next eneration nterprise etwork...

Naval Enterprise Networks (NEN) Transport Services (TXS) Performance Work Statement (PWS)

NEXT GENERATION ENTERPRISE NETWORK PROGRAM

PERFORMANCE WORK STATEMENT

Version: C.02

DATE: 30 September 2011

Program Executive Office Enterprise Information Systems

Program Manager, Naval Enterprise Networks

1325 10th Street, SE, Suite 301

Washington, DC 20374

This document includes technical data for which the Department of the Navy possesses

Government Purpose Rights and should not be disclosed outside the Government except to

entities, which have executed the Defense Federal Acquisition Regulation Supplement Part 227

non-disclosure agreement and handled in accordance with the terms of such agreement.

Attachment 1

Naval Enterprise Networks (NEN) Performance Work Statement (PWS) Program Management Office (PMW 205) V C.02 30 Sept 2011

Not to be disclosed outside the Government except IAW the referenced non‐disclosure agreement

i

Revision History

DOCUMENT HISTORY

VERSION DATE DESCRIPTION

1.0 23 DEC 2010 Signed NGEN Transport Services PWS

1.01 18 MAR 2011 Review of the NGEN Transport Services PWS with PEO EIS Procuring Contracting

Officer (PCO)

1.02 17MAY 2011 Modification of PWS to Option 3 and Review of the NGEN Transport Services

PWS with PEO EIS PCO

1.03 27 JUN 2011 Acquisition Concept Release 1 to Stakeholders

1.04 30 JUN 2011 Acquisition Concept Release 1 to Industry

1.05 24 JUL 2011 Acquisition Concept Release 2 to Stakeholders

1.06 29 JUL 2011 Acquisition Concept Release 2 to Industry

C.01 23 SEP 2011 Draft RFP Release to Stakeholders

C.02 30 SEP 2011 Draft RFP Release to Industry

Attachment 1



ii

Document Approval

Shawn P. Hendricks

Captain, U. S. Navy

Program Manager, PMW-205

Naval Enterprise Networks

Date

APPROVED

Attachment 1



iii

Table of Contents

1. INTRODUCTION .............................................................................................................. 1

1.1 DON Management Domain ............................................................................................. 2

1.1.1 Navy Management Domain ...................................................................................... 2

1.1.2 Marine Corps Management Domain ........................................................................ 2

1.2 NGEN Operating Models ................................................................................................ 3

1.2.1 Navy Operating Model ............................................................................................. 3

1.2.1.1 Fleet Cyber Command (FLTCYBERCOM) / Tenth Fleet (TENTHFLT) ........ 3

1.2.1.2 Naval Network Warfare Command ................................................................... 4

1.2.1.3 Navy Cyber Defense Operations Command (NCDOC) .................................... 5

1.2.1.4 Naval Computer and Telecommunications Area Master Stations (NCTAMS) / Regional Network Operations and Security Centers (RNOSC) .......................................... 6

1.2.1.5 Customer Technical Representatives (CTR) ..................................................... 8

1.2.2 Marine Corps Operating Model ............................................................................... 8

1.2.2.1 Marine Corps Network Operations Security Center (MCNOSC) ................... 10

1.2.2.2 Regional Network Operation and Security Centers (RNOSCs) ...................... 10

1.2.2.3 Marine Air Ground Task Force (MAGTF) IT Support Centers (MITSCs) .... 11

1.2.2.4 Major Subordinate Command (MSC) – Base-Post-Stations ........................... 12

2. REFERENCE DOCUMENTS .......................................................................................... 12

3. NAVY REQUIREMENTS ............................................................................................... 19

3.1 Scope .............................................................................................................................. 19

3.2 Program Management .................................................................................................... 22

3.2.1 Quality Management .............................................................................................. 23

3.2.2 NGEN Performance Management .......................................................................... 24

3.2.3 Governance Boards ................................................................................................ 26

3.2.4 In-Progress Reviews (IPR) ..................................................................................... 30

3.2.5 NGEN Risk Management ....................................................................................... 31

3.3 Services Portfolio ........................................................................................................... 31

3.3.1 Engineering Design and Support Services (EDSS) ................................................ 31

3.3.1.1 Systems Engineering Technical Review (SETR) Process ............................... 34

Attachment 1



iv

3.3.1.1.1 SETR – Beginning of Contract Execution ..................................................... 34

3.3.1.1.2 SETR – Post Transition ................................................................................... 36

3.3.1.2 Core Build Contents Services .......................................................................... 36

3.3.1.3 Computer-Electronic Accommodations Program (CAP) ................................ 39

3.3.1.4 Modernization and Technology Refresh ......................................................... 39

3.3.1.5 Navy Enterprise Portal (NEP) ......................................................................... 42

3.3.2 Enterprise Operations Services .............................................................................. 42

3.3.2.1 Network Operations Center (NOC) Services .................................................. 43

3.3.2.2 Security Operations Center (SOC) Services .................................................... 45

3.3.2.3 Service Order Management ............................................................................. 46

3.3.2.3.1 Ordering Tool Interface .................................................................................. 46

3.3.2.3.2 Order to Delivery (OTD) ................................................................................ 47

3.3.3 Application Hosting Services (AHS) ..................................................................... 47

3.3.3.1 AHS at a Commercial Facility......................................................................... 48

3.3.4 Directory Services .................................................................................................. 48

3.3.5 Cross Domain Security (CDS) Services ................................................................. 51

3.3.6 Security Configuration and Management Services ................................................ 52

3.3.6.1 Security Operations Center (SOC) Services .................................................... 55

3.3.6.2 Data at Rest (DAR) Services ........................................................................... 57

3.3.6.3 Network Cryptography Services ..................................................................... 58

3.3.7 Boundary, Demilitarized Zone (DMZ), and Communities of Interest (COI) Services 59

3.3.7.1 External Network Interface Services ............................................................... 61

3.3.7.2 Maritime Operations Center (MOC) and Command and Control (C2) Services 62

3.3.7.3 Demilitarized Zone (DMZ) Services ............................................................... 62

3.3.7.4 Deployable Site Transport Boundary (DSTB) Services .................................. 64

3.3.8 Malware Detection and Protection Services .......................................................... 64

3.3.9 Security Event Management (SEM) Services ........................................................ 66

3.3.9.1 Intrusion Management Services ...................................................................... 66

Attachment 1



v

3.3.9.2 Security Incident Handling Services ............................................................... 68

3.3.9.3 Audit and Accountability Services .................................................................. 69

3.3.10 Security and IT Certification and Accreditation (C&A) Services.......................... 69

3.3.11 Authentication and Authorization Services ............................................................ 74

3.3.11.1 Identity and Access Management (IdAM) and Public Key Infrastructure (PKI) Services 74

3.3.12 Network Access Control (NAC) Services .............................................................. 77

3.3.13 Remote Access Services (RAS) ............................................................................. 78

3.3.14 End User Training Services .................................................................................... 79

3.3.15 Network Operations (NetOps) and Information Assurance (IA) Training Services 81

3.3.15.1 Network Operations (NetOps) Training Services ........................................... 81

3.3.15.1.1 Instructional Strategy Services and Training Materials ............................... 86

3.3.15.2 Information Assurance (IA) Training Services ............................................... 87

3.3.16 Testing Services ..................................................................................................... 87

3.3.17 Continuity of Operations (COOP), Disaster Recovery (DR), and Business Continuity Planning (BCP) Services ..................................................................................... 89

3.3.17.1 Continuity of Operations (COOP) Services .................................................... 89

3.3.17.2 Disaster Recovery (DR) Services .................................................................... 90

3.3.17.3 Business Continuity Planning (BCP) Services ................................................ 91

3.3.17.4 Contingency Operations Services .................................................................... 92

3.3.17.4.1 Determine and Test Contingency Operations Hardware and Software Configurations ................................................................................................................ 92

3.3.17.4.2 Deploy IT Capabilities to Support Contingency Operations ....................... 92

3.3.18 File Removal Services ............................................................................................ 93

3.3.19 Electronic Software Delivery Services (ESDS) ..................................................... 94

3.3.20 Service Desk Services ............................................................................................ 95

3.3.20.1 Move, Add, and Change (MAC) Services ....................................................... 98

3.3.21 Base Area Network (BAN) Services and Local Area Network (LAN) Services ... 99

3.3.21.1 Pierside Connectivity ..................................................................................... 102

3.3.21.2 Application Server Connectivity ................................................................... 104

Attachment 1



vi

3.3.21.3 Program of Record Workstation Connectivity .............................................. 105

3.3.21.4 Wireless Local Area Network (WLAN) Services ......................................... 105

3.3.22 Wide Area Network (WAN) Services .................................................................. 107

3.3.22.1 Non-Secure Internet Protocol Router Network (NIPRNet) and Intranet ...... 109

3.3.22.2 Secret Internet Protocol Router Network (SIPRNet) .................................... 109

3.3.22.3 Satellite Communications (SATCOM) Services ........................................... 110

3.3.23 Data Storage Services ........................................................................................... 112

3.3.24 Enterprise Messaging Services ............................................................................. 114

3.3.25 Enterprise Web Portal Services ............................................................................ 115

3.3.25.1 Homeport ....................................................................................................... 116

3.3.25.2 Content Discovery ......................................................................................... 116

3.3.26 Collaboration Services ......................................................................................... 117

3.3.27 Voice over Internet Protocol (VoIP) Options and Services ................................. 118

3.3.28 Unclassified Mobile Phone Services .................................................................... 119

3.3.29 Classified Mobile Phone Services ........................................................................ 119

3.3.30 Video Teleconferencing (VTC) Services ............................................................. 120

3.3.31 End User Computing Services ............................................................................. 122

3.3.31.1 Workstations (Fixed, Portable, or Virtual) .................................................... 122

3.3.31.2 Portable End User Device (Computing Services) ......................................... 124

3.3.31.3 Deployable End User Computing .................................................................. 125

3.3.31.4 Desktop Virtualization Services .................................................................... 127

3.3.31.5 Navy Recruiting Command (NRC) Mobile Computing Solution ................. 130

3.3.32 Optional Hardware and Software Services .......................................................... 131

3.3.33 Printing Services ................................................................................................... 131

3.3.34 Desk Side Support Services ................................................................................. 133

3.4 IT Service Management (ITSM) .................................................................................. 134

3.4.1 Service Management Tools .................................................................................. 135

3.4.2 Continual Service Improvement (CSI) Process .................................................... 137

3.4.3 Service Design Processes ..................................................................................... 137

3.4.3.1 Service Catalog Management ........................................................................ 137

Attachment 1



vii

3.4.3.2 Service Level Management (SLM) ............................................................... 138

3.4.3.3 Capacity and Demand Management .............................................................. 139

3.4.3.4 Availability Management .............................................................................. 141

3.4.4 Service Transition Processes ................................................................................ 141

3.4.4.1 Asset Management ........................................................................................ 141

3.4.4.2 Configuration Management ........................................................................... 143

3.4.4.3 Change Management ..................................................................................... 144

3.4.4.4 Release and Deployment Management ......................................................... 145

3.4.5 Service Operations Processes ............................................................................... 147

3.4.5.1 Event Management ........................................................................................ 147

3.4.5.2 Incident Management .................................................................................... 148

3.4.5.3 Request Fulfillment ....................................................................................... 149

3.4.5.4 Problem Management .................................................................................... 150

3.5 Logistics ....................................................................................................................... 151

3.5.1 Installation Support .............................................................................................. 151

3.5.2 Maintenance ......................................................................................................... 153

3.5.3 Warranty Management ......................................................................................... 154

3.5.4 Supply Support ..................................................................................................... 154

3.5.5 Diminishing Manufacturing Sources and Material Shortages (DMSMS) ........... 154

3.5.6 Demilitarization and Disposal .............................................................................. 154

3.5.7 Environmental Safety and Occupational Health .................................................. 155

3.5.8 Packaging, Handling, Storage, and Transportation (PHS&T) ............................. 155

3.5.9 Facilities Management ......................................................................................... 156

3.5.10 Data Management (DM) ...................................................................................... 157

3.6 Transition Services ....................................................................................................... 160

3.6.1 Transition Overview ............................................................................................. 160

3.6.2 Navy Transition Profiles ...................................................................................... 161

3.6.3 Phase-In Services ................................................................................................. 162

3.6.3.1 Planning ......................................................................................................... 163

3.6.3.1.1 Phase-In Plan and Readiness Templates ...................................................... 163

Attachment 1



viii

3.6.3.1.2 Detailed Phase-In Project Plans .................................................................. 164

3.6.3.2 Pre-Execution ................................................................................................ 164

3.6.3.2.1 Readiness Templates .................................................................................... 164

3.6.3.2.2 Readiness to Transition Review (RTR) ....................................................... 165

3.6.3.3 NGEN Transition Phase-In Execution .......................................................... 166

3.6.3.4 Success Criteria ............................................................................................. 167

3.6.4 NGEN Phase-Out Services ................................................................................... 168

3.6.4.1 Planning ......................................................................................................... 168

3.6.4.2 Pre-Execution ................................................................................................ 168

3.6.4.2.1 Work In Progress .......................................................................................... 168

3.6.4.2.2 Successor Preparation for the NGEN Environment ..................................... 168

3.6.4.2.3 Business Operational Support .......................................................................... 169

3.6.4.3 Execution and Success Criteria ..................................................................... 169

3.6.5 NGEN Optional Transition Services Move to Section C under CLIN 56 ........... 170

3.7 Litigation ...................................................................................................................... 170

4. Marine Corps Enterprise Services Requirements ........................................................... 176

4.1 Scope of Work ............................................................................................................. 176

4.2 Program Management .................................................................................................. 178

4.3 Risk Management ........................................................................................................ 180

4.4 IT Service Management (ITSM) .................................................................................. 181

4.5 Performance Requirements .......................................................................................... 182

4.5.1 Performance Quality ............................................................................................. 182

4.5.1.1 Quality Control Plan ...................................................................................... 182

4.5.1.2 Government Representatives ......................................................................... 182

4.5.2 Phase In/Phase Out Period ................................................................................... 182

4.5.2.1 Phase In Period .............................................................................................. 182

4.5.2.2 Phase Out Period ........................................................................................... 183

4.6 Services Provided ......................................................................................................... 183

4.6.1 Enterprise Engineering Design and Support Services (EEDSS) .......................... 183

4.6.1.1 Specific Tasks ................................................................................................ 184

Attachment 1



ix

4.6.2 Enterprise Operations Services ............................................................................ 187

4.6.2.1 Specific Tasks ................................................................................................ 188

4.6.3 Data Storage Services ........................................................................................... 193

