The CWI VETS Team will provide a wide
range of IT services, products and solutions worldwide on
the VETS contract to support our Government Customers in
their daily operations, their protection of infrastructure,
their fight against terrorism and their development and
marketing of emerging technologies. Services that may be
ordered on this contract include:
Note:
Additional IT efforts, as required, can be obtained under
this contract as long as the requirement fits within the
scope of the designated NAICS Codes 541512, 541511, 541513,
541519, 518210 and 611420.
FUNCTIONAL AREA ONE (1) – SYSTEMS OPERATIONS
AND MAINTENANCE
(1)
Chief Knowledge Officer (CKO) Support
i) Informatics
ii) Knowledge Management
(2)
Configuration Management and Licensing
(3)
Database Design and Administration and Data Storage
Management
i) Database Design
(4)
E-Business Planning and Support
(5)
Electronic Commerce (EC) and Electronic Data Interchange
Support
(6)
Emerging Technologies
i)
IT Research and Development
ii)
Nanotechnology
(7)
Independent Verification and Validation
(8)
Information Architecture Analysis and Web Object Indexing
(9)
Information Management Life Cycle Planning/Support
i)
Information Management Support
(10)
Integration Support
(11)
Internet System Architecture and Webmaster Support
i)
Website Development and Support
(12)
Mainframe/Data Processing System Support
(13)
Media/Training Center/Video Teleconferencing Support
(14)
Network Support (including Interdepartmental Data Network
(IDN), Local Area Networks (LAN), Wide Area Networks
(WAN), Internet access, etc.)
i) Connectivity and IT infrastructure Support (including
Data Networks, Interdepartmental DataNetwork (IDN), Local
Area Networks (LAN), Wide Area Networks (WAN), Storage Area
Networks (SAN)
(15)
Office Automation Support/Help Desk Support
(16)
Performance Measures and Metrics Planning
(17)
Seat Management
i) Systems Operations
(18)
Section 508 Compliance Assistance
(19)
Supply Chain Management (Logistics)
(20)
Systems Management Support
i) Information Systems Support
(21)
Technical Support
i) Computer Center Technical Support
(22)
Telemedicine
(23)
Test and Evaluation Support
(24)
Training, Training Development, and Training Center Support
(including Computer Based Training)
i) Distance Learning
ii) Training Requirements Analysis and Planning
(25)
Virtual Data Center
i) Data Warehousing
(26)
Anti-Virus Management Service
i) Intrusion Detection and Prevention Service
ii)
Virus
Detection, Elimination, and Prevention
(27)
Biometrics
i) Smart Card Technologies
(28)
Computer Security Awareness, and Training
i) Computer Security Incident Response
ii) Computer Security Planning
iii) Security Policy Compliance
(29)
Disaster Recovery, Continuity of Operations, and Contingency
Planning
i) Critical Infrastructure Protection
ii) Hot-site and Cold-site Support Services
iii) Incident Response Service
iv)
System Recovery Support Services
(30)
Hardware and Software Maintenance and /or Licensing
i) Software/Hardware Maintenance and /or Licensing
(31)
Independent Verification and Validation (Security)
i) Certification of Sensitive Systems
ii) Mainframe Automated Information Security Support
iii) Security for Small Systems, Telecommunications, and
Client Service
(32)
Managed E-Authentication Service
(33)
Managed Firewall Service
(34)
Privacy Data Protection
(35)
Public Key Infrastructure (PKI)
i) Crypto Systems
ii) Digital Signature Technology
(36)
Secure Managed Email Service (SMEMS)
(37)
Security Certification and Accreditation
(38)
Systems Vulnerability Analysis/Assessment and Risk
Assessment
i) Quantitative Risk Analysis of Large Sensitive Systems
ii) Vulnerability Scanning Service
FUNCTIONAL AREA TWO (2) – INFORMATION
SYSTEMS ENGINEERING
(1)
System and Software Design, Development, Engineering, and
Integration
i)
Software Development
ii)
System Design Alternative Studies
iii)
Software Distribution, Licensing, Maintenance
(2)
Information Technology (IT) Strategic Planning, Program
Assessment, and Studies
i)
Feasibility Studies
ii)
Information Technology (IT) Strategic Planning and Mission
Need Analysis
iii)
Information Technology Organizational Development
iv)
Information Technology Program Analysis, Assessments and
Studies
v)
Information Technology Research and Development
(3)
Automated Workflow System Development and Integration
(4)
Business Process Reengineering (BPR)
i)
Benchmarking/Operational Capability Demonstrations
ii)
Change Management
(5)
Chief Information Officer (CIO) Support
i)
Enterprise Resource Systems Management
ii)
Enterprise Resource Systems Planning
iii)
Information Assurance Activities
iv)
Information Operations
v)
Inter/Intra-Agency Enterprise Resource Planning
(6)
Global Information Systems
(7)
Software Life Cycle Management (SLCM)
i)
Cost Benefit Analysis, Cost Effectiveness Analysis
ii)
Risk Analysis and Assessment
iii)
Stakeholder Analysis
iv)
Total Cost of Ownership Studies
(8)
Software Engineering (SWE)
i)
Software Quality Assurance
(9)
Customer Relationship Management
(10)
Information Technology Architecture (ITA) Support
(11)
Infrastructure Quality Assurance
(12)
Instructional Design, and Modeling & Simulation
(13)
SCE/CMM/CMMI Analyses and Implementation Support
(14)
Anti-Virus Management Service
i) Intrusion Detection and Prevention Service
ii) Virus Detection, Elimination, and Prevention
(15)
Biometrics
i) Smart Card Technologies
(16)
Computer Security Awareness, and Training
