Network Integration Testbed (NIT) Cybersecurity Sustainment
Type of document: Contract Notice
Country: United States
Network Integration Testbed (NIT) Cybersecurity Sustainment
Government Publishing Office
P.O. BOX 12798 Ft. Huachuca AZ 85670-2798
Maria R. Elemia, Contracting Officer, Phone 520-538-4237, Email email@example.com
Multiple Award Schedule/Multiple Award Contract (MAC)
Orders under MAC/ Fair Opportunity – FAR 16.505, Department of Defense FAR Supplement (DFARS) 216.505-70, Procedures, Guidance and Information (PGI) 216.505-70
Purchase Request Number: 4TB10-11 Contract Number: HC1028-12-D-0026
Task/Delivery Order Number: HC10281FF0372
Procurement Title: Network Integration Testbed (NIT) Cybersecurity Sustainment. Estimated Value: REDACTED
Authority: FAR [16.505(b)(2)(i)(C)]
JUSTIFICATION FOR AN EXCEPTION TO FAIR OPPORTUNITY
Upon the basis of the following justification, I, as the Contracting Officer, hereby approve this exception to fair opportunity pursuant to the authority of FAR [16.505(b)(2)(i)(C)].
•1. REQUIRING AGENCY AND CONTRACTING OFFICE: Requesting Agency:
DISA Joint Interoperability Test Command (JITC) 200I Brainard Road, Building 57305
Fort Huachuca, Arizona, 85670
DISA/Defense Information Technology Contracting Organization (DITCO) PL8332 2300 East Drive, Building 3600
Scott Air Force Base, Illinois, 62225
•2. NATURE/DESCRIPTION OF ACTION(S): The nature of this action is a cost-plus- fixed-fee (CPFF) task order (TO) against the Testing and Evaluation (T&E) Multiple Support Services (MSS) indefinite-delivery/indefinite-quantity (ID/IQ) contract held by MANTECH ADVANCED SYSTEMS INTERNATIONAL Task Order to sustaincritical Department of Defense Information Network (DODIN) systems, support pending scheduled comprehensive security assessments and to ensure the persistent and fundamental tasking required to sustain the JITC Authorizations to Operate (ATO) scheduled to expire March 22, 2018. Because of the critical nature of the support provided by this Task Order, continuous support to this Task Order must be maintained. JITC supports approximately 350 Certifications and Assessments and 140 Unified Capability evaluations annually. During the period of performance, JITC has in excess of 20 certifications and assessments and 5 key Unified Capability evaluations across all divisions at Fort Huachuca. Additionally, current personnel are comprised of highly experienced workers with irreplaceable institutional knowledge and experience, theloss
of which would, at this time, directly result in JITC mission failure, testing failure and loss of JITC ATO, rendering JITC unable to pursue future missions and/or tests. These mission failures would further entail a loss of funds in excess of $1.5 Million due to the testbed operations branch inability to provide the testbed backbone required to support this testing. The Joint Interoperability Test Command (JITC) Fort Huachuca, AZ is a Major Range and Test Facility Base (MRTFB) as a DoD CIO/Defense Information Systems Agency Activity defined within DoD Directive 3200.11. This task is mission funded and supports directly the JITC Fort Huachuca, AZ MRTFB Activity.
The follow- on task order will include an approximate level of effort of REDACTED labor hours. The required PoP is March 5,2018 to July 4, 2018. This effort is funded with 2018 RDT&E funds.
•3. DESCRIPTION OF SUPPLIES/SERVICES: This action will ensure the continued and persistent sustainment of critical Department of Defense Information Network (DODIN), Cybersecurity systems, network distribution infrastructure and computing resources utilized at JITC Fort Huachuca, AZ. These systems must remain active in order to be compliant with standing Department of Defense (DoD) Directives, Security Technical Implementation Guides (STIG) / Security Requirements Guides (SRG), Cybersecurity Operational Tasking Orders and Information Assurance Vulnerability Management (IAVM). This action will also assure continuity of support to the pending scheduled Comprehensive Security Assessment that will determine the continuation of the JITC Fort Huachuca Authorizations to Operate (ATO) that expires March 22, 2018. This action will ensure an orderly Risk Management Framework (RMF) process that supports the continuation of the JITC Authority to Operate, without which JITC will become mission-incapable.
