Pursuant to Federal Acquisition Regulation (FAR) 6.302-1, the National Geospatial-Intelligence Agency (NGA), Office of Contract Services (OCS), plans to award a sole source modification for a six-month sole source extension, to Deloitte Consulting LLC, 1919 N. Lynn Street, Suite 800, Arlington, Virginia 22209 in support of the Cybersecurity Risk Management and Assessment (CRMA) Task Order (HM0476-18-F-0215).
Deloitte Consulting LLC is the only responsible source to provide CRMA support services within the required timeframe without unacceptable delays in fulfilling the Agency’s mission critical cybersecurity requirements. This action will allow NGA/OCS the opportunity to complete the competitive award of a new contract that is currently in process. The six-month extension will be effective 18 May 2022 through 17 November 2022.
Deloitte Consulting LLC has the operational capability in place to provide for continuous cybersecurity support services to NGA’s Office of the Chief Information Officer (CIO) and Information Technology Services Directorate (CIO-T). CIO-T’s mission is to safeguard the NGA mission through collaborative, forward-leaning, and risk-balanced solutions, by providing cybersecurity assessment and authorization, risk management, blue team and information system security automation and optimization services to ensure trust in GEOINT services and data. NGA has defined and implemented a Risk Management Framework (RMF) based on National Institute of Standards and Technology (NIST) standards and Intelligence Community Directives (ICDs), carried out by the CRMA contract. RMF processes, tasks, and documentation provide the framework upon which NGA manages risks throughout the information system lifecycle. Assessment and Authorization (A&A) activities, performed using the RMF, are critical to provide NGA authorizing officials with accurate, sufficient, and timely information by which they can make risk-related decisions. Blue Team assessment services are required to identify vulnerabilities and security gaps in support of A&A and other agency cybersecurity functions. Finally, an Information System Security Automation and Optimization (ISSA&O) service provides technical solutions for meeting cybersecurity requirements and produces security architectures, designs, solutions, and configuration recommendations.
In addition, the NGA/CIO-T requires cybersecurity services to protect and defend against network cyber-attacks. Cybersecurity services must provide information assurance measures that protect and defend information and information systems (IS) by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.
Award to any other source would require a competitive acquisition and award, transition and start-up time that would result in unacceptable delays in fulfilling ongoing critical agency requirements. Further, this extension will avoid a break in cybersecurity service supporting NGA’s mission critical risk management operations that protect and defend against network cyber-attacks, and provide continuity of cybersecurity support services under the CRMA task order.
This Notice of Intent is being published in accordance with FAR 5.2 requiring the dissemination of information on proposed contract actions. This synopsis is a notice of intent to issue award using other than full and open competition and should not construed as a request for competitive proposals. The determination of the Government not to open subject requirement to full and open competition was made in accordance with (IAW) 10 U.S.C.2304(c)(1) and 6.302-1(a)(2)(iii)(B) - Unacceptable delays in fulfilling the agency's requirements. Currently, there is insufficient time to solicit offers from other sources for services to begin 18 July 2021. A competitive follow-on solicitation will be completed during the period of this extension which will result in a competitive award.
Interested parties may express their interest and provide a capabilities statement to the requirement no later than (NLT) Monday, 14 March 2022 at 5:00 p.m. Eastern Time (ET), which shall be considered by the agency. A determination not to compete this proposed contract based on this notice is within the discretion of the Government.
The Government will issue a Justification and Approval (J&A) to support the need for a sole source award. The J&A will be posted to GPE website http://www.beta.SAM.gov 14 days after award of the modification.
