DRAFT STATEMENT OF WORK

kindlyminnowNetworking and Communications

Oct 26, 2013 (4 years and 15 days ago)

124 views




1

DRAFT S
TATEMENT OF WORK


For


SECURITY & HAZARDOUS MATERIALS (ASH)

INFORMATION TECHNOLOGY SUPPORT SERVICES



1.0

BACKGROUND


Security and Hazardous Materials' (ASH) mission is to provide quality services to ensure and
promote aviation safety in support of nati
onal security and the national aerospace system. To
that end, ASH supports a number of programs to include Internal Security, Hazardous
Materials, and Emergency Operations.


Internal Security programs are the administrative, regulatory and criminal investi
gative
security and security risk management programs that are designed to provide personnel,
operational, facility, and asset security risk management safeguards. These programs include
Contractor Security, Personnel Security, Security Risk Management, S
ecurity of Classified
Information, Communications Security (COMSEC), and Investigations. The FAA Security
Program is responsible for the provision of security risk management support in these program
areas to all of FAA’s 48,000 employees, and to the phys
ical assets and operational capability
represented by FAA’s more than 1,000
-
staffed facilities and 10,000 un
-
staffed facilities, and
currently include:


-

Investigations Program

-

Drug Investigations Support Program (DISP)

-

Personnel Security Program

-

Industrial

Security Program (ISP)

-

Identification Media Program (HSPD
-
12)

-

Physical Security Program

-

Hazardous Materials Program

-

Hazardous Materials Outreach Program

-

Hazardous Materials Inspections and Assessments

-

Communications Security (COMSEC) Program

-

Information S
ecurity (INFOSEC) Program

-

Emergency Operations Program

-

Continuity of Government Program

-

Washington Operations Center

-

Computer Forensics Program



ASH has a major investment in information technology hardware and software systems for
managing programs and i
nformation regarding FAA facilities inspections, internal and external
investigations, ASH resources, and policies and plans. This Statement of Work describes the
services required to support the ASH information management systems and hardware/software
pl
atform.




2


2.0

SCOPE OF WORK


The scope of this contract is to provide a variety of current and future IT operational support
services to the ASH organization.


The contractor shall provide services in the areas of desktop/email/application helpdesk
support,

local area network (LAN) support, wide area network (WAN) support, web
applications (internet/intranet/extranet) operational and engineering support, application
development and maintenance support, security accreditation and certification support, and
sp
ecialized program support (General, HSPD12 related, classified system support, and
Computer Forensics related).

The contractor shall provide the appropriate personnel to perform the following major services:

2.1

Configure and install hardware and software pro
ducts, updates and upgrades on desktop
computers and network servers.

2.2

Respond to technical services requests to correct hardware and software problems on
desktop computers, laptops, PDAs and peripheral devices.

2.3

Operational support for the electronic mail s
ystem.

2.4

Operational application helpdesk support for ASH national web applications, FAA
enterprise applications, and HSPD12 related applications used by DOT contractors and
employees.

2.5

LAN/MAN/WAN daily operation, monitoring, and maintenance.

2.6

Engineering pla
nning and design services for improvement of LAN/MAN/WAN.

2.7

Provide operational support for Internet/Intranet/Extranet and World Wide Web services
used by ASH.

2.8

Design, prototype, develop, integrate, install, configure, maintain, administer, and other
technic
al support for hardware and software related to LAN/MAN/WAN,
internet/intranet/extranet, and telecommunications.

2.9

Operate a laptop loan pool.

2.10

Perform network
-
based detection of viruses and unauthorized software and facilities to
counter/eliminate/control.

2.11

Design, prototype, develop, operate, and maintain web servers to host websites and web
-
based applications (production, development and test mode).

2.12

Design, prototype, develop/code, test, implement, document, and maintain websites and
applications develope
d to support local, national, and specialized ASH programs.

2.13

Document system vulnerabilities and utilize computer security incident response tools,
and maintain a clearinghouse of relevant security information.

2.14

Conduct assessment, certification, and accre
ditation of ASH information systems and
networks.




3

2.15

Provide operational and data entry support for the security and badging center at FAA HQ
and other designated locations.

2.16

Provide technical and program management support for the HSPD12 Program
Management
office.

2.17

Provide technical support for the ASH Computer Forensics program.

2.18

Provide technical support for the classified systems operated by AEO.

2.19

Provide technical liaison between headquarters, region, and field staffs regarding efficient
and effective ma
nagement of programs and systems.

2.20

Represent the ASH IRM Division at technical meetings and telecons which address
information technology plans and procedures.

2.21

Develop training materials and user manuals and conduct training and demonstration
sessions for

new/upgraded software applications.

2.22

Other
operational, planning and program support as requested by Government customer.

2.23

The
contractor shall provide information technology services to assist the government
personnel supporting the aviation security pro
grams.

2.24

The contractor shall supply qualified personnel to satisfy all areas of the information
technology support services and establish an effective management organization to support
the major areas of support specified in this Statement of Work.



3.
0

REQUIREMENTS


The c
ontractor shall provide information technology oper
ations support services in the
following

primary functional areas: 1) Desktop administration, E
-
mail, and Application
helpdesk support, 2) Network services support and maintenance, 3
) Web systems operations
support, 4) Application Development/Maintenance support, 5) Information Security services,
6) Program Management support (General support, HSPD12 and Program Management Office
Support, Classified System Support, and Computer For
ensics Support). The contractor shall
also provide 7) Monthly Status Reports and 8) Automated Reports.


Government personnel working in support of these areas operate as integrated product teams,
shifting resources, staff, and expertise as required for op
timal efficiency and output. The
contractor shall provide similar assistance, with staff and resources supporting more than one
functional area as required to achieve optimal expert support and efficient use of staff labor.


3.1

Labor Categories and Skill

Sets:


The contractor shall provide and maintain support
personnel with appropriate and relevant skills, including contractor provided ongoing requisite
training, to successfully complete all required tasks.



3.2

Documentation:

The contractor shall updat
e and maintain all pertinent Government
documentation for each IT functional area and facility as described herein, including but not



4

limited to the following: vendor COTS documentation, product specifications, site
plans/topologies, system manuals, deskto
p application manuals, standard operating procedures,
vendor application documentation, testing, quality assurance, contingency operations, backup,
recovery, and restart procedures; and all other documentation required by FAA government
personnel. Document
ation should be available in hard copy and electronic format.



3.3

TASK 1


DESKTOP ADMINISTRATION, E

MAIL SUPPORT, and
APPLICATION SUPPORT


ASH supports approximately 100 users at FAA HQ facility (3
rd

floor, 10
th

floor). The users use
predominantly Dell de
sktops with either Windows 2000 or Windows XP. Users in ASH use
the FAA standard Lotus Notes product for all their messaging needs. Microsoft Office suite of
products is the established standard for business productivity applications.


The Contractor shall

provide planning, analysis, troubleshooting, integration, acquisition,
installation, operations, maintenance, limited training, documentation, and administration
services for end
-
user desktops supported by ASH organization.


Desktop administration, email
support and application support services for ASH include, but
are not limited to, the following:


3.3.1

Desktop Administration and Maintenance
-

Provide testing, installation, operation,
maintenance, management of configuration control, integration, and administ
ration
services for desktop systems.


3.3.2


Installation and Maintenance of Hardware and Software
-

Install, troubleshoot and
maintain hardware and software. This includes hardware repairs with government
furnished equipment (GFE), replacement of hardware such

as communications
cards and hard drives and installation of Commercial
-
Off
-
The
-
Shelf (COTS)
packages for ASH specific applications.


3.3.3

User Support
-

Provide user guidance and support with PC problems, including
applications software, connectivity problem
s and other possible operational and
software (ASH approved) functionality problems/questions.


3.3.4

Maintain Help Desk
-

Maintain a help desk operation on a 24x7x365 basis at the
main site.



3.3.4.1

Operate a helpdesk to provide desktop, email, and productivity sof
tware
support to nearly 100 end users at FAA HQ facilities.


3.3.4.2

Operate a help desk to support national ASH web applications (approx. 30
applications).





5

3.3.4.3

Operate a helpdesk for Facility Security Awareness Virtual Initiative
(SAVI) and Electronic Questionnaire
for Investigations Processing
Systems (EQIP) for 48,000 FAA employees and the support contractors.


3.3.4.4

Operate a helpdesk for HSPD12 related applications for DOT employees
and the support contractors (including IDMS, CMS, PKI/SSP, and other
specialized appl
ications).


3.3.5

Resolve Hardware and Software Problems
-

Provide testing, installation,
maintenance, management of configuration control, and administration services for
the ASH hardware, OS, and client applications that include, but are not limited to:


Ha
rdware:

Dell, Gateway, IBM and HP compatible PCs and laptops through Pentium III based
systems, ISA and EISA bus configurations; CD Towers; Hewlett Packard, Tektronix
and IBM laser/color printers; Hayes
-
compatible modems; UPS units, and PDAs.


Operating Sy
stems:

Windows XP, Windows 2000 Professional, Windows NT 4.0 Workstation, Windows
95, and Windows 98.


Software:

Microsoft Office 97 through Office 2003, Lotus Notes, Dynacomm Elite, Citrix
Metaframe
\
Winframe client, cc:mail client, Netscape Composer, I
nternet Explorer, PC
-
Tools, WinFax Pro, and Adobe.


3.3.6

Support Loan Pool
-

Provide support for user briefings that include, but not limited
to, setting up projectors, laptops/and or desktop systems with standard and/or
special applications. Track loan pool e
quipment, including loan
-
schedules, and
condition of equipment. Assure the equipment is in good working condition before
loaning equipment to users.


3.3.7

Inventory and Configuration Management
-

Maintain inventory (for hardware and
software) and maintain confi
guration management standards, as established by
ASH.


3.3.8

Security Compliance
-

Maintain security measures per ASH security policies and
procedures. Perform detection of viruses and unauthorized software and facilities to
counter/eliminate/control.


3.3.9

User Trai
ning
-

Develop training materials and user manuals and conduct training
and demonstration sessions for new/upgraded software applications.


3.3.10

Documentation


Maintain Government documentation in help desk software on
how software/hardware is installed. Docum
ent help desk procedures, call escalation
procedures, standard operating procedures and backup procedures.




6


3.3.11

Recommend Emerging Technologies
-

As directed by the CO/COTR, evaluate
hardware, firmware, peripherals, software packages for potential use by ASH,
and
provide recommendations for their integration into the operational environment.



3.4

TASK 2


NETWORK SERVICES SUPPORT & MAINTENANCE (LAN SERVICES)


ASH maintains a LAN environment to provide file and print services for the 100+ users
located at the head
quarters location in Washington DC. The selected contractor will be
responsible for daily operations of the Windows 2000 servers comprising the ASH HQ LAN
and related environment. In addition, ASH is currently planning to consolidate its nine (9)
regional
LAN s into three (3) LANs. It is envisioned that the selected contractor will provide
daily operational support for the consolidated LANs


after transition


from the ASH HQ
location.


The Contractor shall assist the Government personnel in providing plan
ning, analysis, design,
acquisition, installation, integration, operations, maintenance, monitoring, troubleshooting,
documentation, and administrative services for all types of data networks, including but not
limited to, enterprise systems, premise wirin
g, backbones, LAN, WAN, client
-
server, and
Intranet/Internet/Extranet access.


Network services support and maintenance for ASH include, but are not limited to, the
following:



3.4.1

Network Administration
-

Analyze network and oversee performance of network
an
d associated equipment to include maintenance of existing and planned
LAN/WAN connections, software and hardware systems providing LAN/WAN
connectivity, topologies and operating systems.


3.4.2

Network Backup Administration
-

Provide support services to maintain

and ensure
backup and restore capabilities on diverse computer platforms, such as networks
and client
-
server environments. This is to include the archiving of critical data sets
to media, such as tape, optical disc and/or disk cartridges.


3.4.3

Installation a
nd Maintenance of Network Hardware and Software
-

Deploy, install,
operate, maintain, and assist in configuration management of network hardware and
software.


3.4.4

Telecommunications Administration, Support and Maintenance
-

Work with the
FAA building operati
ons and telecom organizations to address backbone, WAN,
hardware, protocol issues. Manage IP addresses for the organization.


3.4.5

Network Room Operations


Maintain and support the Computer Network Room
operations including system backups, environmental monit
oring, connectivity, UPS,
communications equipment, racks, hubs, routers, switches and all other equipment,



7

software and hardware located within the Network Room.


3.4.6

Inventory and Configuration Management
-

Maintain inventory for hardware and
software accord
ing to ASH policy. Maintain Configuration Management Standards,
as established by ASH.


3.4.7

Security Compliance
-

Maintain security measures per ASH security policies and
procedures.
Perform network
-
based detection of viruses and unauthorized software
and faci
lities to counter/eliminate/control.


3.4.8

Network Monitoring
-

Assist in the analysis and assessment of network equipment
and performance of equipment to include hardware, software and technical changes.


3.4.9

Network Maintenance
-

Provide testing, installation, ma
intenance, management of
configuration control, and administration services for ASH hardware and operating
systems. The following is a representative list and not limited to:



Hardware:

Compaq, HP and Dell servers, Ethernet, Hayes
-
compatible modems; Cab
letron and
AT&T Network hubs; 3Com; XIRCOM, and Network Access Units (Network Interface
Cards).


Operating Systems:

Windows 2000, Windows NT 4.0 Server, Windows 2003, Active Directory, TCP/IP,
IPX/SPX.


3.4.10

Applications Support and Maintenance


Provide test
ing, installation, maintenance,
management of configuration control, and administration services for applications
software. The following is a representative list but is not limited to: Acquire;
Acquisition Management System, Travel Manager; ASH Correspon
dence Control, and
Tracking System, Executive Information System (EXIS), Automated Human Resource
Information System (AHRIS), FAA Employee Directory (FAADIR), Selection Within
Faster Times (SWIFT), Planning & Implementation Development Services, (Ontime),
FAA Identification Media System (IMS), Personnel Payroll System (FPPS), Checked
Baggage System, and Information Security (Infosec) awareness.


3.4.11

Documentation


Maintain Government documentation on how software/hardware is
installed. Document standard opera
ting procedures and backup procedures. Maintain
updates as changes occur within operating network environment.


3.4.12

Recommend Emerging Technologies
-

As directed by the CO/COTR, evaluate
hardware, firmware, peripherals, software packages for potential use by
ASH, and
provide recommendations for their integration into the environment.


3.4.13

Specific/Special Tasking
-

Specific tasking support for ASH includes, but is not limited
to, configuring and deploying new hardware and software throughout the organization;



8

and

other tasks as directed by the CO/COTR.


3.4.13.1

Physical Relocation of Equipment
-

ASH may have specific requirement to
relocate servers and server peripherals. The Contractor shall support ASH in
physical relocation of equipment and shall configure, troublesho
ot and render
operational servers and all hardware and software, as agreed to by the
Contractor and the COTR.

3.4.13.2

Establish a Common Drive to be shared users located across all nine (9) LANs

3.4.13.3

Consolidate nine (9) LAN into three (3) LANs.

3.4.13.4

Daily operational and
backup support for the HQ LAN and the consolidated
regional LANs after consolidation from the HQ location.



3.5

TASK 3


WEB SYSTEMS OPERATIONS SUPPORT


ASH operates the Internal Web Portal Environment and the External Web Portal Environment
that encompass a
number of business applications. The selected contractor will be responsible
for operating and maintaining the application support servers needed to host ASH web
applications (approximately 30), FAA enterprise applications (SAVI FSRM and eQIP), and
DOT app
lication (HSPD 12 related applications such IDMS, CMS, and other specialized
applications)


The selected contractor will be responsible for daily operational support of the servers, SAN,
switches, routers, and PIX firewall equipment at the production facil
ity (ASH HQ), primary
fail over (L’Enfant Plaza), and secondary failover location (Oklahoma City, OKC). Key
technologies used within this environment currently include Windows 2003 Advanced Server,
MS SQL Server 2000, Procomm SAN, COTS (eTrust Siteminder,
Akiva web boards, Seagate
Crystal Reports, Cisco PIX, Cisco Secure, and Cisco ASA).


The contractor shall provide planning, analysis, troubleshooting, integration, installation,
operations, maintenance, training, documentation, and administrative services
for the ASH’
web servers, internet/intranet/extranet deployments, internal and external connectivity access,
and enterprise scale internet technology deployments.


Web System Operation services support and maintenance for ASH include, but are not limited
t
o, the following:


3.5.1

Installation and Maintenance of Network Hardware and Software
-

Deploy, install,
operate, maintain, and assist in configuration management of network hardware and
software.


3.5.2

Telecommunications Administration, Support and Maintenance
-

Wo
rk with the
FAA building operations and telecom organizations to address backbone, WAN,
hardware, protocol issues. Manage IP addresses for the organization.


3.5.3

Communications and Connectivity Maintenance and Support


Perform network



9

communications and conn
ectivity maintenance, including coordination with agency
groups, telephone companies, internet service providers (ISP), and maintenance
vendors to acquire, install, integrate, coordinate, and resolve data communication
and connectivity issues and problems.


3.5.4

Network Room Operations


Maintain and support the Computer Network Room
operations including system backups, environmental monitoring, connectivity,
UPS, communications equipment, racks, hubs, routers, switches and all other
equipment, software and hard
ware located within the Network Room.


3.5.5

ID Administration and Management
--

Define, develop, manage and administer
user ID’s, passwords and security keys (public/private, unique) in compliance with
FAA standards, policies and procedures.


3.5.6

Address Administra
tion


Administer and maintain network and server addresses in
compliance with FAA addressing standards, policies and procedures, utilizing
COTS applications if necessary. Maintain the Domain Naming Services (DNS) for
both internet and intranet usage.


3.5.7

Aut
hentication Server Administration


Analyze, develop, install, integrate,
configure, implement, operate, administer and maintain firewall and proxy server
tables, registrations, SSL, certificate servers, Siteminder authentication server,
remote access serv
er as directed by the CO/COTR.


3.5.8

Inventory and Configuration Management
-

Maintain inventory for hardware and
software according to ASH policy. Maintain Configuration Management Standards,
as established by ASH.


3.5.9

Applications Support and Maintenance
-

Provi
de testing, installation, maintenance,
management of configuration control, and administration services for applications software.


3.5.10

Performance Monitoring


Analyze and assess equipment and performance
degradation, including determination of hardware, so
ftware, networking, and/or
technical changes to meet operating requirements.


3.5.11

Detect and Remove Viruses
-

Perform network
-
based detection of viruses and
unauthorized software to counter/eliminate/control access to LAN/MAN/WAN.
Identify, isolate, neutralize
, and be responsible for handling the spread of malicious
programs (viruses, worms, Trojan Horses) infecting the client organization’s
systems and/or networks. Perform research on viruses.


3.5.12

Network Backup Administration
-

Provide support services to mainta
in and ensure
backup and restore capabilities on diverse computer platforms, such as networks
and client
-
server environments. This is to include the archiving of critical data sets
to media, such as tape, optical disc and/or disk cartridges.


3.5.13

Documentatio
n
-

Maintain Government documentation on how software/hardware



10

is installed. Document standard operating procedures and backup procedures.
Maintain updates as changes occur within operating network environment.


3.5.14

Recommend Emerging Technologies
-

As direct
ed, evaluate hardware, firmware,
peripherals, software packages for potential use by ASH, and provide
recommendations for their integration into the environment.


3.5.15

Specific/Special Tasking
-

Specific tasking support for ASH includes, but is not
limited to,
configuring and deploying new hardware and software throughout the
organization and other tasks as directed by the CO/COTR.


3.5.15.1

Planning


The Contractor shall assist in the planning and development of
HSPD12 requirements for existing and future IT services a
nd develop
plans for the future consolidation, migration, and upgrades of services
(consolidating servers and upgrading operating systems). The Contractor
shall support ASH in the development of plans as tasked and agreed to by
the

Contractor and the COTR
.


3.5.15.2

Physical Relocation of Equipment
-

ASH may have specific requirement
to setup or relocate servers and server peripherals to establish the main or
failover site to host HSPD12
-

IDMS related applications. The Contractor
shall support ASH in physical rel
ocation of equipment and shall configure,
install, integrate, setup, troubleshoot, maintain and render operational
servers and all hardware and software, as agreed to by the Contractor and
the COTR.



3.6

TASK 4


APPLICATION DEVELOPMENT/MAINTENANCE SUPPORT


A
SH has a major investment in secure, web
-
based applications and systems since 1997. ASH
relies extensively on these major applications to perform functional work and support its daily
operations. All web applications used by ASH organization have been deve
loped by using ASP
2.0, ASP 3.0, ASP.net, Javascript, VBScript, SQL stored procedure, and Crystal Reports; and
operate on MS IIS webserver on a Windows 2003 server. Currently, the list of major ASH web
applications includes:


1.

ASH Portals Page

--

ASH is a c
omplete web
-
based environment. The portals page is
the starting point for all ASH employees. From this page, employees can get to the
Office Suite, on
-
line phone book, email, calendar, LDR information, other applications,
training and messaging services.

2.

Security Awareness Virtual
I
nitiative (SAVI)


SAVI
is a
508
-
compliant,
web
-
based
training system for facility security designed by ASH for all FAA employees and
Contractors. The main objectives of SAVI are to provide a general knowledge of
facility secur
ity topics, help us recognize a potential security hazard, help us take a role
in protecting each other and our facilities, and meet the annual Security Education



11

Awareness requirements contained in FAA Order 1600.69B, FAA Facility Security
Management Prog
ram, for Facility Security"
.

3.

Facility Security Reports System (FSRS)

-

FSRS is an information management system
which is designed to capture, process, and report information related to FAA facilities,
physical security assessments, comprehensive and suppl
emental inspections,
communications security, classified/SSI, incidents, STE/STU III, accreditation,
quarterly reports, and inspector reports. Also, the system has the audit capability on the
major modules like assessment, inspection, and facility.

4.

The I
nvestigations Tracking System (ITS)

-

ITS monitors the status of a wide range of
personnel investigations. These investigations include potential applicants, personnel
security information about military personnel and contract employees assigned to the
FA
A, non
-
employees, and a record of investigations.

5.

Identification Management System
(IMS)


IMS
is a

secure, web
-
based application for

issuance

of identification badges to employees and contractors nationwide
. Th
is
application
supports
user administration,

card management, and card
issuance and
guard lookup. The system
authenticates

an employee or contractor from
the
Investigations Tracking System (ITS)
before issuing

a card. The sy
stem is designed to
support centralized administration, management, issuance
, and printing of identification
badges
.

It will include interfaces with third party card management system and
PKI/SSP specialized services that will be procured separately by ASH.

6.

Dangerous Goods System (Web
-
DG)

-

Web
-
DG supports the Hazardous Materials
and
Enforcement Program in ASH. The primary goal is to ensure that there are no fatalities
from improperly shipped hazardous materials in U.S. air commerce, and to that end,
key results include a decrease in the number of declared and undeclared hazardous

materials incidents
per

million revenue ton miles, and a better educated public,
industry, and carriers.

7.

PASS


It is the c
entral Repository of ASH Personnel

and
is replicated with Siteminder
database. As Siteminder is the security software used by ASH t
o protect its websites,
PASS is the central gateway for any individual's access to ASH systems. It primarily
stores ASH Individual's Contact, Account and Group access information.

8.

Creds


It is a secure, web
-
based application

that is used to issue credenti
als to Special
agents, investigators, hazardous material specialist, managers, field officers, airport
safety inspectors.

9.

HR
--

Used by ASH
-
HR department to provide HR related information to its
employees.

10.

Security Information Reference System II

(SIRS II)

-

SIRS II is a web based on
-
line
repository of non
-
classified, yet sensitive information related to ASH users that can
only be accessed by authorized users. SIRS II provides a more effective way to manage
documents. A user is able to add/update/replace a
document. Document

can be in any
format (documents, i
mage
s,

email
s, etc)
. Any document entered into the system is



12

converted to searchable PDF and upon approval of the document
-

it is available to
users for search
es
. Documents are stored in the repository
for
easy s
earch

and retrieval
.


11.

ASH Business Plan Builder
--

Helps ASH to track business plan activities for the
current fiscal year by tagging them Red/Yellow/Green and giving Action Plan and
Remarks about the same. Statuses are entered on a monthly basis
. Report for past
statuses and activit
i
es can be viewed from the FAQ section.

12.

Executive Information System (EXIS)


This is a near
-
360 degree program summary
for internal ASH managers. This system collates data from all ASH applications and
generates a num
ber of reports for ASH managers to support their decisions. Outputs are
generated through graphs, charts, and numerical reports.

13.

BOOK$
--

This is a secure, web
-
based system for disbursing and tracking ASH budget.
The system replaced information stored in
multiple spreadsheets. Based on information
entered, BOOK$ provides ASH management with high level, real
-
time financial
information such as budget allocations, burn rates, and resource commitments by
region, center, quarter, and/or fiscal year.

14.

Correspond
ence Management System (CMS)
--

This system is used to track the status
of correspondence within ASH. The system gives management the ability to easily
track exactly where a specific correspondence is within ASH.

15.

Training


This i
s a
web

application
used
by
ASH training division

(ASH
-
20
). It
currently has
training information

for Managers, General T
raining, CGP (Continuo
us
Growth Program), HAZMAT, Internal Security, Investigations and Personnel Security.
It also
tracks information for
the ASH Model Program

and ASH Developmental
assignment locator applications.


16.

ASH Developmental Assignment Locator
--

Helps ASH Training to submit
developmental assignment entries and POC for the same. Any new entry (or update of
an entry) would send emails to relevant individ
uals

17.

Staffing

--

The application maintain
s

personnel
related information for all ASH offices.
Divisional managers and Office administrators
have
access to it

only within ASH
. The
application helps track personnel data, authorized position information
,

and
has
numerous reports that help

office administrators
.


18.

Declassification Review System


FAA stores classified materials at different
locations. This system is used to scan and keep track of the documents that are marked
as declassified by FAA at a centrali
zed location.

19.

Model Program
--

Application is designed for the ASH Model Program. It currently
consists of 10 fill in forms each having its own workflow. Some forms are provided as
word/pdf/xls documents which may be converted to online version in future

Model
Programs. Some forms could be viewed by all participants. It has other facilities such
as Calendar planning, Search and Summary Reports, Message posting and commenting



13

on the website features. Information is stored in Training database since this is

an ASH
Training application

20.

Policy Manual
--

Used for storing HR policy documents. Has
capability

for scanning.
All documents are currently stored in SQL server database.


21.

Region Info


It

i
s for providing a Regional version of what

s

new page. Administra
tors
in

specific regions can submit, order, disable documents. All documents are stored in
SQL server.

22.

Web boards


Acts as a discussion forum for the Headquarters and Regional WebDG
users. Users can post their comments and selected users can upload docum
ents to the
web boards.

23.


Messaging Service


It

i
s used for sending mass messages via Email or Text
Messaging from information stored in PASS database. It

i
s very helpful for ASH
Managers to send messages to group of individuals.


24.

Duty Roster


Used to en
ter who is the duty officer on duty. Duty Roster Email alerts
are scheduled on a weekly basis (every Monday) to alert who is the officer on duty.

25.

Task Tracker


This Application helps keeps track of Tasks assigned to individuals in
A
IN500. Email alerts a
re scheduled every Monday to provide alerts about pending
tasks still open.

26.

Requirements Tracking System


This application is used to
capture
AIN500’s
application development requirements. This system

automates the process that AIN
-
500 follows to develop
the applications requested by the customers. Email alerts are
sent to the designated person at each level of application development phase. This is
used by developers, Program Managers and customers assigned to different
applications.

27.


ASH Calendar
--

This

Calendar System is intended for tracking high level, major
events only. This is not a personal calendar, so any event entered is seen by all of ASH
nationwide. Events are ordered by Headquarters, Facility Security, Hazardous
Materials, Investigations and
Regional.

28.

Leave Scheduler


Used by all Regions to track availability of individuals in ASH. A
user selects who all's availability status (such as Leave, RDO, and Travel etc.) One is
interested in tracking and he/she gets daily/weekly/monthly email alerts

based on user's
choice. The system also provides Calendar layout for user friendly printouts

29.

ASH Helpdesk
--

Used by the Helpdesk at ASH to enter and track Helpdesk
information based on the Calls received by the help desk attendant. Weekly emails are
sche
duled for ASH Managers so that they are informed of statuses of Helpdesk calls.

30.

Other application systems as needed to meet ASH business requirements for
Investigations Program, Drug Investigations Support Program (DISP), Personnel



14

Security Program, Indust
rial Security Program (ISP), Identification Media Program,
Physical Security Program, Hazardous Materials Program, Hazardous Materials
Outreach Program, Hazardous Materials Inspections and Assessments,
Communications Security (COMSEC) Program, Information
Security (INFOSEC)
Program, Emergency Operations Program, Continuity of Government Program, and
Washington Operations Center.


Application and website development services required by ASH may include, but are not
limited to, the capability to perform syste
m analysis, design, development, training, data
conversion, testing, training, implementation, documentation, maintenance, operations,
administration, enhancements, modifications, and end
-
user support of all websites, web
-
enabled data
-
entry systems, standa
lone and client
-
server applications, and collaborative
computing products.


3.6.1

Requirements Analysis and System Design


Assist the Government personnel in
conducting requirements analysis and/or system design for websites and
applications (standalone, clien
t
-
server, network based, and web
-
enabled). The
contractor shall develop a project plan with milestones, define a conceptual and
detailed system design, and document system requirements as needed.


3.6.2

Development Support


Develop websites and applications (st
andalone, client
-
server, network based, and web
-
enabled) required by ASH. Development services
shall include development and adherence to development standards, and web page
and code development. Applications and websites shall be developed using the
indus
try standard software and/or the standard adopted by ASH.


3.6.3

System Testing
-

Develop test plans and conduct structured testing in the following
areas: functional, unit, system, interface, alpha, beta, integration tests. The
contractor will prepare and submi
t a test analysis report and correct all
discrepancies found during the testing period prior to system
acceptance/accreditation or as agreed to by the CO/COTR.


3.6.4

System Implementation


Perform implementation, operations and life cycle
maintenance of all a
spects of internet systems and technology implementations
including web page development, coordination with agency groups, and COTS
vendors.


3.6.5

Performance Monitoring, Optimization and System Maintenance


Conduct
periodic performance measurement and evaluat
ion activities that may lead to re
-
engineering and/or optimization of existing websites and applications to improve
productivity, system performance, network throughput, changing functional and
technical requirements or any other constraints identified by
the COTR.


3.6.6

Documentation


Maintain Government documentation on how software/hardware
is installed. Maintain updates as changes occur within application code, database
and operating environment.




15


3.6.7

User Support


Maintain a help desk to provide end
-
user sup
port for all national,
local and specialized ASH applications. Areas of support will include telephone
assistance, problem tracking, initial triage and problem resolution, call escalation,
and limited training.


3.6.8

Special Requirements


Specific tasks, which

may occur less regularly, include:
provide assistance in planning and performing data conversions to internet
technologies; develop data conversion and/or validation routines; develop special
applications as needed or required; develop and maintain a cont
inuous quality
improvement and assurance program; document requirements of existing or legacy
applications currently in
-
use; develop and manage a configuration management
program for all supported applications; and collect statistics to size applications a
nd
improve performance.



3.7

TASK 5
-

INFORMATION SECURITY SERVICES


ASH has a major investment in information technology systems (multiple ASH LANs, ASH
Internal Web Portal, ASH External Web Portals, DUI/DWI system, AEO Classified LAN,
and Recovery Communic
ations System). In accordance with FAA security orders and the
Federal Information Security Management Act, the ASH organization needs to conduct
initial certification on new systems; recertify major systems every three (3) years, and
conduct an annual sec
urity self assessment. The selected contractor will perform




C&A for ASH systems


initial, system re
-
certification, 800
-
26;



Conduct needed system remediation;



Patch servers and monitor system intrusions;



Follow ASH configuration management process and sta
ndards;



Assist in Contingency planning and testing;



Assist in privacy and compliance review; and



Attend weekly ISSM and DAA meetings (if needed).


Information Security services support and maintenance for ASH include, but are not limited to,
the following
:


3.7.1

Security Certification, Accrediation and Authorization
-

Conduct Security
Certification and Accreditation Process (SCAP) or National Information Assurance
Certification and Accreditation Process (NIACAP) on all customer systems,
networks and application
s in accordance with FISMA and FAA Order 1370.82A.


3.7.2

Review Information Security Policy & Procedures


The contractor shall identify,
analyze, define, coordinate, implement and audit the security policies, procedures
and processes for systems, applications,

and networks.


3.7.3

Perform Risk Assessments
-

Conduct data collection, ST&E, and risk assessments



16

of Novell and NT systems, and software applications at the headquarters and
regional offices. The Contractor shall support ASH in the risk analysis and
assessmen
t for all ASH systems listed in the FAA inventory.


3.7.4

Security Engineering
-

Provide ad
-
hoc administration and engineering support to
improve security of the ASH systems.


3.7.5

Vulnerability Assessment & Penetration Testing
-

Conduct vulnerability
assessments and

penetration testing, identifying security holes, recommending
corrective actions, and implementing corrective actions.


3.7.6

Intrusion Detection
-

Develop response and handling procedures and methodology.
Responsible for installation, configuration, hosting, m
anagement, and operations of
telecom, web servers, firewalls, and security services. Conduct, coordinate and
oversee network intrusion detection and analysis.


3.7.7

Incident Response


Utilize computer security incident response tools to effective
respond to

security incidents. This includes computer security tools that provide
knowledge that the contractor can use and information to issue before and during
incidents.


3.7.8

Detect and Remove Viruses
-

Perform network
-
based detection of viruses and
unauthorized sof
tware to counter/eliminate/control access to LAN/MAN/WAN.
Identify, isolate, neutralize, and be responsible for handling the spread of malicious
programs (viruses, worms, Trojan Horses) infecting the client organization’s
systems and/or networks. Perform r
esearch on viruses.


3.7.9

ID Administration and Management
-

Define, develop, manage and administer user
ID’s, passwords and security keys (public/private, unique) in compliance with FAA
standards, policies and procedures.


3.7.10

Review and Testing


Provide support
to perform contingency planning, pandemic
flu planning, privacy review and FISMA compliance review.


3.7.11

Planning & Budgeting
-

Provide assistance to the Government personnel in
developing a budget for information security function.



3.8

TASK 6


PROGRAM MANAGEME
NT SUPPORT


The selected contractor will be responsible for providing general inventory, administrative, and
program support to the ASH organization. In addition, the selected contractor will be required
to provide specialized support for the HSPD12 progra
m, the AEO Classified Systems, and the
Computer Forensics Program.


A. General Administrative and Program Support





17

Contractor shall provide general program management support services using FAA guidelines
including logistics and property management support
. These services shall include but not be
limited to:


3.8.1

Procurement.

3.8.2

Property receipt, control and accountability.

3.8.3

Tagging of equipment.

3.8.4

Inventory documentation.

3.8.5

Nextel telephone account management support

3.8.6

Exhibit 53 and Exhibit 300 support.

3.8.7

EVM sup
port.

3.8.8

ITIL, CMMI or other FAA process oriented methodology deployment support.

3.8.9

Additional program management as requested or needed by ASH.



B. HSPD
-
12 Program Support


ASH has the responsibility within DOT to deploy the Homeland Security Presidential
Dir
ective 12 requirements (referred to as HSPD
-
12). ASH requires program support during the
performance period to support the major objectives of this presidential objective.


3.8.10

Operate a help desk for HSPD12


IDMS related applications on a
24x7
x365

from
FAA H
Q

to support all DOT employees and contractors. See section 3.3 for
detailed task requirements.


3.8.11

HSPD12 data center support



Research, define specifications, and procure needed
e
quipment
to establish
for
the
main
site (FAA HQ) and the
failover site

(MMAC
,
OKC). The selected contractor will be tasked to provide the engineering services
(as outlined in section 3.4 and 3.5) to support the web hosting environment for the
HSPD
-
12 program.


3.8.12

Application development / maintenance


The selected contractor will w
ork with
HSPD12 PMO, AIN500, AIN600, FAA LOBs, DOT OAs, and other vendors to
support proof of concepts, pilot projects, development, deployment, operations, and
maintenance for the HSPD 12 applications used to support PIV 1 and PIV 2 cards.


3.8.12.1

Identification

Management System (IDMS)



The selected contractor will be
required to provide the entire system development life cycle support (as outlined
in section 3.6) for the FAA Identification Management System (IDMS) that will
be used to issue identification medi
a to FAA employees and contractors. This
system will interface with the Investigations Tracking Systems of FAA and DOT.

3.8.12.2

Relevant interfaces or integration of following components


Develop needed
interfaces or integrate components to support generation of

PIV1 and
PIV2 cards
,
including but not limited to
, CMS software, CMS middleware, CMS initial
vendor package support,
and
Specialized services (PKI/SSP)
.





18

3.8.13

Security Service Center Support

--

ASH operates a security service center in the
main lobby of the F
AA HQ facility in Washington DC where FAA employees and
contractors submit their applications to obtain a permanent badge. ASH requires
program support specialist who can review application information, fingerprint
candidates, enter applicant information
into ITS and IMS systems, and print badges.
In future, ASH may require these services at any Regional or Field Office where
ASH performs similar functions.

3.8.14

“Go”
T
eams


ASH may need program support from selected contractor during the
performance period to

support
mass issuance
of PIV2 cards at FAA HQ and/or
regional/field offices where ASH issues badges. In addition, ASH may need support
from selected contractor to augment
technical deployment teams

during initial
deployment of hardware, software, and trai
ning any DOT location where this
system will be operational and will be used to issue badges to DOT employees and
contractors.


3.8.15

PMO Support



ASH personnel staff and lead the HSPD
-
12 Joint Program
Management Office (PMO) established to obtain participation

from different
LOB/SO within FAA and other DOT modes on this agency wide program. The
selected contractor will be required to provide administrative, analytical, system
integration, project management, program management, and portfolio management
support
services to the this PMO office on an as
-
needed basis.



C. AEO Classified System Support


The
Office of Emergency Operations and Communications (AEO)
within ASH performs work
on either classified systems (encompasses applications, workstations, servers, L
AN) or at
classified locations. The selected contractor will need to provide cleared employees
--

to
perform tasks outlined in section 3.3 to section 3.7 above


to support classified operations and
functions listed below:


3.8.16

WOCC systems support


Due to th
eir specialized function and operations, the
WOCC supports classified and unclassified systems. The selected contractor will
need to provide IT support on a 24x7x365 basis to the WOCC systems (classified
and unclassified). Technical support personnel are
needed to provide operational
support to WOCC after hours, weekends, and holidays on a regular, ongoing basis.


The s
elected contractor will provide the first response and initial triage for the
following specialized products/services used by WOCC


(1) E
mergin wireless
paging system, (2) CCTVware Enterprise, (3) HFNetchkpro, (4) Ricoh Secure Fax
and Secure Telephone Equipment, (5)
Compunetix
Conference
B
ridge
,

(6)

Defense
Switch Network, (
7
) IVR, (
8
) PBX, (
9
) RSB for secure telcons, (
10
) Thales DVR
record
ing devices with 48 lines to record conference calls, and (1
1
) Classified audio
visual system. Any event resulting in catastrophic disruption of service or those
requiring emergency restoration will require a higher level of support.




19


3.8.17

RTR/COOP support



AS
H maintains a classified facility or facilities for COOP
operations. During emergency situations or pandemic flu response conditions, ASH
may need IT support for its systems at the RTR/COOP location(s).


3.8.18

SCIFF LAN and C&A support


AEO maintains a SCIFF to

support its classified
work and mission. ASH wants to provide continuous IT support to users located
within the SCIFF environment, and support for its classified LAN used primarily
for file/print services. An annual self assessment (800
-
26) needs to be pe
rformed on
this LAN in accordance with FAA orders. In addition, this LAN gets re
-
certified
once every three (3) years in accordance with FISMA guidelines.


3.8.19

ADAPT project support



The ADAPT project ingests multiple sources of sensor
and aircraft movement
data such as flight plans, processes this data by comparing
geographical location and intended route of flight against multiple FAA and
commercial database products
; and then
disseminates customized results to multiple
clients as a meaningful graphic produ
ct which renders the data to usable
visual
information.


The s
elected contractor will support the following specialized products/services
used by ADAPT project


(1)
ESRI Products,
(2)
Putty,
(3)
Perl Scripts,
(4)
Watchdog,
(5) Time Stamp, (6) VB.NET, (7)

ArcObjects, (8) MapObjects, and (9)
ArcGIS.




D. Computer Forensics Support


3.8.20

Computer forensics Support
-

AIN has the responsibility within the FAA to conduct
investigations into misconduct by any persons on FAA facilities or using FAA
property. The selec
ted contractor will be required to assist investigators when
investigations involve computers, computer use, and computer systems.



3.9

TASK 7


MONTHLY STATUS REPORTS


The contractor must submit monthly status reports no later than the 10
th

Calendar Day of e
ach
month to the COTR. The reports shall be prepared in letter format, shall highlight the work
performance from each task and subtask listed in paragraphs 3.3


3.8 along with related
activities accomplished during the month and the planned/expected activ
ities for the next
month. The report must include financial report of status of the current funding levels and
shall include current labor hours and dollars.


-

Call Tracking System


Reports on helpdesk calls and responses. (para 3.3, Task 1)

-

Application A
ctivity Reports


Reports on usage of operations systems by the users.
(para 3.5, Task 3, para 3.6, Task 4, para 3.8, Task 6)




20

-

Application Progress Reports


Reports on work the programmers do. (para 3.6, Task 4)



3.10

TASK 8


AUTOMATED REPORTS


The contract
or shall provide a series of automated reports no later than the 10
th

Calendar Day
of each month that have been generated via the tracking systems. Each report must highlight
the work performance from each task and subtask listed in paragraphs 3.3
-
3.8. T
he following
is a list of the tracking systems and type of data/information generated from each.


-

Software Updates Report


Reports patch deployment status as well as a list of clients
updated. (para 3.4, Task 2)

-

Virus Server Report


Reports latest Viru
s update and system status. (para 3.4, Task 2)

-

Availability & Uptime


Reports Server Resource availability and uptime statistics.
(para 3.5, Task 3)

-

Usage Statistics


Reports on web site usage and traffic. (para 3.5, Task 3)

-

Vulnerability Scan


Reports
on network vulnerabilities. (para 3.7, Task 5)

-

Call Tracking System


Reports on helpdesk calls and responses. (para 3.3, Task 1)

-

Application Activity Reports


Reports on usage of operations systems by the users.
(para 3.5, Task 3, para 3.6, Task 4, para

3.8, Task 6)



4.0

DELIVERABLES


TASK

DESCRIPTION

DUE DATE

3.9

Monthly Status Reports

NLT 10th Calendar Day of each Month

3.10

Automated Reports

NLT 10th Calendar Day of each Month



5.0

KEY PERSONNEL AND QUALIFICATION REQUIREMENTS


Reserved.


6.0

PERSONNEL SECURI
TY REQUIREMENTS

Given the sensitive nature of work performed by ASH all contractor positions are considered
high risk positions. Consequently, all contractor personnel must be willing to submit to a FAA
background investigation and complete the following f
orms: Form SF
-
85P, Questionnaire for
Public Trust; Form FD
-
258, FBI Fingerprint Chart; and DOT Form 1631, Disclosure and
Authorization Pertaining to Consumer Reports Pursuant to the Fair Credit Report Act.





21

In addition, the contractor personnel supporting
the following ASH classified functional areas,
operations or facilities will be required to complete SF86 forms to obtain a national security
clearance


AEO/WOCC, AEO/SCIFF , RTR facility, and AEO/ADAPT project.



7.0

TRAVEL

Travel may be required within Unit
ed States to the FAA’s Aeronautical Center in Oklahoma
City, OK, FAA’s Technical Center in Atlantic City, NJ, regional and field FAA sites, and
meetings and seminars hosted by the FAA to address information technology issues. Travel
may be required to int
ernational destinations. Travel will be approved by the COTR prior to
departure.



8.0

GOVERNMENT FURNISHED EQUIPMENT (GFE)

The government will provide the following equipment to all contractor personnel based ON
-
SITE at customer locations
--

desk space,
computers, local telephone service, access to the
computer network, and access to the internet/intranet. The government will provide all
software required for application development ON
-
SITE at customer location and OFF
-
SITE
at contractor location. The g
overnment will provide development environment hardware at
offsite contractor location.



9.0

PERIOD OF PERFORMANCE


This effort will provide for a 12 month base period and 4 one
-
year option periods. Period of
Performance is effective the date of this awa
rd and continues for a maximum 60 months.



10.0

HOURS OF PERFORMANCE


Support facility operations shall be maintained and be consistent with Government personnel
working hours Monday through Friday (excluding holidays) unless otherwise specified.
Primary
hours of performance for contractor personnel, unless otherwise specified, are from
6:
00am to 6:00pm
. Support personnel shall be available to work nights, weekends and
holidays to perform tasks that cannot be performed during normal business hours. Tasks w
hich
may be performed after normal business hours include, but are not limited to, preventive
maintenance tasks; backup of critical systems; modifications to systems, network, equipment
and cabling; upgrades to system, equipment, networks, and cabling plan
ts; and system,
network, and equipment testing.


24x7 Support:

Critical systems may require 24 hours per day, 7 days per week coverage
(“24x7”). This extended level of support may also be required from contractor personnel
during events deemed a “crisis” s
ituation by the COTR and directed by the CO. Contractor
personnel schedules should be capable of supporting both rotating and fixed shifts to provide



22

the necessary, required level of coverage in each functional area of support. Generally, the
various IT
functional areas have varying requirements for routine operations within the hours
of performance identified above.


HSPD12 and WOCC Support:

Due to their specialized function and operations, the HSPD12
and WOCC needs IT support on a 24x7x365 basis. Conse
quently, technical support personnel
are needed to provide operational support after hours, weekends, and holidays on a regular,
ongoing basis.


On
-
call and Extended Work Week Support:

Extended level of support and/or on
-
call support
may also be required
from selected contractor personnel during events deemed a “crisis”
situation by the COTR and directed by the CO

to complete special projects, to perform
schedule off
-
peak hours critical system maintenance, and/or any other situation where
additional suppor
t is deemed necessary by the AIN
-
500 COTR.


Pandemic, Avian Flu, or any other emergency crisis Response:

During a pandemic, avian flu
outbreak
--

or any other emergency crisis in United States declared by a Presidential directive,
OPM, DOT or FAA
--

th
e ASH organization may extend the hours of operations, prioritize
the work to be performed, change the location of the primary work site, and/or permit alternate
work arrangements (such as telework). The contractor will change its work operations in
accord
ance with the AIN
-
500 Emergency response guidelines.


Government Facility Closure:

In the event the government facility at any identified location is
closed due to a federal government directive (such as Presidential directive, OPM, DOT, FAA,
other), the A
SH COTR has the right to approve


on a case by case basis
--

contractor charges
for a normal workday based on the pre
-
existing work schedule for contractor employees at that
location.


11.0

PLACE OF PERFORMANCE

The information technology support services
desired by FAA/ASH will be performed at
government site (“On
-
site”) and contractor site (“Off
-
site”). For the purpose of this solicitation,
the government may require the contractor to provide on
-
site technical services support at any
location where ASH pe
rsonnel are located within contiguous United States. At present, the
contractor shall provide personnel for on
-
site support services at the locations noted below.


The contractor shall provide, if needed, Office, Library, and Conference Space to
accommodat
e its personnel performing under this contract, as well as Federal Employees being
supported by the contract. The Government shall furnish all equipment, furniture and supplies
and the
location

will be considered “On
-
site”. The facility shall be located wi
thin an area of
Washington, DC, bounded by 14
th

Street, SW/NW; Pennsylvania Avenue, NW; 3
rd

Street,
NW/SW
; 7
th

Street, SW; and Maine Avenue, SW.

On
-
site Location 1

Federal Aviation Administration




23

Office of Security and Hazardous Materials, ASH

800 Independ
ence Avenue, SW

Room 308

Washington, D.C. 20024


On
-
site Location 2

Federal Aviation Administration

Office of Security and Hazardous Materials, ASH

Washington Operations Control Center

800 Independence Avenue, SW

Washington, D.C. 20024


On
-
site Location 3

Federal Aviation Administration

Office of Security and Hazardous Materials, ASH

Security Service Center

Room 108

800 Independence Avenue, SW (Main Lobby)

Washington, D.C. 20024


On
-
site Location 4

Federal Aviation Administration

Office of Security and Haz
ardous Materials, ASH

470 L’Enfant Plaza, Suite 2200

Washington, D.C. 20024



On
-
site Location 5

Any other office within United States where ASH personnel are located in the contiguous
United States (if needed)