4.6.3.1 Specific Tasks ................................................................................................ 193

4.6.4 Enterprise Messaging Services ............................................................................. 197

4.6.4.1 Specific Tasks ................................................................................................ 197

4.6.5 Application Hosting Services ............................................................................... 198

4.6.5.1 Specific Tasks ................................................................................................ 198

4.6.6 Enterprise Web Portal Services ............................................................................ 199

4.6.6.1 Specific Tasks ................................................................................................ 199

4.6.7 Workflow and Collaboration Services ................................................................. 204

4.6.7.1 Specific Tasks: ............................................................................................... 205

4.6.8 Directory Services ................................................................................................ 206

4.6.8.1 Specific Tasks ................................................................................................ 206

4.6.9 COOP/Disaster Recovery/Business Continuity Services ..................................... 210

4.6.9.1 Specific Tasks ................................................................................................ 210

4.6.10 File Removal Services .......................................................................................... 211

4.6.10.1 Specific Tasks ................................................................................................ 211

4.6.11 Electronic Software Delivery Services ................................................................. 212

4.6.11.1 Specific Tasks ................................................................................................ 212

4.6.12 Commercial Voice Services ................................................................................. 214

4.6.12.1 Specific Tasks ................................................................................................ 214

4.6.13 VoIP Options and Services ................................................................................... 215

4.6.13.1 Specific Tasks ................................................................................................ 215

4.6.14 Unclassified Mobile Phone Services .................................................................... 216

4.6.14.1 Specific Tasks ................................................................................................ 216

4.6.15 Classified Mobile Phone Services ........................................................................ 217

4.6.15.1 Specific Tasks ................................................................................................ 217

4.6.16 VTC Services ....................................................................................................... 218

4.6.16.1 Specific Tasks ................................................................................................ 218

Attachment 1



x

4.6.17 Cross Domain Security Services .......................................................................... 220

4.6.17.1 Specific Tasks ................................................................................................ 220

4.6.18 Security Configuration and Management Services .............................................. 221

4.6.18.1 Specific Tasks ................................................................................................ 221

4.6.19 Boundary, DMZ, and Communities of Interest (COI) Services ........................... 226

4.6.19.1 Specific Tasks ................................................................................................ 226

4.6.20 Malware Detection and Protection Services ........................................................ 229

4.6.20.1 Specific Tasks ................................................................................................ 229

4.6.21 Security Event Management Services .................................................................. 230

4.6.21.1 Specific Tasks ................................................................................................ 230

4.6.22 Security and IT Certification and Accreditation Services .................................... 234

4.6.22.1 Specific Tasks ................................................................................................ 234

4.6.23 Authentication and Authorization Services .......................................................... 239

4.6.23.1 Specific Tasks ................................................................................................ 240

4.6.24 Network Access Control Services ........................................................................ 244

4.6.24.1 Specific Tasks ................................................................................................ 244

4.6.25 Fixed and Portable Computing Services .............................................................. 245

4.6.25.1 Specific Tasks ................................................................................................ 245

4.6.26 Thin Client Computing Services .......................................................................... 248

4.6.26.1 Specific Tasks ................................................................................................ 248

4.6.27 Optional Hardware and Software Services .......................................................... 248

4.6.27.1 Specific Tasks ................................................................................................ 248

4.6.28 Remote Access Services ....................................................................................... 250

4.6.28.1 Specific Tasks ................................................................................................ 250

4.6.29 Printing Services ................................................................................................... 250

4.6.29.1 Specific Tasks ................................................................................................ 251

4.6.30 Service Desk Services .......................................................................................... 252

4.6.30.1 Specific Tasks ................................................................................................ 252

4.6.31 Desk Side Support Services ................................................................................. 255

4.6.31.1 Specific Tasks ................................................................................................ 255

Attachment 1



xi

4.6.32 End User Training Services .................................................................................. 258

4.6.32.1 Specific Tasks ................................................................................................ 259

4.6.33 Network Operations (NETOPS) and Cyber Security Training Services ............. 260

4.6.33.1 Specific Tasks ................................................................................................ 260

4.6.34 Testing and Evaluation (T&E) Services ............................................................... 261

4.6.34.1 Specific Tasks ................................................................................................ 261

4.7 Place of Performance ................................................................................................... 265

4.7.1 Server Farms ......................................................................................................... 265

4.7.2 Micro Server Farm ............................................................................................... 266

4.8 Special Requirements................................................................................................... 266

4.8.1 Ordering and Invoicing Tools and Services ......................................................... 266

4.8.2 Asset Management ............................................................................................... 268

4.8.2.1 Asset Acquisition and Accountability ........................................................... 269

4.8.2.2 Asset Record Control..................................................................................... 270

4.8.2.3 Operations Management ................................................................................ 271

4.8.2.4 Life Cycle Management and Disposal of Assets ........................................... 272

4.8.3 Configuration Management (CM) ........................................................................ 272

4.8.4 Law Enforcement and Investigative Support ....................................................... 274

4.8.4.1 DON Investigator or Designee LE/CI Support Services ............................... 274

4.8.4.2 Litigation Support .......................................................................................... 279

4.8.4.2.1 General Litigation Support .............................................................................. 279

4.8.4.2.2 Litigation Support Services.............................................................................. 280

4.8.4.2.3 Litigation Holds Services ................................................................................. 280

4.8.4.2.4 Records Searches and Production Services ..................................................... 281

4.8.4.2.5 Testimony Services .......................................................................................... 282

4.8.4.2.6 Technical Advice and Assistance to Government Attorneys .......................... 284

5. Marine Corps Transport Services Requirements ............................................................ 285

5.1 Service Management .................................................................................................... 285

5.2 Scope of Work ............................................................................................................. 286

5.3 Summary of Services ................................................................................................... 286

Attachment 1



xii

5.3.1 BAN/LAN ............................................................................................................ 287

5.3.2 WAN and Boundary Protection ........................................................................... 287

5.3.3 Facilities Capacity Management .......................................................................... 288

5.4 PERFORMANCE REQUIREMENTS ........................................................................ 288

5.4.1 Performance Quality ............................................................................................. 288

5.4.1.1 Quality Control Plan ...................................................................................... 288

5.4.1.2 Government Representatives ......................................................................... 289

5.4.2 Phase In/Phase Out Period ................................................................................... 289

5.4.2.1 Phase In Period .............................................................................................. 289

5.4.2.2 Phase Out Period: .......................................................................................... 289

5.5 Services Provided ......................................................................................................... 290

5.5.1 Transport Engineering Design and Support Services (TEDSS) ........................... 290

5.5.1.1 Specific Tasks ................................................................................................ 290

5.5.2 Transport Operations Services ............................................................................. 291

5.5.2.1 Specific Tasks ................................................................................................ 291

5.5.2.2 IT Collateral Equipment Management Specific Tasks .................................. 293

5.5.3 Base Area Network/Local Area Network (BAN/LAN) Services ........................ 293

5.5.3.1 Specific Tasks ................................................................................................ 294

5.5.3.2 For both BAN and LAN ................................................................................ 294

5.5.4 Wide Area Network (WAN) Services .................................................................. 296

5.5.4.1 Specific Tasks ................................................................................................ 296

5.5.5 Security Configuration and Management Services .............................................. 297

5.5.5.1 Specific Tasks ................................................................................................ 297

5.5.6 Boundary, DMZ, and Communities of Interest (COI) Services ........................... 299

5.5.6.1 Specific Tasks ................................................................................................ 299

5.5.7 Security and IT Certification and Accreditation Services .................................... 300

5.5.7.1 Specific Tasks ................................................................................................ 300

5.5.8 Network Operations (NETOPS) and Cyber Security Training Services ............. 300

5.5.9 Testing & Evaluation (T&E) Services ................................................................. 300

5.5.9.1 Specific Tasks ................................................................................................ 301

Attachment 1



xiii

APPENDIX A: ACRONYMS AND DEFINITIONS ................................................................ A-1

APPENDIX B: USMC Rate Card Transport Applications......................................................... B-1

APPENDIX C: USMC Rate Card Transport Equipment ........................................................... C-1

Attachment 1



1

1. INTRODUCTION 1

The Department of the Navy (DON) operates one of the largest intranets in the world, the Navy 2

Marine Corps Intranet (NMCI). NMCI provides end-to-end secure Information Technology (IT) 3

services to more than 400,000 seats and 800,000 users, across 2,500+ locations that vary from 4

major bases to single-user locations. Hewlett Packard Enterprise Services (HP Enterprise 5

Services), formerly Electronic Data Systems (EDS), hereinafter called Incumbent Provider, 6

operated NMCI under the programmatic and operational oversight of the DON until the end of 7

the contract period of performance, 30 Sep 2010. The DON has since transitioned to the NMCI 8

Continuity of Service Contract (CoSC), which provides continued delivery of NMCI services to 9

the DON through 30 Apr 2014. The DON will next transition the delivery of these IT services, 10

in segments, from the NMCI CoSC to the follow-on Next Generation Enterprise Network 11

(NGEN) contracts. 12

13

The overall goals of NGEN are to: 14

a. Operate the NMCI network and maintain delivery of NMCI network and computing 15

services. 16

b. Ensure continued security of the network and proactive enhancement of information 17

assurance (IA) capabilities to meet evolving and emerging threats. 18

c. Provide Government Command and Control (C2) to ensure flexible and responsive 19

operation and defense of the network. 20

d. Maintain continuity of service during transition from NMCI CoSC to follow-on NGEN 21

contract(s) or Government operation. 22

23

The Performance Work Statement (PWS) is divided into five sections: 24

a. Section 1: Introduction – Provides an overview of the DON management domains and 25

NGEN operating models the NGEN contractors must work within to deliver NGEN 26

services. 27

b. Section 2: Applicable Documents – Federal, DoD, DON, Navy, Marine Corps, or other 28

documents that provide policy and governance for the NGEN program. 29

Attachment 1



2

c. Section 3: Navy Requirements – Defines the work to be performed for the United States 30

Navy (USN). 31

d. Section 4: Marine Corps Enterprise Services Requirements – Defines the work to be 32

performed for the United States Marine Corps (USMC) ES Segment. 33

e. Section 5: Marine Corps Transport Services Requirements – Defines the work to be 34

performed for the USMC Transport Segment. 35

36

The NGEN service delivery frameworks are different between the two management domains and 37

are described in the following sections. 38

39

1.1 DON Management Domain 40

The NGEN program uses "management domains" to establish the boundaries of a network for 41

which a management authority can affect operational-level C2. In this respect, management 42

domains address the Government's ability to direct and manage network resources and 43

capabilities. Management domains also define the relationship between the Government and 44

NGEN segment Contractors, and the roles and responsibilities related to the ownership, 45

operation, and support of the network. The NGEN program will be divided into two 46

management domains, based on the military services within the DON: Navy Management 47

Domain and Marine Corps Management Domain. 48

49

1.1.1 Navy Management Domain 50

The Navy Management Domain will be structured as a Government Owned, Contractor 51

Operated (GO/CO) network. With the exception of end user hardware, the Navy will purchase 52

NGEN network infrastructure in order to own the network. End user hardware will be provided 53

as a service by the NGEN ES Contractor. During the NGEN contract period of performance, the 54

ES Contractor and the TXS Contractor shall operate the NGEN network in the Navy 55

Management Domain and provide services described in Section 3 of the PWS. 56

57

1.1.2 Marine Corps Management Domain 58

Attachment 1



3

For the Marine Corps management domain, the USMC will transition from a single Government 59

Owned, Contractor Operated (GO/CO) network to a Government Owned, Government Operated 60

(GO/GO), and Contractor supported network. The USMC may purchase select services from the 61

ES and TXS contracts including the associated hardware, software, and training. During the 62

NGEN contract period of performance, the ES Contractor and TXS Contractor shall provide 63

support to the USMC for services described in Sections 4 and 5 of the PWS. Marine Corps 64

Enterprise Network (MCEN) is the Marine Corps' network of networks and approved 65

interconnected network segments. The physical characteristics of the USMC management 66

domain are provided as an attachment to the Contract. 67

68

1.2 NGEN Operating Models 69

Within the management domains defined above, the NGEN ES Contractor and TXS Contractor 70

will operate and support NGEN as described in the following sections. 71

72

1.2.1 Navy Operating Model 73

The Navy Network Operations (NetOps) operating model employs a centrally managed and 74

decentralized execution framework where global, regional, and local responsibilities are 75

delineated. Network C2 is accomplished through a hierarchal, tiered organizational framework. 76

The following sections provide an overview of the global, regional, and local relationships for 77

Navy NetOps management and control. 78

79

1.2.1.1 Fleet Cyber Command (FLTCYBERCOM) / Tenth Fleet (TENTHFLT) 80

FLTCYBERCOM 1) directs Navy cyberspace operations globally to achieve military objectives 81

in and through cyberspace; 2) executes cyber missions as directed by U.S. Cyber Command 82

(USCYBERCOM); 3) directs, operates, maintains, secures, and defends the Navy's portion of the 83

Global Information Grid (NAVGIG); 4) delivers global Navy cyber Common Operational 84

Picture (COP); and, 5) develops, coordinates, and assesses Navy cyber operational requirements. 85

FLTCYBERCOM is the Navy component to USCYBERCOM for cyberspace operations. 86

87

Attachment 1



4

TENTHFLT 1) serves as the numbered fleet commander for FLTCYBERCOM; 2) exercises 88

operational control of assigned Navy forces; and, 3) coordinates with other naval, coalition, and 89

joint forces to execute full spectrum cyberspace operations. In accordance with the joint chain of 90

command established by the Secretary of Defense and USCYBERCOM, operational control 91

(OPCON) and tactical control (TACON) of FLTCYBERCOM / TENTHFLT units are exercised 92

by FLTCYBERCOM / TENTHFLT. 93

94

1.2.1.2 Naval Network Warfare Command 95

The Naval Network Warfare Command is referred to as NAVNETWARCOM or NNWC. The 96

Commander, NAVNETWARCOM 1) coordinates, assesses, and oversees the global operation of 97

Navy computer networks and telecommunications systems; 2) manages the distributed Navy 98

Dynamic Global Information Grid (GIG) Operations (DGO) mission, including information 99

assurance; accredits and certifies networks; and, 3) issues DGO directives. 100

NAVNETWARCOM is granted authority to directly coordinate with units regarding DGO 101

matters and keeps the fleet apprised of activity in respective theaters. NAVNETWARCOM 102

tasks are: 103

a. Execute network C2 and computer network task orders. 104

b. Maintain network situational awareness. 105

c. Monitor, manage, and report on network operations and IT services. 106

d. Provide performance status and statistics on the NAVGIG and recommend 107

improvements. 108

109

NAVNETWARCOM provides operational and technical support to the NAVGIG through its 110

subordinate NetOps commands across the operational and tactical levels, in direct support and 111

coordination with regional commanders. NAVNETWARCOM coordinates, monitors, and 112

oversees the day-to-day operations of the NAVGIG. 113

114

Operationally, NAVNETWARCOM is divided into two execution centers, NetOps C2 and 115

