Data Normalization, Change and Configuration Management, Analytics, Problem, Incident and Performance Management
Type of document: Contract Notice
Country: United States
Data Normalization, Change and Configuration Management, Analytics, Problem, Incident and Performance Management
Defense Information Systems Agency
P.O. BOX 549 FORT MEADE MD 20755-0549
Daniel Wartell, Email firstname.lastname@example.org – Silvia Molinillo-Corral, Contracting Officer, Email email@example.com
*** The RFI response date has been extended to Friday May 19, 2017. No additional extensions are anticipated. A response to questions received before May 6, 2017 is anticipated to be posted on Thursday May 11, 2017.*****
REQUEST FOR INFORMATION
The Defense Information Systems Agency (DISA)/Operations Mission Support (OCM), Defense Information Technology Contracting Office at Fort Meade is seeking information from industry to assist with the development and planning of a potential new requirement.
THIS IS A REQUEST FOR INFORMATION (RFI) NOTICE ONLY. THIS IS NOT A REQUEST FOR PROPOSALS (RFP). NO SOLICITATION IS AVAILABLE AT THIS TIME.
1. Overview/Purpose/ Description of Procurement:
DISA is seeking a capability that enables using foundational configuration elements to identify and track Risk, Change, Configuration and Asset Management changes, analytics, problems/incidents and gauge performance across the DoD Information Network (DoDIN).
Currently, database elements are not interfaced and normalized to a standard data element format. This prevents synchronized processes and tools needed to coordinate IT maintenance to include but not limited to: Risk, Change, Configuration and Asset Management changes, authorized outages, Analytics, Problem/Incident and Degradation of Performance with Mission Partners, and Information Assurance (IA) operations that would detect unauthorized changes or anomalies in order to protect the DoDIN.
DISA is seeking to establish an Agency-Wide process that is fully integrated with automated tools for an optimized combination of governance and tool capabilities. This will require the delivery of authoritative data supporting key processes such as Performance, Incident, Problem, Change and Configuration Management. It will also require a standardized data warehouse that is fed with raw asset data collected from all available DISA discovery tools.
2. Scope of Effort:
Describe a solution that will format and standardize configuration item data (Normalization/Rationalization) for the entire Agency on all domains, i.e. Non-Secure and Secure Internet Protocol Router Networks (NIPRNet, SIPRNet). This solution shall provide data normalization warehouse-like capability that supports Business Intelligence (BI) decisions for Analytics, Performance, Incident, Problem, Change and Configuration Management. This solution shall combine with data science methods, providing insights and actionable information for supported customers.
DISA requires a solution that will simplify and improve software and hardware license tracking and reconciliation. This shall be done IAW Office of Management and Budget (OMB) memorandum dated 2 June 2016.
Provide regularly updated, non-discoverable data ingestion capability that will enrich configuration item data elements, using industry-standard naming and format conventions that eliminate redundant or inaccurate configuration items. Provide data attribute integration and support that enables service mapping across all infrastructure levels.
The Vendor shall illustrate the comprehensive data capability that will have the ability to clean, validate, match, merge, view, manage, relate and audit the data record in the new normalized data structure.
Provide management solutions in order to enhance and track performance, prevent problems and recurring incidents, impact assessments and mitigation methods. A problem is defined as a cause of one or more incidents. Contractor shall provide information on how to process raw inventory data from software discovery tools which should produce normalized software inventory reports with limited or no redundancy for each end item.
3. Technical Characteristics:
a. Product shall be accessible through web services and permit Secure Socket Layer (SSL) connections;
b. Product shall also provide accessibility through commercial architecture tools;
c. Product shall provide Graphical User Interface (GUI) for user operations and administration;
d. Product shall support access and operations by multiple simultaneous users;
e. Shall provide the ability to add and remove users;
f. Shall support hosting on environments with stand-alone, multiple or shared server databases configurations;
g. Shall provide configurable role based access controls;
h. Access controls shall be configurable to separately authorize a user to read, write and/or delete permissions;
i. Shall support Common Access Card (CAC) authentication;
j. Shall support National Institute of Standards and Technology (NIST) approved commercial encryption for storage of for official use only data;
k. Shall support NIST approved Risk Management techniques;
l. Product shall be currently used by a Federal/DoD organization or meet DoD level security standards required for security accreditation;
m. Product vendor shall provide installation support and product training services;
n. Support or be capable of supporting Section 508 compliance
o. Provision all licenses required to install and configure any software tool that will be used for this effort.
