OCR of the Document

View the Document >>

Department of Commerce (US), Cyber Security Requirement Questions (attached to Performance Work Statement: DOC Cyber Security Unit (CSU) for DOC Office of the CIO, Office of Cyber Security (OCS), Office of the Secretary),

Cyber Security Requirement Questions Contract Office Qs 1 Which vehicle is being considered for the RFP An Acquisitions strategy has not been determined at this juncture 2 Is DOC planning to use IT 70 Alliant NITAAC or other vehicles An Acquisitions strategy has not been determined at this juncture 3 Is this going to be bid under any specific set aside program An Acquisitions strategy has not been determined at this juncture 4 Will DOC utilize the newly established IT 70 Cyber SINS which are created for such procurements An Acquisitions strategy has not been determined at this juncture 5 Does the Government plan at a later time pre-solicitation to request from industry questions regarding the PWS We are asking for industry questions and comments on the PWS with the posting of this RFI 6 I wanted to see if there’s currently a vendor supporting this work or related to work to it that this is a consolidation of and the corresponding contract number s associated with them Any information you could provide would be greatly appreciated The cybersecurity unity requirements outlined in the PWS reflect a new initiative to augment and streamline delivery of cybersecurity support services within Department of Commerce and there is no incumbent for the overall effort Work related to supporting the cyber security mission however is currently being provided under a number of awards managed by NIH under their NITACC vehicle including orders performed by Attain LLC eMentum LLC and Actionet LLC 7 Based on the holidays and time of year in which resources are out on leave would the government consider extending the RFI submission date to April 28th This was extended until Monday April 24 2017 8 The following was included in the RFI Respondents shall provide a capabilities package not to exceed 15 pages demonstrating the above and highlighting any additional capabilities of their products solution to meet the requirements as described in the draft Performance Work Statement PWS included with this RFI Would the government please clarify if the 15 page limit is only for the capabilities section Yes it is for the capabilities statement however there is a limited amount of time that can be allocated toward the review process of the RFI responses 9 Would the government please clarify if there's a page limit for the following Past Performance list of FSS contracts and Respondent Feedback Yes it is for the capabilities statement however there is a limited amount of time that can be allocated toward the review process of the RFI responses OCIO OSY Office Qs 1 Would you please be able to clarify the following on the Cyber Security Unity Contract In the security clearance section is Government’s intention to have a TS cleared facility The RFI states TS SCI and SCI is generally reserved for people and not facilities A TS facilities clearance is required Access to Top Secret Sensitive Compartmented Information at government locations is required for some of the tasks in the SOW 2 Is there a potential Organizational Conflict of Interest OCI between this requirement to provide “Contractor support in continuous operation and improvement of the current DOC enterprisewide cyber security governance and oversight program” and the recently released 04-03-2017 NOAA National Cyber Security Center NCSC and the Enterprise Operations Center ESOC RFI Yes A vendor that supports DOC-wide cybersecurity policy development and oversight could influence policy that affects which vendors are qualified to provide ESOC services For example a workforce development training policy could be influenced to favor specific certifications that are not commonly held by other vendors 3 Please confirm that the intent of Optional Task Area 6 Cyber Security Operations is to oversee the operation of the Enterprise Security Operations Center ESOC and the intent is NOT to operate the ESOC Confirmed Operations of the ESOC is not within the scope of this SOW ESOC operations are subject to policies procedures strategies and governance provided by OCS This task provides PM support for the ESOC program ESOC operations are provided by the ESOC NCSC contract 4 PWS 3 4 1 states The PM shall have the necessary authority to utilize the company’s resources to assure the work under this task order is accomplished consistent with technical cost and schedule requirements as well as prudent programmatic and technical risk mitigation Given this is a contract that requires cleared personnel with access to classified information we expect network and data storage restrictions Will the PM be able to access resources on the company's network from the PM's work location Will the PM be permitted to bring company resources in electronic file formats to the government-controlled work location No access to classified information and systems is limited to government facilities however access to unclassified resources is not limited to government facilities 5 PWS 3 4 3 4 states 1 The Contractor shall possess a U S Government Top Secret SCI with all 4 caveats clearance Does this clearance refer to proposed personnel If so can the government identify these so we may ensure personnel are compliant with “all 4 caveats” The clearance refers to proposed personnel 6 PWS 3 4 4 refers to Task Area 4 Cyber Security Awareness Training Does the government expect full-time employees working at the government's location to provide this support Or is this an ad hoc periodic task that may be met by company personnel who don't work full-time at the government's location Yes this is a full time requirement 7 PWS 3 4 6 1 e refers to managing the property of the ESOC enclave that is part of NOAAOlOO in accordance with DOC and NOAA property rules Does property refer to the physical location supporting ESOC operations or to electronic equipment integral to ESOC operations Property refers to government-furnished equipment used in ESOC operations 8 PWS 5 0 states the contractor must have and maintain a Facility Clearance FCL approved by the Defense Security Service DSS granted at the Top Secret Yes 9 Level Can the government confirm a company with a DSS granted TS FCL meets the company clearance requirement Yes 10 PWS 5 0 also states The government does not expect the contractor to store any classified information at their facility from work performed on this contract All classified information resulting from work performed on this contract will be stored within government controlled facilities Can the government confirm the TS FCL requirement is only required so a company can provide cleared personnel for this effort Yes 11 PWS 10 0 refers to Key Personnel Can the government confirm whether RFI respondents are required to submit resumes for key personnel And if so for which PWS tasks Yes resumes for key personnel are required for the all the task areas and the sub-task areas including the optional tasks 12 PWS 10 0 additionally appears to require a PMP-certified Program Manager Is this person considered key personnel for the RFI response Yes 13 The period of performance in the RFI is noted as July 2017 however the draft PWS base period of performance is September 2017 through May 2018 Would the government please confirm the estimated base period The base period of performance begins on date of award and lasts for one year The following was included in the RFI Potential respondents are hereby notified that fulfillment of this requirement will require the prime contractor to hold an active Top Secret Sensitive Compartmented Information Facility Clearance TS SCI FCL Section 5 0 Place of Performance of the draft PWS states the following This contract requires the contractor to have and maintain a Facility Clearance FCL approve by the Defense Security Services DSS granted at the Top Secret Level The purpose of this requirement lies in the nature of the work performed as part of this contract The government does not expect the contractor to store any classified information at their facility from work performed on this contract All classified information resulting from work performed on this contract will be stored within government controlled facilities Would the government please confirm if a TS SCI FCL would be required in support of the contract A TS facility clearance is required 14 For the purposed of the RFI response - would the government consider responses from contractors currently maintaining a Top Secret Facility Clearance Yes