i) Computer Security Incident Response
ii) Computer Security Planning
iii) Security Policy Compliance
(17)
Disaster Recovery, Continuity of Operations, and Contingency
Planning
i) Critical Infrastructure Protection
ii) Hot-site and Cold-site Support Services
iii) Incident Response Service
iv) System Recovery Support Services
(18)
Hardware and Software Maintenance and /or Licensing
i)
Software/Hardware Maintenance and /or Licensing
(19)
Independent Verification and Validation (Security)
i)
Certification of Sensitive Systems
ii)
Mainframe Automated Information Security Support
iii)
Security for Small Systems, Telecommunications, and Client
Service
(20)
Managed E-Authentication Service
(21)
Managed Firewall Service
(22)
Privacy Data Protection
(23)
Public Key Infrastructure (PKI)
i) Crypto Systems
ii) Digital Signature Technology
(24)
Secure Managed Email Service (SMEMS)
(25)
Security Certification and Accreditation
(26)
Systems Vulnerability Analysis/Assessment and Risk
Assessment
i)
Quantitative Risk Analysis of Large Sensitive Systems
ii)
Vulnerability Scanning Service
FUNCTIONAL AREA ONE (1)
1.1
Chief Knowledge Officer (CKO) Support |
FA 1
Top |
The
Chief Knowledge Officer is responsible for knowledge
management within an organization. They are senior corporate
executives with "knowledge" in their titles. In other words,
we could assume that they had been appointed specifically to
orchestrate a knowledge management program. They are all
first incumbents in the role, most having been in office
less than two years with their collective experiences. |
1.1.1
Informatics |
FA 1
Top |
The
study of information and the ways to handle it, especially
by means of information technology (e.g. computers and other
electronic devices). The study of the application of
computer and statistical techniques to the management of
information. |
1.1.2
Knowledge Management
|
FA 1
Top |
The use
of computer technology to organize, manage, and distribute
electronically all types of information, customized to meet
the needs of a wide variety of users. The information is
stored in a special database organizing, and storing
knowledge and experiences of individual workers and groups
within an organization and making it available to others in
the organization. |
1.2
Configuration Management and Licensing |
FA 1
Top |
|
1.3 Database Design
and Administration and Data Storage Management |
FA 1
Top |
Database Design -The function of composing records, each
containing fields together with a set of operations for
searching sorting, recombining, and other functions. This
includes determination of content, internal structure, and
access strategy for a database, as well as defining security
and integrity, and monitoring performance. A database is
considered to be a collection of information organized in
such a way that a computer program can quickly select
desired pieces of data. |
1.4
E-Business Planning and Support |
FA 1
Top |
|
1.5 Electronic Commerce (EC) and Electronic Data
Interchange Support |
FA 1
Top |
The
Subcontractor shall provide resources to support, define,
develop, and maintain electronic inter-organizational
business networks. EC functions include, but are not limited
to electronic exchange of requests for quotations, quotes,
purchase orders, notices of award, electronic payments,
document interchange, supporting databases, and other
activities associated with the procurement and payment
process. Guidance on the use of EC in the procurement
process can be found in the Federal Acquisition Regulation. |
1.6.1 IT Research and Development |
FA 1
Top |
|
1.6.2 Nanotechnology |
FA 1
Top |
A field of
science whose goal is to control individual atoms
and molecules to create computer chips and other
devices that is thousands of times smaller than
current technologies permit. |
1.7 Independent Verification and Validation |
FA 1
Top |
The
Subcontractor shall provide technical resources to define,
develop, and conduct Independent Validation and Verification
(IV&V) Tests to assess: 1) the capacity of BPR to improve
system services and capabilities; 2) Software Life Cycle
Management (SLCM) functions; 3) the support provided for
electronic commerce; and 4) other IV&V as required or
identified in TO. Validation tests shall be designed to
ensure that the software developed fully addresses the
requirements established to provide specific system
operation functions and capabilities. Verification testing
shall be designed to determine whether the software code is
logically correct for the operation functions for which it
was designed. It is expected that the operational areas
listed above will be subcontracted as separate IV&V tasks. |
1.8
Information Architecture Analysis and Web
Object Indexing |
FA 1
Top |
Analysis of the hardware and/or software, or a combination
of hardware and software, of a system. The architecture of a
system always defines its broad outlines, and may define
precise mechanisms as well. Web Object Indexing is a website
intended to enable a user to obtain other resources on the
web. The web index may contain a search facility or may
merely contain individual hyperlinks to the resources
indexed. |
1.9 Information Management Life Cycle Planning/Support
|
FA 1
Top |
|
1.10
Integration Support |
FA 1
Top |
Assistance in assembling diverse hardware and/or software
components together to work as a system. |
1.11
Internet System Architecture and Webmaster