ADDITIONAL FUNCTIONAL CHARACTERISTICS
A. Product vendor shall have Original Equipment Manufacturer (OEM) agreements in place with commercial IT software and hardware product vendors to ensure tool provides accurate vendor product information. Vendor products must:
a. Identify entries as hardware or software;
b. Utilize DoD standard naming convention(s) for listing OEM vendor products;
c. Provide capability to identify hardware by model numbers and serial number
d. Provide list of current and previous software versions and releases;
e. Must have common applets to provide seamless data transfer
f. Provide the ability to correlate current vendor product information with any former or future vendor or product names and versions;
g. Identify bundle software products and provide breakdown of software components that are included as part of the bundled software;
h. Provide end-of-life, end-of-extended life and end-of-support information for software products.
i. Include latest product information (e.g., version and release) for to-be released software (when published by the OEM vendor);
j. Associate OEM software products with functional use categories (e.g., network, database, servers, security, etc.) supported by the software vendors;
B. Provide narrative description of OEM vendor products and functions sufficient enough to support application software rationalization
1. Support common interfaces to commercial software and hardware discovery tools;
C. Provide capability to import and export data, documents and/or files.
a. Import shall support automated and standard Comma Separated Value (CSV) and excel feeds;
b. Data exports shall support CSV files and Microsoft Office file formats;
c. Exports shall support out of the box and user defined layouts;
D. Provide capability to associate software and hardware with legacy, current and future Government defined systems;
E. Provide capability to associate vendor license agreements with software and hardware;
F. Provide capability to input hardware and/or software costs with OEM vendor products and provide summary of software costs based on licenses and quantities derived from discovery tools;
G. Include periodic updates to include new OEM vendor product information, support new functionality, provide fixes to address security vulnerabilities;
H. Provide capability to search for hardware and software products;
I. Provide the ability to designate vendor hardware or software products as approved or not approved;
J. Provide the ability to designate hardware products as fixed or mobile;
K. Provide an archive capability for previously approved products; and
L. Provide graphics display for visualization and summary reports
4. Requested Information:
a. Business Information
i. Business Name
ii. Business Address
iii. Commercial And Government Entity (CAGE) code
iv. Business Size
v. Name and title of company representative
b. Does industry have an existing system (software/database/or combination thereof) solution available that encompasses the scope of DISA’s potential requirement?
i. If so, please describe how this solution is provided to commercial businesses and/or government agencies.
1. If provided to Government agencies, please provide Government points of contact and contract numbers.
2. If provided to commercial businesses, please provide information regarding cost structure
c. If an existing system provides only a portion of the DISA potential requirement, what modifications would be necessary in order to fulfill DISA’s requirement?
i. What are the average timelines needed to modify the vendors existing system to meet DISA’s potential requirement?
ii. What are the average costs to modify the vendors existing system to meet DISA’s potential requirement?
iii. Does the vendor have experience modifying their current system? If so, how much experience in terms of years of experience and number of projects?
d. If an existing solution is not currently available for DISA’s potential requirement, how would the vendor fulfill DISA’s potential requirement?
e. Review draft Performance Work Statement (PWS) and please provide
comments/recommendations with insight to recommendation for improvement.
i. How would industry provide this capability as one requirement?
ii. If not one requirement, how would industry provide as a combination of capabilities?
Interested parties are requested to respond to this Request for Information with a white paper. Submissions cannot exceed 20-pages (not including cover page and
executive summary page), single spaced, 12-point type with at least one-inch margins on 8 1/2″ X 11″ page size. The response should not exceed a 2 MB e-mail limit for all items associated with the RFI response. Responses must specifically describe the contractor’s capability to meet the requirements outlined in this RFI. Oral communications are not permissible.
Companies who wish to respond to this RFI should send responses via email no later than 5PM Eastern Time May 19, 2017 to firstname.lastname@example.org and email@example.com.
DISA representatives may choose to meet with potential offerors and hold one-on-one discussions. Such discussions would only be intended to obtain further clarification of potential capability to meet the requirements, including any development and certification risks.
Questions regarding this announcement shall be submitted in writing by e-mail to firstname.lastname@example.org or email@example.com. Verbal questions will NOT be accepted. Answers to questions will be posted to FBO. The Government does not guarantee that questions received after 5PM Eastern Time on May 5, 2017 will be answered. The Government will not reimburse companies for any costs associated with the submissions of their responses
This RFI is not a Request for Proposal (RFP) and is not to be construed as a commitment by the Government to issue a solicitation or ultimately award a contract. Responses will not be considered as proposals nor will any award be made as a result of this synopsis.
All information contained in the RFI is preliminary as well as subject to modification and is in no way binding on the Government. The Government will not pay for information received in response to this RFI. Responders to this invitation are solely responsible for all expenses associated with responding to this RFI. This RFI will be the basis for collecting information on capabilities available. This RFI is issued solely for information and planning purposes. Proprietary information and trade secrets, if any, must be clearly marked on all materials. All information received in this RFI that is marked “Proprietary” will be handled accordingly. Please be advised that all submissions become Government property and will not be returned nor will receipt be confirmed. In accordance with FAR 15.201(e), responses to this RFI are not offers and cannot be accepted by the Government to form a binding contract.