ATSS IDIQ-R Industry Day Slides SAM.GOV Posted.pdf
Date Originally Posted
Feb. 6, 2020, 5:42 p.m.
ATSS IDIQ-R INDUSTRYDAY27 JAN2020MARKCENTERAUDITORIUMHOSTEDBYWHS/AD INTRODUCTIONMr. David SandersDirector,WHS/ADINTRODUCTIONMs. Joelle FaucherDirector (A&S),WHS/ADINTRODUCTIONMs. Carla JohnsonContracts Management Team Lead,A&S/RPDSMr. Warren “Trey”ArthurContract Specialist/Officer,WHS/ADwarren.firstname.lastname@example.orgAGENDA•Rules of the Road•ATSS IDIQ Overview•Program Office Presentations•ATSS IDIQ-R (New IDIQ) Overview •Question & Answer Session•Breakout Time (Auditorium)RULESOFTHEROAD•This exchange is conducted for information and planning purposes and does not constitute a solicitation•Exchange content/discussion shall not be construed as solicitation guidance •Information may change prior to the final IDIQ solicitation •Participants are solely responsible for all expenses associated with this eventRULESOFTHEROAD•Photos and videos are prohibited •Please silence cell phones •Keep visitor badges visible at all times •All Mark Center visitors must have an escort to leave the auditorium•Index Cards for Questions•Program Office Specific QuestionsINDUSTRYDAYGOALS•Better understanding of A&S requirements•Networking •Information sharing The Analytic and Technical Support Services (ATSS) Indefinite Delivery / Indefinite Quantity (ATSS IDIQ) Contract Ms. Elizabeth FullerContracting Officer,WHS/ADelizabeth.email@example.comATSS IDIQ OVERVIEW•Secretary of Defense (SECDEF) and Deputy Secretary of Defense (DEPSECDEF) •Professional and administrative support •Principal Defense policy maker and adviser in charge of the Defense Department's day-to-day business•Weapons acquisition, research, intelligence, and fiscal policy ATSS IDIQ OVERVIEW•Performance Work Statement (PWS) Scope•Acquisition Program Oversight Technical Support•Operational and Technical Research Analyses, Assessments and Evaluations Support (Studies)•Research and Development •Technical, Financial, and Congressional Affairs SupportATSS IDIQ OVERVIEW•Eight (8) IDIQ contracts awarded in 2014•Minimum task order is $5K•Maximum task order is $125M •ATSS IDIQ maximum ceiling is $650M•ATSS IDIQ ordering period ends 14 June 2020ATSS IDIQ OVERVIEW•Small business competition pool•Services under NAICS Code 541611•Primarily administrative management, general management consulting services, financial management support•ATSS IDIQ small business incumbentsAmerican Technology Solutions International (ATSI) Artlin Consulting, LLC Interactive Process Technology, LLC (IPT)ATSS IDIQ OVERVIEW•Unrestricted competition pool•Services under NAICS Code 541990•Primarily professional, scientific, engineering and technical analytical support•ATSS IDIQ large business incumbentsBooz Allen Hamilton (BAH) CACI Enterprise Solutions Inc. (CACI)Logistics Management Institute (LMI)Modern Technology Solutions Inc. (MTSI)Systems Planning and Analysis Inc. (SPA)ATSS IDIQ LABOREXPERTISEADVANCED-Executive level-Master’s Degree in related field, equivalent experience/certificationINTERMEDIATE-Mid-to-executive-level -Master’s or Bachelor’s Degree in related field, equivalent experience/certification in a field relevant to the specific position, or substantial equivalent occupational experienceBASIC-Associates degree level education in a related technical field or substantial equivalent technical experienceATSS IDIQ LABORCATEGORIESPROGRAMMANAGER–INTERMEDIATEPROJECTMANAGER-INTERMEDIATESTATISTICIAN–ADVANCEDSECURITYSPECIALIST-INTERMEDIATEOPERATIONSRESEARCHANALYST-ALLLEVELSTECHNICALSPECIALIST-ALLLEVELSTECHNICALCONSULTANT-ALLLEVELSEARNEDVALUEANALYST-ALLLEVELSATSS IDIQ LABORCATEGORYSUBJECTMATTEREXPERT-ADVANCED-Recognized industry expert with significant depth and breadth of knowledge capable of providing advisor and consultant services based on unique experience that has a significant level of technical value and return on investment-Capable of supporting teams and/or working independently regarding very complex technical or programmatic issues usually related to complex weapons systemsATSS IDIQ LABORCATEGORYRESOURCE/BUDGETANALYST-INTERMEDIATE-Expertise in relevant budget and resource management principles and practices for developmental and operational programs -Knowledge, skills, and abilities in the budget analysis field-Capable of utilizing, adapting and developing budget and resource analytic tools, techniques, and processes for both technical and administrative support activities-Assists with solving complex problemsPROGRAM OFFICE PRESENTATIONS Ms.Katie ArringtonDirector,Chief Information Security OfficerCybersecurity Maturity Model Certification (CMMC)CMMC Model v1.031 January 2020DISTRIBUTION A. Approved for public release24CostSchedulePerformanceCost, Schedule, and PerformanceCYBERSECURITYCostSchedulePerformanceare only effective in a SECURE ENVIRONMENTWithout a Secure Foundation All Functions are at RiskCybersecurityDISTRIBUTION A. Approved for public releaseCMMC LevelPracticesProcessesLevel 117-Level 2552Level 