21 Mar 2017

50th Space Wing (50 SW) Cybersecurity and Defensive Cyberspace Operations (DCO) for 50 SW Space Mission Systems

Type of document: Contract Notice
Country: United States

50th Space Wing (50 SW) Cybersecurity and Defensive Cyberspace Operations (DCO) for 50 SW Space Mission Systems

Department of the Air Force

Official Address:
210 Falcon Parkway STE 2116 Schriever AFB CO 80912-2116

Zip Code:

Stephen R. Cooper, Contracting Officer, Phone (719) 567-3831, Fax (719) 567-3153, Email stephen.cooper.1@us.af.mil


Date Posted:


Contract Description:
This RFI is to conduct market research to assess industry capability for the Cybersecurity and Defensive Cyberspace Operations (DCO) for 50 SW Space Mission Systems to enable protection, detection, response, and sustainment of 50th Space Wing cyber defense missions. Responses to this RFI will be used for acquisition planning for a planned acquisition.

Note: 50 SW Space Mission Systems are distinct from general purpose communications systems such as the NIPRNet and the SIPRNet; the subject of this acquisition is Cybersecurity and DCO for 50 SW Space Mission Systems. In addition to 50 SW Space Mission Systems, other Space Mission Systems, which are operated by 50 SW tenant organizations, might be included in the planned acquisition. 50 SW Space Mission Systems include multiple Geographically Separated Units (GSUs) worldwide; however, services are contemplated for performance at Schriever AFB, Colorado (although it is possible services might also be performed at several additional CONUS locations). Interested contractors are invited to submit a Capability Statement addressing their ability to satisfy the requirements described in this RFI.

This RFI is also to conduct market research to assess the suitability of the acquisition for a Small Business Set Aside.

A Phase-In and Base Contract Period totaling one year, and up to four priced Options of one year each, are currently being considered; however, at this point, no acquisition strategy decisions have been made.

Security Clearance Level: Top Secret for most or all positions performing direct contract support or management; SCI access also required.

This RFI is not a solicitation or Request for Proposal (RFP) and the government reserves the right not to issue any solicitation or RFP for the possible acquisition identified in this notice; no proposals are requested at this time. Any response to this RFI is voluntary and the government will not pay for any response submitted. This RFI should not be considered a commitment on the part of the government to award a contract; the government will not be liable for any costs incurred in anticipation of a contract. Any additional RFI(s) for the subject of this RFI will be announced on the FBO website. Not responding to this RFI does not preclude a firm from participation in any future RFP. All responses to this RFI will be kept by the government.

If your firm considers its capability information to be proprietary it should be identified as such. No proprietary suggestions or concepts or other information considered to be a trade secret should be included in response to this RFI since the government may choose to use any suggestions submitted to improve the planned acquisition.

All responsible sources may submit a response to this RFI. Responses submitted by debarred or suspended business entities or persons will not be considered.

Submit responses to this RFI to:

Stephen Cooper
Contracting Officer

50th Contracting Squadron
210 Falcon Parkway Suite 2116
Schriever AFB CO 80912-2116

All responses to this notice are due no later than 1600 (4:00 PM) local Mountain Daylight Time (MDT) on Wednesday, 29 Mar 2017. All responses should follow the following format:

Electronic submission only by e-mail.
File format: PDF, usable by Adobe Acrobat XI, or MS Word, usable by MS Word 2013.
Pages: 15 page limit.
Page format: Portrait or Landscape orientation; file may include both.
Page size: Standard 8.5 x 11 inch pages with one inch margins on all sides.
Font size: Minimum size is Microsoft Arial 12 or equivalent.
Classification of submission: All information submitted MUST be Unclassified.

Air Force Federal Acquisition Regulation (FAR) Supplement 5352.201-9101 Ombudsman (Jun 2016)

(a) An ombudsman has been appointed to hear and facilitate the resolution of concerns from offerors, potential offerors, and others for this acquisition. When requested, the ombudsman will maintain strict confidentiality as to the source of the concern. The existence of the ombudsman does not affect the authority of the program manager, contracting officer, or source selection official. Further, the ombudsman does not participate in the evaluation of proposals, the source selection process, or the adjudication of protests or formal contract disputes. The ombudsman may refer the interested party to another official who can resolve the concern.

(b) Before consulting with an ombudsman, interested parties must first address their concerns, issues, disagreements, and/or recommendations to the contracting officer for resolution. Consulting an ombudsman does not alter or postpone the timelines for any other processes (e.g., agency level bid protests, GAO bid protests, requests for debriefings, employee-employer actions, contests of OMB Circular A-76 competition performance decisions).

(c) If resolution cannot be made by the contracting officer, the interested party may contact the ombudsman, AFICA/OL-SPC Director of Contracting, 150 Vandenberg Street, Peterson AFB CO 80914, (P) 719-554-5300, (F) 719-554-5299, afica.ks.wf@us.af.mil. Concerns, issues, disagreements, and recommendations that cannot be resolved at the Center/MAJCOM/DRU/SMC ombudsman level, may be brought by the interested party for further consideration to the Air Force ombudsman, Associate Deputy Assistant Secretary (ADAS) (Contracting), SAF/AQC, 1060 Air Force Pentagon, Washington DC 20330-1060, phone number (571) 256-2395, facsimile number (571) 256-2431.