Support |
FA 1
Top |
|
1.12 Mainframe/Data Processing System Support |
FA 1
Top |
|
1.13 Media/Training Center/Video Teleconferencing
Support |
FA 1
Top |
The
Subcontractor shall provide planning, analysis,
troubleshooting, integration, acquisition, installation,
operations, maintenance, training, documentation, and
administration services for multi-media and education
centers. The Subcontractor shall also maintain a centralized
technical assistance service that supports problem
resolution and distributes general multi-media and learning
information. |
1.14 Network Support (including Interdepartmental Data
Network (IDN), Local Area Networks (LAN), Wide Area Networks
(WAN), Internet access, etc.) |
FA 1
Top |
The
Subcontractor shall provide planning, analysis,
troubleshooting, integration, acquisition, installation,
operations, maintenance, training, documentation, and
administration services for all types of data networks,
including, but not limited to, enterprise systems, the
Interdepartmental Data Network (IDN) “backbone”, Local Area
Networks (LAN), Wide Area Networks (WAN), client-server,
Internet access, and videoconferencing. The Subcontractor
shall also maintain a centralized technical assistance
service that supports problem resolution and distributes
general network information. |
1.14.1 Connectivity and IT infrastructure Support
(including Data Networks, Interdepartmental Data Network
(IDN), Local Area Networks (LAN), Wide Area Networks (WAN),
Storage Area Networks (SAN) |
FA 1
Top |
|
1.15 Office Automation Support/Help Desk Support |
FA 1
Top |
|
1.16
Performance Measures and Metrics Planning |
FA 1
Top |
|
1.17 Seat Management |
FA 1
Top |
The
Subcontractor shall provide desktop computing as a service
and the Government will purchase these services as a utility
and will pay for them by the “seat.” The services include
the entire suite of hardware, COTS software, connectivity,
and support services required to deliver the support to the
desktop. |
1.18
Section 508 Compliance Assistance |
FA 1
Top |
Unless
specifically exempted, all task orders issued under this
subcontract shall comply with Section 508 of the
Rehabilitation Act Amendments of 1998 to ensure IT
accessibility to disabled persons. For information see the
web site at www.section508.gov. |
1.19 Supply Chain Management (Logistics) |
FA 1
Top |
The
design and management of seamless, value-added processes
across organizational boundaries to meet the real needs of
the end customer. The development and integration of people
and technological resources are critical to successful
supply chain integration. |
1.20 Systems Management Support |
FA 1
Top |
|
1.20.1 Information Systems Support |
FA 1
Top |
|
1.21 Technical Support |
FA 1
Top |
Computer Center Technical Support - The Subcontractor shall
provide planning, analysis, troubleshooting, integration,
acquisition, installation, operations, maintenance,
training, documentation, and administration services for
computer centers. The Subcontractor shall also maintain a
centralized technical assistance service that supports
problem resolution and distributes general computer center
information. |
1.23 Test and Evaluation Support |
FA 1
Top |
|
1.24 Training, Training Development, and Training
Center Support (including
Computer Based Training)
|
FA 1
Top |
|
1.24.2 Training Requirements Analysis and Planning |
FA 1
Top |
|
1.25 Virtual Data Center |
FA 1
Top |
VDC
provides a complete open-source, digital library system for
the management, dissemination, exchange, and citation of
virtual collections of quantitative data The VDC
functionality provides everything necessary to maintain and
disseminate an individual collection of research studies:
including facilities for the storage, archiving, cataloging,
translation, and dissemination of each collection. On-line
analysis is provided, powered by the R Statistical
environment. The system provides extensive support for
distributed and
federated collections including: location-independent naming
of objects, distributed authentication and access control,
federated metadata harvesting, remote repository
caching, and distributed ”virtual” collections of remote
objects.
Data
Warehousing - The Subcontractor shall coordinate the
collection of data designed to support management
decision-making. Data warehouses contain a wide variety of
data that present a coherent picture of business conditions
at a single point in time. Development of a data warehouse
includes development of systems to extract data from
operating systems plus installation of a warehouse database
system that provides managers flexible access to the data.
The term data warehousing generally refers to the
combination of many different databases across an entire
enterprise.
|
1.26 Anti-Virus Management Service (AVMS) |
FA 1
Top |
Anti-Virus Management Service enables the detection and
removal of system viruses. The service scans executable
files, boot blocks and incoming traffic for malicious code.
Anti-virus applications are constantly active in attempting
to detect patterns, activities, and behaviors that may
signal the presence of viruses. AVMS enables Agencies to
procure anti-virus capabilities that protect their
infrastructure. |
1.26.1 Intrusion Detection and Prevention Service
(IDPS) |
FA 1
Top |
Agency
enterprise networks, like their commercial counterparts,
continue to be challenged with increasing security risks.
