Cyber Security Support Services

SOURCES SOUGHT NOTICE The Defense Counterintelligence and Security Agency (DCSA)CONTRACTING OFFICE ADDRESS:  Acquisition and Contracting                                                                      27130 Telegraph Road                                                                      Quantico, VA 22134 INTRODUCTION:This is a SOURCES SOUGHT NOTICE for market research purposes to determine the availability and technical capability of Certified 8(a) companies to provide Cyber Security Support Services.The Defense Counterintelligence and Security Agency (DCSA), is seeking information for potential sources for Cybersecurity Support Services which are considered necessary to protect, in part, the DCSA Information Technology (IT), capabilities, and enterprise infrastructure. The DCSA Enterprise maintains a number of legacy systems and is responsible for the development and implementation of the Enterprise Security System (ESS).The overall objective of DCSA Cyber Security Support

Services is to provide comprehensive cybersecurity support to the current enterprise and transformational cybersecurity support for the future DCSA organizational enterprise. The specific functions required to carry out these objectives are listed below:Provide continued cybersecurity development for the agency, to include cloud environments;Provide continued development of the Enterprise Data Management (EDM) for the agency;Provide assistance with the DCSA Authorization & Assessment (A&A) process to ensure the Risk Management Framework is implemented on DCSA systems;Provide assistance with DCSA systems to ensure the cybersecurity framework is implemented for identifying, protecting, detecting, responding, and recovering from cyber threats & vulnerabilities;Conduct approved product analysis, to recommend products being considered for inclusion on the DCSA networks ensuring they are properly and uniformly analyzed for compliance with DoD and DCSA security requirements and best practices;Provide support with issuance and technical assistance with Non-Classified Internet Protocol Router Network (NIPRNet), Secret Internet Protocol Router Network (SIPRNet) and Joint Worldwide Intelligence Communications System (JWICS) tokens and Unclassified – Top Secret media destruction of various types of media and guidance to DCSA personnel;Review Cyber Workforce Improvement program reports/artifacts to ensure validation of requirements to obtain/maintain network access;Provide and perform incident response, forensics, threat hunt, and cyber operations test and evaluation for the agency;Use tools to detect, analyze, counter, and mitigate cyber threats and vulnerabilities; as well as to maximize user accessibility and functionality;Provide configuration and change management practices to establish and maintain consistency of a product or system’s attributes with its requirements and evolving technical baseline over its life.Conduct assessment to ensure supply chain risk management is supported from a risk based approach.Provide support for securely onboarding and off-boarding personnel.  REQUIRED CAPABILITIES: The DCSA Enterprise promotes, maintains, and delivers services in safeguarding the organization’s information assets and security posture. Our goal is to protect, secure, and defend information systems, enclaves, and mission as well as stakeholders’ data through cybersecurity, compliance, monitoring, and training.  Describe your company’s experience in evaluating the cybersecurity posture of information systems and providing risk assessments. To include providing guidance to the IS owners on requirements and responsibilities for: Risk Management Framework compliancy at tiers 2 & 3, securing cloud computing environments,  providing cyber policy reviews on security components, documentation, supplemental safeguards, vulnerability compliance with RMF and cybersecurity analysis on IT products.The DCSA Enterprise exists to support the agency’s Information Technology (IT), capabilities, and enterprise infrastructure; therefore, customer support and outreach are our top priorities. Describe your company’s experience supporting others in deploying systems to use enterprise PKI certificates activities in compliance with DoD policies to include individual alternate tokens, mailbox encryption certificates, PKI registration authority & trusted agent services for all classifications, token issuances.The DCSA Enterprise implements, tracks, manages, and reports mandatory compliance IAW DoD 8570.01/8140 Cyber Workforce qualification requirements. Describe your company’s experience with supporting this effort to ensure compliancy with these manuals. The DCSA Enterprise directs and synchronizes actions to detect, analyze, counter, and mitigate cyber threats and vulnerabilities. Describe your company’s experience with implementing capabilities to outmaneuver adversaries taking offensive actions to protect critical missions and to maximize user accessibility and functionality.The DCSA Enterprise is required to maintain and support current and future cyber organizational operations to include various cyber centric technical documents, procedures, and other cyber written artifacts. Describe your company’s experience in developing cyber written artifacts, and/or ensuring the rigorous application of information security/cybersecurity policies, principles, and practices in the delivery of planning and management services are compliant.The DCSA Enterprise provides secure data management services with the ongoing operations, maintenance and administration in data management areas such as data services, data quality, master data management and data definitions.  