be submitted via email to the Contract Specialist (see Section C.9, above). Any technical questions, requests for clarification or requests for data in connection with this RFP must be submitted in writing on or before September 15, 2011 by 12:00pm (Eastern Time) to allow DLA adequate time to provide answers or to consider potential changes to the RFP. Vendors are strongly urged to follow-up the submission of any questions to the Specialist via telephone to ensure that questions have been received. C.11 PROPOSAL SUBMISSION: All offers must be submitted on or before September 19, 2011 @ 12:00pm Eastern Time. All responses should be submitted electronically to the email listed in C.9. Offeror's shall follow up with a phone call to the contracting POC listed in C.9 to ensure receipt of proposal. The provisions at 52.212-1, 52.212-3, apply to this acquisition. The clause at 52.212-4, Contract Terms and Conditions Commercial Items, applies to this acquisition. The clauses at 52.212-5 and 252-212-7001, Contract Terms and Conditions Required to Implement Statues or Execute Orders-Commercial Items, 52.222-37, Employment Reports on Disabled Veterans and Veterans of the Vietnam Era; 52.232-33, Payment by Electronic Funds Transfer-Central Contractor Registration, 52.204-7 Central Contractor Registration and 252.204-7004 (AltA) Central Contractor Registration apply to this acquisition, with the following clause checked as applicable: 52.222-2, 52.222-35, and 52.222-36. Offerors must be registered in the CCR and in Wide Area Work Flow prior to solicitation closing. The closing date of this solicitation is 19 September 2011 at Noon Eastern time. For additional information concerning this requirement, please contact Mark Sullivan at 215-737-4851 or via E-mail at Mark.Sullivan@dla.mil.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DLA/J3/DSCP-PB/SP4701-11-R-0019/listing.html)
 
Place of Performance
Address: 8725 John J. Kingman Road, Fort Belvoir, Virginia, 22060, United States
Zip Code: 22060
 
Record
SN02575067-W 20110915/110914001240-05f433e0d0a9f137ab81b8b40cd19e8a (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  © 1994-2020, Loren Data Corp.