Enterprise Management (EM). C2 consists of a 24x7x365 watch organization to conduct 116

NAVGIG service operations including monitoring, managing, and reporting on IT services and 117

Attachment 1



5

security. The NetOps C2 section is supported by the EM section which performs IT operations 118

management, problem management, analysis, and metrics collection, and coordinates with the 119

Navy and joint IT commands. EM evaluates and responds to the demand signals on the network 120

and its customers. EM coordinates with TENTHFLT and the higher command tasking such as 121

USCYBERCOM. 122

123

NAVNETWARCOM exercises global Network C2 from its headquarters located at Little Creek, 124

Virginia. NetOps service operations are managed by the NAVNETWARCOM operations staffs 125

located at Joint Expeditionary Base Little Creek-Fort Story and at Norfolk Naval Station. 126

127

1.2.1.3 Navy Cyber Defense Operations Command (NCDOC) 128

NCDOC coordinates, monitors, and oversees the defense of the Navy computer networks and 129

systems. NCDOC is also responsible for accomplishing Computer Network Defense (CND) 130

missions as assigned by the Commander, U.S. TENTH Fleet and USCYBERCOM as follows: 131

a. Protects, monitors, analyzes, detects, and responds to unauthorized activity on the NGEN 132

network. 133

b. Monitors and reacts to malicious activity and intrusions on Navy computer networks and 134

systems. Assesses the impact on military operations and capabilities. Notifies C10F and 135

the end user community. 136

c. Coordinates and directs appropriate Navy actions to halt malicious activity, contains 137

damage, restores functionality, and provides feedback to the end user community. 138

d. Provides Vulnerability and Analysis Assessment support for NGEN. 139

e. Provides Information Assurance Vulnerability Management (IAVM) support for NGEN. 140

f. Provides relevant cyberspace threat analysis, reporting and information exchange to 141

support global Attack Sensing and Warning to defend NGEN, and to integrate with other 142

Navy and DoD computer network operations. 143

g. Maintains an incident database for operational reporting and to support mission and 144

forensic analysis on misuse and malicious activity on NGEN. 145

146

Attachment 1



6

1.2.1.4 Naval Computer and Telecommunications Area Master Stations (NCTAMS) / Regional 147

Network Operations and Security Centers (RNOSC) 148

NCTAMS / RNOSCs manage the geographical regions which provide direct IT services to 149

ashore, afloat, and deployed end users. They exercise network C2 through subordinate Naval 150

Computer and Telecommunications Stations (NCTS) and NCTAMS Detachments (DETs). 151

Figures 1.2.1.4-1 and 1.2.1.4-2 show the current and future NAVNETWARCOM domain 152

organizational structures. 153

154

The NCTAMS / RNOSC’s are responsible for regional situational awareness and coordination of 155

assigned NetOps and CND tasks. The NCTAMS / RNOSC C2 and EM teams have 156

watchstanders co-located at the NGEN NOCs in Norfolk and Hawaii. These teams manage 157

NetOps IA and CND services and interface with NETWARCOM and NCDOC staffs for overall 158

deconfliction and prioritization of Navy NGEN services. 159

160

Attachment 1



7

161 Figure 1.2.1.4-1 162

163

Attachment 1



8

164 Figure 1.2.1.4-2 165

166

1.2.1.5 Customer Technical Representatives (CTR) 167

The local commands have on-site CTR who support delivery of NGEN services. 168

169

1.2.2 Marine Corps Operating Model 170

The Marine Corps has assumed operational control of the NMCI/CoSC infrastructure and will be 171

transitioning to a regionalized strategy comprised of four RNOSCs and includes eight sub 172

regions supported by MITSCs designed to provide garrison Marine Expeditionary Forces 173

(MEFs) and Marine Corps Supporting Establishments within respective areas of responsibility. 174

Bases, Posts, and Stations (B/P/S) provide touch labor in support of the MITSCs. Figure 1.2.2-1 175

shows the geographical and functional relationships of the regions. 176

177

Attachment 1



9

Operationally, the MCNOSC functions as the NetOps/Cyber Network Operations 178

(CyberNetOps) enterprise lead responsible for all cross-regional IT issues. The four RNOSCs 179

provide NetOps oversight, approval authority, the tasking and reporting framework, decision 180

support, and recommendations for MITSC(s) in their areas of responsibility. MITSCs execute 181

NetOps functions for a sub-region in support of the RNOSC. Approval authorities for B/P/S 182

NetOps reside with the B/P/S G6 in support of the local commander. 183

184

185 Figure 1.2.2-1: MCNOSC, RNOSCs, MITSCs, and B/P/S Relationship 186

187

The current USMC NetOps C2 structure that conducts the operation, defense, and governance of 188

the Marine Corps Information Enterprise is comprised of existing global, regional, and local 189

NetOps authorities. It comprises people, processes, logical and physical infrastructure, 190

architecture, topology, and Cyberspace Operations. The MCNOSC, RNOSCs, and MITSCs, 191

along with the MSCs provide essential C2 functions executed at the lowest level possible and 192

will provide Government direction to the supporting NGEN Contractor(s). Within this C2 193

Attachment 1



10

framework, status communication occurs both horizontally and vertically via a robust 194

collaboration infrastructure. 195

196

1.2.2.1 Marine Corps Network Operations Security Center (MCNOSC) 197

The MCNOSC will provide global CyberNetOps of the USMC management domain in order to 198

facilitate seamless information exchange in support of Marine Forces operating worldwide. The 199

MCNOSC reports operationally to the Commander, US Cyber Command and administratively to 200

the Director C4, the Marine Corps Chief Information Officer and principal staff member for the 201

Commandant of the Marine Corps. 202

203

The MCNOSC is responsible for the operation and defense of the MCEN. The MCNOSC 204

maintains the responsibility for the execution of current and emerging DoD Information Security 205

and Cyber Security doctrine as well as promulgation of USMC specific policies and procedures 206

outlining the protection of all information communication mediums. The MCNOSC implements 207

and enforces policies under the administrative control of HQMC including DoDI 841002p 208

NetOps for the Global Information Grid (GIG), under the operational control of the Joint Task 209

Force Global Network Operations (USCYBERCOM). 210

211

1.2.2.2 Regional Network Operation and Security Centers (RNOSCs) 212

Four RNOSCs, operated by Marine Forces (MARFOR) commanders, manage well-rounded 213

regional CyberNetOps functions to include: (a) maintenance of CyberNetOps SA; (b) 214

determination and execution of regional priorities and tasking; (c) conduct of regional operations 215

impact assessments; and (d) control of regional network defense response actions. The RNOSCs 216

are under tactical control (TACON) of the MCNOSC. 217

218

The geographic locations of the four RNOSCs are: 219

a. Marine Corps Base (MCB) Quantico, VA (RNOSC National Capital Region (NCR)) 220

b. Camp Allen, VA (RNOSC Atlantic) 221

c. Camp Smith, HI (RNOSC Pacific) 222

d. New Orleans, LA (RNOSC Reserves) 223

Attachment 1



11

224

The RNOSCs support MARFOR Commands and delegate CyberNetOps to MITSCs to provide 225

regional CyberNetOps capabilities. 226

227

1.2.2.3 Marine Air Ground Task Force (MAGTF) IT Support Centers (MITSCs) 228

The technical arm of each RNOSC, responsible for backbone network operations, defense, and 229

services is the MITSC. A MITSC is the regional data and network operations center operated by 230

a staff, under the command of the Marine Corps installations or geographic bound regional 231

Commander and maintained with assistance from a MCNOSC onsite support detachment. The 232

MCNOSC detachment supports enterprise-level data center operations and troubleshooting and 233

augments the MITSC staff when necessary. The MITSCs are operationally controlled by the 234

RNOSC. RNOSCs may delegate CyberNetOps responsibilities to the MITSCs for providing 235

regional capabilities. 236

237

A MITSC supports MEFs and the Marine Corps supporting establishments at bases, posts and 238

stations by managing and executing regionally focused network operations, IT services, 239

configuration management, Continuity of Operations/Disaster Recovery and network SA. A 240

MITSC supports the MCNOSC in the managing of global/enterprise assets/infrastructure (e.g., 241

Exchange email accounts, network and web access permissions, and file sharing) and provides 242

regional tier 1 and tier 2 support. 243

244

The geographic locations of the eight regional MITSCs are: 245

a. MCB Camp Lejeune, NC (MITSC East) 246

b. MCB Camp Pendleton, CA (MITSC West) 247

c. MCB Quantico, VA (MITSC NCR) 248

d. New Orleans, LA (MITSC Reserves) 249

e. MCB Camp Butler, Japan (MITSC WestPac) 250

f. MCB Kaneohe Bay, HI (MITSC MidPac) 251

g. Panzer Kaserne, Germany (MITSC Europe) 252

h. Pentagon, DC/VA (MITSC HQMC) 253

Attachment 1



12

254

Each MITSC hosts services and applications and supports forces as designated by Director C4. 255

The MITSCs are provisioned within Marine Corps Installation Commands to support MEF 256

Commands; and, as part of the fifth element of the MAGTF, support the warfighter while 257

operationally deployed, in garrison, or engaged in training. 258

259

1.2.2.4 Major Subordinate Command (MSC) – Base-Post-Stations 260

The MSC, Base-Post-Station G6s or S6s, act as the local CyberNetOps over their designated area 261

of responsibility. They provide hands-on technical support; respond to direction and tasking 262

from the MCNOSC, RNOSCs, and MITSCs; and support the management of access to the 263

MCEN. Some services and applications may be hosted and/or managed by the local 264

CyberNetOps. Deployed MAGTFs will constitute their own management domain and have local 265

CyberNetOps during deployment in support of military operations or engaged in training 266

exercises. During deployment as part of a Joint or Multinational force, operational tasking and 267

reporting for these commands will occur as established by their Joint or Multinational command 268

authority. 269

270

2. REFERENCE DOCUMENTS 271

This PWS references applicable documents, attachments, appendices, and an online repository: 272

a. Applicable documents are Federal, Department of Defense (DoD), DON, Navy, or 273

Marine Corps documents that provide policy and governance for the NGEN program. 274

Applicable Documents are listed in Section 2.0 of this PWS. 275

b. Attachments are NGEN program-level documentation that amplify the requirements, 276

performance standards, and provide additional program details pertaining to multiple 277

NGEN segments. Attachments are listed in Section J of the Request for Proposal. 278

c. Appendices are NGEN documents that define unique terms and requirements applicable 279

to the NGEN PWS. Appendices are listed following Section 5.0 of the document. 280

d. There is an additional online repository of technical data for the NGEN program hosted 281

on a MITRE SharePoint site and includes applicable documents that may not be readily 282

available in the public domain. 283

Attachment 1



13

The following table lists the applicable documents. Documents with an asterick (*) are available 284

as technical data on the MITRE SharePoint web site: 285

Department of Defense (DOD) Applicable Documents and International Standards

1. CJCSI 6211.02C, Defense Information System Network (DISN): Policy and Responsibilities *

2. CJCSI 6510.01E, Information Assurance (IA) and Support to Computer Network Defense (CND) *

3. CJCSI 6510.01F, Information Assurance (IA) and Computer Network Defense (CND)*

4. CJCSM 6510.01 CH3, Defense-In-Depth: Information Assurance (IA) And Computer Network Defense (CND) Change 3

5. CJCSM 6510.01A, Information Assurance (IA) and Computer Network Defense (CND) Volume I (Incident Handling Program) *

6. CNSSI 1253, Security Categorization and Control Selection for National Security Systems

7. CNSSI 4009, National Information Assurance (IA) Glossary

8. Defense Acquisition Guidebook (DAG) *

9. Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIG)

10. Director of Central Intelligence Community Directive Number 503, effective 15 September 2008*

11. DISA Unified Capabilities Requirements (UCR 2008, Change 2) *

12. DoD 4000.25-2-m Military Standard Transaction Reporting and Accounting Procedures (MILSTRAP) Manual *

13. DoD 4140.1-R, DoD Supply Chain Material Management Regulation *

14. DoD 4160.21-M-1, Defense Militarization Manual *

15. DoD 5000.04-M-1, Cost and Software Data Reporting (CSDR) Manual*

16. DoD 5015.02-STD, Electronic Records Management Software Applications Design Criteria Standard *

17. DoD 5200.2-R, Security Requirements for Automated Information Systems (AISs) *

18. DoD 5220.22-M, National Industrial Security Program Operating Manual (NISPOM)*

19. DoD 8570.01-M IA Workforce Improvement Program *

20. DoDD 3020.26, Department of Defense Continuity Programs *

Attachment 1



14


21. DoDD 8100.02, Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense (DoD) Global Information Grid (GIG) *

22. DODI 8100.04, Unified Capabilities (UC) *

23. DoDD 8190.3, Smart Card Technology *

24. DoDD 8320.02, Data Sharing in a Net-Centric Department of Defense *

25. DoDD 8320.03, Unique Identification (UID) Standards for a Net-Centric Department of Defense *

26. DoDD 8500.01E, Information Assurance (IA) *

27. DoDD O-8530.1, Computer Network Defense *

28. DoDI 4165.14, Real Property Inventory and Forecasting *

29. DODI 5000.64, Accountability and Management of DoD Equipment and Other Accountable Property *

30. DoDI 8410.02, NetOps for the Global Information Grid (GIG) *

31. DoDI 8500.2, Information Assurance (IA) Implementation, dated February 6, 2003 *

32. DoDI 8510.01, DoD Information Assurance Certification and Accreditation Process (DIACAP) *

33. DODI 8520.2, Public Key Infrastructure (PKI) and Public Key (PK) Enabling *

34. DoDI 8523.01, Communications Security

35. DoDI 8551.1, Ports, Protocols, and Services Management (PPSM) *

36. DoDI 8560.01, Communications Security (COMSEC) Monitoring and Information Assurance (IA) Readiness Testing

37. DoDI O-3600.2, Information Operation (IO) Security Classification Guidance (U)

38. DoDI O-8530.2, Support to Computer Network Defense

39. Electronic Key Management System (EKMS) Policy and Procedures Manual, EKMS 1(Series) *

40. IETF RFC 2409, The Internet Key Exchange (IKE)

41. IETF RFC 4301, Security Architecture for the Internet Protocol

Attachment 1



15


42. IETF RFC 4303, IP Encapsulating Security Payload (ESP)

43. ISE-G-108, Identity and Access Management Framework

44. Joint Pub 1-02, Dictionary of Military and Associated Terms *

45. JTF-GNO CTO 07-015, Public Key Infrastructure (PKI) Implementation, Phase 2

46. JTF-GNO CTO 07-12, Deployment of the Host Based Security System (HBSS)

47. JTF-GNO CTO 08-001, Encryption Of Sensitive Unclassified Data At Rest (DAR) On Mobile Computing Devices And Removable Storage Media Used Within The Department Of Defense (DoD)