3581Level 4261Level 5151CMMC Model v1.0 Overview25•CMMC is a unified cybersecurity standard for future DoD acquisitions•CMMC Model v1.0 encompasses the following:–17 capability domains; 43 capabilities–5 processes across five levels to measure process maturity–171 practices across five levels to measure technical capabilities CMMC Model v1.0: Number of Practices and Processes Introduced at each LevelDISTRIBUTION A. Approved for public releaseCMMC Model Framework26•CMMC model framework organizes processes and cybersecurity best practices into a set of domains–Process maturity or process institutionalization characterizes the extent to which an activity is embedded or ingrained in the operations of an organization. The more deeply ingrained an activity, the more likely it is that: −An organization will continue to perform the activity –including under times of stress –and −The outcomes will be consistent, repeatable and of high quality.–Practices are activities performed at each level for the domainModelPracticesModel encompasses multiple domainsFor a given capability, there are one or more practicesthat span a subset of the 5 levelsFor a given domain, there are processesthat span a subset of the 5 levels CapabilitiesProcessesFor a given domain, there are one or more capabilitiesthat span a subset of the 5 levelsDomainsDISTRIBUTION A. Approved for public releaseCMMC Model Structure27Access Control(AC)Asset Management(AM)Awareness and Training(AT)Audit and Accountability(AU)Configuration Management(CM)Identification and Authentication(IA)Incident Response(IR)Maintenance(MA)Media Protection(MP)Personnel Security(PS)System and Information Integrity (SI)System and Communications Protection (SC)Situational Awareness (SA)Security Assessment (CA)Physical Protection(PE)Risk Management(RM)17 Capability Domains (v1.0)Recovery(RE)CMMC Model with 5 levels measures cybersecurity maturityDISTRIBUTION A. Approved for public release28LEVEL 1PERFORMEDLEVEL 2DOCUMENTEDLEVEL 3MANAGEDLEVEL 4REVIEWEDLEVEL 5OPTIMIZING0 PROCESSESSelect practices are documented where required2 PROCESSESEach practice is documented, including Level 1 practicesA policy exists that includes all activities3 PROCESSESEach practice is documented, including lower levelsA policy exists that cover all activitiesA plan exists, is maintained, and resourced that includes all activities*4 PROCESSESEach practice is documented, including lower levelsA policy exists that covers all activitiesA plan exists that includes all activities*Activities are reviewed and measured for effectiveness (results of the review is shared with higher level management)5 PROCESSESEach practice is documented, including lower levelsA policy exists that covers all activitiesA plan exists that includes all activities*Activities are reviewed and measured for effectivenessThere is a standardized, documented approach across all applicable organizational unitsCMMC Maturity Process Progression*Planning activities may include mission, goals, project plan, resourcing, training needed, and involvement of relevant stakeholdersDISTRIBUTION A. Approved for public release29LEVEL 1BASIC CYBER HYGIENELEVEL 2INTERMEDIATE CYBER HYGIENELEVEL 3GOOD CYBER HYGIENELEVEL 4PROACTIVELEVEL 5ADVANCED / PROGRESSIVE17 PRACTICESDemonstrate compliance with Federal Acquisition Regulation (FAR) 48 CFR 52.204‐21 72 PRACTICESComply with the FARPerform a select subset of 48 practices from the NIST SP 800‐171 r1Perform an additional 7 practices to support intermediate cyber hygiene130 PRACTICESComply with the FARPerform all 110 practices from the NIST SP 800‐171 r1Perform an additional 20 practices to support good cyber hygiene152 PRACTICESComply with the FARPerform all 110 practices from the NIST SP 800‐171 r1Perform a select subset of 11 practices from Draft NIST SP 800‐171BPerform an additional 29 practices to demonstrate a proactive cybersecurity program171 PRACTICESComply with the FARPerform all 110 practices from the NIST SP 800‐171 r1Perform a select subset of 15 practices from Draft NIST SP 800‐171BPerform an additional 40 practices to demonstrate an advanced cybersecurity programCMMC Practice ProgressionDISTRIBUTION A. Approved for public release+ 15 PracticesLEVEL 5171 PRACTICESADVANCED / PROGRESSIVELEVEL 3130 PRACTICESGOOD CYBER HYGIENE+ 58 PracticesLEVEL 4156 PRACTICESPROACTIVE+ 26 PracticesLEVEL 272 PRACTICESINTERMEDIATE CYBER HYGIENE+ 55 PracticesLEVEL 117 PRACTICESBASIC CYBER HYGIENECMMC Practices Per LevelDISTRIBUTION A. Approved for public releaseCMMC LevelTotal Number Practices Introduced per CMMC Level Source48 CFR 52.204-21NIST SP 800-171r1Draft NISTSP 800-171B **OtherLevel 11715*17*--Level 255-48-7Level 358-45-13Level 426--1115Level 515--411•Model leverages multiple sources and references–CMMC Level 1 only addresses practices from FAR Clause 52.204-21 –CMMC Level 3 includes all of the practices from NIST SP 800-171r1 as well as others –CMMC Levels 4 and 5 incorporate a subset of the practices from Draft… Show All