ATSS IDIQ-R
INDUSTRY DAY
27 JAN 2020
MARK CENTER
AUDITORIUM
HOSTED BY WHS/AD
INTRODUCTION
Mr. David Sanders
Director,
WHS/AD
INTRODUCTION
Ms. Joelle Faucher
Director (A&S),
WHS/AD
INTRODUCTION
Ms. Carla Johnson
Contracts Management
Team Lead,
A&S/RPDS
Mr. Warren Trey Arthur
Contract Specialist/Officer,
WHS/AD
warren.g.arthur.civ@mail.mil
AGENDA
Rules of the Road
ATSS IDIQ Overview
Program Office
Presentations
ATSS IDIQ-R (New IDIQ)
Overview
Question & Answer Session
Breakout Time
(Auditorium)
RULES OF THE ROAD
This exchange is conducted for information and
planning purposes and does not constitute a
solicitation
Exchange content/discussion shall not be
construed as solicitation guidance
Information may change prior to the final IDIQ
solicitation
Participants are solely responsible for all
expenses associated with this event
RULES OF THE ROAD
Photos and videos are prohibited
Please silence cell phones
Keep visitor badges visible at all times
All Mark Center visitors must have an escort to
leave the auditorium
Index Cards for Questions
Program Office Specific Questions
INDUSTRY DAY GOALS
Better understanding of A&S requirements
Networking
Information sharing
The Analytic and Technical Support
Services (ATSS) Indefinite Delivery /
Indefinite Quantity (ATSS IDIQ) Contract
Ms. Elizabeth Fuller
Contracting Officer,
WHS/AD
elizabeth.e.fuller2.civ@mail.mil
ATSS IDIQ OVERVIEW
Secretary of Defense (SECDEF) and Deputy
Secretary of Defense (DEPSECDEF)
Professional and administrative support
Principal Defense policy maker and adviser in
charge of the Defense Department's day-to-day
business
Weapons acquisition, research, intelligence, and
fiscal policy
ATSS IDIQ OVERVIEW
Performance Work Statement (PWS) Scope
Acquisition Program Oversight Technical
Support
Operational and Technical Research
Analyses, Assessments and Evaluations
Support (Studies)
Research and Development
Technical, Financial, and Congressional
Affairs Support
ATSS IDIQ OVERVIEW
Eight (8) IDIQ contracts awarded in 2014
Minimum task order is $5K
Maximum task order is $125M
ATSS IDIQ maximum ceiling is $650M
ATSS IDIQ ordering period ends 14 June 2020
ATSS IDIQ OVERVIEW
Small business competition pool
Services under NAICS Code 541611
Primarily administrative management, general
management consulting services, financial
management support
ATSS IDIQ small business incumbents
American Technology Solutions International (ATSI)
Artlin Consulting, LLC
Interactive Process Technology, LLC (IPT)
ATSS IDIQ OVERVIEW
Unrestricted competition pool
Services under NAICS Code 541990
Primarily professional, scientific, engineering
and technical analytical support
ATSS IDIQ large business incumbents
Booz Allen Hamilton (BAH)
CACI Enterprise Solutions Inc. (CACI)
Logistics Management Institute (LMI)
Modern Technology Solutions Inc. (MTSI)
Systems Planning and Analysis Inc. (SPA)
ATSS IDIQ LABOR EXPERTISE
ADVANCED
INTERMEDIATE
BASIC
-Executive level
-Masters Degree in related field,
equivalent experience/certification
-Mid-to-executive-level
-Masters or Bachelors Degree in related
field, equivalent experience/certification
in a field relevant to the specific position,
or substantial equivalent occupational
experience
-Associates degree level education in a
related technical field or substantial
equivalent technical experience
ATSS IDIQ LABOR CATEGORIES
PROGRAM MANAGER INTERMEDIATE
PROJECT MANAGER - INTERMEDIATE
STATISTICIAN ADVANCED
SECURITY SPECIALIST - INTERMEDIATE
OPERATIONS RESEARCH ANALYST - ALL LEVELS
TECHNICAL SPECIALIST - ALL LEVELS
TECHNICAL CONSULTANT - ALL LEVELS
EARNED VALUE ANALYST - ALL LEVELS
ATSS IDIQ LABOR CATEGORY
SUBJECT MATTER
EXPERT - ADVANCED
-Recognized industry expert with
significant depth and breadth of
knowledge capable of providing
advisor and consultant services
based on unique experience that
has a significant level of
technical value and return on
investment
-Capable of supporting teams
and/or working independently
regarding very complex technical
or programmatic issues usually
related to complex weapons
systems
ATSS IDIQ LABOR CATEGORY
RESOURCE/BUDGET
ANALYST -
INTERMEDIATE
-Expertise in relevant budget and
resource management principles
and practices for developmental
and operational programs
-Knowledge, skills, and abilities
in the budget analysis field
-Capable of utilizing, adapting
and developing budget and
resource analytic tools,
techniques, and processes for
both technical and administrative
support activities
-Assists with solving complex
problems
