Notice Type: Sources Sought Notice
Subject: Online Collaboration Tool
Classification Code: D - Information technology services, including telecommunications services
Solicitation Number: SB1341-14-Online_Collaboration_Tool
This sources sought notice is issued for information and planning purposes only. This announcement is not a Request for Proposal (RFP) and does not commit the Government to solicit or award a contract now or in the future. No solicitation is available at this time. No reimbursement will be made for any costs associated with providing information in response to this announcement and any follow-up information requests. Respondents will not be notified of the results of the evaluation. All information submitted in response to this announcement must arrive on or before the closing date. No telephone requests will be honored. All information provided will become property of NIST and will not be returned. The purpose of this notice is to identify sources with the requisite qualifications that could provide the services stated herein. All large and small businesses (8(a), SDB, WOSB, HUBZone, VOSB and SDVOSB) capable of performing the requirement indicated below are encouraged to respond to this notice.
* Support for Tool - Contractor shall provide the following: o Technical support to NIST MEP to use the collaboration tools. This includes supporting NIST MEP system administrators as they own, administer, customize, manage and integrate services for community groups and licensed users. o Implementation of tool within NIST MEP community groups and users. Implementation of the tool shall include:
* Custom home-page / login screen for NIST MEP users. Home-page / login screen must include web banner provided from NIST MEP. User login screen must include NIST Comment Policy for users to read before entering the tool. [NIST COMMENT POLICY: We will post comments without editing as long as they are on topic and do not contain profanity, personal attacks, or promote specific commercial products or services. Posts that violate our comment policy will be deleted.]
* User login passwords shall match NIST website security standards as defined in NIST - Collaboration Security Plan. Detailed password requirements are described in security section below. o Seamless data Integration with other NIST MEP information systems. Data integration can be accomplished by the following:
* Web Services
* SOAP o
* Ongoing Support - Contractor shall provide: o Ongoing tactical support to the tool for NIST MEP, such as tool updates and technical support throughout the contract term. o Reporting and analysis of the community groups and users usage with the tool. With the reports and analysis, will provide suggestions on how to better leverage the tool within the NIST MEP community. o Continual advice and guidance for the most effective structure and format to support collaboration and communication. o 24/7 emergency support for the online tool.
* Security: o Individual user accounts must be able to be given to specific users at specific locations. MEP Administrator shall administer and manage all accounts. For example:
* Ability for users to set strong passwords: at least 12 characters with alphanumeric characters and at least one special character.
* Passwords must be configured to change every 90 days; users will be notified at least 10 business days before a password expires. o All communications between tool and NIST are through either conventional email or standard web based (HTTP/HTTPS) interfaces. o Protection from Man-in-the-middle attacks (intruder interrupting the dialog or modifying the data) must be implemented. o Protection from intruders gaining illegitimate access by posing as a trusted endpoint or the server must be implemented. o Ability for Administrator to collect and view group activity reports showing usage per group, user activity, and number of users per group. o System must be offered via a cloud computing environment. NIST MEP will not invest in hardware or software to run system in house. o Vendor shall have an IT Security Assessment and Authorization package that is either approved or pending with the FedRAMP PMO. See the GSA website for more information about FedRAMP: http://www.gsa.gov/portal/category/102371. If this is not feasible, an IT Security Assessment and Authorization package will be created by NIST MEP that accurately documents the security of the cloud service. o FIPS 140-2 validated encryption standards must be used for the encryption of all data in transit (HTTPS) and for passwords at rest (stored in a database). More information about FIPS-140-2 is located: http://csrc.nist.gov/publications/PubsFIPS.html and a vendor list is available here: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm o All cloud services must be reachable using both IPv4 and IPv6.
After an award is made, Contractor shall provide information to address IT security controls established in the NIST 800-53 Rev 4 document (http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf) directly to the program office procuring services. The Program Office IT Security Officer (ITSO) will determine which controls are mandatory based on NIST IT Security requirements, the needs of the organization, the functionality of the system, and the data that will be stored and processed by the system. Contractor shall also be prepared to provide documented policies and procedures relating to IT Security and address how the selected set of security controls are implemented. The information collection process will begin after award. The A&A process will take approximately 3-4 months and the system cannot be put into use until it is approved by the NIST CIO. NIST anticipates using FAR Part 13 procedures to award a firm-fixed-price contract for one (1) base period of one-year plus four (4) one-year option periods. The applicable NAICS code for this requirement is 518210 - DATA PROCESSING, HOSTING, AND RELATED SERVICES, with an SBA size standard of
INSTRUCTIONS Businesses with the capabilities of providing the required services, as described above, are invited to submit, on a voluntary basis, a written capability statement identifying the business size/designation (e.g. 8(a), SDB, WOSB, HUBZone, VOSB and SDVOSB utilizing a NAICS Code of 541330), with sufficient information that demonstrates ability to fulfill the above requirements. Businesses that offer the required services under a GSA Schedule contract shall indicate the applicable GSA schedule, SIN and their cognizant GSA Schedule contract number. The written capability statement/response must include the following: 1. Company name, address, phone number, and email address(es) for point(s) of contact. 2. Detailed descriptions of similar work performed by the company as a prime contractor or subcontractor within the past three (3) years. Include contract/order numbers, periods of performance, and total dollar amount of contracts/orders and customer point(s) of contact (name, phone number, email address). 3. Indication of whether the company has already been through the NIST A&A process or is willing to go through the 3-4 month process if an award is made to them. 4. Size of the company in terms of dollars under NAICS code 518210, and whether the company is an 8(a), SDB, WOSB, HUBZone, VOSB and/or SDVOSB under this NAICS code. If the company is a subsidiary of another company, list the total revenue and number of employees for the parent organization and all subsidiaries. 5. Company's DUNS number and also indicate whether the company is currently registered in the Government's System for Award Management (SAM) (Vendors must be registered in SAM to receive an award of any government contractual vehicle). Mere expressions of interest without providing the above requested details will not be considered valid responses to this notice. Responses shall not exceed 10 pages and include the subject line "Online Collaboration Tool", should be single spaced and single sided, using Times New Roman, 12-point font, and should not include attachments or appendices.
THIS IS A REQUEST FOR INFORMATION ONLY. THIS IS NOT A PRE-SOLICITATION NOTICE. ANY SOLICITATION WILL BE ANNOUNCED AT A LATER DATE. NO OFFERS ARE REQUESTED OR WILL BE ACCEPTED AT THIS TIME.
Responses to this Sources Sought Notice and questions regarding this Sources Sought Notice should be submitted via email to
DOC/NIST appreciates your assistance with this market research and emphasizes that this effort is for planning purposes only. Responses will not be treated as proposals, but may be used to create the subsequent Request for Proposal (RFP). Respondents should clearly mark any proprietary information submitted in response to this Sources Sought Notice.
Most Popular Stories
- Obama Administration Releases Proposal to Regulate For-Profit Colleges
- Motley Crue's Nikki Sixx Marries Model Courtney Bingham
- Chinese e-Commerce Giant Alibaba Gears for IPO in U.S.
- Some California Cities Seeking Water Independence
- Apple, HP, Intel May Take a Hit from Slowdown in Smartphone Sales Growth
- FDIC Files Lawsuit on Behalf of Banks Allegedly Hurt by Libor Scandal
- SoCalGas Reaches Record Spend on Diversity Suppliers
- Will Missing Malaysian Jet Prompt Aviation System Change?
- Keurig Adds Peet's coffee, Alters Starbucks deal
- Natural Gas Discovery Could Lead to Cleaner Fuels