15 May 2017

Cyber Security Unity

Type of document: Contract Notice
Country: United States

Cyber Security Unity

Department of Commerce

Official Address:
14th & Constitution Avenue NW
Room 6521 Washington DC 20230

Zip Code:

Fatmata A. Tibbs, Senior Contract Specialist, Phone 2024820577, Email ftibbs@doc.gov – Kirk D. Boykin, Contracting Officer, Phone 2024822292, Email Kboykin@doc.gov


Date Posted:


Contract Description:

Justification/Purpose: The purpose to Cyber Security Unity is to obtain Contractor support in continuous operation and improvement of the current DOC enterprise-wide cyber security governance and oversight program.

Line item description: Cyber Security Unity (CSU) 



This Request for Information/Sources Sought (RFI) synopsis is a tool to perform market research for Department of Commerce’s (DOC) requirement for a Cyber Security solution for the Chief Information Officer (CIO), Office of Cyber Security (OCS).  This is NOT a solicitation for proposals, proposal abstracts, or quotations. The purpose of this RFI is to obtain knowledge and information for project planning purposes and explore alternative solutions while determining industry standards for a Cyber Security solution as described herein.  Upon review of responses received DOC may at its discretion contact one, more than one, all or none of the respondents to obtain additional information necessary to determine respondent capabilities.  Potential respondents are hereby notified that fulfillment of this requirement will require the prime contractor to hold an active Top Secret Sensitive Compartmented Information Facility Clearance (TS/SCI/FCL).


The position of the Chief Information Officer (CIO) was established by the Clinger- Cohen Act of 1996. The CIO implements the provisions of the Clinger-Cohen Act of 1996 and the Paperwork Reduction Act of 1995 regarding the acquisition, management, and use of  information technology (IT) resources; manages Department of Commerce (DOC) compliance with the Computer Security Act of 1987, the Federal Cyber security Management Act (FISMA) of 2002, P.L.107-347, Homeland Security Presidential Directive 7 of December 17, 2003, and implements the Office of Management and Budget Circular A-130, Management of Federal Information Resources. The CIO serves as the principal advisor to the Secretary on information resources and information systems management, and strives to improve the operations and services delivery of DOC’s programs through the effective use of technology.


Among its duties, the Office of the Chief Information Officer (OCIO) directs the following activities:

              Directs the computer security and critical infrastructure protection programs, which ensure the security of DOC systems by assisting operating units in identifying and implementing process controls for their sensitive and critical automated systems.

              Interprets and translates Federal laws, regulations, policies, and guidance to address agency-specific needs and in turn promulgates agency-wide IT policies, directives, and guidance and ensures compliance with those IT policies, directives and guidance. OCIO develops and promulgates the Department’s IT Management Handbook, which serves as a central repository for IT policy and guidance, including guidance and directives related to the sound management of IT Security.


The purpose of this statement of work is to obtain Contractor support in continuous operation and improvement of the current DOC enterprise-wide cyber security governance and oversight program.


The following are a broad set of contractor responsibilities to support the Cyber Security program activities under the Office of Cyber Security (OCS) the estimated requirements for this solution:


•·        Provide Cyber Security Program Management Support

•·        Ensure Cyber Security Documentation is accurate, current, and relevant to DOC

•·        Develop and provide training and outreach regarding security to DOC employees

•·        Effectively manage agency risk by maintaining visibility across the department

•·        Maintain comprehensive situational awareness of the cyber threat landscape as it relates to the DOC bureaus in support of the Department

•·        Reduce cost and optimize agency Security Posture through complexity reduction and automation

•·        Deliver measurable Cyber Security

•·        Define and/or improve DOC’s Cyber Security Services Framework

•·        Effectively communicate with all parties, especially key stakeholders

•·        Improve Regulatory & Policy Alignment

•·        Improve cyber security program business processes

•·        Provide Supply Chain Risk Assessment (SCRA) Support

•·        Provide Security Assessment and Authorization Support


All Respondents must address whether their solution will need to penetrate the DOC’s firewalls.   Section 508 applies to this acquisition.  Capability packages shall address whether or not the solution is Section 508 compliant.


Period of Performance – estimated start in July, 2017 – end date unknown.

Place of Performance:  Washington, DC


Submission Instructions: 

Respondents shall provide a capabilities package (not to exceed 15 pages) demonstrating the above and highlighting any additional capabilities of their products/solution to meet the requirements as described in the draft Performance Work Statement (PWS) included with this RFI.  The capabilities shall include successful efforts by the contractor to provide a similar solution.  Government POCs, with phone numbers and e-mails, shall be given.  Respondent feedback on what portions of the work are amenable to pricing on a Firm Fixed Price basis (e.g., Supply Chain Risk Assessments, Security Authorizations and Assessments, Cyber Security Training, etc.) is requested.  Respondents may also identify what additional details in the PWS may be required in order to propose pricing on a firm fixed price basis for certain tasks.

