This posting ONLY provides the SF 30 AMEND 00002.  In error, attachment J002 was provided twice and improperly named. Please disregard the attachment named SF 30_ Amendment 00002 and in its place replace with  SF 30 AMEND 00002 - Posted 10.8.2020

***********************    ***************************    ****************************  ******

AMENDMENT 00002 addresses the FAA's Respone to Industry Question #38 by providing Amend 00002 _ J002  Labor Categories Description & Qualifications provided and the SF 30 _ Amend 00002. 

******************************     ***********************  *****************************

AMENDMENT 00001 provides the FAA's responses to Industry Questions, the edited SIR,  J Attachments, Attach L003, SF-30 and SF-33 associated with those edits. 

******************************    ************************  ****************************

Cybersecurity Testing (FINAL SIR) 693KA8-20-R-00017

This is an OFFICIAL REQUEST FOR QUOTE // SCREENING INFORMATION REQUEST (SIR)

This FINAL Screening Information Request (SIR) 693KA8-20-R-00017 is issued in accordance with Federal Aviation Administration (FAA) Acquisition Management System (AMS) 3.2.1.3.11

Please note that the Acquisition Management System (AMS) applies to the FAA in place of the Federal Acquisition Regulation (FAR) and various other provisions for Federal acquisition law. FAR references cited in Beta.Sam.Gov are not applicable to the Federal Aviation Administration (FAA) as the FAA has its own policies and guidance references in the AMS.

This announcement is not to be construed as a ‘contract’ or a ‘commitment’ of any kind.

INTRODUCTION

The FAA runs a multi-faceted cybersecurity program to protect the NAS in accordance with Federal Information Security Management Act (FISMA). The ATO Cybersecurity Group (ACG), a line of business under NAS Security and Enterprise Operations (NASEO) within the Air Traffic Organization (ATO), is the lead organization for governing, implementing, and managing cybersecurity controls for NAS. Cybersecurity Testing is one of the multi-faceted cybersecurity programs managed by ACG.

The sustainment of Independent Risk Assessment capabilities, Information Systems Security (ISS) Assurance and the performance of Penetration Testing are key components in meeting the Office of Management and Budget’s (OMB) continuous monitoring requirement, Federal Information Security Management Act (FISMA), and Executive Order 13636 and its implementation through Presidential Policy Directive (PPD-21) and the ATO Cyber Security Strategic Plan.

OBJECTIVE

The FAA anticipates making a single award, though reserves the right to make multiple awards or no award at all if doing so is determined to be in the best interest of the government.  The contract type is anticipated to be a Time-and-Material (T&M) with a Period-of-Performance (POP) of a one-year Base, and four, one-year options for a POP not to exceed five years.

SIGNIFICANT MILESTONES: 

SIR POSTED     ............................................................  TUESDAY, September 16, 2020

Questions & Answers (Section L.3.3)  ..........  MONDAY, September 28, 2020 NLT 3 pm ET

FAA Response to Questions Posted (Section L.3.3)  .... TUESDAY, October 6, 2020 NLT COB

Proposals DUE (Section L.3.1)   ..................................  FRIDAY, October 16, 2020 NLT 3 pm, ET

ESTMINATED AWARD  ................................................   FRIDAY, January 29, 2021

** ANY PHONE CALL RECEIVED WILL BE DIRECTED TO SIR SECTION L.3.3  QUESTIONS AND ANSWERS