Critical systems, platforms and applications that will be sustained under this action are the JITC hosted ePolicy Orchestrator (ePO), which provides efficient and dynamic policy enforcement of the Host Based Security Systems (HBSS) and Host Intrusion Protection System (HIPS). The ePO platform provides mandatory policy enforcement to all JITC test zones and enclaves and assures the baseline configuration of any system remains configured within the scope of a defined security baseline. This system is critical to the RMF process as a primary compliance reporting tool that provides roll-up information to
U.S. Cyber Command. LOGRYTHM is the Security Information & Event Management (SIEM) platform and is a required system recently added to support the JITC Cybersecurity environment. It provides detection, response, analysis and neutralization of internal and external Cybersecurity threats. The system design and policy implementation is complex and in the initial stages. Execution of a sole-source action will ensure that this critical platform is sustained, keeping JITC within security compliance regulations and further permitting JITC to execute test missions. BMC Remedy IT Service Management (ITSM) is another crucial system that JITC relies to provide timely configuration management, change management and service management to multiple divisions. This action will continue system administration and technical support to assure the continuity of sustainment for compelling evidence this system provides in support of the RMF process and sustainment of the JITC ATO.
Other crucial support defined within the existing Task Order will continue to the extent necessary to support scheduled testing and MRTFB resource sustainment in order to remain comprehensively compliant with Department of Defense (DoD) Directives, Security Technical Implementation Guides (STIG) / Security Requirements Guides (SRG), Cybersecurity Operational and Tasking Orders and Information Assurance Vulnerability Management (IAVM) so as to remain operational and avoid any system shut-down. Day-to-Day operations that encompass the system and network monitoring, analysis, response and change management activity will also continue, alongside systems and network administration of all switching, routing, and computing resources assigned to the Network Integrated Testbed. The Test Enclave and Infrastructure support neededto provide engineering review and implementation support to provide for customer support of any system requiring integration into any distributed network or JITC Test Enclave will also be maintained
•4. SUPPORTING RATIONALE, INCLUDING A DEMONSTRATION THAT THE PROPOSED CONTRACTOR’S UNIQUE QUALIFICATIONS OR THE
NATURE OF THE ACQUISITION REQUIRES USE OF AN EXCEPTION TO FAIR OPPORTUNITY:
•(a) Exception to Fair Opportunity. The order must be issued on a sole-source basis in the interest of economy and efficiency because it is a logical follow-on to an order already issued under the contract, provided that all awardees were given a fair opportunity to be considered for the original order.
•(b) Description of the Justification. This action requires the authority cited, as the period of performance of the task order will expire prior to completion of RMF Assessment and Accreditation activities that lead to the ATO and this action will provide support. The current contractor for this task, MANTECH ADVANCED SYSTEMS INTERNATIONAL, has the certification, training and expertise to assure these systems remain compliant and operational in order to support the continued operation of JITC MRTFB and Cybersecurity resources, and is able to support the pending comprehensive security assessment (CSA) that is scheduledto evaluate Cybersecurity posture for continuation the JITC ATO. Transitioning to a new contractor will halt the issuance of the JITC ATO, rendering the organization mission-incapable.
•(1) Minimum Government requirements. JITC requires persistent and undisrupted sustainment of the DODIN resources, Cybersecurity platforms, systems and networks encompassed in this action or risk the shut-down of systems connected to the DODIN networks. Privileged user access is required to support the Cybersecurity systems and networks encompassed in this action. Onboarding new personnel IAW DoDI 8570.01-M requires approximately 4 to 6 weeks to validate personnel certifications, conduct required local training
and issue appointment letters signed, and routed to the ISSM for specific identification of tasking and privileges specific to the systems to be supported. To assure sustainment of the existing Cybersecurity, network and computing systems and to provide cognizant support the pending CSA scheduled to commence in support of the reaccreditation and issuance of the JITC ATO it is considered advantageous to continue the support provided by MANTECH ADVANCED SYSTEMS INTERNATIONAL
•(2) Proposed sole source contractor. MANTECH ADVANCED SYSTEMS INTERNATIONAL (ManTech) is the source of consideration given they currently support the requirements of this action as the incumbent. Continuing performance with the current contractor provides the government substantial benefit as the work is an extension of work being performed. Substituting contractors for the period of this action would be detrimental the work supporting the JITC accreditation due to system sustainment short-falls creating unnecessary delays and increasing costs associated withonboarding.