(d) The ombudsman has no authority to render a decision that binds the agency.

(e) Do not contact the ombudsman to request copies of the solicitation, verify offer due date, or clarify technical requirements. Such inquiries shall be directed to the Contracting Officer.

(End of clause)

Responses to this RFI.

A. Responses should include the following information:

  1. Name, mailing address, phone number, company website, and e-mail of designated point(s) of contact for firm.

  2. Name of firm, applicable DUNS Number and applicable CAGE Code.

  3. Does your firm currently have Defense Security Service (DSS) Top Secret facility security clearance? (Yes or No)

B. As part of your firm’s Capability Statement, please provide responses to the following questions.

  1. Does your firm have buildup or sustainment of Cybersecurity Service Provider (CSSP) (Tier 2) experience?

  2. What level of experience does your firm have with Security Information and Event Management (SIEM) tools?

  3. Provide your company’s experience managing Host Based Security Systems (HBSS) or other end point protection applications.

C. In addition to the Capability Statement, respondents are requested to provide recommendations or suggestions to improve the draft Cybersecurity and DCO Performance Requirements identified within this RFI. Do not submit any recommendations or suggestions which your firm considers to be proprietary; the government will consider any recommendations or suggestions provided in response to this RFI to be freely available for government use to improve its Cybersecurity and DCO Performance Requirements.

D. Small Business firms, and/or Small Disadvantaged Business firms, are encouraged to submit a response to this RFI. The 2017 NAICS code for this RFI is 541519 — Other Computer Related Services. Description: This U.S. industry comprises establishments primarily engaged in providing computer related services (except custom programming, systems integration design, and facilities management services). Establishments providing computer disaster recovery services or software installation services are included in this industry. The Small Business Administration (SBA) size standard for NAICS 541519 is $27.5M.

Small Business and Small Disadvantaged Business firms are requested to provide the following information in addition to the RFI response, which is excluded from the page limit identified in this RFI. Based on NAICS Code 541519, Other Computer Related Services, and considering that a Small Business set-aside for a service contract requires at least 50 percent of the cost of contract performance incurred for personnel shall be expended for employees of the concern, would your firm be eligible as a:

Small Business? (Yes, No or More Information Required to Answer)
Small Disadvantaged Business? (Yes, No or More Information Required to Answer)
8(a) Small Disadvantage Business? (Yes, No or More Information Required to Answer)
Woman Owned Small Business? (Yes, No or More Information Required to Answer)
Veteran Owned Small Business? (Yes, No or More Information Required to Answer)
Service Disabled Veteran Owned Small Business? (Yes, No or More Information Required to Answer)
HUBZone Small Business? (Yes, No or More Information Required to Answer)

Cybersecurity and DCO Performance Requirements (Draft)

The Cybersecurity and DCO support envisioned under this RFI is primarily focused on ground segment architecture for space mission systems. This RFI also implements policies outlined in Department of Defense Instruction 8530.01, Cybersecurity Activities Support to DoD Information Network Operations; and DoD Cybersecurity Services Evaluator Scoring Metrics (ESM) v9.2. The requirements of Cybersecurity and DCO support is separated into the following areas:

1.0 Architecture development support

1.1 Leverage existing efforts (for example, DCO policy implementation) to support program office development of a standardized DCO framework for ground segment architecture for space mission systems.

1.2 Produce ground segment architecture for space mission systems products on cybersecurity data flows/usage and transactions.

1.3 Provide analysis and support for cybersecurity engineering and architecture for the ground segment for space mission systems.

1.3.1 Recommend mechanisms to re-architect ground segment architecture for space mission systems to improve cyber resiliency.

1.3.2 Recommend generational improvements to Information Technology (IT) systems used to support ground segment architecture for space mission systems.

1.3.3 Recommend mitigations to cybersecurity and IT performance issues with space mission systems.

2.0 Technical Evaluation and Assistance

2.1 Evaluate ground segment architecture for space mission system assets against the DoD DCO framework and advanced cyber operations best practices.

2.2 Evaluate the existing environments with focus on current DCO tool suites, intrusion technologies and continuous defense monitoring.

2.3 Analyze current and future Government-Off-The-Shelf (GOTS) and Commercial-Off-The-Shelf (COTS) Operating System (OS) tools and equipment to enable ground segment architecture for space mission systems Command and Control (C2) to operate technology systems that are resilient to cyber threats. OS tools and equipment include, but are not limited to, Solaris, Windows, Oracle, and SPARC architecture.

2.4 Assist in development of metrics to monitor cybersecurity status.

3.0 Defensive Cyberspace Operations Improvements

3.1 Develop a roadmap to rapidly migrate ground segment architecture for space mission systems to DCO-aligned operations for strong network defense.