48. JTF-GNO CTO 08-005, Directive for Automated Scanning, Remediation and Reporting of Network Vulnerabilities throughout DOD Global Information Grid (GIG)

49. JTF-GNO INFOCON Level 3 Clarification and Guidance *

50. Key Management Using ANSI X9.17

51. MIL-HDBK-1012/3, Military Handbook: Telecommunications Premises Distribution Planning, Design, and Estimating *

52. MIL-HDBK-29612-2a, DoD Handbook; Instructional Systems Development/Systems Approach to Training and Education (ISD/SAT) *

53. MIL-HDBK-61, Military Handbook: Configuration Management Guidance *

54. MIL-STD 2042(SH), Fiber Optic Cable Topology Installation Standard Methods for Naval Ships *

55. MIL-STD-130N Identification Marking of US Military *

56. MIL-STD-882D, Standard Practice for Systems Safety *

57. PKCS #1 v2.1: RSA Cryptography Standard

58. Risk Management Guide for DOD Acquisition, Sixth Edition (Version 1.0) *

59. SIPRNET and NIPRNET Connection Questionnaire *

60. Strategic Directive 527-1 INFOCON *

61. USCYBERCOM CTO 10-033A, Defense Connect Online (DCO) Upgrade to Adobe Acrobat Connect Pro 7.0 *

286

Attachment 1



16

Department of Navy (DON) Applicable Documents

62. CNO/USMC IA PUB 5239-22, Information Assurance Protected Distribution Systems (PDS) Publication

63. DON DIACAP Handbook, 15 July 2008 *

64. DON FY09 CLIN Structure *



67. DTG 122213Z MAY 08, Public Key Infrastructure Software Certificate Minimization Effort for DON Unclassified Environments *

68. EKMS Policy and Procedures for Navy Electronic Key Management System Tiers 2 & 3

69. Enterprise Pier Connectivity Architecture (EPCA) *

70. MARADMIN 328/08 DTG: 031012Z *

71. MARADMIN 336/08 *

72. Marine Corps Enterprise IA Directive (EIAD) 018 Certification and Accreditation Manual DAA Guidance Memorandum 01/0909

73. MC IA OPSD 010, Marine Corps Incident Handling Procedures

74. NAVADMIN 248/08 *

75. Naval Systems Engineering Technical Review Handbook *

76. Naval Telecommunications Procedures 4 Chap 11 *

77. NAVEDTRA 130B, Automated Electronic Classrooms (AEC) guidelines *

78. Navy Enterprise Services Profile (NESP) Network Operations, Network and Systems Management *

79. Navy Ports, Protocols, and Services (NPPS) Manual *

80. NIST SP 800-42, Guideline on Network Security Testing

81. NIST SP 800-53, Information Security

82. NNWCINST 5450.4A Mission, Function & Tasks for NCDOC-Norfolk *

83. NTD 03-11 Disposal of Navy Computers *

84. NTD 05-10, Cryptographic Log-On (CLO) *

85. NTD 11-08, Electronic Spillage Policy * 287

Attachment 1



17

Department of Navy (DON) Applicable Documents

86. OPNAVINST 1500.76B, Naval Training System Requirements, Acquisition and Management *

87. OPNAVINST 2201.2, Navy and Marine Corps Computer Network Incident Response *

88. OPNAVINST 3030.5B, Navy Continuity of Operations Program and Policy *

89. OPNAVINST 5239.1C, Navy Information Assurance (IA) Program *

90. OPNAVINST 9210-3, Safeguarding of Naval Nuclear Propulsion Information *

91. SECNAV M-5239.1, Department of the Navy Information Assurance Manual *

92. SECNAV M-5239.2, Department Of The Navy Information Assurance (IA) Workforce Management Manual To Support The IA Workforce Improvement Program *

93. SECNAV M-5510.36, DON Information Security Program *

94. SECNAVINST 2075.1, Department of the Navy Use of Commercial Wireless Local Area Network (WLAN) Devices, Services, and Technologies *

95. SECNAVINST 3030.4C, Department of the Navy Continuity of Operation Program *

96. SECNAVINST 3052.2, Cyberspace Policy and Administration Within the DON *

97. SECNAVINST 3501.1B, DON Critical Infrastructure Protection Program

98. SECNAVINST 5230.15, Information Management/Information Technology Policy for Fielding of Commercial Off the Shelf Software *

99. SECNAVINST 5239.19, DON Computer Network Incident Response and Reporting Requirements *

100. SECNAVINST 5239.3B, DON IA Policy *

101. SECNAVINST 5430.107, Mission and Functions of the Naval Criminal Investigative Service *

102. SECNAVINST 5510.34A, Disclosure Of Classified Military Information And Controlled Unclassified Information To Foreign Governments, International Organizations, And Foreign Representatives

103. SECNAVINST 7320, Department of Navy Personal Property Policies and Procedures *

104. SPAWAR Shore Installation Process Handbook (SIPH) *

105. SPAWARINST 4720.5, Policy and Procedures for Development and Life-Cycle Management of Installation Requirements Drawings *

288

Attachment 1



18

Next Generation Enterprise Network (NGEN) Applicable Documents 106. Disaster Recovery Plan (DRP) *

107. Enterprise DIACAP Plan (EDP) *

108. NGEN Allocated Baseline *

109. NGEN Core Build *

110. NGEN Integrated Architecture *

111. NGEN Learning Management System Functional Area Description *

112. NGEN Navy Training System Plan, N6-NTSP-E-70-0817 *

113. NGEN Ordering Tool Interface Control Document *

114. NGEN Product Baseline *

115. NGEN Program CONOPS *

116. NGEN Requirements Management Plan (RQMP) *

117. NGEN Site Scheduling Tool *

118. NGEN Systems Design Specification (SDS) *

119. NGEN Systems Engineering Plan (SEP) *

120. NMCI COSC FY11 Enterprise Technology Refresh Plan *

121. NMCI Naming Standards, D400.11939.01 *

122. NGEN Security Classification Guide * 289

Attachment 1



19

290

3. NAVY REQUIREMENTS 291

3.1 Scope 292

The NGEN Functional Baseline was established upon approval of the Systems Design 293

Specification (SDS) and the successful completion of the Program's System Functional Review 294

(SFR). NGEN Contractors will provide NGEN services to both the unclassified Non-secure 295

Internet Protocol Router Network (NIPRNet) and the classified Secret Internet Protocol Router 296

Network (SIPRNet) environments. 297

298

The alignment of the services to contract segments is provided in Figure 3.1-1. This table 299

identifies which services individually belong to the different segments or, in some cases, which 300

segment has the primary role and which segment has the supporting role for shared services. 301

Primary responsibility is denoted by a “P” and means the contractor will have the primary 302

responsibility for delivering those services. Supporting responsibility is denoted by an “S” and 303

means the Contractor will support the delivery of those services by the Contractor that has 304

primary responsibility. Regardless of the designations, the Contractors shall collaborate with 305

each other and any other service providers to provide its assigned portion of the NGEN program. 306

307

Primary service provider means: 308

a. Plan in coordination with the Government the location, a set day and time for every 309

meeting. 310

b. Host assigned meetings. 311

c. Prepare consolidated meeting minutes including action items. Track action items through 312

closure. (CDRL A001 – Meeting Minutes) 313

d. Determine the content and format of meeting in coordination with and approval from the 314

Government. 315

e. Provide programmatic and technical support for all meetings. 316

f. Prepare meeting agenda. (CDRL A002 – Meeting Agenda) 317

g. Develop a combined (relevant) brief and submit electronically to the Government three 318

(3) business days prior to the meeting. (CDRL A003 – Presentation Materials) 319

Attachment 1



20

h. Submit consolidated plans which contain required information as specified within the 320

service. 321

i. Submit consolidated CDRL responses to the Government, unless specifically directed 322

otherwise in the contract. 323

324

Supporting service provider means: 325

Provide the primary service provider the required data as stipulated in the relevant CDRLs. The 326

format for submission of this information to the primary service provider will be determined by 327

the respective providers themselves, not by the Government. 328

329

NGEN Services CONTRACT SEGMENTS

Enterprise Transport

Enterprise Engineering Design and Support Services P S

Enterprise Operations Services P S

Application Hosting Services P

Directory Services P S

Cross Domain Security (CDS) Services P S

Security Configuration and Management Services * P S Boundary, Demilitarized Zone (DMZ), and Communities of Interest (COI) Services S P

Malware Detection and Protection Services P S

Security Event Management (SEM) Services P S

Security and IT Certification and Accreditation (C&A) Services P S

Authentication and Authorization Services P S

Network Access Control (NAC) Services P S

Remote Access Services (RAS) S P

End User Training Services P S Network Operations (NetOps) and Information Assurance (IA) Training Services P S

Testing Services P S

Attachment 1



21

NGEN Services CONTRACT SEGMENTS

Enterprise Transport Continuity of Operations (COOP), Disaster Recovery (DR), Business Continuity Planning Services P S

File Removal Services (Spillage) P S

Electronic Software Delivery Services (ESDS) P S

Service Desk Services P S Base Area Network (BAN) Services and Local Area Network (LAN) Services P

Wide Area Network (WAN) Services P

Data Storage Services P

Enterprise Messaging Services P

Enterprise Web Portal Services P

Collaboration Services P

Voice over Internet Protocol (VoIP) Options and Services P

Unclassified Mobile Phone Services P

Classified Mobile Phone Services P

Video Teleconferencing (VTC) Services P

End User Computing Services P

Optional Hardware and Software Services P

Printing Services P

Desk Side Support Services P 330

Figure 3.1-1: Mapping of Services to NGEN Contract Segments 331

332

The contractors are responsible for the respective infrastructure assignments outlined in Navy 333

Assigned Infrastructure listed as an attachment in Section J and software functionality 334

assignments as outlined in NGEN Software Tools List listed an attachment in Section J. For the 335

software functionality assignments, the contractor is responsible to provide all licensing, 336

integration, operations and maintenance. 337

Attachment 1



22

338

3.2 Program Management 339

Program Management provides the personnel, processes, and tools necessary to effectively 340

manage the NGEN program within schedule and performance requirements. The Contractors 341

shall collaborate with each other and any other service providers to provide common 342

management of the services described below: 343

a. Provide management, administration, and documentation, including staff, equipment, 344

tools, processes, procedures, and training required to manage and meet the requirements 345

of this PWS. 346

b. Establish and maintain a formal program management organization and provide the 347

Government with an organization diagram and a directory with the positions, names and 348

contact information of all supervisory personnel. 349

c. Designate a Program Manager and Deputy Program Manager empowered to make 350

program and project level decisions and commit company resources to execute courses of 351

action within the scope of this contract. 352

d. Submit a Program Management Plan that describes: (CDRL A004 - Program 353

Management Plan) 354

i. The Contractor’s organizational structure 355

ii. Program Management Methodology 356

iii. Subcontract Management Methodology 357

iv. Service Management Methodology 358

v. Performance Management Plan. 359

e. Develop a Communications Strategy and Plan. (CDRL A005 - Communications Plan) 360

f. Report Contractor Cost Data Reporting (CCDR) information in accordance with the 361

NGEN Cost and Software Data Reporting Plan and DoD 5000.04-M-1, (CDRL A019 – 362

Cost Data Summary Reports and CDRL A020 – Functional Cost Hour Reports) 363

364

In addition to the above, the ES Contractor shall: 365

Attachment 1



23

a. Submit a unified Program Management Plan that combines all Contractors individual 366

Program Management Plans. The combined plan shall contain the information described 367

above. (CDRL A004- Program Management Plan) 368

b. Submit a unified Communications Strategy that combines all Contractors individual 369

Program Management Plans. (CDRL A005 - Communications Plan) 370

c. Provide a Project Management application to meet all NGEN scheduling and 371

performance management reporting requirements. The application must be compatible 372

with the NGEN infrastructure and meet the certification requirements of the network. 373

i. Provide the Government access to the application for oversight activities to 374

include design and technical authority. 375

ii. Develop project templates as directed by the Government. All project templates 376

must be approved by the government prior to use. 377

378

3.2.1 Quality Management 379

Quality Management Systems (QMS) reduce and eventually eliminate nonconformance to 380

specifications, standards, and customer expectations in the most cost effective and efficient 381

manner. The Contractors shall collaborate with each other and any other service providers to 382

provide common management of the services described below: 383

a. Maintain effective QMS processes and procedures that comply with ISO 9000, ISO 9001, 384

and ISO 9004. 385

b. Develop and submit a Quality Control Plan (QCP) that documents processes and 386

procedures to identify, prevent, and ensure non-recurrence of defective services. (CDRL 387

A006 - Quality Control Plan) 388

c. Develop and implement quality inspection processes (e.g., examinations, tests, etc.) 389

required to demonstrate service level conformance with PWS requirements and 390

associated Service Level Requirements (SLR). 391

d. Conduct Quality Assurance (QA) reviews and after action analysis of work activities and 392

project deliverables to identify areas for correction and opportunities for improvement. 393

e. Identify any noncompliant QA and Quality Control (QC) issues and ensure issues are 394

resolved. 395

Attachment 1



24

f. The Government will monitor the Contractor’s performance under this contract in 396

accordance with the Quality Assurance Surveillance Plan (QASP) listed as an attachment 397

in Section J. To support this effort the Contractor shall participate in activities contained 398

in the QASP. 399

400

In addition to the above, the ES Contractor shall submit a consolidated NGEN Quality Control 401

Plan that demonstrates how the providers will coordinate efforts to deliver end-to-end quality 402

services. The Contractors’ shall collaborate to deliver the consolidated plan. (CDRL A006 – 403

Quality Control Plan) 404

405

3.2.2 NGEN Performance Management 406

NGEN Performance Management includes all the processes, metrics, measurements, and 407

systems necessary to: 408

a. Continually assess the state of compliance of the network and network services with the 409

schedule and performance requirements established by the NGEN Capability Production 410