Describe your company’s experience in the execution of secure data administration and management activities in support of the overall operations of secure enterprise data management.The DCSA Enterprise is required to establish a mature enterprise change, configuration, and risk management program to ensure that all its components are consistent of a product or system’s attributes throughout all classification levels and different enclaves. Describe your company’s experience in developing, maintaining, and executing change, configuration, and risk management operations within cloud, capabilities, and Non-Classified Internet Protocol Router Network (NIPRNet)/ Secret Internet Protocol Router Network (SIPRNet)/ Joint Worldwide Intelligence Communications System (JWICS) enclaves.   SPECIAL REQUIREMENTS Contractor must have Top Secret facility clearanceSOURCES SOUGHT: The anticipated North American Industry Classification System Code (NAICS) for this requirement is 541513- Computer Facilities Management Services, with the corresponding size standard of $30 million dollars.  This Sources Sought Notice is requesting responses only from certified 8(a) companies that can provide the required services under the NAICS Code. To assist DCSA in making a determination regarding the level of participation by 8(a) business in any subsequent procurement that may result from this Sources Sought Notice, you are also encouraged to provide information regarding your plans to use joint venturing (JV) or partnering to meet each of the requirements areas contained herein.  You should provide information on how you would envision your company's areas of expertise and those of any proposed JV/partner would be combined to meet the specific requirements contained in this announcement.SUBMISSION DETAILS: Each responding company must submit their capability statement in the following format: Part I:The coversheet must be submitted in PDF. The coversheet is limited to one (1) page. The following information must be contained on the coversheet:1.  Sources Sought Notice Identification Number;2.  Company name and address;3.  CAGE code, DUNS number;4.  A declaration of the Company’s business size for NAICS code 541513;5.  A declaration of the company’s facility clearance level;6.  A list of the specific contract vehicles which the Company has contracts such as GSA GWACS, GSA MAS, or any other applicable Government contract vehicle; and7.  Company Point(s) of Contact, business title, phone and email address.Part II:The company capability must be submitted in PDF. The company capability is limited to eight (8) pages. The company capability must describe the capabilities of the responding company to perform bullets “1” through “7” within the “Required Capabilities” section of this Sources Sought Notice.**The capability statement (Part I and Part II) must be submitted as one PDF document. The capability statement must contain 11 point Times New Roman or Calibri font. The capability statement must have 1” margins all around.  Do not insert hyperlinks or text boxes within the capability statement.  Neither Hyperlinks nor text boxes will not be read. The capability statement must not be larger than 2 MB.  The capability statement must be submitted in one email.**Vendors who wish to respond to this Sources Sought Notice should send responses via email NLT March 12, 2021, 1:00 PM Eastern Standard Time (EST) to kimberly.l.wright-whitson.civ @mail.mil.  Interested businesses should submit a brief capabilities statement package (no more than nine pages) demonstrating ability to perform the services listed in the Required Capabilities section of this Sources Sought Notice.      Proprietary information and trade secrets, if any, must be clearly marked on all materials.  All information received that is marked Proprietary will be handled accordingly.  Please be advised that all submissions become Government property and will not be returned.  All government and contractor personnel reviewing RFI responses will have signed non-disclosure agreements and understand their responsibility for proper use and protection from unauthorized disclosure of proprietary information as described 41 USC 423.  The Government shall not be held liable for any damages incurred if proprietary information is not properly identified.  DISCLAIMER:THIS SOURCES SOUGHT IS FOR INFORMATIONAL PURPOSES ONLY. THIS IS NOT A REQUEST FOR PROPOSAL.  IT DOES NOT CONSTITUTE A SOLICITATION AND SHALL NOT BE CONSTRUED AS A COMMITMENT BY THE GOVERNMENT.  RESPONSES IN ANY FORM ARE NOT OFFERS AND THE GOVERNMENT IS UNDER NO OBLIGATION TO AWARD A CONTRACT AS A RESULT OF THIS ANNOUNCEMENT.  NO FUNDS ARE AVAILABLE TO PAY FOR PREPARATION OF RESPONSES TO THIS ANNOUNCEMENT.  ANY INFORMATION SUBMITTED BY RESPONDENTS TO THIS TECHNICAL DESCRIPTION IS STRICTLY VOLUNTARY.