Intrusion Detection and Prevention Service (IDPS) will serve
as a component of the Agency’s security infrastructure by
providing an extra layer of protection for its internal
networks. IDPS is a security offering that helps reduce
network service disruptions caused by malicious attacks. |
1.26.2
Virus Detection, Elimination, and Prevention |
FA 1
Top |
The
Subcontractor shall provide virus detection, elimination,
and prevention support. |
1.27 Biometrics |
FA 1
Top |
The
Subcontractor shall provide biometrics services including
the reading of the measurable, biological characteristics of
an individual in order to identify them to a computer or
other electronic system. Biological characteristics normally
measured include fingerprints, voice patterns, retinal and
iris scans, faces, and even the chemical composition of an
individual's perspiration. For the effective "two-factor"
security authorization of an individual to a computer
system, normally a biometric measure is used in conjunction
with a token (such as a smartcard) or an item of knowledge
(such as a password). Biometrics might include fingerprints,
retina pattern, iris, hand geometry, vein patterns, voice
password, or signature dynamics. Biometrics can be used with
a smart card to authenticate the user. The user's biometric
information is stored on a smart card, the card is placed in
a reader, and a biometric scanner reads the information to
match it against that on the card. This is a fast, accurate,
and highly secure form of user authentication. |
1.27.1 Smart Card Technologies |
FA 1
Top |
|
1.28 Computer Security Awareness and Training |
FA 1
Top |
The
Subcontractor shall provide computer security awareness and
training. |
1.28.1
Computer
Security Incident Response |
FA 1
Top |
|
1.28.2 Computer Security Planning |
FA 1
Top |
|
1.28.3 Security Policy Compliance |
FA 1
Top |
|
1.29 Disaster Recovery, Continuity of Operations, and
Contingency Planning |
FA 1
Top |
The
Subcontractor shall provide disaster recovery, continuity of
operations, and contingency planning support, including
those for software applications, which are processed on
various computer platforms (e.g., personal computers,
mainframes, and mini-computers. |
1.29.1
Hot-site and Cold-site Support Services |
FA 1
Top |
Subcontractor will provide disaster recovery sites, computer
systems, network resources and technical professional
services to support disaster recovery test exercises and
disaster recoveries within twelve (12) hours of a disaster
declaration, or when Government personnel occupy the
Subcontractor’s recovery facility, whichever is sooner.
Subcontractor personnel assigned to support the customer’s
recovery exercises and recovery events shall be U.S.
citizens and shall be subjected to background investigations
to determine suitability for employment, and receive
computer security awareness training in accordance with the
Computer Security Act of 1987.
|
1.29.2
Critical Infrastructure Protection |
FA 1
Top |
|
1.29.3 Incident Response Service (INRS) |
FA 1
Top |
n an effort to
combat cyber attacks and crime, Agencies intend to implement
Incident Response Service (INRS) as part of their
security portfolio. This offering is one of the security
tools that will help in responding to potential malicious
attacks that can lead to service disruptions. INRS allows
Agencies to complement their in-house security expertise, or
obtain outside assistance with a greater depth and breadth
of experience.
INRS is
comprised of both proactive and reactive activities.
Proactive services are designed to prevent incidents. They
include onsite consulting, strategic planning, security
audits, policy reviews, vulnerability assessments, security
advisories, and training. Reactive services involve
telephone and on-site support for responding to malicious
events such as Denial of Services (DoS) attacks; virus,
worm, and trojan horse infections; illegal inside
activities, espionage, and compromise of sensitive internal
agency databases. INRS provides an effective method of
addressing these security intrusions, thereby ensuring
operational continuity in case of attacks. In addition, INRS
provides forensics services that can assist in apprehending
and prosecuting offenders.
|
1.29.4 System Recovery Support Services |
FA 1
Top |
The
Subcontractor shall provide personnel resources to ensure a
system recovery capability that will support Government
goals and objectives. As a minimum, the Subcontractor must
provide the capability for hot-site/cold-site recovery of
all critical software programs and sensitive Government
information. The requirements for system recovery support
services will be based on the analysis of strategic planning
factors; the strengths and weaknesses of the system, as
obtained through threat assessment and risk analyses; and
cost and benefit trade-offs. System recovery support
services include, but are not limited to the capability to: |
1.30
Hardware and Software Maintenance and/or
Licensing |
FA 1
Top |
The
Subcontractor shall provide for software/hardware
maintenance and/or software licenses from 3rd party vendors
in support of tasks falling within this functional area. |
1.31 Independent Verification and Validation (Security)
|
FA 1
Top |
The Subcontractor shall provide technical resources to define, develop,
and conduct
Independent Validation and Verification (IV&V) Tests for
Mainframe Automation Information Security; Certification of
Sensitive Systems; and Security for Small Systems,
Telecommunications, and Client Server. Validation testing
shall be designed to ensure that the software developed
fully addresses the requirements established to provide
specific operation functions. Verification testing shall be
designed to determine whether the software code is logically
correct for the operation functions for which it was
designed. It is expected that the operational areas listed
above will be subcontracted as separate IV&V tasks. |
1.31.1
Certification of Sensitive Systems |
FA 1
Top |
The
Subcontractor shall provide support in the certification of
sensitive systems. |
1.31.2
Mainframe Automated Information Security
Support |
FA 1
Top |
The
Subcontractor shall provide operational and analytical
support related to security for mainframe information
assets. |
1.31.3 Security for Small Systems, Telecommunications,
and Client Service |
FA 1
Top |
The
Subcontractor shall provide security for small systems,
telecommunications, and client server support. |
1.32 Managed E-Authentication Service (MEAS) |
FA 1
Top |
Managed
E-Authentication Service (MEAS) provides Agencies with
electronic authentication services in order to seamlessly
conduct electronic transactions and implement E-Government
initiatives via the Internet. The service enables an
individual person to remotely authenticate his or her
identity to an Agency Information Technology (IT) system.