Document (CPD), NGEN contracts, and other DoD, DON, and Navy policies and 411

requirements. 412

b. Assess the effectiveness of the network and network services in supporting the execution 413

of Navy combat, combat support, and business processes. 414

415

The Contractors shall collaborate with each other and any other service providers to provide 416

common management of the services described below: 417

a. Provide data and reports to the performance management systems from assigned 418

components and systems necessary to support the collection of data required by contract 419

SLRs, OLAs, and other contract performance requirements. 420

b. Identify the root causes and propose corrective actions to address performance measures 421

that are not meeting requirements or are trending toward out of specification conditions. 422

(CDRL A007 – Monthly Status Report) 423

c. Assist with Government verification, validation, and auditing of the performance 424

management systems. 425

Attachment 1



25

426


a. Operate and maintain the Service Level Requirement (SLR), and Operating Level 428

Agreement (OLA) systems and associated performance data collection mechanisms, 429

databases, and report generation systems. The Service and Operational Levels are listed 430

as an attachment in Section J. 431

b. Operate and maintain NGEN Enterprise Performance Management Database (EPMD) 432

and Client Performance Management Database (CPMD) systems and associated 433

collection mechanisms, databases, and report generation systems. 434

i. Provide systems administration for EPMD and CMPD to integrate TXS and other 435

NGEN provider input and management requirements. 436

ii. Integrate (physically and electronically) ES infrastructure and service metrics into 437

EPMD and CPMD. 438

c. Operate and maintain the user, command user, and network operator automated survey 439

systems, databases, and report generation systems. 440

d. Provide overall systems integration for NGEN performance management tools and 441

implement an integrated NGEN performance monitoring database accessible through the 442

Homeport Portal. 443

e. Prepare and submit performance management reports for the entire network. (CDRL 444

A007 – Monthly Status Report) 445

f. Implement, operate, and maintain the capability to collect additional measurements 446

required by NGEN (e.g., SLRs and OLAs) associated with new services or new Navy, 447

DON or DoD performance measurement requirements that are within the scope of the 448

existing performance measurement areas at the time the new requirement is added to the 449

contract. 450

g. Propose strategies and technologies to improve and reduce the cost of performance 451

management systems. (CDRL A008 - Continuous Service Improvement Plan) 452

h. Provide the Government and TXS Contractor access to the performance management 453

systems for obtaining information and extracting reports. 454

455

Attachment 1



26

3.2.3 Governance Boards 456

NGEN has established various Governance boards, councils, and meetings to support the 457

management and delivery of IT services as summarized in Table 3.2.3 -1. 458

459

The NGEN Program CONOPS contains more detailed information on these boards, councils, and 460

meetings (e.g., scope of authority, membership, roles and responsibilities, frequency and 461

schedule, as well as operational procedures). 462

463

The Contractor shall: 464

a. Execute assigned tasks required in the preparation and execution of the Governance 465

entities as identified in the PWS. 466

b. Appoint a representative who has the authority to act on the Contractor’s behalf to 467

participate in and commit to the acceptance and completion of action items assigned by 468

the Governance entity. A brief description of each board’s purpose is provided below. 469

470

Governance Entity Frequency Roles

Program In-Progress Review (IPR) Monthly

Gov: Chair and lead ES and TXS: Provide input and execute assigned elements

Risk Management Board Monthly Gov: Chair and lead TXS/ES: Present and manage assigned risks

Core Build Review Quarterly Gov: Chair ES: Lead

Information Assurance Policy Board Quarterly

Gov: Chair ES: Lead TXS: Provide input and execute assigned elements

Executive Integration Leadership Team Weekly Government only NGEN Senior Integration Board Monthly Government only

NGEN Transition Control Board Weekly


Change Advisory Board Weekly


Engineering Working Monthly Gov: Chair

Attachment 1



27

Integrated Product Team (WIPT)

ES: Lead Architect TXS: Provide input and execute assigned elements

Enterprise Configuration Control Board Weekly


Incident Management Review Board Weekly


NetOps/Contractor Network Operations Meeting Bi-weekly

Gov:Chair ES: Lead TXS: Provide input and execute assigned elements

Major Problem Review As Required


Process Owners Council Monthly


Integration Certification Solution Review

As Required


DIACAP Certification As Required


DIACAP Accreditation As Required


Continual Process and Service Improvement Board Quarterly


Training Readiness Review Board Annually

Gov: Chair and lead ES/TXS: Provide input and execute assigned elements

Table 3.2.3 - 1 – NGEN Governance Boards 471

472

NGEN Governance Board Summary Descriptions: 473

a. Program In-Progress Review (IPR) – track progress toward goal; identify newly 474

identified risks and issues; fine-tune strategic objectives based on evolving circumstance; 475

garner leadership support and approval for recommended action. 476

b. Risk Management Board – formal session designed to identify program risks; discuss 477

suggested remediation plans; garner leadership support and approval. 478

Attachment 1



28

c. Core Build Review – meeting designed to be a quarterly review of the Core Build to 479

discuss new Core Build applications, including new versions and patches (where known), 480

that will be expected to be delivered (pushed) to NMCI/NGEN users over the following 481

quarter. This meeting will be a much smaller version of the annual meeting to specify 482

and verify the Core Build Release schedule for the next fiscal year. 483

d. Information Assurance Policy Board – ensures that information systems meet the dictates 484

of Department of Defense instruction 8500.01E relating to the capabilities integration of 485

personnel, operations, and technology. 486

e. Executive Integration Leadership Team – a government-only meeting designed to review 487

past progress, review upcoming tasks, address known issues, and craft plans to remediate 488

potential risks. 489

f. NGEN Senior Integration Board – executive leadership tasked with making major policy 490

and operational decisions; removing obstacles inhibiting successful transition activities; 491

and establishing working groups and sub-committees as necessary to recommend courses 492

of action. 493

g. NGEN Transition Control Board – tasked with administration and oversight of all 494

transition activities; identification of risks and issues; responsible for ensuring 495

remediation plans are in place and are executable. 496

h. Change Advisory Board – detailed review of proposed changes to the network 497

infrastructure; assess potential impact and consequence of executing proposed change; 498

garner leadership support and approval for proposed change. 499

i. Engineering Working Integrated Product Team (WIPT) – technical working group 500

designed to identify and remediate identified issues and risks for changes affecting the 501

network infrastructure’s fit, form, or function. 502

j. Enterprise Configuration Control Board – executive board designed to assess major 503

modifications to the existing network infrastructure; assess impact and consequence of 504

proposed changes; ensure proposed changes adhere to established, published architectural 505

standards. 506

k. Incident Management Review Board – designed to review past incidents to identify ways 507

in which processes can be improved to prevent future recurrence. 508

Attachment 1



29

l. NetOps/Contractor Network Operations Meeting – designed to review service metrics; 509

infrastructure, circuits, information assurance, and all other issues of concern to the 510

network operations community. 511

m. Major Problem Review – meeting designed to review and analyze major problems 512

discovered during the course of day-to-day operations; assign ownership of problems to 513

address issues; recommend appropriate changes as necessary. 514

n. Process Owners Council – meeting designed to review and act upon proposed process 515

modifications; discuss and remediate issues with process execution; schedule process 516

audits; brief audit results; and recommend implementation actions. 517

o. Integration Certification Solution Review 518

p. DIACAP Certification – is the standard process under which all Department of Defense 519

information systems will achieve and maintain their Authority to Operate. The DIACAP 520

processes are documented in Department of Defense instruction 8510.01. Information 521

systems apply for DIACAP certification prior to installation and operation. 522

q. DIACAP Accreditation – subsequent to certification, information systems are accredited 523

to ensure that information systems meet the dictates of business need, protection of 524

personal privacy, protection of information being processed, and protection of the 525

information environment. 526

r. Continual Process and Service Improvement Board – a cross-representational group of 527

users tasked with assessing the efficiency and efficacy of the processes and services 528

extant in the network infrastructure, and designing methods and policies for their 529

measurable improvement. 530

s. Training Readiness Review Board – a cross-representational group of users tasked with 531

ensuring operation and support staff and management have received adequate training, 532

and are prepared to assume full responsibility for their assigned activities and tasks. 533

534

A graphical representation of the boards and councils listed above is provided in Figure 3.2.3 - 2. 535

This graphic is not meant to suggest an ordered hierarchical system, but rather a logical 536

representation of how the governance boards relate to, and interact with, one another. 537

538

Attachment 1



30

539 Figure 3.2.3 - 2 540

541

3.2.4 In-Progress Reviews (IPR) 542

The purpose of the In-Progress Reviews (IPRs) are to review and monitor the Contractors’ 543

performance under the contract. The Government intends to conduct joint IPRs. However, 544

should the need arise as mutually determined by the Government and Contractor, individual IPRs 545

may be conducted. The Contractors shall collaborate with each other and any other service 546

providers to provide common management of the services described below: 547

a. Provide up-to-date progress, program status (e.g., cost, schedule, and performance), risk 548

assessment summary, transition status, issues, etc. in the form of a briefing that is 549

presented at a monthly IPR. (CDRL A003 – Presentation Materials) 550

b. Prepare meeting agenda. (CDRL A002 – Meeting Agenda) 551

Attachment 1



31

c. Prepare briefing materials to address the mutually agreed agenda items. 552

d. Require the appropriate SMEs participate in the meetings to address all agenda items. 553

e. Propose strategies and technologies improvements to enhance network capabilities and 554

performance and to reduce overall program cost (CDRL A008 – Continuous Service 555

Improvement Plan) 556

557

In addition to the above, the ES Contractor shall plan and host the joint IPR. 558

559

3.2.5 NGEN Risk Management 560

NGEN Risk Management provides an organized means of identifying, measuring, and ranking 561

risks and developing, selecting, and managing options for resolving or mitigating risks. The 562

Contractors shall collaborate with each other and any other service providers to provide common 563


a. Establish and execute a risk management program in accordance with the Risk 565

Management Guide for DoD Acquisition, Sixth Edition (Version 1.0) and the NGEN 566

Risk Management Plan listed as an attachment in Section J. 567

b. Designate a Risk Manager who reports directly to the Contractor Program Manager and 568

serves as the primary point of contact for the Government on all matters relating to risk 569

management for its portion of the network. 570

c. Identify program risks, conduct risk assessments, and communicate results to the 571

Government. (CDRL A009 – Risk Management Plan) 572

d. Participate in monthly NGEN Risk Management Board meetings. 573

e. Prepare and present new program risks with proposed mitigation plans and strategies and 574

report on the mitigation status of existing risks. 575

576

In addition to the above, the ES contractor shall plan and host meetings. 577

578

3.3 Services Portfolio 579

3.3.1 Engineering Design and Support Services (EDSS) 580

Attachment 1



32

EDSS encompasses the engineering and technical support services required to design, model, 581

test, pilot, and implement the systems and infrastructure required to deliver voice, video, and 582

data services. EDSS includes managing the resources, systems, and services to meet business 583

and mission requirements. EDSS provides a structured and disciplined life cycle systems 584

engineering approach to manage the enterprise architecture. 585

586

EDSS are shared services. The ES Contractor is designated as the primary service provider, and 587

the TXS Contractor is designated as the supporting service provider. The Contractors shall 588

collaborate with each other and any other service providers to provide common management of 589

the services described below: 590

a. Perform systems engineering processes and procedures in accordance with the 591

Government engineering and technical policies described in the NGEN Systems 592

Engineering Plan (SEP). 593

b. Update and refine the NGEN integrated architecture documentation to reflect new or 594

modified services, processes, and designs as well as changes in the environment. 595

c. Document all requirements in the master Requirements Traceability Matrix (RTM) and 596

the NGEN RQMP tool(s) [currently Dynamic Object Oriented Requirements System 597

(DOORS)]. (CDRL A010 – Requirements Traceability Matrix) 598

i. Provide requirements decomposition and allocation into the ES-developed joint 599

Requirements Traceability Matrix (RTM) for all joint NGEN projects. 600

ii. Provide NGEN RQMP tool(s) software licenses necessary for the Contractor to 601

fulfill its requirements responsibility. 602

d. Participate in the planning and execution of the monthly Engineering Integrated Product 603

Team (IPT) meetings in accordance with the SEP guidelines. 604

e. Provide the following participation in monthly Engineering IPT meetings: 605

i. Program Management 606

ii. Security 607

iii. Messaging 608

iv. Directory 609

v. Operations 610

Attachment 1



33

vi. Testing and Evaluation 611

f. Provide the Contractors’ respective portion of the end-to-end design documentation in 612

support of new services and modifications to existing services. (CDRL A011 – Technical 613

Baseline Documents) 614

g. Develop all designs for 1) Entrance Facilities (EF) and the respective Main Cross 615

Connect (MCC) equipment; and, 2) Telecommunications Room (TR) and the respective 616

Intermediate Cross Connect (ICC) equipment in compliance with governing architectural, 617

mechanical, and electrical requirements. 618

h. Deliver all design hardware and software specifications and Bill of Materials (BOM) 619

including incorporation of input from the Government. 620

i. Use the following industry standards as the basis to design IT facilities. 621

i. ANSI / TIA / EIA 569-A, Commercial Building Standard for 622

Telecommunications Pathways and Spaces. 623

ii. ANSI / TIA / EIA 568-B.1, Commercial Building Telecommunications Cabling 624

Standard. 625

iii. NFPA 70, National Electric Code. MIL-HDBK-1012/3, Telecommunications 626

Premises Distribution Planning, Design, and Estimating. 627

iv. Environment, Safety, Occupational Health (ESOH) in accordance with MIL-STD-628

882D (System Safety). 629

j. Develop, update, and maintain all as-built site drawings and associated documentation for 630

components and functions for all sites. (CDRL A012 - As Built and Network Topology 631

Drawings) 632

i. Maintain existing drawings in its current format. 633

ii. Develop new drawings in accordance with the SPAWAR Shore Installation 634

Process Handbook. 635

k. Maintain all service and domain topology diagrams. (CDRL A012 - As Built and 636

Network Topology Drawings) 637

l. Plan and execute quarterly design and program technical reviews. 638

i. Present designs for quarterly software and hardware releases. (CDRL A003 – 639

Presentation Materials) 640

Attachment 1



34

641


a. Administrative oversight of requirements for all projects including the development of a 643

Requirements Traceability Matrix (RTM) as well as capturing and maintaining the 644

requirements in the NGEN RQMP tool(s). 645

b. Conduct Engineering Board meetings. 646

c. Integrate and deliver the end-to-end design documentation in support of new services and 647

modifications to existing services. (CDRL A011 – Technical Baseline Documents) 648

649

In addition to the above, the TXS Contractor shall provide Network Engineering participation in 650

monthly Engineering meetings. 651

652

3.3.1.1 Systems Engineering Technical Review (SETR) Process 653

The Systems Engineering Technical Review (SETR) process is an integral part of systems 654

engineering and the life cycle management of acquisition and modernization programs and are 655

used to assess the technical health of a program. The SETR process is documented in the Navy 656

Systems Engineering Technical Review Handbook. The NGEN program includes a SETR at the 657

beginning of contract execution to establish technical baselines, and SETR events following 658

transition to evaluate the risks as well as standards and policy compliance for major changes. 659

The NGEN SEP is the governing document for SETR events. 660

661

3.3.1.1.1 SETR – Beginning of Contract Execution 662

The purpose of the SETR events at the beginning of contract execution is for both Contractors to 663

demonstrate full understanding of all NGEN technical requirements and validate the allocated, 664

product, and operational technical baselines. 665

666

The Contractors shall: 667

a. Map NGEN PWS requirements to Contractors manning, process, procedures, and tools 668

and provide a Requirements Traceability Matrix (RTM). (CDRL A010 – Requirements 669

Traceability Matrix) 670

Attachment 1



35

b. Review and update the technical baselines to be used as the basis for managing deviations 671

in accordance with the NGEN CMP. 672

i. Validate and, as required, update the allocated baseline. (CDRL A011 – Technical 673

Baseline Documents) 674

ii. Validate and, as required, update the product baseline as described in the Defense 675

Acquisition Guidebook. (CDRL A011 – Technical Baseline Documents) 676

iii. Validate and, as required, update the operational baseline. (CDRL A011 – 677

Technical Baseline Documents) 678

c. Provide the allocated baseline to the Government for review and approval. (CDRL A011 679

– Technical Baseline Documents) 680

d. Present the allocated baseline and the following draft documents at the Preliminary 681

Design Review (PDR): 682

i. Technology Refresh Plan (TRP). (CDRL A014 - Technology Refresh Plan) 683

ii. Configuration Management Implementation Plan (CMIP). (CDRL A015 – 684

Configuration Management Implementation Plan) 685

iii. Risk Management Plan. (CDRL A009 – Risk Management Plan) 686

iv. Phase-In Plan. (CDRL A016 – Phase-In Plan) 687

v. Service Management Plan (SMP). (CDRL A042 – Service Management Plan) 688

e. Provide the product baseline to the Government for review and approval. 689

f. Present the allocated baseline and the following draft documents at the Critical Design 690

Review (CDR): 691

i. TRP. (CDRL A014 - Technology Refresh Plan) 692

ii. CMIP. (CDRL A015 – Configuration Management Implementation Plan) 693

iii. Risk Management Plan. (CDRL A009 – Risk Management Plan) 694

iv. Phase-In Plan. (CDRL A016 – Phase-In Plan) 695

v. SMP. (CDRL A042 – Service Management Plan) 696

g. Develop and deliver a Systems Engineering Management Plan (SEMP) including [e.g., 697

the approach to planning and controlling 1) Government assigned systems engineering 698

projects to meet cost, schedule, and performance requirements; and, 2) Government 699

assigned systems engineering tasks (e.g., technology analysis and trade-off studies, 700

Attachment 1



36

design process and synthesis, logistics support analysis, training, requirements, and 701

specifications management)]. (CDRL A013 – Systems Engineering Management Plan) 702

h. Maintain the allocated, product, and operational baselines in accordance with the SEMP 703

and the CMIP. 704

705


a. Develop and submit a consolidated set of PDR and CDR documentation: 707

i. Allocated baseline. (CDRL A011 – Technical Baseline Documents) 708

ii. Product baseline. (CDRL A011 – Technical Baseline Documents) 709

iii. Operational baseline. (CDRL A011 – Technical Baseline Documents) 710

iv. RTM. (CDRL A010 – Requirements Traceability Matrix) 711

v. SEMP. (CDRL A013 – Systems Engineering Management Plan) . 712

vi. TRP. (CDRL A014 – Technology Refresh Plan) 713

vii. CMIP. (CDRL A015 – Configuration Management Implementation Plan) 714

viii. Risk Management Plan. (CDRL A009 – Risk Management Plan) 715

ix. Phase-In Plan. (CDRL A016 – Phase-In Plan) 716

x. SMP. 717

718

3.3.1.1.2 SETR – Post Transition 719

The purpose of the SETR events post transition is for both Contractors to document the plans, 720

risks, and mitigation strategies to support major modifications to either the NGEN infrastructure 721

or service delivery framework. 722

723

The Contractors shall plan and execute SETR events in accordance with the SEP guidelines. 724

725

3.3.1.2 Core Build Contents Services 726

The NGEN Workstation Core Build is comprised of the desktop Operating System (OS), core 727

applications (e.g., Microsoft Office Suite, Java, Adobe Reader, and Anti-Virus), as well as 728

hardware specific configuration items and the associated configuration characteristics for a 729

specific workstation platform. Changes to the Core Build occur when 1) specific Core Build 730

Attachment 1



37

components are updated; 2) new components are added to the Core Build; 3) security patches are 731

applied to the components in the Core Build; or, 4) existing Core Build components are retired 732

and removed from the Core Build. 733

734

The Contractors shall engineer, test, and integrate the NGEN Core Build to deliver the services 735

required in the contract. 736

737


a. Provide, operate, and maintain Core Build software and associated updates. 739

b. Design, configure, integrate, implement, update, test, and maintain workstation Core 740

Builds for all current and future operating systems approved for use on NGEN, including 741

virtual operating systems in accordance with the NGEN Core Build and the CMIP. 742

i. Manage and test GFE software compability with the Core Builds. 743

ii. Provide a GFE software management capability that allows for the tracking and 744

reporting of GFE allocation and use. 745

c. Incorporate Government requirements identified at the quarterly Core Build Review 746

meeting. 747

d. Test all client applications on the Core Build for compatibility with other Core Build 748

software. 749

e. Integrate approved computer software into the Core Build before deploying it to client 750

workstations. 751

f. Provide the Core Build to the Government so that it can be scanned for security 752

vulnerabilities. (CDRL A017 – Core Build Software Plan) 753

g. Provide the capability to remove software identified to have security vulnerabilities from 754

end user workstations. 755

h. Identify, document, and develop a mitigation strategy to resolve known and potential 756

compatibility issues with other Core Build software, information assurance settings, 757

network infrastructure, network operations, virus protection, and standard hardware 758

configurations. 759

Attachment 1



38

i. Submit a DIACAP Certification and Accreditation (C&A) package to the Government 760

for approval for each Core Build. (CDRL A018 – DoD Information Assurance 761

Certification and Accreditation Package) 762

j. Complete the DON Application and Database Management System (DADMS) 763

registration paperwork for Government submission and approval for each new 764

application on the Core Builds including new versions of the application. 765

k. Develop a Core Build image for building and rebuilding of end user workstation. 766

l. Maintain current library of Designated Approving Authority (DAA) approved 767

workstation Core Build images. 768

m. Maintain and provide for Government use a comprehensive list of the Core Build and 769

Enterprise Configuration Control Board (ECCB) approved software, software patches, as 770

well as Group Policy Objects (GPOs) and upgrades approved by the Government for 771

installation on the Network. (CDRL A017 – Core Build Software Plan) 772

n. Recommend enhancements of the Core Build process and products to the Government. 773

o. Develop an annual workstation Core Build Software Update Plan to address known 774

schedules for vendor software upgrades, end of support timelines, and planned upgrades 775

to Government-provided Core Build software (e.g., Office Suite). (CDRL A017 – Core 776

Build Software Plan) 777

i. Coordinate with the Government to ensure specific functionality requirements 778

identified by the Government and planned upgrades to Government-owned Core 779

Build software are included in the Core Build Software Update Plan. 780

ii. Address yearly deployment schedules and long term upgrades (five years ahead) 781

in the Core Build Software Upgrade Plan. 782

p. Develop, test, and deliver quarterly Core Build releases. 783

i. Present plans for release on the fifth day of each quarter (5 Oct, 5 Jan, 5 Apr, and 784

5 Jul). 785

ii. Test quarterly releases against existing hardware configurations and report results 786

to the Government. (CDRL A026 – Test Reports) 787

iii. Process proposed Core Build changes in accordance with the CMIP. 788

Attachment 1



39

iv. Deliver quarterly releases in accordance with the NGEN Release and Deployment 789

process. 790

791

3.3.1.3 Computer-Electronic Accommodations Program (CAP) 792

The Computer-Electronic Accommodations Program (CAP) is a no-cost service, managed and 793

funded by the DoD, which provides assistive technology, devices, and services to federal 794

employees with disabilities. CAP makes it possible for people with disabilities to have equal 795

access to the information in the electronic and telecommunication work environments. 796

797

The ES Contractor shall: 798

a. Provide and maintain Electronic and Information Technology (EIT) in accordance with 799

Section 508 of the Rehabilitation Act of 1973 (29 U.S.C. 794d) as amended by the 800

Workforce Investment Act of 1998 (P.L. 105 - 220). 801

b. Designate a point of contact to interface with the DoD CAP office. 802

c. Perform configuration management on all SW, HW, and HW peripherals provided by the 803

CAP Office and ensure all network end users of CAP purchased SW, HW, and HW 804

peripherals are operating to the same baseline configuration. (e.g., multiple versions of 805

the same SW shall be avoided). 806

d. Identify and complete certification testing and submit the certification package to the 807

Government within 30 days of receiving SW, HW, or hardware peripherals provided by 808

the CAP Office. 809

e. Install and test SW, HW, and HW peripherals, within 30 days of receipt from the CAP 810

office or within 30 days of Government accreditation of the solution. 811

f. Maintain all SW, HW, and HW peripherals provided by the CAP Office. 812

813

3.3.1.4 Modernization and Technology Refresh 814

Modernization consists of proposing, planning, testing, and implementing new technologies to 815

maintain current capabilities and performance at lower cost or provide improved capabilities and 816

performance at the same cost. NGEN goals for modernization include: 1) incorporation of 817

transformational technologies and service architectures that lead to improved efficiency (reduced 818

Attachment 1



40

total ownership costs) and increased performance; 2) enhanced situational awareness and 819

associated tools in support of network C2; and, 3) improved security in response to threats and 820

vulnerabilities. To the extent possible, the Government’s desire is for key modernization 821

initiatives be fully integrated and executed with technical refresh activities. 822

823

Technology Refresh is the periodic replacement of NGEN HW, SW (non-end user software), and 824

select non-IT assets [e.g., electrical panels and Heating, Ventilation, and Air Conditioning 825

(HVAC)] to avoid obsolescence and loss of Original Equipment Manufacturer (OEM) support, 826

improve reliability and availability, and to remain current with Government security 827

requirements and industry IT standards. 828

829

NGEN Technology Refresh Planning Guidance document is listed as an attachment in Section J. 830

The Navy Modernization Framework is included as Appendix I to the Guidance document. 831

832

Modernization and Technology Refresh is a shared service. The ES Contractor is designated as 833

the primary service provider, and the TXS Contractor is designated as the supporting service 834

provider. The Contractors’ shall collaborate with each other and any other service providers to 835


a. Develop and provide Technology Refresh Plans (TRPs) in accordance with the 837

requirements identified in the NGEN Technology Refresh Planning Guidance document. 838

(CDRL A014 – Technology Refresh Plan) 839

i. Integrate the following modernization elements into the TRPs per the Navy 840

Modernization Framework contained in the Guidance document. 841

a) Basic Technology Refresh for End-of-Support (EOS) and End-of-Life 842

(EOL) components. 843

b) NGEN Multi-Protocol Label Switching (MPLS). 844

c) Network Server Farm Consolidation at Government facilities. 845

d) Internet Protocol version (IPv6). 846

ii. Propose alternate technology refresh strategies in the yearly TRP updates that 847

reduce Government total ownership cost. 848

Attachment 1



41

iii. Manage changes to the TRP in accordance with the approved Configuration 849

Management Implementation Plan (CMIP). Cover the period encompassing the 850

current Future Year Defense Program (FYDP). 851

b. Participate in a formal review of TRP with the Government within 30 calendar days after 852

submission of the TRP. Objectives of the review are to: 853

i. Validate specified HW and SW conform to approved or certified solution 854

requirements. 855

ii. Validate alignment with NGEN TRP framework. 856

iii. Obtain Government approval of the TRP. 857

c. Develop Engineering Change Proposals (ECPs) as part of the TRP that articulate impacts 858

of proposed changes to the technical baselines, technical performance measures, and 859

Integrated Architecture. (CDRL A023 – Engineering Change Proposal – Request for 860

Change) 861

i. Update design documentation to reflect the impacted technical baselines. (CDRL 862

A011 – Technical Baseline Documents) 863

ii. Provide installation documentation and Bill of Materials. (CDRL A025 – 864

Installation Technical Documentation and Plans) 865

iii. Provide Certification and Authorization (C&A) DIACAP artifacts. (CDRL A018 866

– DoD Information Assurance Certification and Accreditation Package) 867

iv. Ensure proposed Commercial off the Shelf (COTS) IA and IA-enabled products 868

are compliant with DoD 8500.01E. 869

v. Provide test plans and procedures. (CDRL A024 – Test Plans and CDRL A033 – 870

Test Procedures) 871

vi. Provide service or system operations and maintenance costs. 872

d. Test and install technology refresh components for designated HW and SW in accordance 873

with the approved TRP. 874

i. Conduct and report completion of required interoperability and compatibility 875

testing for the technology refresh HW and SW. (CDRL A026 – Test Reports) 876

ii. Conduct installations per established NGEN Release and Deployment process 877

requirements listed as an attachment in Section J. 878

Attachment 1



42

iii. Provide for the receipt, warehousing, distribution, and installation of technology 879

refresh assets in accordance with the approved Asset Management 880

Implementation Plan (AMIP). (CDRL A021 – Asset Management 881

Implementation Plan) 882

iv. Provide a monthly report of the status of the Contractor’s technology refresh plan. 883


v. Document asset and configuration changes in accordance with the CMIP. 885

f. Dispose of equipment no longer supporting NGEN in accordance with FAR 52.245-1. 886

887


a. Consolidate and provide an integrated TRP. 889

b. Collect and integrate TXS input into all documentation. 890

c. Publish a consolidated technology refresh schedule and deployment plan updates no later 891

than 14 calendar days after receiving Government-approved change requests. 892

893

3.3.1.5 Navy Enterprise Portal (NEP) 894

The ES Contractor shall establish a Navy Enterprise Portal (NEP) to provide Knowledge 895

Management (KM) capabilities such as an end user customizable workspace, content repository, 896

search, document management, workflow, blog, wiki, notifications, discussion threads, and 897

community or team based support for calendars, tasks, and email in accordance with NEP 898

Requirements listed as an attachment in Section J. 899

900

3.3.2 Enterprise Operations Services 901

Enterprise Operations Services include the day-to-day activities required of the ES and TXS 902

Contractors to provide end-to-end monitoring, management, administration, and maintenance for 903

all NGEN services and infrastructure. 904

905

Enterprise Operations Services are shared services. The ES Contractor is designated as the 906

primary service provider, and the TXS Contractor is designated as the supporting service 907

Attachment 1



43

provider. The Contractors shall collaborate with each other and any other service providers to 908

provide common management of the services described below. 909

910

3.3.2.1 Network Operations Center (NOC) Services 911

The Network Operations Center (NOC) Services provide 1) management and oversight of day-912

to-day operations and maintenance of the NGEN network and associated services; 2) support 913

remote management and change control to the network and service environment; and, 3) respond 914

to network service anomalies and incidents. 915

916


a. Monitor and manage assigned infrastructure and services (e.g., capacity, health, 918

performance, and utilization). 919

i. Provide near real-time [as defined in Joint Pub 1-02 Common Operational Picture 920

(COP)] performance as well as health, availability, and capacity data of assigned 921

IT services, systems, and infrastructure. 922

ii. Prioritize events, incidents, and problems for presentation as part of the COP 923

dashboard. 924

b. Provide status of compliance with Information Assurance Vulnerability Management 925

(IAVM) directed actions, USCYBERCOM Communications Tasking Orders (CTOs), 926

and other Government Directed Actions (GDAs) for assigned components and functions. 927

(CDRL A007 - Monthly Status Report) 928

c. Accept, distribute, track, and mitigate all assigned NetOps incidents in accordance with 929

the Navy Process Development Model (NPDM) listed as an attachment in Section J: 930

i. General Service Incidents: Service and infrastructure related incidents (e.g., loss 931

of service, poor performance, and service anomalies). 932

ii. Electronic Spillage: An incident where classified, Personal Identifiable 933

Information (PII), Navy Nuclear Power Information (NNPI), or Community of 934

Interest (COI) information, is introduced on an IT system or network that is not 935

authorized to hold or process such data. 936

Attachment 1



44

iii. Unauthorized Disclosure (UD): Any incident where information, data or files 937

have been made available to a person or persons who do not have authorized 938

access. 939

iv. INFOCON and CYBERCON Incidents: Incidents to increase the measurable 940

readiness and operational capabilities of specific command networks for the 941

Commander USSTRATCOM HQ, regional commanders, service chiefs, as well 942

as base, post, camp, station, and vessel commanders, and agency directors. 943

v. Investigations: Activities associated with complex incidents requiring more in-944

depth data collection for command or law enforcement issues. 945

vi. Security Incidents: 946

a) Perimeter Configuration Incident: Incident that requires the 947

implementation or removal of a specific Computer Network Defense 948

(CND) or Network Operational configuration that either blocks or permits 949

network access. 950

b) Security Event (1): Efforts to address actual or potential CND event, 951

incident, or identified threat. 952

c) Security Event (2): End user level intrusion (rogue systems). 953

vii. Vulnerability Identification and Mitigation: Activities required to decrease, 954

reduce, or eliminate a weakness in an 1) information system; 2) system security 955

procedures; 3) internal controls; or, 4) implementation that could be exploited. 956

d. Provide required performance data to the NGEN Enterprise Performance Management 957

Database (EPMD) and Client Performance Management Database (CPMD). 958

a. Generate an incident ticket when any metric operates outside of thresholds. 959

e. Respond to all security related Government Directed Actions (GDAs) in coordination 960

with the other service providers, with expediency consistent with technical constraints 961

and capabilities: 962

i. Design, track, document, and implement GDAs with input from other NGEN 963

service providers. 964

ii. Submit extension requests for GDA to the GDA issuing authority for 965

consideration prior to a lapse of 50% to the original compliance window. The 966

Attachment 1



45

"compliance window" is the time between GDA issuance and its compliance 967

deadline. 968

969


a. Operate and maintain the electronic dashboard (i.e. COP) that includes an integrated 971

status of the infrastructure and services as well as events and incidents and the associated 972

impacts and mitigation plans. 973

b. Provide the combined near real-time COP to the Navy NetOps control authorities (C2 974

facilities and watch standers on both the Navy classified and unclassified networks) via 975

electronic network management systems. 976

c. Operate and maintain the connection to and integration into the NNWC Enterprise 977

Network Management System (ENMS) ensuring continued compliance with the Navy 978

Enterprise Service Profile (NESP), Network Operations, Network and Systems 979

Management. 980

981

In addition to the above, the TXS Contractor shall: 982

a. Coordinate with the ES contractor to obtain the required access privileges to EPMD for 983

the input and management of TXS information. 984

b. Coordinate with the ES contractor to determine the appropriate actions and response to 985

assigned Government Directed Actions (GDA). 986

987

3.3.2.2 Security Operations Center (SOC) Services 988

The Security Operations Center (SOC) Services manage the security infrastructure and policies 989

within the NGEN environment. SOC services include centralized maintenance, operation, 990

reporting, and upgrading of systems that support and enhance the NGEN Information Assurance 991

(IA) posture (e.g., confidentiality, availability, integrity, and non‐repudiation). 992

993


a. Operate and maintain all assigned IA and Computer Network Defense (CND) systems. 995

Attachment 1



46

b. Provide security event data feeds to the CND databases in accordance with Security 996

Event Management Services requirements contained in this PWS and as described in the 997

NPDM. 998

c. Provide security configuration management in accordance with Security Configuration 999

and Management Services requirements contained in this PWS. 1000

1001

In addition to the above, the ES Contractor shall provide centralized NGEN Enterprise Security 1002

COP. 1003

1004

3.3.2.3 Service Order Management 1005

The purpose of Service Order Management is to plan, submit, review, fund, approve, receive, 1006

deliver, and pre-invoice service requests. 1007

1008

3.3.2.3.1 Ordering Tool Interface 1009


a. Develop and provide an electronic web-based ordering capability. 1011

i. Minimize disruptions and risk during transition. 1012

ii. Develop risk mitigation plans as needed. 1013

iii. Provide an interface that complies with the attached NGEN NET Interface 1014

Control Document listed as an attachment in Section J. 1015

iv. Provide workflow capability from initiation of the order to closeout: 1016

a) Include secure transactions in conformance with DoD Public Key 1017

Infrastructure (PKI). 1018

b) Retain ordering data, to comply with FAR record retention requirements. 1019

c) Adhere to the workflow in the NGEN Program CONOPS. 1020

b. Support bilateral and unilateral orders and modifications including obligation and de-1021

obligation of Government funds. 1022

c. Synchronize service catalog offerings with the Government designated ordering tool. 1023

d. Acknowledge the status of pending service orders. 1024

e. Provide order status to include, e.g.: 1025

Attachment 1



47

i. Order Accepted Notification – Send an electronic order notification within 24 1026

hours of the timestamp from the ordering system. 1027

ii. Order Rejection Notification – Provide electronic order notification within 24 1028

hours of the time stamp in the ordering system and provide the reason with 1029

justification why the service request cannot be fulfilled. 1030

iii. Delivery Scheduled – Send an electronic order status notification. 1031

iv. Delivery Complete – Send an electronic order status notification. 1032

f. Provide Receipt Validation services: 1033

i. Maintain a web-based tool that provides pre-invoice data to the ordering authority 1034

for validation prior to invoicing. 1035

ii. Allow government to validate dates and quantities as presented or change the 1036

dates and quantities to reflect actual delivery. 1037

iii. Reconcile discrepancies between Government and Contractor records. 1038

iv. Provide accurate asset data as defined AMIP. 1039

1040

3.3.2.3.2 Order to Delivery (OTD) 1041

NGEN OTD service requests are received, tracked end-to-end, and acted on in the timeframe 1042

specified by the Government. OTD service requests are tracked in the Order Management 1043

system and closed when the Government signs off on the installation. 1044

1045


a. Monitor queues for the execution of OTD service requests in accordance with the stated 1047

requirement. 1048

b. Submit additions and deletion to the queues as service requests are generated or fulfilled. 1049

c. Update and maintain the applicable OTD processes in conjunction with the Government 1050

and other service providers. 1051

d. Perform all tasks on the work order in the time stated. 1052

1053

3.3.3 Application Hosting Services (AHS) 1054

Attachment 1



48

AHS provide a protected application hosting environment comprised of standardized, common 1055

HW and SW platforms. Application Hosting includes hosting a mix of enterprise, Community of 1056

Interest (COI), and individual command applications and systems. 1057

1058

3.3.3.1 AHS at a Commercial Facility 1059


a. Design, procure, install, operate and maintain AHS consistent with requirements and 1061

tasks contained in the Application Hosting Requirements. 1062

i. Provide a centrally managed hosting environment within Contractor owned and 1063

operated facilities and infrastructure to host enterprise, command-owned, and 1064

Community of Interest (COI) applications and systems. 1065

ii. Migrate applications currently hosted at the incumbent facility as contained in the 1066

Application Hosting Requirements. 1067

iii. Provide the capability for Government application administrators to remotely 1068

access and manage hosted applications, systems, and data. 1069

b. Provide Continuity of Operations (COOP) backup hosting capability at a site remote from 1070

the primary hosting site. 1071

c. Provide for the hosting of new applications at the Contractor's commercial application 1072

hosting facility. 1073

1074

3.3.4 Directory Services 1075

Directory Services provide central authentication and resource locator services that deliver a 1076

distributed computing environment. These services support the management and use of file 1077

services, network resources, security services, messaging, web, e-commerce, white pages, and 1078

object-based services across NGEN. 1079

1080

Directory Services are shared services. The ES Contractor is the primary service provider, and 1081

the TXS Contractor is the supporting service provider. The Contractors shall collaborate with 1082

each other and any other service providers to provide common management of the services 1083

described below: 1084

Attachment 1



49

a. Use Government-provided Alternative Log on Token (ALT) for system administrator 1085

access. 1086

b. Maintain a directory structure within the NGEN forest to support the integration of DoD 1087

networks [e.g., the Consolidated Afloat Networks and Enterprise Services (CANES) and 1088

other ashore services as designated by the Government] by establishing, testing, and 1089

maintaining the required secure network interfaces between the prescribed end points. 1090

1091


a. Maintain top-level Active Directory (AD) administrator accounts. 1093

b. Provide support for the TXS Contractor functions by enabling: 1) distributed access to 1094

network management tools; 2) network-enabled devices for configuration change; 3) 1095

testing; and, 4) maintenance-related activities. 1096

c. Comply with the current naming conventions. 1097

d. Operate and maintain Directory Services, e.g.: 1098

i. Group Policy management. 1099

ii. Monitoring of replication speed. 1100

iii. Maintenance of the .dit file. 1101

iv. Perform schema extensions. 1102

v. Cleanup of orphaned objects and inactive end user and computer objects as 1103

directed by the Government. 1104

vi. End user provisioning. 1105

vii. Apply security updates as directed by the Government. 1106

e. Provide ability to browse the Global Address List (GAL) via Outlook and Outlook Web 1107

Access. 1108

f. Support existing AD interfaces and integration capabilities between the NGEN DON 1109

Directory structure and the Defense Enrollment and Eligibility Reporting System 1110

(DEERS). 1111

g. Provide capability for local, mobile, and remote end users, devices, and applications to 1112

access directory services where NGEN connectivity is available. 1113

Attachment 1



50

h. Monitor the health of AD components such as Active Directory Application Mode 1114

(ADAM) Suites, and AD trusts within the NGEN enclave via B1, Demilitarized Zone 1115

(DMZ), and B2 connections. 1116

i. Maintain synchronization of all existing GAL Interop contacts on the classified network 1117

with internal DON partners [e.g., ONE-NET, Bureau of Medicine (BUMED), and IT-21 1118

ship and shore] and the Defense Intelligence Agency (DIA), as directed by the 1119

Government. 1120

j. Maintain synchronization of all currently defined attributes contained in AD on the 1121

classified network with internal DON partners (ONE-NET, BUMED, and IT 21 ship and 1122

shore) and the DIA every 24 hours or less. 1123

k. Establish and maintain synchronization of the directory with external directories in other 1124

designated trusted networks (e.g., Naval, DoD, and Federal). 1125

l. Synchronize the following attributes: 1126

i. Surname. 1127

ii. Given-Name. 1128

iii. Initials. 1129

iv. Generation-Qualifier. 1130

v. Personal-Title. 1131

vi. Company. 1132

vii. Department. 1133

viii. Electronic Data Interchange - Personal Identifier (EDI-PI). 1134

ix. Email-Addresses. 1135

x. Title. 1136

xi. Country-Of-Citizenship. 1137

xii. Employee-Type. 1138

xiii. Display-Name. 1139

xiv. Obj-Dist-Name. 1140

xv. Locality-Name. 1141

xvi. End User Certificate. 1142

m. Synchronize Directory to JEDS. 1143

Attachment 1



51

n. Provide directory responsiveness report in accordance with Government defined 1144

parameters. 1145

o. Establish a directory structure within the NGEN forest to integrate DoD network 1146

directories. 1147

1148

In addition to the above, The TXS Contractor shall: 1149

a. Maintain directory synchronization with the Joint Enterprise Directory Service (JEDS) 1150

through the appropriate transport boundaries by establishing, testing, and maintaining the 1151

required secure network interfaces between the prescribed end points. 1152

b. Operate and manage AD-enabled TXS infrastructure components via supplied, role-1153

based, and delegated AD administrative accounts and group memberships provisioned by 1154

ES Provider. TXS-specific administrative accounts will be provisioned with the 1155

appropriate level of permissions and privileges within dedicated TXS organizational units 1156

(OUs) to effectively manage all TXS components provisioned within the TXS OU 1157

hierarchy. 1158

c. Utilize delegated administrator accounts to support TXS functions by enabling distributed 1159

access to network management tools and network-enabled devices for configuration 1160

change, testing, and implementation of new capabilities per GDA. 1161

d. Provide secure network TXS capability for local, mobile, and remote end users, devices, 1162

and applications to reliably utilize and authenticate against Directory Services. 1163

e. Operate and maintain the underlying TXS elements supporting the delivery of Directory 1164

Services within the NGEN enclave, B1, B2, B3, DMZ, COI, and Transport Boundary. 1165

1166

3.3.5 Cross Domain Security (CDS) Services 1167

Cross Domain Security (CDS) Services provide the required degree of cross domain access (two 1168

different security domains) to enable the exchange of information across national, security, and 1169

management domain boundaries in compliance with Chairman of the Joint Chiefs of Staff 1170

