Cybersecurity Compliance and Risk Management   3

October 7, 2022 - Response to Questions: Provided as an attachment, in the PIEE Solicitation System, is our response to additional questions submitted in regards to this solicitation. Please visit PIEE for all documents associated with this solicitation.

September 16, 2022 - Response to Questions: Provided as an attachment, in the PIEE Solicitation System, is our response to additional questions submitted in regards to this solicitation. Please visit PIEE for all documents associated with this solicitation.

September 2, 2022, Amendment 0002, HQ0858-22-R-0009: The MDA is issuing this amendment to update the proposal due date to 5:00 pm central time on October 18, 2022; update NAICS Code from 541519 to 541330; incorporate an updated Attachment J-01 TEAMS-Next CCRM SOW; incorporate Attachment J-18 Mission Essential Functions; incorporate an updated Attachment L-05 TEAMS-Next CCRM EPW; incorporate an updated Section L; provide responses to industry questions.

August 30, 2022, ANNOUNCEMENT - MDA is in the process of amending this RFP. The new RFP due date will be in October 2022.

ANNOUNCEMENT: MDA will be releasing an amendment in the future regarding HQ0858-22-R-0009, TEAMS-Next CCRM. This amendment will update the NAICS code to 541330. In addition, an extension to the submission date will be provided, the Statement of Work (SOW) will have minor changes, and a new Excel Pricing Worksheet (EPW) will be provided. As we review the questions submitted by potential offerors additional documents may be updated. Please note MDA has been notified that the processing of a JCP Certification number (required to gain access to the restricted library) may take upwards of 45 days. We recommend that you register for this number through DLA as soon as possible. (https://www.dla.mil/HQ/LogisticsOperations/Services/JCP/)

August 5, 2022, Amendment 0001, HQ0858-22-R-0009: The MDA is issuing an amendment to update the proposal due date to 5:00 pm central time on September 6, 2022; update the Set Aside Code to Women-Owned Small Business (WOSB) Program Set-Aside; update Section L - Instructions, Conditions, and Notices to Offerors, page 4, to reflect the updated proposal due date; upload HQ085822R0009_Redacted_CDRLs_Combined; upload HQ085822R0009_TN-CCRM Amd 0001 08.05.22; Upload HQ085822R0009_TN-CCRM Conformed Amd 0001 08.05.22; and remove HQ085822R0009_Atch_J_08_DD254__RFI__Signed and HQ085822R0009_Atch_J_08_DD254_SCI_Supp. Industry is reminded to refer to page 2 of the solicitation for the set aside designation. August 4, 2022, Solicitation Notice HQ0858-22-R-0009 TEAMS-Next Cybersecurity Compliance and Risk Management Solicitation The Missile Defense Agency (MDA) is issuing this solicitation to procure Cybersecurity Compliance and Risk Management advisory and assistance services to support MDA and the Office of Chief Information Officer. The Cybersecurity Compliance and Risk Management requirement consists of conducting numerous cybersecurity test and risk assessment services across all MDA information systems (Business, Mission Support, and Warfighter), their connections and associated test events in support of Agency Security Control Assessors (SCA). The requirement includes the development, implementation, sustainment, and execution of Agency Risk Management Framework (RMF) functions and processes to include: cybersecurity controls validation, software assurance, cybersecurity risk assessment, cybersecurity training; and providing fee-for-service management and event scheduling support. The cybersecurity controls validation requirement involves performing technical and non-technical evaluation of: 1) information systems authorized or to-be authorized by the MDA Authorizing Official; 2) internal and external MDA information systems connections; and 3) classified sites connecting to MDA information systems. The software assurance requirement involves: 1) assessing internal and external Commercial-Off-The-Shelf (COTS) and Government-Off-The-Shelf (GOTS) software code analysis (static, dynamic); results and risk assessment reports for all major software builds/updates of the Operational Capacity Baseline of the MDS and information systems authorized or to-be authorized by the MDA Authorizing Official; 2) assessing Program(s) compliance with Agency software development, test, and cyber requirements; and 3) conducting static and dynamic code reviews on MDA-developed software. The cybersecurity risk assessment requirement involves the RMF control and system-level assessments of: 1) all major hardware and software updates of the Operational Capacity Baseline of the MDS; 2) all MDA flight and ground test event architectures; 3) information systems authorized or to-be authorized by the MDA Authorizing Official; 4) internal and external MDA information systems connections, 5) classified sites connecting to MDA information systems; 6) cybersecurity test results from official Development and Test Evaluations (DT and E) of MDA developed acquisition systems; 7) cybersecurity test results from official Operational and Test Evaluations (OT and E) of MDA developed acquisition systems; and 8) internal and external COTS and GOTS software vulnerability reports or analysis. The cybersecurity training requirement involves: 1) organizing and developing curriculum for Agency-level cybersecurity workforce training, education, and leadership development; and 2) provide management support in tracking Agency-wide cybersecurity certifications and training requirements. Activities also include the development, implementation, and execution of a fee-for-service catalog, five-year master test plan, project schedule, and program-specific metrics to orchestrate and communicate all activities described above. The Government requires proposal submissions be conducted via the Procurement Integrated Enterprise Environment (PIEE) Solicitation Module, https://piee.eb.mil. The proposal shall be received prior to 5:00 pm central time on September 6, 2022. Late submissions will not be accepted. To initiate the proposal submission through PIEE, the Offeror must register as a proposal manager. Training on the solicitation module is available for proposal managers through PIEE. Subcontractors who have proprietary data and do not want to submit this data to the prime must submit it through PIEE. The subcontractors will register as a proposal manager, and create a separate proposal submission from their prime. Documents submitted by the subcontractor directly to the Government must have the prime contractors team name and RFP number on the first page of the document. Any questions about the solicitation must be emailed to: TN-CYBERCOMP@mda.mil and Ms. Rebecca Froelich at rebecca.froelich@mda.mil. The PIEE help desk can be reached Monday - Friday, 06:30 ? 24:00 EST at phone: 866-618-5988, Email: disa.global.servicedesk.mbx.eb-ticket-requests@mail.mil or fax: 801-605-7453. Approved for Public Release 22-MDA-11219 (28 July 22) *Visit 'https://piee.eb.mil/sol/xhtml/unauth/search/oppMgmtLink.xhtml?solNo=HQ085822R0009' to obtain more details.*