Title: Forge Classified Lab
Purpose: In support of the U.S. Navy's Integrated Combat System program and its Forge software factory, a classified lab at Forge Outpost #1 in Riverdale, MD, is required. The classified lab provides for classified storage, handling, and IT Operations. The classified lab enables development and testing of combat system software, Models & Simulations, and Forge developed mission applications and Tactical Platform as a Service.
Description:
This is a Source Sought per FAR 15.201. The Department of the Navy, Naval Sea Systems Command (NAVSEA) is seeking capable sources to perform as the Forge Classified Lab contractor to support the Forge software factory in conducting classified development and testing in its on-premise laboratory in Riverdale, MD. The Forge Classified Lab Contractor will pursue new accreditations and maintain existing accreditations for the classified lab; perform associated IT Operations and Cybersecurity activities; operate the classified lab at Gov't specified cadence and capacity; and provide the software licenses, subscriptions, and peripheral material required to support ongoing lab operations.
NAICS: 541513 Computer Facilities Management Services
PSC: DJ01 IT and Telecom Security and Compliance Support Services
Background:
The Naval Sea Systems Command (NAVSEA) has established a software factory initiative known as The Forge which is managed by the Program Executive Office for Integrated Warfare Systems, Integrated Combat Systems program (PEO IWS X).
The FORGE provides a Government furnished virtual and physical ecosystem to foster Agile software development using DEVSECOPS tools and principles. The ecosystem furnishes: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), a Continuous Integration/Continuous Delivery (CI/CD) Pipeline, an Innovation Hub, and cross-functional teams lead by Government Product Owners enabling capacity-based Agile development of mission applications supporting the delivery of capabilities to U.S Navy Surface Ships.
Scope of Effort:
The U.S. Navy's Forge Classified Lab Contractor shall generate security accreditation documentation, perform IT Operations and Cybersecurity activities, manage the classified lab, and provide the software licenses, subscriptions, and peripheral material necessary to support Forge classified software development and testing activities.
The Navy anticipates most of the work will be performed at the Forge Outpost #1 site in Riverdale, MD.
Interested parties shall provide a Capability Statement in the following format:
Responses shall be limited to a total of 10 pages, 1-inch margins, single-sided, 10-point Times New Roman font or larger. Figures/Graphs/Tables can be included within the page limit with 8-point font or larger text.
Industry shall address whether they have a facility security clearance level of SECRET.
- Company Information
Provide company name, address, DUNS number, CAGE code, and designated representative name(s) and point of contact, including phone numbers and e-mail addresses.
Provide number of employees employed by company's business unit considering this opportunity, and the geographic locations.
Identify contracts within the last five (5) years with similar scope and provide brief overview of company responsibilities and magnitude of its role.
If a small business, identify type of small business (e.g. 8(a), Hubzone, service-disabled veteran-owned, economically disadvantaged women-owned, or women-owned).
- Address the following Draft Section C, Statement of Work Scope Areas of Experience and Performance Capability
- Assessment and Authorization of Information Systems
The Navy requests the company describe their current activities in Assessment and Authorization of Information Systems. The company should describe expertise in the Risk Management Framework (RFM), creation and maintenance of System Security Plans (SSPs), and implementation of Security Controls. The company should specifically discuss experience working with the Defense Counterintelligence and Security Agency to achieve facility clearance, accreditation for Storage & Handling (S&H), and Information Systems authorization.
- Information Technology (IT) Operations and Systems Administration
The Navy requests the company describe their current activities in IT Operations and Systems Administration. The company should describe expertise in providing platform and network environments which are stable, reliable, and available to users; continuous monitoring of software products in classified environments; enabling automated platform deployments; identifying and resolving classified network and computer incidents; performing network, system, and workstation updates; and supporting resolution of classified spillages.
The company should describe their expertise and familiarity with Commercial cloud environments and Kubernetes.
- Cybersecurity Engineering
The Navy requests the company describe their current activities in Cybersecurity Engineering. The company should describe expertise in obtaining Authority to Operate (ATO) for Impact Layer 6 (SECRET Classified) physical development spaces; analyzing security of software development pipelines, applications, and deployments; building security automation; hardening and securing of Kubernetes clusters; utilization of continuously hardened containers from the DoD Iron Bank; conduct of cyber penetration analysis (pen-testing and red/blue teaming); and maintaining and supporting DevSecOps stacks across multiple security classifications.
The company should describe their expertise with NIST SP 800-53, NIST SP 800-190, and Zero Trust Architectures.
Disclaimer:
The Navy is conducting market research to identify qualified and responsible sources that may be interested in the requirements described in this notice. This Source Sought is issued for informational and planning purposes only and does not constitute a solicitation or a Request for Quote (RFQ). This Source Sought is not to be construed as a commitment by the Government to issue a solicitation or award a contract. In accordance with FAR 15.201, responses to this notice are not offers and cannot be accepted by the Government to form a binding contract. As such, the Government will not reimburse any costs associated with responding to this notice. Information submitted in response to this Source Sought will become the property of the United States Government. Submitters should properly mark their responses with the appropriate restrictive markings. Information that is proprietary or competition sensitive will be protected from disclosure under the public records law only if properly labeled as such.
Response Due Date and Government Points of Contact:
Interested companies should provide a response on or before 4:00 pm EST, 14 August 2023. The submission should include one electronic (virus scanned) copy sent via e-mail to the Contracting Officer at warren.m.beckman.civ@us.navy.mil and the Contract Specialist at joseph.r.strain4.civ@us.navy.mil. Please include the Sources Sought Title in the subject of the e-mail.
All information received that includes proprietary markings will be handled in accordance with applicable statutes and regulations. An acknowledgement of receipt will be provided for all responses received. If you do not receive an acknowledgement within two working days, please notify the points of contact listed in this notice.