The service shall connect to Agency networking environments
including, but not limited to Agency Demilitarized Zones
(DMZs) and secure LANs. Managed E-Authentication Service
consists of hardware and software components that provide
for remote authentication of individual people over a
network for the purpose of electronic government and
commerce. The service provides for the electronic validation
and verification of a user’s identity and enables the use of
electronic signatures over the Internet and other public
networks. |
1.33
Managed Firewall Service |
FA 1
Top |
Agencies intend to implement Managed Firewall Service in
order to secure their internal networks. Similarly to
commercial enterprises, Agencies face increasing network
security risks, which they seek to mitigate. This offering
is one of the security tools that will help reduce service
disruptions caused by Service will prevent unauthorized
access to or from private networks, such as Local Area
Networks (LANs). |
1.34 Privacy Data Protection |
FA 1
Top |
|
1.35 Public Key Infrastructure (PKI) |
FA 1
Top |
A type
of electronic signature that is generally considered the
most reliable and secure. Digital signatures use public key
infrastructure (PKI) to authenticate the sender and verify
the information contained in the document. With the passage
of the electronic signatures act, digital signatures are
expected to become increasingly popular for exchanging
information, conducting transactions and signing
subcontracts over the Internet. The Subcontractor shall
provide a set of policies, processes, server platforms,
software, and workstations used to administer certificates
and public-private key pairs, including the ability to
issue, maintain, and revoke public key certificates. The
architecture, organization, techniques, practices, and
procedures that collectively support the implementation and
operation of a certificate-based public key cryptographic
system. The PKI consists of systems, which collaborate to
provide and implement the PCS and possibly other related
services. The term generally used to describe the laws,
policies, standards, and software that regulate or
manipulate certificates and public and private keys. In
practice, it is a system of digital certificates,
certification authorities, and other registration
authorities that verify and authenticate the validity of
each party involved in an electronic transaction. |
1.36 Secure Managed Email Service (SMEMS) |
FA 1
Top |
Secure
Managed Email Service (SMEMS) provides Agencies with a
complete secure and fully managed email security solution.
Email security solutions implemented at Agency gateways and
desktops usually attempt to handle events that have already
breached the network. Any delay in applying security updates
to this infrastructure exposes the network to rapid
outbreaks and dynamic threats. SMEMS offers an additional
layer of protection by proactively scanning and monitoring
email traffic at the Subcontractor’s security platform,
before it enters the Agency’s network. The service supports
email security functions such as Anti-Virus Scanning,
Anti-Spam Filtering, and Content Control. Security engines
are continuously updated to maintain effectiveness against
threats and inappropriate material. SMEMS works in
conjunction with existing Agency email systems, and is
implemented without additional investment in hardware and
software at Agency sites. |
1.37
Security Certification and Accreditation |
FA 1
Top |
|
1.38 Systems Vulnerability Analysis/Assessment and Risk
Assessment |
FA 1
Top |
|
1.38.1 Quantitative Risk Analysis of
Large Sensitive Systems |
FA 1
Top |
The
Subcontractor shall provide support in performing
quantitative risk analyses of large sensitive systems,
generally including the risk analysis package as an
attachment to the system security plan. |
1.38.2 Vulnerability Scanning Service (VSS) |
FA 1
Top |
Vulnerability Scanning Service (VSS) allows agencies to
conduct effective and proactive assessments of critical
networking environments, and correct vulnerabilities before
they are exploited. This offering helps to guard Agency
systems and network infrastructure against emerging threats. |
FUNCTIONAL AREA TWO (2)
2.1
System and Software Design, Development, and
Integration |
FA 2
Top |
|
2.1.1
Software Development
|
FA 2
Top |
A set
of activities that results in software products. Software
development may include new development, modification,
reuse, re-engineering, maintenance, or any other activities
that result in software products. Providing for project
management, planning, design, building and implementation of
client specific applications, taking responsibility for
achieving subcontractually specified results. |
2.1.2 System Design Alternative Studies |
FA 2
Top |
|
2.1.3 Software Distribution, Licensing, Maintenance |
FA 2
Top |
The
Subcontractor shall provide for software maintenance and/or
software licenses from 3rd party vendors in support of tasks
falling within this functional area |
2.2 Information Technology (IT) Strategic Planning,
Program Assessment,
and
Studies
|
FA 2
Top |
The
Subcontractor shall provide resources to support in the
development, analysis, and implementation of IT strategies,
architectures, program planning and assessment, and risk,
trade-off, requirements, alternatives, and feasibility
studies that advance the goals and objectives of the
Government. |
2.2.1
Feasibility Studies
|
FA 2
Top |
The
Subcontractor shall provide resources to facilitate
evaluation of a prospective project for the purpose of
determining if the project should be undertaken. Feasibility
studies normally consider the time, budget, and technology
required for completion. |
2.2.2 Information Technology (IT) Strategic Planning
and Mission Need Analysis |
FA 2
Top |
|
2.2.3 Information Technology Organizational Development
|
FA 2
Top |
|
2.2.4 Information Technology Program Analysis,
Assessments and Studies |