•(3) Discussion regarding cause of the sole source situation. The competitive submission for a short-term task order to support the entirety of the classified and unclassified network for computing and Cybersecurity platforms that comprise the JITC MRTFB is not practical and the potential to have an interruption in sustainment support would result in the requirement for a shut- down of JITC systems, creating a situation catastrophic to perpetuating or renewing the JITC ATO. This action will provide additional time with the incumbent to ensure that the required level of sustainment to critical systems and the support of the CSA will be provided and assure the successfulrenewal of the JITC ATO.
•(4) Demonstration of unique source. Continuation of this activity with ManTech as the unique source as the incumbent will have the effect of assuring that critical systems and Cybersecurity processes continue unfettered and that DODIN and MRTFB resources continue to operate without suspension. Suspension of these resources would have the effect to the JITC test labs losing the inherited controls under RMF and impact the support to the various DISA and other Military Departments (MILDEP) Program Managers due to delay of respective test and acquisition schedules. ManTech will be the best source of assuring a comprehensive transition of this activity and will also ensure critical support is sustained for the comprehensive securityassessments scheduled by the High Performance Computing Management Office (HPCMO) and the DISA Authorizing Official (AO) that will be evaluated for renewal of the JITC ATO. Without the renewal of the JITC ATO all operational DODIN networks and services that support JITC will require suspension pending resolution of critical findings or processing of waivers pending resolution;
•(5) Procurement discussion. Persistent sustainment of DODIN and Cybersecurity systems is mandatory to avoid shut-down of JITC systems supporting the JITC MRTFB Activity. This action will provide the mandatory sustainment for the systems supporting the JITC MRTFB activity and will provide the expertise and comprehensive knowledge needed to support to pending CSA that will require support beyond the current period of performance of the incumbent task order as well as support the ultimate transition to the TEC contract and any other actions necessary to assure the JITC ATO renewal.
•(6) Impact. Any gap in sustainment of the JITC MRTFB Activity and the DODIN resources employed will impact the JITC ATO renewal and require these systems be shut-down, rendering JITC non-mission capable during the shutdown period and incurring expenses at JITC in the area of REDACTED.
•5. COST/PRICE FAIR AND REASONABLE DETERMINATION: During source selection of solicitation number HC1028-12-D-002-0064, a cost/price evaluation was conducted in accordance with FAR 15.404. The contract prices were determined tobe reasonable. The proposed cost/prices for the extension will be compared to the current contract prices as well as the Independent Government Estimate in order to determine fair and reasonableness in accordance with FAR
•6. MARKET RESEARCH: In accordance with FAR Part 10.002, market research has been conducted to identify all qualified sources and results thereof. The initial research was completed from 2012 to 2013 at the basic Test and Evaluation Mission Support Services (T&E MSS) contract level, and annually thereafter at the task order level in accordance with FAR 10.002(b)(1). The formal market analysis included review of contractors found on General Services Administration (GSA) Schedule 70, and analysis of historical contract costs. As a result of the review, it was determined that the only way to avoid the loss of invested resources and additional costs to the Government is to modify the existing task order to accomplish this expanded effort this is within scope of the original PWS. Market research has always identified that all prime T&E MSS contractors can complete the scope of work; however, ManTech competitively won this task order award and is the only contractor that can complete the work within the requirement timelines mentioned above.
•7. ANY OTHER SUPPORTING FACTS: N/A
•8. ACTIONS THE AGENCY MAY TAKE TO REMOVE OR OVERCOME BARRIERS THAT LED TO THE EXCEPTION TO FAIR OPPORTUNITY:
•(a) Procurement History.
Contract Number: HC1028-12-D-0026-0064
Contractor: MANTECH ADVANCED SYSTEMS INTERNATIONAL
Contract Period: March 1, 2013 -February 28, 2018
Total Contract Value: REDACTED (original TEP; Base + all options) Contract Type: CPFF
Objective: The purpose of this tasking is to provide support for the MRTFB Activity resources at JITC Fort Huachuca, AZ to provide the continued and undisrupted sustainment of the DODIN resources and Cybersecurity platforms leveraged to sustain the JITC ATO.
•(b) No related prior award was accomplished with the need for a brand-name exception to fair opportunity, limited-sources, and/or any other exception to full and open competition justification.
•9. REFERENCE TO THE APPROVED ACQUISITION PLAN (AP): In accordance with the exceptions under DISA Acquisition Regulations Supplement 7.103 (S- 91)(1)(viii), an AP is not required.