3.1.1 Monitor progress and take action to comply with applicable cybersecurity and DCO direction and policy.

3.1.2 Support development of ground segment architecture for space mission systems and update Tactics, Techniques, and Procedures (TTPs) and Standard Operating Procedures (SOPs) to conduct Defensive Cyber Operations.

3.1.3 Assist in the development of Concept of Operations (CONOPS) and related policy documentation conducive to operation of assets in a cyber contested environment.

3.2 Support DCO structure development to include staffing, required skills, required capabilities, automation, and tools required to execute DCO on ground segment architecture for space mission systems networks.

3.2.1 Assist in enabling ground segment architecture for space mission systems to move from compliance-based risk management to data-driven risk management, providing operators with information necessary to support risk response decisions, security status information, and ongoing insight into security control effectiveness.

3.3 Support Defensive Cyber Protection Efforts (PROTECT):

3.3.1 Provide support to the responsible organization conducting Vulnerability Assessment and Analysis (VAA) activities including network discovery, network and host vulnerability scanning, intrusion/penetration testing, insider threat assessments, operational exercises, and compliance inspections to identify vulnerabilities and assess whether Department of Defense Information Network (DoDIN) assets conform to specific security objectives.

3.3.2 Provide support to the responsible organization conducting Vulnerability Management activities in order to maintain Information Technology (IT) asset inventory (hardware and software), patch and configuration management, security configuration compliance status, and implementation of cyber vulnerability tasking orders and alerts.

3.3.3 Conduct vulnerability trend analysis from vulnerability scans and communicate trend analysis results to leadership.

3.3.4 Conduct Malware Protection activities including monitoring network and/or host-based security, malware incidents, and malware detection signature currency.

3.3.5 Assess mission critical services and recommend Information Condition (INFOCON), Cyber Protection Condition (CPCON) level changes and resiliency methods.

3.3.6 Provide support to mission system program offices to harden networks and improve existing DCO capabilities.

3.3.7 Provide on-the-job technical guidance to government DCO operators to improve technical abilities.

3.4 Support Defense Cyber Detection Efforts (DETECT):

3.4.1 Conduct 24/7 continuous monitoring operations to enable visibility of network assets utilizing a combination of active and passive situational awareness tools at various levels in the architecture.

3.4.2 Monitor ground segment architecture for space mission systems for detection of cyber events/issues; report cyber security events and anomalies; correlate threat and vulnerability data to provide analysis and recommendations of actions to mitigate/remediate issues on affected systems.

3.4.3 Maintain awareness of network traffic conditions, performance and bandwidth indicators, anomaly alerts, unauthorized activity, audit logs, and any on-going cyber event or incident.

3.4.4 Present and deliver relevant intrusion analysis and correlation information to enable Government operations and sustainment decisions.

3.4.5 Work with designated Tier 2 (Regional/Theater) cybersecurity service provider to improve cybersecurity. This includes all levels, but are not limited to: monitoring, advising, integrating and implementing actions to mitigate cyber threats.

3.4.6 Support cyber incident handling operations to minimize potential loss and destruction, mitigation of weaknesses that were exploited, and restoration of ground segment architecture for space mission systems services.

3.4.7 Support warning intelligence/attack sensing and warning operations across ground segment architecture for space mission systems to maintain situational awareness and correlation of notifications/threat data from the intelligence community.

3.4.8 Implement a proactive cyber defense posture and conduct mission impact/remediation assessments based on threat data.

3.4.9 Support development of countermeasures to respond to or mitigate cyber events.

3.4.10 Provide on-the-job technical guidance to government DCO operators to improve technical abilities.

3.5 Support Defensive Cyber Response Efforts (RESPOND):

3.5.1 Analyze events, notify critical personnel, conduct mission impact assessments, report incidents and track progression, recommend and implement countermeasures and monitor their effectiveness.

3.5.2 Document forensic data and provide operations support to prevent further damage and coordinate response with leadership, operators, and Tier 2 (Regional/Theater) cybersecurity provider.

3.5.3 Prepare after action reports of cyber incidents, track open mitigation procedures, conduct trend analysis, and maintain a database of cyber events.

3.5.4 Provide on-the-job technical guidance to government DCO operators to improve technical abilities.

3.5.5 Provide a 24/7 on-call response in the event an incident is discovered and requires mitigation.

3.6 Support Cyber Sustainment Efforts (SUSTAIN):

3.6.1 Provide recommendations for monitoring and improvement measures in order to sustain cybersecurity operations year-to-year.

3.6.2 Provide recommendation on workforce plans to include scope of work, level of effort, position descriptions, functional roles and responsibilities, required security clearance, and training and certification requirements.

3.6.3 Provide recommendations and technical means to tune DCO tools.

3.6.4 Provide support in training material development.

3.6.5 Provide on-the-job technical guidance to government DCO operators to improve technical abilities.


Response Date:

Sol Number: