Contract Information
Download Contract Information (MS Word)
BITS II provides Information Technology, Telecommunications, and administrative technical and analytical support services for all types of agency program management functions, telecommunications & IT systems and services, system engineering & design functions, software development functions, system procurement and life-cycle management functions, system development functions, training and documentation functions, risk assessment and disaster & contingency planning functions, emerging technologies, and security functions.
BITS II areas include, but are not limited to, data analysis, data assimilation and quality assurance, asset management, financial planning and accounting systems, database development and execution, research and development architecture analysis, procurement and acquisition support, training and documentation, policy development, security operations, software development, analysis and application of emerging technologies, information assurance and ADP/network security, risk assessment and accreditation, disaster and contingency planning, systems management and maintenance support, systems engineering and design, and operational information technology activities , software and connectivity for telecommunications systems and the processes and activities which support them, computer-based instructions, IT-based safety and security systems, and services related to installation and maintenance of IT/telecommunications infrastructure.
The scope of work delineated below is representative, but not all-inclusive, of the type of work anticipated to be provided under BITS II Task Orders. The FAA Office of Acquisitions may issue task orders to any of the BITS II contractors selected by the customer for tasks encompassing any or all of the services detailed in this Statement of Work (SOW). Specific services will be identified and ordered on a task order basis.
1.0 PROGRAM MANAGEMENT FUNCTIONS
2.0 TELECOMMUNICATIONS AND IT SYSTEMS
AND SUPPORT SERVICES
3.0 DATA ANALYSIS AND DATA MANAGEMENT
FUNCTIONS
4.0 SYSTEM ENGINEERING AND DESIGN FUNCTION
5.0 SOFTWARE DEVELOPMENT FUNCTIONS
6.0 SYSTEMS PROCUREMENT FUNCTIONS
7.0 SYSTEMS DEVELOPMENT FUNCTIONS
8.0 TRAINING FUNCTIONS
9.0 RISK ASSESSMENT AND DISASTER & CONTINGENCY
PLANNING FUNCTIONS
10.0 EMERGING TECHNOLOGIES FUNCTIONS
11.0 SECURITY FUNCTIONS
1.0 PROGRAM MANAGEMENT FUNCTIONS.
Support program management functions to maximize effective use of IT and automated systems and support to provide management and administrative support to operations at various organizational levels of government programs. This support will be accomplished through the use of ADP systems, networks, communications, database operations and data archival and retrieval systems. The functional areas of Program Management are divided into three areas: procurement support, program administration and management, and business operations. The contractor may be tasked to:
1.1. Procurement Support
1.1.1. Assist agency in conducting market analysis and acquisition planning leading to the development and implementation of acquisition strategies to gain technical advantage and support the IT architecture;
1.1.2. Assist agency in analyzing, developing and writing project/program descriptions and requirements emphasizing the introduction of leading technology while maintaining operational efficacy;
1.1.3. Assist agency in developing statements of work, contract data deliverables, data item descriptions, task orders and supporting specifications and standards;
1.1.4. Maintain data bases on procurement related documents and historical records and provide secure media storage for specific electronic data records, as required;
1.1.5. Use project management and tracking systems and software to provide acquisition schedules, timelines, time histories, project briefings, procurement tracking reports and contract status reports to facilitate and to monitor project progress. Maintain historical databases and electronic records to better track and compare project progress;
1.1.6. Assist agency in preparing and analyzing cost estimates to include generation of independent cost estimates, planned versus actual reports, as well as FAA Best Value analyses, as needed. Assist agency in performing cost and price analysis, and other procurement related assistance, using tools such as Earned Value Management, WBS, and other tools as required;
1.1.7. Provide support for source evaluation and selection, if assigned, and develop criteria and tools to ensure the efficient and effective operations of the source selection boards;
1.1.8. Develop and as requested by agency, implement innovative procurement processes and procedures utilizing advanced IT techniques to reduce the administrative lead-time associated with procurement actions.
1.2. Program Administration and Management.
1.2.1. Provide overall program management assistance, including project planning, tracking, budgeting, and scheduling;
1.2.2. Assist agency in developing procedures and policies in support of FAA business and program management requirements and make recommendations to the appropriate manager(s);
1.2.3. As appropriate, utilize data warehousing, knowledge management, and other tools and methodologies for document and data management tracking, verification and reporting;
1.2.4. Prepare financial analyses including sensitivity analyses of budget constraints on program implementation, financial milestone and budgetary tracking. Provide financial tracking and budget analysis, analysis of financial obligations, commitments, expenditures, schedules and performance.
1.2.5. Through close monitoring and immediate feedback, assist agency in ensuring compliance with all applicable laws, regulations, security requirements and contractual terms, maintain a virtual library, and bring to the attention of the appropriate FAA manager the impact of new and/or changing laws, regulations, security requirements, and contractual terms. Use electronic messaging to immediately notify all affected parties when violations or incidents are detected;
1.2.6. Monitor adherence to all established project budget, schedule and performance milestones and report deviations to the project manager;
1.2.7. Identify methodologies to identify program performance and quality problems leading to early and effective corrective action;
1.2.8. Support site surveys, and lifecycle support efforts, as tasked.
1.3. Business Operations.
Develop, monitor, and execute management tasking, development and implementation plans. Assist in coordination of business operations, determination of mission critical business processes, and the evaluation of operational effectiveness. Investigate and incorporate eBusiness and eCommerce initiatives, technologies and services to take advantage of the significant process improvement and reengineering opportunities available through the implementation of eBusiness concepts and technologies;
1.3.1. During the Initiation phase of a program, contractor support may include development and documentation of high-level business and continuity strategies, verification and validation of core business processes, roles and responsibilities, development of master plans and schedules, and development and implementation of quality assurance review. Use best practices to recommend BPR changes and implement when/if directed;
1.3.2. During the Business Impact analysis phase of a program, support may include determination of the effect of mission critical information system failures on the viability and operations of FAA core business process, and definition and documentation of information requirements, methods techniques to be used in developing feasibility studies.
1.3.3. Evaluate available Enterprise Resource Planning (ERP) and Customer Resources Management (CRM) alternatives for possible incorporation and prepare best value and ROI analyses of the available options. Implement on-line Customer Resource Management (CRM) programs and techniques to integrate FAA front office, back-office financial/ERP systems, and web office activities to better coordinate and manage both Federal and commercial customers.
1.3.4. Provide support for conferences, seminars, workshops, and training activities as required. This may include pre-meeting support; planning, organizing, and management and administration of meetings, preparation of announcements, agenda and schedules, technical data, brochures, flyers, posters and videos, meeting materials, attendance lists and notes; post meeting support, including preparation and distribution of proceedings.
1.3.5. Provide documentation preparation and review support, including preparation of documents/deliverables, such as, letters, memorandum, meeting agendas, action reports, meeting notes, monthly reports, telephone conversation reports, trip reports, technical data, requirements and specifications documents, analysis reports, and other project related documents as directed. The Contractor shall submit for government’s review all materials mentioned above.
1.3.6. Provide a wide range of customer support, including help desk operations and system performance monitoring to ensure smooth business operations.
2.0 TELECOMMUNICATIONS AND IT SYSTEMS AND SUPPORT SERVICES.
The objectives of Telecommunications support services and IT systems and support services is to provide IT, telecommunications support, system engineering, and network/ADP security services, as well as a full range of information technology services in support of Government-wide eBusiness, eCommerce, and modernization and efficiency issues and programs. The contractor may be tasked to:
2.1. Provide Telecommunications support services as described below:
2.1.1. Evaluate, implement, operate and maintain switching system(s), transmission equipment, ancillary equipment, customer premise equipment, and the inside and outside cable plant.
2.1.2. Provide telecommunications and network planning and engineering support from requirements identification through the implementation and lifecycle support phases;
2.1.3. Provide software and hardware infrastructure support for Internet protocol telephony;
2.1.4. Provide Internet Protocol Telephony services including technical support and maintenance of Voice Over Internet Protocol (VoIP) infrastructure. Support may include the following areas, public switched telephone network (PSTN) gateways, VoIP training, telephone databases, voice switches, VoIP gateways, analog phone support, IP phones, voice software, Private Branch Exchange (PBX), voice mail, unified messaging, directory systems and multimedia applications.
2.1.5. Development, testing and evaluation of software products such as international gateways, X.400 Message Handling System, Automated Interfacility Data Communications, X25 and other existing or emerging software.
2.1.6. Analyze and resolve outages, congestion and other problems. Develop and implement Trouble Reporting Procedures.
2.1.7. Provide system engineering and network support to implement telecommunications systems and programs such as the Host-to-Host Automation Handoff Service, assess digital voice switching protocol options.
2.1.8. Support and promote telecommunications technology advances, hardware, software, automation, and research and design activities.
2.1.9. Provide network planning and engineering support; evaluate alternative communications and connectivity devises such as voice/data multiplexers, voice compression algorithms, network routers and edge switches, and network routing protocols to effect regional network integration.
2.1.10. Generate detailed technology Risk Assessments on designated telecommunication facilities and systems.
3.0 DATA ANALYSIS AND DATA MANAGEMENT FUNCTIONS.
3.1 The objective of the data analysis and management functions is to support the development of quantitative and qualitative performance measurements and data analysis, data conversion, rapid prototyping, testing, and coordination of technical issues; support of expert panels, technical meetings, workshops, and conferences; preparation of analysis reports and software requirements specifications. The contractor may be tasked to:
3.1.1. Design, develop and support technical data retrieval systems;
3.1.2. Develop data processing techniques and provide support to project computational requirements;
3.1.3. Develop detailed analyses of data for numerous research areas, including but not limited to; quantitative and qualitative safety-related performance measures and risk indicators;
3.1.4. Develop profiles and performance measures in consultation with government and industry subject matter experts. The Contractor may be tasked to propose performance measure candidates, data displays, and design of profile screens.
3.2. Data Assimilation/Data Quality Functions.
The objective of the data assimilation/data quality functions is to support on all the data quality initiatives. The contractor shall be tasked to:
3.2.1. Provide technical support in the development of metrics, data analysis, and testing; support in technical meetings/workshops; software development as required; preparation of statistical analyses;
3.2.2. review the content and usability of data sources for use in aviation risk analyses and identify data requirements to support performance measures/risk indicators;
3.2.3. Provide analysis of user requirements, selection of appropriate databases, and evaluation of the completeness, consistency, and validity of data contained in the databases;
3.2.4. Develop methods for storage, retrieval, and maintenance of samples of databases and provide the facilities for testing and hosting of database samples for historical comparisons;
3.2.5. Assist in the development and implementation of metrics to measure the quality and usability of data sources in use of under consideration for use, and prepare statistical analyses reports as require. Services shall be provided in current and emerging areas, including: Web content management, Knowledge management, Portals, XML, Document management, COLD, imaging and workflow and electronic publishing to the Web, CD-ROM and print.
4.0 SYSTEM ENGINEERING AND DESIGN FUNCTION.
The objective of the System Engineering and Design function is to address the systems, database development, and customization support service resources for systems and their software life cycle phases at all organizational levels. The contractor may be tasked to provide:
4.1. Technical and management advice, studies, analysis, design and operational implementation resources support for information technology systems and software engineering, including architectures, data management strategies, statements of work, requirements analysis, alternatives analyses, feasibility studies, cost/benefit analyses, operational plans, strategies development and implementation. Examples of the type of tasks to be done include but are not limited to:
4.1.1. Telecommunications and network planning and engineering support from requirement identification through the implementation and lifecycle support phases;
4.1.2. Project and program support for measurement and validation of existing and emerging requirements for desktop and network applications, including local, regional and system-wide operations;
4.1.3. Life cycle acquisition management support in such areas as mission analysis, investment analysis, development of evaluation criteria, risk analysis and mitigation, in-service management, and support in preparation of all related analysis and documentation;
4.1.4. Commercial off-the-shelf (COTS), non developmental item (NDI) and reuse issues support;
4.1.5. Systems performance measurement and operational capability demonstration support to include preparing and implementing test and evaluation plans, schedules and document results;
4.1.6. Management recommendations development and review support;
4.1.7. Web enabled, object and other emerging technologies support;
4.1.8. Internet systems architecture and webmaster support;
4.1.9. Corporate or local Private/Public Key (PKI) Architecture or equivalent technology development, to include tokens;
4.2. Identify models to describe relationships between actual operational practices/performance and recommended practices/performance, tools for modeling and validating operational procedures; develop tools for modeling and validating operational procedures and operations, and conduct simulation studies to quantify the value of current systems for new or improved procedures.
4.3. Prepare, review, analyze and/or provide inputs to technical program documentation including test plans and schedules and requirements determination.
5.0 SOFTWARE DEVELOPMENT FUNCTIONS.
The objective of the software development functions is to provide comprehensive life cycle software product development. New generation software development and engineering will be in compliance with CMM SEI Level 3 procedures, or other standards as identified by the Government. The contractor shall provide: SEI Software that is CMM Level 3 compliant, including training and tracking and oversight functions for Management compliance. Software shall comply with applicable accessibility.
5.1. Perform software requirements analysis, design, coding, testing, hosting, and implementation;
5.2. Support software development for prototyping of analytical tools, database management and user interfaces to databases, analysis software, and computational utilities;
5.3. Provide consultation and support services for the full life cycle of software product development, including communication with the user community during requirement analysis and prototyping, communication with the development team during system analysis, development and fielding of systems;
5.4. Evaluate new software products and technologies, and provide recommendations to enhance existing systems and build new systems.
5.5. Provide software development and developmental support in a variety of languages for systems integration and applications;
5.6. Assist with Software SEI Capability Maturity Model (CMM) support and provide processes, procedures, and documentation to both enable certification and implement repeatable processes in accordance with CMM doctrine;
5.7. Provide software architecture, renovation and liaison support;
5.8. Provide software quality and assurance issues and strategies support;
5.9. Develop models and/or simulation programs for early assessment of software system/subsystem performance, using software engineering tools identification and training support using Software engineering technical expertise;
5.10. Audit and evaluate software development process and practices employed by other contractors for application to FAA and other Federal Government projects to include Independent Verification and Validation (IV&V);
5.11. Support and monitor software quality assurance and configuration management activities, such as data dictionaries, configuration management plans, configuration management board minutes and directives;
5.12. Conduct and monitor software testing to ensure mission requirements are satisfied. Provide software maintenance monitoring and documentation;
5.13. Analyze, develop, test, verify, validate and implement computer/software programs and changes thereto;
5.14. Develop software reports, plans, and product such as: Software Development Plan (SDP), Software Requirement Specification, Software Design Document, Software Development Files, Source code, Software Version Description documents, Test plans, Test Description Documentation.
6.0 SYSTEMS PROCUREMENT FUNCTIONS.
The objective of the systems procurement functions is to assist FAA and other Federal customers in acquiring and installing services, facilities and systems in the most efficient and effective manner. The contractor may be tasked to:
6.1. Assist in all phases of lifecycle acquisition management, including but not limited to; mission analysis, investment analysis, development of evaluation criteria, risk analysis and mitigation acquisition or procurement, solution implementation, in-service management, and evaluating and removing obsolete solutions, and support in preparation of all related analysis and documentation;
6.2. Perform tasks identified in Section 1.1 of this Statement of Work as it relates to the procurement and installation and on-going logistics/maintenance support to facilities and systems;
6.3. Develop and implement a systematic quality assurance program to ensure the effective operations of systems and facilities to include a proactive root cause analysis and corrective action plan to mitigate problems that may arise.
7.0 SYSTEMS DEVELOPMENT FUNCTIONS.
The objective of the systems development and support functions is to provide a broad range of systems and software engineering and evaluation. The contractor may be tasked to provide:
7.1. System Planning and Implementation. Program management, information and software engineering support services, telecommunication network support services, process improvement services, information systems infrastructure, and program development.
7.2. Systems Support and Management. The contractor may be tasked to provide lifecycle support for task-designated systems and assist in all technical and management service areas supporting an array of information and data processing systems, their software, processes and activities throughout their life cycle. Contractor support may include:
7.2.1. Analysis, coordination, design, programming and operational implementation resources support for the planning, development, and implementation of strategies, architectures, and program plans to provide systems management at all organizational levels.
7.2.2. Support of all operational and emerging systems to include equipment, telecommunications, systems integration, and software and hardware life cycle phase activities;
7.2.3. Programming for new or existing systems utilizing a wide range of programming languages, and analytical support to include user requirements and feedback, configuration change management, evaluation of alternative methods, and financial impact;
7.2.4. Technical, logistical and financial information management systems support;
7.2.5. Systems research to identify opportunities and emerging methodologies and design to met the requirements of the Enterprise Architecture for the long-term and short-term;
7.2.6. Conducting technical reviews and assessments of software and hardware solutions;
7.2.7. Developing and conducting training to include revision, publishing and procuring course work materials and instructional media, evaluating and procuring training support software and hardware, developing and implementing curriculum plans, assessing the training requirement, and monitoring completions;
7.2.8. Serving in liaison roles with users, industry, other agencies and FAA management and personnel to promote understanding of IT projects and plans; Preparation of system performance analysis reports, system integration plans and other documentation to support the effective and efficient evaluation and implementation of automated solutions;
7.2.9. Providing information systems lifecycle program management capabilities as the required skill set of the individuals assigned to this task;
7.2.10. Providing support in System Administration, Message Administration, SNMP protocols, and network management.
7.3. Systems Maintenance and Support Functions; to address and provide a complete array of maintenance and support resources at various technical skill levels available at all organization levels. The contractor may be tasked to provide:
7.3.1. Technical advisory, evaluation and operational implementation resources. The spectrum of support services extends from local microcomputers and their applications to large scale integrated systems involving a variety of software languages and hardware platforms.
7.3.2. The full range of automated workflow systems implementation and support;
7.3.3. End-to-end telecommunications, LAN, WAN and other connectivity and data transmission and exchange support;
7.3.4. Support in monitoring, management, data collection and troubleshooting of stand alone systems, LAN/MAN/WAN/VPN software, telecommunications, connections and equipment using an array of tools and products;
7.3.5. Support in management and operation of a raised floor server farm for hosting existing and emerging applications, archiving and other services for FAA and government entities;
7.3.6. Technical support with a variety of communication and connectivity devices and server topologies;
7.3.7. Support for local and national video teleconferencing from the desktop as well as traditional venues;
7.3.8. Support for Internet and intranet operations with or without 24/7 operations and monitoring;
7.3.9. Systems, hardware, software and user trends and performance analysis and support considering the impact on Architecture implementation, finances and logistics;
7.3.10. Support for data warehousing; hardware and software assessments for hosting operations;
7.3.11. Maintenance of IT related operational equipment, middleware and software;
7.3.12. Repair, lease and maintenance of computer and peripheral hardware, software and services;
7.3.13. Support government configuration management activities to include tracking of configuration changes, plans, reports, engineering change requests, waivers and deviations, and Configuration Management Board support;
7.3.14. Support of software maintenance monitoring and documentation to include version control, licensing, developer advisories, training updates, license renewals;
7.3.15. Support of Integrated Logistics Support Plans, Provisioning Parts List, spare and repair parts lists, support and test equipment list, maintenance concepts and plans, failure modes effect and criticality analyses and level of repair analysis;
7.3.16. Review and analysis of manufacturer’s technical documentation for applicability to FAA requirements.
7.3.17. Support of changing technology and mission requirements with hardware and software system upgrades, hardware and software system reconfigurations, enhanced services, software substitutions, additional communications equipment or facilities, or maintenance services for equipment or facilities acquired through other sources or organic resources, Local Area Network (LAN)-related equipment and services, outside plant cable and fiber, and switchboard operation services to support base requirements.
7.4. Architecture Analysis Functions; Assist in all technical and management service areas supporting an array of Architecture analysis services and their software, processes, and activities. The contractor shall provide:
7.4.1. IT Alignment Assessment. Conduct of an IT alignment to assess the effectiveness of IT organizations in supporting current business requirements and future business needs. The contractor shall identify key initiative opportunities for correcting disjoints between an organization's business and an organization's IT infrastructure;
7.4.2. Infrastructure Analysis. Based on the assessment of the business/IT improvement initiatives studied an IT Alignment Assessment, the contractor shall support underlying technology and process initiatives that will rapidly yield benefits. The function shall include comprehensive analysis of the current infrastructure along with recommendations for optimal environment, and plans for implementation;
7.4.3. Architecture Development. The contractor may be tasked to support the development of Architecture, Business/IT improvement initiatives assembly, building and deployment, and integrated to make these processes self-sustaining within the IT organization.
8.0 TRAINING FUNCTIONS.
The objective of the training functions is to provide comprehensive training support. The contractor may be tasked to:
8.1. Develop and conduct training programs, including traditional classroom training, and interactive automated tools, distance learning and various forms of computer and web-based training. Training can be tailored to groups or be individually self-paced;
8.2. Develop individual and group IT related training utilizing computer-based, video and traditional methods;
8.3. Develop, revise, publish and procure course work materials and instructional media, evaluating and procuring training support software and hardware, developing and implementing curriculum plans;
8.4. Manage scheduling and enrollment by developing and implementing student scheduling and completion methodology to assist in the assignment of facilities, equipment, students and instructors to the various training courses provided, as well as planning for course offerings;
8.5. Develop course evaluation systems to aid in the continuous process improvement of training courses.
9.0 RISK ASSESSMENT AND DISASTER & CONTINGENCY PLANNING FUNCTIONS.
The objective of the risk assessment and disaster and contingency planning functions is to support all phases of the ongoing and upcoming FAA Programs with risk analysis and management. The contractor may be tasked to provide:
9.1. Development of quantitative performance measurement and analysis applied to aviation safety, risk analysis, regulatory compliance, and testing;
9.2. Support in technical meetings, conferences/seminars/workshops;
9.3. Software development using prototyping and other methodologies to produce timely and user friendly applications, as required, ensure compliance with the Enterprise Architecture, and preparation of risk analysis reports with alternatives. These efforts may require interface and coordination with various government, industry and international organizations;
9.4. Support in gathering requirements, both functional and data/information, program risk assessment from the all applicable sources, preparing program and project plans, performing risk analyses and in formulating risk avoidance strategies;
9.5. Support services to conduct qualitative and quantitative analyses using data obtained from literature, automated databases, and direct observations, to assess the frequency and severity of significant risks, and developing means of identification of these risks and preventive strategies and analyze the operational, human factors organizational, environmental, and physical aspects of aviation risk.
9.6. Support services to utilize quantitative methods for hazard analysis and analytical systems such as Failure Mode Effects and Criticality analysis (FMECA), Fault Tree Analysis, etc. These efforts may include but are not limited to reliability methods, hazard classification, and fault tree analysis;
9.7. Support for the use of advanced analytical methods in risk analysis. These efforts may include, but are not limited to any of the following: stochastic and deterministic modeling, design and use of probability product and network techniques for predictive analysis, Bayesian statistical analysis, system reliability engineering, and simulation modeling.
10.0 EMERGING TECHNOLOGIES FUNCTIONS.
The objective of the emerging technologies functions is to assist the Federal Government in keeping abreast of the new and emerging technologies to ensure that the methods/models are utilizing the latest technology to meet the Federal Government requirements. The contractor may be tasked to:
10.1. Investigate and evaluate promising technologies that have the potential to improve business, facility and system operations, addressing the viability of the technologies application and anticipated timeline for operational use. These technologies may include, but are not limited to, telecommunications, network, security and ID systems such as SmartCard, Enterprise Resource Planning (ERP) and Supply Chain Systems, and others;
10.2. Provide support services to enhance mobile and wireless technology use;
10.3. Provide recommendations on how assessed technologies fulfill FAA technical requirements;
10.4. Determine potential compatibility and/or interoperability issues with existing systems and effect on architecture;
10.5. Conduct independent trade studies and research to ensure that the products under development or consideration reflect the best value and produce comparative analyses reports for submission;
10.6. Conduct analysis, assessment, application, and development of emerging technologies such as neural networks, simulation modeling, human error analysis, organizational error models, and other technologies to be determined;
10.7. Perform trade studies and research and development;
10.8. Provide Knowledge Management support and strategies;
10.9. Provide web application support, including design, development, and deployment of solutions to manage web content.
11.0 SECURITY FUNCTIONS.
The objective of the security operations functions is to provide comprehensive program support in all phases of design, implementation and maintenance of physical and ADP security policies, plans and systems. The contractor may be tasked to provide:
11.1. Program and physical security functions.
Program management support, systems engineering, integrated logistics support, quality assurance, configuration management, training, materials and support to security operations.
11.1.1. Evaluate, test, deliver, install, and maintain safety and security systems, including individual tokens for public/private key infrastructure and other applications, as appropriate;
11.1.2. Develop full cycle policy and contingency plans to ensure the protection of sensitive FAA and National data.
11.1.3. Provide physical security functions to ensure the safety of personnel, systems, data, and infrastructure.
11.2. Information systems security functions.
The objective of Information Systems Security functions is to address the security of information and computing resources at all organizational levels. Examples of the type of tasks to be done include, but are not limited to Intrusion detection, vulnerability scanning, incident management, firewall management, and anti-virus management. The contractor may be tasked to provide:
11.2.1. Studies, analysis and recommendations on the design and operational implementation of resources support for information technology systems security.
11.2.2. Support in developing security policies for the organization that is carried into all aspects of the system design or security solution. The 11.2.3. policy will identify requirements (e.g., availability, integrity, confidentiality, and accountability) that the system should support;
11.2.4. Support for technical system protection (residual information protection, process separation, etc.,) for mainframe, desktop, and mobile, LAN, WAN automated information security systems;
11.2.5. Disaster recovery, continuity of operations, and contingency planning, including identification of the organization's systems and enclaves that require procedures and mechanisms to curtail or recover from activities that can disrupt or otherwise interfere w/system availability;
11.2.6. Computer security awareness training; computer security incident response; virus and intrusion detection, elimination, and prevention; establish procedures and mechanisms to limit the introduction of malicious code into IT systems; audit and recovery from insecurities; penetration testing and protection consulting; catastrophic protection programs and drills support; INTERNET traffic monitoring, analysis and restriction support; computer security plan preparation; certification of sensitive systems; determine potential threat sources and the probability that a particular threat source will exploit a weakness; quantitative risk analysis of large sensitive systems; security for small systems, telecommunications, and client servers; privacy issues, policies, practices and solutions; INTERNET, intranet, systems and firewalls analysis; asset value analysis, protections analysis and development/vulnerability analysis; and management decision support for security; support operating system security services and distributed system security services;
11.2.7. Support to protect communications to ensure the integrity, availability and confidentiality of the communications;
11.2.8. Technical and computer systems support to develop and implement enhancements to airspace models used in the Air Traffic Airspace Lab;
11.2.9. Technical expertise to implement changes to airspace tools and operating environment, training field personnel on the use of enhancements that are implemented in the airspace tools and for operation of the collaborative airspace analysis network;
11.2.10. Support to computer systems engineering, system requirements, and systems integration operations for Software and Database management, System Enhancement and Integration, airspace Design and Evaluation functions, and Program Management of the airspace tools. The Contractor may be tasked to analyze, recommend and generate solutions for airspace tool enhancements for airspace analysis and tools integration into the collaborative airspace analysis network.
11.2.11. Support to conduct computer system security studies, risk analysis and recommend system security enhancements;
11.2.12. Support to conduct computer system security studies, risk analysis and recommend system security enhancements and Corrective Action Plans. The corrective action plans will be drafted to address security shortfalls uncovered. It will include actions to be taken, responsible organizations and individuals for each action, schedule including key milestones, actions to address root causes and generic applicability, tracking of actions to closure, and steps to verify effectiveness of actions prior to closure.
11.2.13. Telecommunications, system engineering, and network security services. Administration of Telecommunications Information Management and Control System and -System Engineering and Network Security services, including maintenance of client-server systems with web-based access, and network security and support services.
11.2.14. Implement wireless local area network (LAN) access point (AP) to include all of the traditional AP functionality, as well as specialized sensor capability for detecting intrusions, malicious activity, policy violations, and other network anomalies.
11.2.14.1 The contractor shall be responsible for IT* security for all systems operated by or connected to a DOT network, regardless of location. This includes any IT resources or services in which the contractor has physical or electronic access to DOT's sensitive information that directly supports the mission of DOT (e.g., hosting DOT e-Government sites or other IT operations). If necessary, the Government shall have access to contractor and any subcontractor facilities, systems/networks operated on behalf of DOT, documentation, databases and personnel to carry out a program of IT inspection (to include vulnerability scanning), investigation and audit to safeguard against threats and hazards to DOT data or IT systems.
11.2.14.2 Security Plan: With respect to each task order issued under this contract, within 30 days of task order award, the contractor shall develop and provide to the Government for approval, an IT Security Plan which describes the processes and procedures the contractor will follow in performance of the instant task order to ensure the appropriate security of IT resources developed, processed, or used under the task order. This Plan shall be written and implemented in accordance with applicable Federal laws including:
11.2.14.3 The Computer Security Act of 1987 (40 U.S.C. 1441 et seq.), the Clinger-Cohen Act of 1996, and the Government Information Security Reform Act (GISRA) of 2000 and meet Government IT security requirements including: OMB Circular A-130, Management of Federal Information Resources, Appendix III, Security of Federal Automated Information Resources; National Institute of Standards and Technology (NIST) guidelines; Departmental Information Resource Management Manual (DIRMM) and associated guidelines; and DOT Order 1630.2B, Personnel Security Management.
11.2.14.4 Personnel Security Management. The contractor shall screen their personnel requiring privileged access or limited privileged access to systems operated by the contractor for DOT or interconnected to a DOT network in accordance with DOT Order 1630.2B, Personnel Security Management and ensure contractor employees are trained annually in accordance with OMB Circular A-130, GISRA, and NIST requirements with a specific emphasis on rules of behavior.
11.2.14.5 The contractor shall include the above requirements in any subcontract awarded for IT services.
11.2.14.6 IT* means any equipment or interconnected system or subsystem of equipment used in the automatic acquisition, storage, manipulation, management, movement, control display, switching, interchange, transmission, or reception of data or information and as further defined in OMB Circular A-130 and the Federal Acquisition Regulation part
2.11.2.14.7 Additionally, the contractor shall comply with all of FAA's Security Clauses included in Section I.
11.2.15. Contractor shall comply with Department of Transportation (DOT) Information Security Requirements.