FA 2
Top |
|
2.2.5
Information Technology Research and
Development |
FA 2
Top |
The
Subcontractor shall provide the resources to identify and
research emerging technologies in the IT area. Based on this
research, the Subcontractor shall develop and evaluate
prototype solutions and present findings and recommendations
to the Government for their consideration. |
2.3
Automated Workflow System Development and
Integration |
FA 2
Top |
The
defined series of tasks within an organization to produce a
final outcome. Sophisticated workgroup computing
applications allow you to define different workflows for
different types of jobs. The workflow software ensures that
the individuals responsible for the next task are notified
and receive the data they need to execute their stage of the
process. |
2.4
Business Process Reengineering |
FA 2
Top |
The
Subcontractor shall provide resources to support in the
development, analysis, and implementation of improvements in
the flow of business, work, and program processes and tool
utilization. |
2.4.1 Benchmarking/Operational Capability
Demonstrations |
FA 2
Top |
|
2.5 Chief Information Officer (CIO) Support
|
FA 2
Top |
Typically, a CIO is involved with analyzing and reworking
existing business processes, with identifying and developing
the capability to use new tools, with reshaping the
enterprise's physical infrastructure and network access, and
with identifying and exploiting the enterprise's knowledge
resources. Many CIOs head the enterprise's efforts to
integrate the Internet and the World Wide Web into both its
long-term strategy and its immediate business plans. |
2.5.1 Enterprise Resource Planning Systems
Development and Integration |
FA 2
Top |
An
approach to organizational integration management that
relies on integrated application software to provide data on
all aspects of the enterprise, such as finance, inventory,
human resources, sales, etcetera. The objective of an
Enterprise Resource Planning Systems is to provide data,
when as needed, to enable an entity to monitor and control
its overall operation. |
2.5.2 Enterprise Resource Systems Management |
FA 2
Top |
|
2.5.3 Enterprise Resource Systems Planning |
FA 2
Top |
|
2.5.4 Information Assurance Activities |
FA 2
Top |
|
2.5.5 Information Operations |
FA 2
Top |
|
2.5.6 Inter/Intra-Agency Enterprise Resource Planning |
FA 2
Top |
|
2.6 Global Information Systems |
FA 2
Top |
|
2.7 Software Life Cycle Management (SLCM) |
FA 2
Top |
The
Subcontractor shall provide resources to support any or all
phases and stages of SLCM,
including planning, analysis, troubleshooting, integration,
acquisition, installation,
operation, maintenance, training, documentation, and
administration. The Subcontractor may be
responsible for obtaining and/or supporting the necessary
software, hardware,
firmware, resources, etc. required for a system project. |
2.7.1 Cost Benefit Analysis, Cost Effectiveness
Analysis |
FA 2
Top |
|
2.7.2
Risk Analysis and Assessment |
FA 2
Top |
|
2.7.3 Stakeholder Analysis |
FA 2
Top |
|
2.7.4 Total Cost of Ownership Studies |
FA 2
Top |
|
2.8 Software Engineering |
FA 2
Top |
The
Subcontractor shall provide software engineering support
(including planning, analysis, design, evaluation, testing,
quality assurance, and project management) in the
application of computer equipment through computer programs,
procedures, tools, and associated documentation. |
2.8.1
Software Quality Assurance |
FA 2
Top |
|
2.9 Customer Relationship Management |
FA 2
Top |
CRM
entails all aspects of interaction a company has with its
customer, whether it is sales or service related. |
2.10 Information Technology Architecture (ITA) Support |
FA 2
Top |
|
2.11
Infrastructure Quality Assurance |
FA 2
Top |
|
2.12 Instructional Design, and Modeling & Simulation |
FA 2
Top |
The
Subcontractor shall provide instructional design, and
modeling & simulation. Instructional Design is the
systematic development of instructional specifications using
learning and instructional theory to ensure the quality of
instruction. It is the entire process of analysis of
learning needs and goals and the development of a delivery
system to meet those needs. It includes development of
instructional materials and activities; and tryout and
evaluation of all instruction and learner activities.
Instructional Design is that branch of knowledge concerned
with research and theory about instructional strategies and
the process for developing and implementing those
strategies. Instructional Design is the science of creating
detailed specifications for the development, implementation,
evaluation, and maintenance of situations that facilitate
the learning of both large and small units of subject matter
at all levels of complexity. Instructional Design can start
at any point in the design process. Often a glimmer of an
idea is developed to give the core of an instruction
situation. By the time the entire process is done the
designer looks back and she or he checks to see that all
parts of the "science" have been taken into account. Then
the entire process is written up as if it occurred in a
systematic fashion. |
2.13
SCE/CMM/CMMI Analyses and Implementation
Support |
FA 2
Top |
SOFTWARE CAPABILITY EVALUATION (SCE)
--It may be necessary on certain task orders to perform
software capability evaluations (SCE). The Government may
use the SCE (see 1.5.1 and 1.5.2) developed by the Software
Engineering Institute (SEI) Carnegie Mellon University (CMU)
www.sei.cmu.edu , Pittsburgh, PA, 15213, in evaluating the
Contractor’s/Subcontractor’s task order proposal. The SCE
level required will be specified in individual task orders.
CAPABILITY MATURITY MODEL (CMM) --The Capability Maturity
Model for Software (or SW-CMM) is used for judging the
maturity of the software processes of an organization and
for identifying the key practices that are required to
increase the maturity of these processes.