The government is considering the capabilities and provided information to make a determination on the acquisition strategy.  The selected North American Industry Classification System (NAICS) code is 541519, Other Computer Related Services (size standard – $27.5 million); however, respondents may propose a different NAICS with a succinct description of why that NAICS is more applicable. 


Responses to this synopsis are requested to determine interest and capability to provide a Cyber Security Solution.  Synopsis responses will be evaluated on the basis of demonstrated technical capability and past experience.  Potential offerors are asked to submit capabilities packages indicating the capabilities of their products/solution, and past performance.  The capability package must be clear, concise, complete and submitted to the buying office and contracts specialist listed no later than COB April 21, 2017 at 1500 Hours Eastern Standard Time (EST). 


Your statement of capabilities must include, as a minimum, the following items:  name and address of the firm; business size status (e.g. Small Business, Small Disadvantaged Business, 8(a) Small Business, Women-Owned Small Business, HUBZone Small Business, and/or Service-Disabled Veteran-Owned Small Business) under the applicable NAICS code; year firm established; names of two principals to contact, including title and phone number; company profile to include number of employees, annual revenue history; office locations; Dun & Bradstreet (DUNS) number; and Commercial and Government Entity Code (CAGE). Also included in responses should be verification that the company holds an active Top Secret Sensitive Compartmented Information Facility Clearance (TS/SCI/FCL), the type in accordance with the National Industrial Security Program Operating Manual (NISPOM).


Include pertinent information for on-going contracts completed within the last five years and identify any that were under NAICS code 541519.  Pertinent information is:  name of contracting activity; contract number; contract type; period of performance, total contract value, and total dollar value under the contract that the firm was actually responsible for under this NAICS code; contracting officer’s name and current telephone number, and contracting officer’s technical representative (name and current telephone number).  Please also provide a list of Federal Supply Schedule (FSS) contracts and/or other government wide ordering vehicles the respondent holds under which cyber security support services can be provided.  Responses should reference the following number:  SS171301RFICISO0001. 




This notice does not obligate the Government to award a contract or otherwise pay for the information provided in response. The Government reserves the right to use information provided by respondents for any purpose deemed necessary and legally appropriate. Any organization responding to this notice should ensure that its response is complete and sufficiently detailed. Information provided will be used to assess tradeoffs and alternatives available for the potential requirement and may lead to the development of a solicitation. Respondents are advised that the Government is under no obligation to acknowledge receipt of the information received or provide feedback to respondents with respect to any information submitted.

Any solicitation resulting from the analysis of information obtained will be announced as required under the FAR section used for this procurement.   However, responses to this notice will not be considered adequate responses to a solicitation.

All information contained in the RFI is preliminary as well as subject to modification and is in no way binding on the Government. FAR clause 52.215-3, Request for Information or Solicitation for Planning Purposes is incorporated by reference in this RFI. The Government does not intend to pay for information received in response to this RFI. Responders to this invitation are solely responsible for all expenses associated with responding to this RFI. This RFI will be the basis for collecting information on services available. This RFI is issued solely for information and planning purposes and does not constitute a solicitation. Responses to the RFI will not be returned nor will receipt be confirmed. In accordance with FAR 15.201(e), responses to this RFI are not offers and cannot be accepted by the Government to form a binding contract.

Request for Information or Solicitation for Planning Purposes (Oct 1997)

(a) The Government does not intend to award a contract on the basis of this solicitation or to otherwise pay for the information solicited except as an allowable cost under other contracts as provided in subsection 31.205-18, Bid and proposal costs, of the Federal Acquisition Regulation.

(b) Although “proposal” and “offeror” are used in this Request for Information, your response will be treated as information only. It shall not be used as a proposal.

(c) This solicitation is issued for the purpose of providing comprehensive expert cybersecurity support to the CIO and the Chief Cyber Security Officer (CISO). Please see the attached Performance Work Statement for specific management tasks and performance metrics.

No proprietary, classified, confidential, or sensitive information should be included in your response. The Government reserves the right to use any non-proprietary technical information in any resultant solicitation(s). 

Please submit questions and clarification requests regarding this RFI by April 13, 2017 so that responses can be prepared and posted prior to the RFI response due date.

Point of Contact:
Fatmata A. Tibbs


Telephone Number:  202-482-0577


Response Date:

Sol Number: