ATSS IDIQ-R Industry Day Slides SAM.GOV Posted.pdf


Original Source
Contract Opportunity
Date Originally Posted
Feb. 6, 2020, 5:42 p.m.
Profiled People



ATSS IDIQ-R INDUSTRYDAY27 JAN2020MARKCENTERAUDITORIUMHOSTEDBYWHS/AD INTRODUCTIONMr. David SandersDirector,WHS/AD INTRODUCTIONMs. Joelle FaucherDirector (A&S),WHS/AD INTRODUCTIONMs. Carla JohnsonContracts Management Team Lead,A&S/RPDS Mr. Warren “Trey”ArthurContract Specialist/Officer,WHS/ AGENDA•Rules of the Road•ATSS IDIQ Overview•Program Office Presentations•ATSS IDIQ-R (New IDIQ) Overview •Question & Answer Session•Breakout Time (Auditorium) RULESOFTHEROAD•This exchange is conducted for information and planning purposes and does not constitute a solicitation•Exchange content/discussion shall not be construed as solicitation guidance •Information may change prior to the final IDIQ solicitation •Participants are solely responsible for all expenses associated with this event RULESOFTHEROAD•Photos and videos are prohibited •Please silence cell phones •Keep visitor badges visible at all times •All Mark Center visitors must have an escort to leave the auditorium•Index Cards for Questions•Program Office Specific Questions INDUSTRYDAYGOALS•Better understanding of A&S requirements•Networking •Information sharing The Analytic and Technical Support Services (ATSS) Indefinite Delivery / Indefinite Quantity (ATSS IDIQ) Contract Ms. Elizabeth FullerContracting Officer,WHS/ ATSS IDIQ OVERVIEW•Secretary of Defense (SECDEF) and Deputy Secretary of Defense (DEPSECDEF) •Professional and administrative support •Principal Defense policy maker and adviser in charge of the Defense Department's day-to-day business•Weapons acquisition, research, intelligence, and fiscal policy ATSS IDIQ OVERVIEW•Performance Work Statement (PWS) Scope•Acquisition Program Oversight Technical Support•Operational and Technical Research Analyses, Assessments and Evaluations Support (Studies)•Research and Development •Technical, Financial, and Congressional Affairs Support ATSS IDIQ OVERVIEW•Eight (8) IDIQ contracts awarded in 2014•Minimum task order is $5K•Maximum task order is $125M •ATSS IDIQ maximum ceiling is $650M•ATSS IDIQ ordering period ends 14 June 2020 ATSS IDIQ OVERVIEW•Small business competition pool•Services under NAICS Code 541611•Primarily administrative management, general management consulting services, financial management support•ATSS IDIQ small business incumbentsAmerican Technology Solutions International (ATSI) Artlin Consulting, LLC Interactive Process Technology, LLC (IPT) ATSS IDIQ OVERVIEW•Unrestricted competition pool•Services under NAICS Code 541990•Primarily professional, scientific, engineering and technical analytical support•ATSS IDIQ large business incumbentsBooz Allen Hamilton (BAH) CACI Enterprise Solutions Inc. (CACI)Logistics Management Institute (LMI)Modern Technology Solutions Inc. (MTSI)Systems Planning and Analysis Inc. (SPA) ATSS IDIQ LABOREXPERTISEADVANCED-Executive level-Master’s Degree in related field, equivalent experience/certificationINTERMEDIATE-Mid-to-executive-level -Master’s or Bachelor’s Degree in related field, equivalent experience/certification in a field relevant to the specific position, or substantial equivalent occupational experienceBASIC-Associates degree level education in a related technical field or substantial equivalent technical experience ATSS IDIQ LABORCATEGORIESPROGRAMMANAGER–INTERMEDIATEPROJECTMANAGER-INTERMEDIATESTATISTICIAN–ADVANCEDSECURITYSPECIALIST-INTERMEDIATEOPERATIONSRESEARCHANALYST-ALLLEVELSTECHNICALSPECIALIST-ALLLEVELSTECHNICALCONSULTANT-ALLLEVELSEARNEDVALUEANALYST-ALLLEVELS ATSS IDIQ LABORCATEGORYSUBJECTMATTEREXPERT-ADVANCED-Recognized industry expert with significant depth and breadth of knowledge capable of providing advisor and consultant services based on unique experience that has a significant level of technical value and return on investment-Capable of supporting teams and/or working independently regarding very complex technical or programmatic issues usually related to complex weapons systems ATSS IDIQ LABORCATEGORYRESOURCE/BUDGETANALYST-INTERMEDIATE-Expertise in relevant budget and resource management principles and practices for developmental and operational programs -Knowledge, skills, and abilities in the budget analysis field-Capable of utilizing, adapting and developing budget and resource analytic tools, techniques, and processes for both technical and administrative support activities-Assists with solving complex problems PROGRAM OFFICE PRESENTATIONS Ms.Katie ArringtonDirector,Chief Information Security Officer Cybersecurity Maturity Model Certification (CMMC)CMMC Model v1.031 January 2020DISTRIBUTION A. Approved for public release 24CostSchedulePerformanceCost, Schedule, and PerformanceCYBERSECURITYCostSchedulePerformanceare only effective in a SECURE ENVIRONMENTWithout a Secure Foundation All Functions are at RiskCybersecurityDISTRIBUTION A. Approved for public release CMMC LevelPracticesProcessesLevel 117-Level 2552Level 3581Level 4261Level 5151CMMC Model v1.0 Overview25•CMMC is a unified cybersecurity standard for future DoD acquisitions•CMMC Model v1.0 encompasses the following:–17 capability domains; 43 capabilities–5 processes across five levels to measure process maturity–171 practices across five levels to measure technical capabilities CMMC Model v1.0: Number of Practices and Processes Introduced at each LevelDISTRIBUTION A. Approved for public release CMMC Model Framework26•CMMC model framework organizes processes and cybersecurity best practices into a set of domains–Process maturity or process institutionalization characterizes the extent to which an activity is embedded or ingrained in the operations of an organization. The more deeply ingrained an activity, the more likely it is that: −An organization will continue to perform the activity –including under times of stress –and −The outcomes will be consistent, repeatable and of high quality.–Practices are activities performed at each level for the domainModelPracticesModel encompasses multiple domainsFor a given capability, there are one or more practicesthat span a subset of the 5 levelsFor a given domain, there are processesthat span a subset of the 5 levels CapabilitiesProcessesFor a given domain, there are one or more capabilitiesthat span a subset of the 5 levelsDomainsDISTRIBUTION A. Approved for public release CMMC Model Structure27Access Control(AC)Asset Management(AM)Awareness and Training(AT)Audit and Accountability(AU)Configuration Management(CM)Identification and Authentication(IA)Incident Response(IR)Maintenance(MA)Media Protection(MP)Personnel Security(PS)System and Information Integrity (SI)System and Communications Protection (SC)Situational Awareness (SA)Security Assessment (CA)Physical Protection(PE)Risk Management(RM)17 Capability Domains (v1.0)Recovery(RE)CMMC Model with 5 levels measures cybersecurity maturityDISTRIBUTION A. Approved for public release 28LEVEL 1PERFORMEDLEVEL 2DOCUMENTEDLEVEL 3MANAGEDLEVEL 4REVIEWEDLEVEL 5OPTIMIZING0 PROCESSESSelect practices are documented where required2 PROCESSESEach practice is documented, including Level 1 practicesA policy exists that includes all activities3 PROCESSESEach practice is documented, including lower levelsA policy exists that cover all activitiesA plan exists, is maintained, and resourced that includes all activities*4 PROCESSESEach practice is documented, including lower levelsA policy exists that covers all activitiesA plan exists that includes all activities*Activities are reviewed and measured for effectiveness (results of the review is shared with higher level management)5 PROCESSESEach practice is documented, including lower levelsA policy exists that covers all activitiesA plan exists that includes all activities*Activities are reviewed and measured for effectivenessThere is a standardized, documented approach across all applicable organizational unitsCMMC Maturity Process Progression*Planning activities may include mission, goals, project plan, resourcing, training needed, and involvement of relevant stakeholdersDISTRIBUTION A. Approved for public release 29LEVEL 1BASIC CYBER HYGIENELEVEL 2INTERMEDIATE CYBER HYGIENELEVEL 3GOOD CYBER HYGIENELEVEL 4PROACTIVELEVEL 5ADVANCED / PROGRESSIVE17 PRACTICESDemonstrate compliance with Federal Acquisition Regulation (FAR) 48 CFR 52.204‐21 72 PRACTICESComply with the FARPerform a select subset of 48 practices from the NIST SP 800‐171 r1Perform an additional 7 practices to support intermediate cyber hygiene130 PRACTICESComply with the FARPerform all 110 practices from the NIST SP 800‐171 r1Perform an additional 20 practices to support good cyber hygiene152 PRACTICESComply with the FARPerform all 110 practices from the NIST SP 800‐171 r1Perform a select subset of 11 practices from Draft NIST SP 800‐171BPerform an additional 29 practices to demonstrate a proactive cybersecurity program171 PRACTICESComply with the FARPerform all 110  practices from the NIST SP 800‐171 r1Perform a select subset of 15 practices from Draft NIST SP 800‐171BPerform an additional 40 practices to demonstrate an advanced cybersecurity programCMMC Practice ProgressionDISTRIBUTION A. Approved for public release + 15 PracticesLEVEL 5171 PRACTICESADVANCED / PROGRESSIVELEVEL 3130 PRACTICESGOOD CYBER HYGIENE+ 58 PracticesLEVEL 4156 PRACTICESPROACTIVE+ 26 PracticesLEVEL 272 PRACTICESINTERMEDIATE CYBER HYGIENE+ 55 PracticesLEVEL 117 PRACTICESBASIC CYBER HYGIENECMMC Practices Per LevelDISTRIBUTION A. Approved for public release CMMC LevelTotal Number Practices Introduced per CMMC Level Source48 CFR 52.204-21NIST SP 800-171r1Draft NISTSP 800-171B **OtherLevel 11715*17*--Level 255-48-7Level 358-45-13Level 426--1115Level 515--411•Model leverages multiple sources and references–CMMC Level 1 only addresses practices from FAR Clause 52.204-21 –CMMC Level 3 includes all of the practices from NIST SP 800-171r1 as well as others –CMMC Levels 4 and 5 incorporate a subset of the practices from Draft… Show All