CAPACITY MATURITY MODEL INTEGRATION (CMMI)
--The Capability Maturity Model Integration (CMMI) provides
models for achieving product and process improvement. The
output of the CMMI project is a suite of products, which
provides an integrated approach across the enterprise for
improving processes, while reducing the redundancy,
complexity and cost resulting from the use of separate and
multiple capability maturity models (CMMs). To improve the
efficiency of model use and increase the return on
investment, the CMMI project was created to provide a single
integrated set of models.
|
2.14 Anti-Virus Management Service (AVMS) |
FA 2
Top |
Anti-Virus Management Service enables the detection and
removal of system viruses. The service scans executable
files, boot blocks and incoming traffic for malicious code.
Anti-virus applications are constantly active in attempting
to detect patterns, activities, and behaviors that may
signal the presence of viruses. AVMS enables Agencies to
procure anti-virus capabilities that protect their
infrastructure. |
2.14.1 Intrusion Detection and Prevention Service
(IDPS) |
FA 2
Top |
Agency
enterprise networks, like their commercial counterparts,
continue to be challenged with increasing security risks.
Intrusion Detection and Prevention Service (IDPS) will serve
as a component of the Agency’s security infrastructure by
providing an extra layer of protection for its internal
networks. IDPS is a security offering that helps reduce
network service disruptions caused by malicious attacks. |
2.14.2
Virus Detection, Elimination, and Prevention |
FA 2
Top |
The
Subcontractor shall provide virus detection, elimination,
and prevention support. |
2.15 Biometrics |
FA 2
Top |
The
Subcontractor shall provide biometrics services including
the reading of the measurable, biological characteristics of
an individual in order to identify them to a computer or
other electronic system. Biological characteristics normally
measured include fingerprints, voice patterns, retinal and
iris scans, faces, and even the chemical composition of an
individual's perspiration. For the effective "two-factor"
security authorization of an individual to a computer
system, normally a biometric measure is used in conjunction
with a token (such as a smartcard) or an item of knowledge
(such as a password). Biometrics might include fingerprints,
retina pattern, iris, hand geometry, vein patterns, voice
password, or signature dynamics. Biometrics can be used with
a smart card to authenticate the user. The user's biometric
information is stored on a smart card, the card is placed in
a reader, and a biometric scanner reads the information to
match it against that on the card. This is a fast, accurate,
and highly secure form of user authentication. |
2.15.1 Smart Card Technologies |
FA 2
Top |
|
2.16
Computer Security Awareness and Training |
FA 2
Top |
The
Subcontractor shall provide computer security awareness and
training. |
2.16.1
Computer
Security Incident Response |
FA 2
Top |
|
2.16.2 Computer Security Planning |
FA 2
Top |
|
2.16.3 Security Policy Compliance |
FA 2
Top |
|
2.17
Disaster Recovery, Continuity of Operations,
and Contingency Planning |
FA 2
Top |
The
Subcontractor shall provide disaster recovery, continuity of
operations, and contingency planning support, including
those for software applications, which are processed on
various computer platforms (e.g., personal computers,
mainframes, and mini-computers. |
2.17.1
Hot-site and Cold-site Support Services |
FA 2
Top |
Subcontractor will provide disaster recovery sites, computer
systems, network resources and technical professional
services to support disaster recovery test exercises and
disaster recoveries within twelve (12) hours of a disaster
declaration, or when Government personnel occupy the
Subcontractor’s recovery facility, whichever is sooner.
Subcontractor personnel assigned to support the customer’s
recovery exercises and recovery events shall be U.S.
citizens and shall be subjected to background investigations
to determine suitability for employment, and receive
computer security awareness training in accordance with the
Computer Security Act of 1987.
|
2.17.2
Critical Infrastructure Protection |
FA 2
Top |
|
2.17.3 Incident Response Service (INRS) |
FA 2
Top |
n an effort to
combat cyber attacks and crime, Agencies intend to implement
Incident Response Service (INRS) as part of their
security portfolio. This offering is one of the security
tools that will help in responding to potential malicious
attacks that can lead to service disruptions. INRS allows
Agencies to complement their in-house security expertise, or
obtain outside assistance with a greater depth and breadth
of experience.
INRS is
comprised of both proactive and reactive activities.
Proactive services are designed to prevent incidents. They
include onsite consulting, strategic planning, security
audits, policy reviews, vulnerability assessments, security
advisories, and training. Reactive services involve
telephone and on-site support for responding to malicious
events such as Denial of Services (DoS) attacks; virus,
worm, and trojan horse infections; illegal inside
activities, espionage, and compromise of sensitive internal
agency databases. INRS provides an effective method of
addressing these security intrusions, thereby ensuring
operational continuity in case of attacks. In addition, INRS
provides forensics services that can assist in apprehending
and prosecuting offenders.