PROGRAM OFFICE
PRESENTATIONS
Ms. Katie Arrington
Director,
Chief Information
Security Officer
Cybersecurity Maturity
Model Certification (CMMC)
CMMC Model v1.0
31 January 2020
DISTRIBUTION A. Approved for public release
Without a Secure Foundation
All Functions are at Risk
Cost, Schedule, and Performance
are only effective in a SECURE ENVIRONMENT
sC
ldhS
carfetrcseysC
ueccarfe
CYBERSECURITY
DISTRIBUTION A. Approved for public release
CMMC Model v1.0 Overview
CMMC is a unified cybersecurity standard for future DoD acquisitions
CMMC Model v1.0 encompasses the following:
17 capability domains; 43 capabilities
5 processes across five levels to measure process maturity
171 practices across five levels to measure technical capabilities
CMMC Model v1.0: Number of Practices and Processes Introduced at each Level
CMMC Level
Practices
Processes
Level 1
Level 2
Level 3
Level 4
Level 5
DISTRIBUTION A. Approved for public release
CMMC Model Framework
Model
Domains
Model encompasses multiple domains
Processes
For a given domain, there are processes
that span a subset of the 5 levels
Capabilities
For a given domain, there are one or more capabilities
that span a subset of the 5 levels
Practices
For a given capability, there are one or more practices
that span a subset of the 5 levels
CMMC model framework organizes processes and cybersecurity best practices
into a set of domains
Process maturity or process institutionalization characterizes the extent to which an activity is
embedded or ingrained in the operations of an organization. The more deeply ingrained an
activity, the more likely it is that:
An organization will continue to perform the activity including under times of stress and
The outcomes will be consistent, repeatable and of high quality.
Practices are activities performed at each level for the domain
DISTRIBUTION A. Approved for public release
CMMC Model Structure
17 Capability Domains (v1.0)
CMMC Model with 5 levels
measures cybersecurity maturity
Access Control
Asset
Management
Incident
Response
Maintenance
Awareness and
Training
Media Protection
Audit and
Accountability
Configuration
Management
Identification and
Authentication
Personnel
Security
Physical
Protection
Recovery
Risk
Management
Security
Assessment
Situational
Awareness
System and
Communications
Protection (SC)
System and
Information
Integrity (SI)
DISTRIBUTION A. Approved for public release
CMMC Maturity Process Progression
LEVEL4
REVIEWED
LEVEL3
MANAGED
3PROCESSES
Eachpracticeis
documented,
includinglowerlevels
Apolicyexiststhat
coverallactivities
Aplanexists,is
maintained,and
resourcedthat
includesallactivities*
4PROCESSES
Eachpracticeis
documented,
includinglowerlevels
Apolicyexiststhat
coversallactivities
Aplanexiststhat
includesallactivities*
Activitiesare
reviewedand
measuredfor
effectiveness(results
ofthereviewis
sharedwithhigher
levelmanagement)
LEVEL5
OPTIMIZING
5PROCESSES
Eachpracticeis
documented,
includinglowerlevels
Apolicyexiststhat
coversallactivities
Aplanexiststhat
includesallactivities*
Activitiesare
reviewedand
measuredfor
effectiveness
Thereisa
standardized,
documented
approachacrossall
applicable
organizationalunits
LEVEL1
PERFORMED
0PROCESSES
Selectpracticesare
documentedwhere
required
LEVEL2
DOCUMENTED
2PROCESSES
Eachpracticeis
documented,
includingLevel1
practices
Apolicyexiststhat
includesallactivities
*Planningactivitiesmayincludemission,
goals,projectplan,resourcing,training
needed,andinvolvementofrelevant
stakeholders
DISTRIBUTION A. Approved for public release
CMMC Practice Progression
LEVEL1
BASICCYBERHYGIENE
17PRACTICES
Demonstrate
compliancewith
FederalAcquisition
Regulation(FAR)48
CFR52.20421
LEVEL5
ADVANCED/PROGRESSIVE
LEVEL4
PROACTIVE
LEVEL3
GOODCYBERHYGIENE
LEVEL2
INTERMEDIATECYBER
HYGIENE
72PRACTICES
ComplywiththeFAR
Performaselect
subsetof48practices
fromtheNISTSP800
171r1
Performanadditional
7practicestosupport
intermediatecyber
hygiene
130PRACTICES
ComplywiththeFAR
Performall110
practicesfromthe
NISTSP800171r1
Performanadditional
20practicesto
supportgoodcyber
hygiene
171PRACTICES
ComplywiththeFAR
Performall110
practicesfromthe
NISTSP800171r1
Performaselect
subsetof15practices
fromDraftNISTSP
800171B
Performanadditional
40practicesto
demonstratean
advanced
cybersecurity
program
152PRACTICES
ComplywiththeFAR
Performall110
practicesfromthe
NISTSP800171r1
Performaselect
subsetof11practices
fromDraftNISTSP
800171B
Performanadditional
29practicesto
demonstratea
proactive
cybersecurity
program
DISTRIBUTION A.
Show All