|
2.17.4 System Recovery Support Services |
FA 2
Top |
The
Subcontractor shall provide personnel resources to ensure a
system recovery capability that will support Government
goals and objectives. As a minimum, the Subcontractor must
provide the capability for hot-site/cold-site recovery of
all critical software programs and sensitive Government
information. The requirements for system recovery support
services will be based on the analysis of strategic planning
factors; the strengths and weaknesses of the system, as
obtained through threat assessment and risk analyses; and
cost and benefit trade-offs. System recovery support
services include, but are not limited to the capability to: |
2.18
Hardware and Software Maintenance and/or
Licensing |
FA 2
Top |
The
Subcontractor shall provide for software/hardware
maintenance and/or software licenses from 3rd party vendors
in support of tasks falling within this functional area. |
2.19 Independent Verification and Validation (Security) |
FA 2
Top |
The Subcontractor shall provide technical resources to define, develop,
and conduct
Independent Validation and Verification (IV&V) Tests for
Mainframe Automation Information Security; Certification of
Sensitive Systems; and Security for Small Systems,
Telecommunications, and Client Server. Validation testing
shall be designed to ensure that the software developed
fully addresses the requirements established to provide
specific operation functions. Verification testing shall be
designed to determine whether the software code is logically
correct for the operation functions for which it was
designed. It is expected that the operational areas listed
above will be subcontracted as separate IV&V tasks. |
2.19.1
Certification of Sensitive Systems |
FA 2
Top |
The
Subcontractor shall provide support in the certification of
sensitive systems. |
2.19.2
Mainframe Automated Information Security
Support |
FA 2
Top |
The
Subcontractor shall provide operational and analytical
support related to security for mainframe information
assets. |
2.19.3 Security for Small Systems, Telecommunications,
and Client Service |
FA 2
Top |
The
Subcontractor shall provide security for small systems,
telecommunications, and client server support. |
2.20 Managed E-Authentication Service (MEAS) |
FA 2
Top |
Managed
E-Authentication Service (MEAS) provides Agencies with
electronic authentication services in order to seamlessly
conduct electronic transactions and implement E-Government
initiatives via the Internet. The service enables an
individual person to remotely authenticate his or her
identity to an Agency Information Technology (IT) system.
The service shall connect to Agency networking environments
including, but not limited to Agency Demilitarized Zones
(DMZs) and secure LANs. Managed E-Authentication Service
consists of hardware and software components that provide
for remote authentication of individual people over a
network for the purpose of electronic government and
commerce. The service provides for the electronic validation
and verification of a user’s identity and enables the use of
electronic signatures over the Internet and other public
networks. |
2.21 Managed Firewall Service |
FA 2
Top |
Agencies intend to implement Managed Firewall Service in
order to secure their internal networks. Similarly to
commercial enterprises, Agencies face increasing network
security risks, which they seek to mitigate. This offering
is one of the security tools that will help reduce service
disruptions caused by Service will prevent unauthorized
access to or from private networks, such as Local Area
Networks (LANs). |
2.22 Privacy Data Protection |
FA 2
Top |
|
2.23
Public Key Infrastructure |
FA 2
Top |
A type
of electronic signature that is generally considered the
most reliable and secure. Digital signatures use public key
infrastructure (PKI) to authenticate the sender and verify
the information contained in the document. With the passage
of the electronic signatures act, digital signatures are
expected to become increasingly popular for exchanging
information, conducting transactions and signing
subcontracts over the Internet. The Subcontractor shall
provide a set of policies, processes, server platforms,
software, and workstations used to administer certificates
and public-private key pairs, including the ability to
issue, maintain, and revoke public key certificates. The
architecture, organization, techniques, practices, and
procedures that collectively support the implementation and
operation of a certificate-based public key cryptographic
system. The PKI consists of systems, which collaborate to
provide and implement the PCS and possibly other related
services. The term generally used to describe the laws,
policies, standards, and software that regulate or
manipulate certificates and public and private keys. In
practice, it is a system of digital certificates,
certification authorities, and other registration
authorities that verify and authenticate the validity of
each party involved in an electronic transaction. |
2.24
Secure Managed Email Service |
FA 2
Top |
Secure
Managed Email Service (SMEMS) provides Agencies with a
complete secure and fully managed email security solution.
Email security solutions implemented at Agency gateways and
desktops usually attempt to handle events that have already
breached the network. Any delay in applying security updates
to this infrastructure exposes the network to rapid
outbreaks and dynamic threats. SMEMS offers an additional
layer of protection by proactively scanning and monitoring
email traffic at the Subcontractor’s security platform,
before it enters the Agency’s network. The service supports
email security functions such as Anti-Virus Scanning,
Anti-Spam Filtering, and Content Control. Security engines
are continuously updated to maintain effectiveness against
threats and inappropriate material. SMEMS works in
conjunction with existing Agency email systems, and is
implemented without additional investment in hardware and
software at Agency sites. |
2.25
Security Certification and Accreditation |
FA 2
Top |
|
2.26
Systems Vulnerability Analysis/Assessment and
Risk Assessment |
FA 2
Top |
|
2.26.1 Quantitative Risk Analysis of Large Sensitive
Systems |
FA 2
Top |
The
Subcontractor shall provide support in performing
quantitative risk analyses of large sensitive systems,
generally including the risk analysis package as an
attachment to the system security plan. |
2.26.2 Vulnerability Scanning Service (VSS) |
FA 2
Top |
Vulnerability Scanning Service (VSS) allows agencies to
conduct effective and proactive assessments of critical
networking environments, and correct vulnerabilities before
they are exploited. This offering helps to guard Agency
systems and network infrastructure against emerging threats. |
|