Instruction (CJCSI) 6211.02C. All IA policies and regulations as listed in Section 2. 1171

1172


Attachment 1



52

a. Recommend new solutions and designs to the Government to include multi-level thin 1174

clients. 1175

b. Integrate, implement, operate, and maintain a solution(s) for sharing information across 1176

security domains that enables the following cross domain functional capabilities 1177

synchronized to rights management, Domain Name System Security (DNSSEC) 1178

Extensions, and SIPRNet DoD-approved smart card authentication: 1179

i. Deliver (i.e., push or export) data to specified recipients. 1180

ii. Import (i.e., pull) data from repositories in other domains. 1181

iii. Exchange email with attachments. 1182

iv. Enforce reliable human review when required (high-to-low only). 1183

v. Enforce content release policy (high-to-low only). 1184

c. Implement, operate, and maintain content and allowable action restrictions [utilizing 1185

directory, Group Policy Object (GPO), rights management, SIPRNet DoD smart card 1186

authentication, and DNSSEC capabilities native to core build systems and end points, in 1187

addition to the standard mechanisms of the network] based on the trust agreement for 1188

each type of data exchange. 1189

d. Implement, operate, and maintain data protection and data tracking capabilities when 1190

NGEN upgrades SIPRNet and NIPRNet domain controllers, SIPRNet and NIPRNet 1191

enterprise services, SIPRNet authentication to DoD approved smart card systems and 1192

methods, and core operating systems on servers and end user end points. 1193

e. Enable metadata tagging of network resources with the data necessary for determination 1194

and enforcement of policy compliance in the rights management infrastructure. 1195

f. Enforce cross domain trust agreement and policy changes in timeframes agreed upon by 1196

the Contractor and the Government. 1197

1198

3.3.6 Security Configuration and Management Services 1199

Security Configuration and Management Services provides an enterprise wide security 1200

compliance capability that scans and remediates NGEN servers, services, and all end points for 1201

out-of compliance conditions such as changed settings, outdated patches, and illicit software. 1202

All IA policies and regulations as listed in Section 2. 1203

Attachment 1



53

1204

Security Configuration and Management Services are shared services. The ES Contractor is 1205

designated as the primary service provider, and the TXS Contractor is designated as the 1206

supporting service provider; except for Network Cryptography Services where TXS Contractor 1207

is the primary service provider. The Contractors shall collaborate with each other and any other 1208

service providers to provide common management of the services described below. 1209

1210


a. Integrate and correlate data across the NGEN systems, servers, services, and end points to 1212

measure, monitor, remediate, and remove threats to the environment. 1213

b. Implement, operate, and maintain IA capabilities and components including: 1214

i. Network Access Control (NAC). 1215

ii. Anti-Malware appliances, hardware, and software. 1216

iii. Host Based Security System (HBSS) and supporting infrastructure. 1217

iv. Anti-spam. 1218

v. Mail filtering. 1219

c. Correlate data and manage information from all IA sensors and devices (e.g., profiling of 1220

end-to-end threat vectors). 1221

d. Recommend design, plan, and implementation actions as required by each of the Cyber 1222

Readiness Conditions and execute Government approved actions. 1223

e. Validate and maintain the current network and system configuration baseline of all ES IA 1224

items and required security attributes within the Configuration Management Data Base 1225

(CMDB) in accordance with the approved CM Implementation Plan. 1226

f. Ensure in scope HW and SW support the Computer Network Defense (CND) functions in 1227

accordance with existing DoD and DON directives, (e.g., Communications Tasking 1228

Orders). 1229

g. Provide the Government with administrative services to support measuring, analyzing, 1230

documenting, distributing, and mitigating Security Configuration Management (SCM) 1231

across the NGEN environment. 1232

Attachment 1



54

h. Report the status of implementation and remediation of NGEN SCM as well as the 1233

Government resolution of NGEN SCM conflicts. (CDRL A007 - Monthly Status Report) 1234

i. Manage SCM of assigned IA devices including: 1235

a) Central administration of overall NGEN SCM status. 1236

b) Execution of bi-monthly SCM scanning. 1237

c) SCM data collection and analysis. 1238

d) Mitigation of assigned SCM configurations. 1239

ii. Execute overall tactical administration of end-to-end data correlation, multi-1240

vector threat analysis, as well as enterprise integration and coordination of IA 1241

functions and capabilities. 1242

i. Analyze information systems and networks to identify potential security weaknesses and 1243

exposures to known threats. 1244

i. Provide performance measurements, logs, and information feeds from the security 1245

monitoring systems [e.g., Host Based Security System (HBSS) and Intrusion 1246

Prevention System (IPS)]. 1247

ii. Provide access to historical data for 90 days through standard protocols [e.g., 1248

Extensible Markup Language (XML) Simple Object Access Protocol (SOAP), 1249

and provide summary management reports]. (CDRL A027 – Summary 1250

Management Report) 1251

iii. Integrate, operate, and maintain DoD provided standard vulnerability scanning 1252

tools. Incorporate revisions and updates within 120 calendar days of DoD release. 1253

iv. Provide Routine Vulnerability Scans Analysis Report. (CDRL A028 – Technical 1254

Report) 1255

v. Provide an updated POA&M every 90-calendar days with the status of any 1256

outstanding vulnerability. 1257

j. Operate and maintain the current SCM tools and databases. 1258

i. Report the availability, capacity, and performance of the security infrastructure 1259

and services for which ES is responsible. (CDRL A007 – Monthly Status Report) 1260

Attachment 1



55

ii. Provide access and resources (e.g., personnel, equipment, and tools) to authorized 1261

third party evaluators performing vulnerability evaluations [e.g., Independent 1262

Verification and Validation (IV&V)]. 1263

iii. Update SCM tools and database signature files every two weeks or as necessary. 1264

In the event of GDA, start implementation to update signature files within 24 1265

hours. 1266

1267

The TXS Contractor shall: 1268

a. Maintain SCM of TXS IA devices (e.g., IPS and firewall) in collaboration with the ES 1269

Contractor. 1270

b. Analyze TXS systems and networks to identify potential security weaknesses and 1271


c. Implement IA vulnerability alerts, bulletins, and technical advisories for TXS 1273

components per Government direction. 1274

i. Report status of implementation progress. (CDRL A007 – Monthly Status Report) 1275

ii. Recommend design, plan, and implementation actions for TXS security 1276

components as required by each of the Cyber Readiness Conditions and execute 1277

Government approved actions. 1278

1279

3.3.6.1 Security Operations Center (SOC) Services 1280

Security Operations Center (SOC) is a centralized unit in an organization that deals with 1281

organizational and technical security issues. The SOC provides security situational awareness of 1282

the myriad of networks, systems, and applications and defends that grid from potential cyber 1283

threats. SOC services include functions such as planning, management, testing, implementation, 1284

maintenance, operation, reporting, and upgrading. All IA policies and regulations are listed in 1285

Section 2. 1286

1287


a. Maintain the IA Common Operational Picture (COP) on NGEN system status consoles. 1289

Attachment 1



56

b. Investigate suspicious activities and classify incidents in accordance with CJCSI 6510 1290

series and NGEN Incident Management process described in the NPDM. 1291

c. Report suspicious activities via the incident ticket tracking system, in accordance with the 1292

NGEN Incident Management process described in the NPDM. 1293

d. Generate, archive, and provide Government access to activity and event component logs 1294

as directed by the Computer Network Defense Security Provider (CNDSP): 1295

i. Provide an automated logging aggregation system that compresses, correlates, and 1296

provides for an analysis of logged data from Government identified sources (e.g., 1297

host audits, networks, and HBSS). 1298

ii. Monitor and analyze logs to identify unauthorized or illegal activity. 1299

iii. Provide access to the CNDSP to enable and support data mining for the 1300

correlation of security events. 1301

iv. Collect, archive, and provide access to all NGEN transactional information 1302

captured during the auditing process. 1303

v. Retain security audit data in accordance with DoDI 8500.2 Controls. 1304

e. Support and comply with Government directed CND Response Actions (RAs): 1305

i. Evaluate the impact of Government directed configuration changes. 1306

ii. Provide a written assessment of adverse impacts to end user services and potential 1307

Course of Actions (COAs). (CDRL A028 – Technical Report) 1308

f. Comply with formal security classification and Operational Security (OPSEC) guidance 1309

related to generation, transmission, storage, and destruction of CND related incidents, 1310

countermeasures, and vulnerabilities. 1311

g. Provide a single point of contact, by name, to receive, report, and manage all Information 1312

Assurance Vulnerability Management (IAVM) alerts: 1313

i. Implement a process for emergency IAVM alerts to accommodate accelerated 1314

timelines. 1315

ii. Report status through the designated Government reporting mechanisms [i.e. 1316

Online Compliancy Reporting System (OCRS) and Vulnerability Management 1317

System (VMS)]: 1318

Attachment 1



57

a) Provide Incident and Event reporting. (CDRL A029 – Service Operations 1319

Reports) 1320

b) Report on IAVM compliance. (CDRL A007 – Monthly Status Report) 1321

c) Provide incident logs. (CDRL A007 – Monthly Status Report) 1322


a. Utilize the following audit and monitoring technologies for IA and CND to CNDSP(s) as 1324

directed by the Government for TXS security components. 1325

i. Security Event Correlation Tools to enable the Government to determine 1326

compliance of system activities in accordance with security policies. 1327

ii. Computer Forensic Tools to identify, extract, preserve, and document computer-1328

based evidence. 1329

iii. Capture of all transactional information during the auditing process and retain 1330

security audit data. 1331

b. Comply with the CND and SOC services policies and guidance. 1332

1333

3.3.6.2 Data at Rest (DAR) Services 1334

Data at Rest (DAR) Services is a protection system comprised of the HW and SW used to encrypt 1335

stored data. All IA policies and regulations are listed in Section 2. 1336

1337


a. Provide DAR services on all NGEN NIPRNet end user end points using DoD-approved 1339

solutions. 1340

i. Encrypt all end user partitions using full disk encryption, content protection, or an 1341

equivalent DoD-approved encryption system. 1342

ii. Authenticate end users with their DoD-approved smart card prior to loading the 1343

disk encryption key and booting the operating system. 1344

b. Encrypt all data written to removable storage media. 1345

c. Provide Government access to DAR encryption keys (e.g., a workstation encryption key), 1346

DAR administrator credentials, and DAR management servers and databases. 1347

Attachment 1



58

d. Provide forensic-level data recovery services when end user hard disks or the DAR full 1348

disk encryption solution fails and those end points are without an automated client data 1349

backup and restore services. 1350

1351

3.3.6.3 Network Cryptography Services 1352

Network Cryptography Services is the use of encryption technology to cryptographically 1353

separate information at different levels of classification that permits that information to be 1354

communicated via a common infrastructure and even “tunneled” across a non-secure public 1355

Internet. This service does not include multi-level security. All IA policies and regulations are 1356

listed in Section 2. 1357

1358

The ES Contractor shall provide and maintain Government approved enterprise client SW. 1359

1360


a. Operate and maintain Virtual Private Network (VPN) connections between all points of 1362

presence for the unclassified network. 1363

b. Operate and maintain Government provided Type 1 encryption when supporting 1364

classified and coalition networks. 1365

i. Encrypt all classified traffic on a base, post, or station with Type 1 Encryption 1366

when PDS is not available. 1367

ii. Encrypt all classified traffic (voice, video, and data) across the Wide Area 1368

Network (WAN) with Type 1 Encryption. 1369

c. Manage and safeguard Government provided encryption products and keying materials in 1370

accordance with the Navy’s Electronic Key Management System (EKMS) Policy and 1371

Procedures Manual, EKMS 1(Series). No other policies or procedures are authorized. 1372

d. Implement bulk encryption for Government-directed transmission channels in accordance 1373

with CJCSI 6510.01F. 1374

e. Implement bulk encryption within the United States Pacific Command’s (USPACOM’s) 1375

Area of Responsibility (AOR) for all transmission channels in accordance with the 1376

current USPACOM’s policy and guidance for protection of transmission channels. 1377

Attachment 1



59

Unless otherwise directed by the Government, other non-contiguous sites shall also be 1378

covered by USPACOM policy and guidance for protection of transmission channels. 1379

f. Provide and maintain government approved boundary VPN HW and SW including (e.g.): 1380

i. Cryptographic modules. 1381

ii. Key generation. 1382

iii. Key distribution-DoD medium assurance PKI for public key distribution using 1383

class 4, X.509 version 3 certificates, with HW tokens for protection of private 1384

keys. This requirement applies to system administrators, security administrators, 1385

and remote end users. 1386

iv. PKI tokens to DoD PKI roadmap and FIPS 171 key management using American 1387

National Standard Institute (ANSI) X9.17. 1388

v. Internal device Key destruction. 1389

vi. Data encryption-Either 128-bit Advanced Encryption Standard (AES) (FIPS pub 1390

197), 3- DES (FIPS pub 46-3), Elliptical Curve Digital signature Algorithm 1391

(ECDSA), or current DoD cryptographic standard. 1392

vii. Protocol-Internet Engineering Task Force IPSec RFC 4301 and 4303, 1393

Encapsulated Security Protocol (ESP) tunnel mode only. The Authentication 1394

Header (AH) will not be implemented. 1395

a) Signature functions- Rivest, Shamir, & Adleman (RSA) (public key 1396

encryption technology) per Public Key Crypto Standard (PKCS-1) with 1397

cryptographic key size modules of at least 1024 bits/group 2, e=65537 1398

meeting ANSI standards or DSS FIPS 186-3. 1399

viii. Key exchange functions Diffie-Helman algorithm and cryptographic key size of 1400

1024 bits/IPSec group 2, or 1536/IPSec Group 5 meeting IETF RFCs 4869, 4301, 1401

4303, and 4306, for IPSec Internet Key Exchange, tunnel mode, main mode, and 1402

public key signatures. 1403

1404

3.3.7 Boundary, Demilitarized Zone (DMZ), and Communities of Interest (COI) Services 1405

Attachment 1



60

Boundary, Demilitarized Zone (DMZ), and Communities of Interest (COI) Services provide 1406

protection to NGEN, including the management and operation of the boundaries. All IA policies 1407

and regulations are listed in Section 2. 1408

1409

Defense-in-Depth includes defense mechanisms at each of the 5 boundaries: 1410

a. Transport Boundary: Internal facing intranet transport. 1411

b. Boundary 1 (B1): Trusted to Un-trusted WAN. 1412

c. Boundary 2 (B2): Trusted to Trusted Network (e.g., ONE-NET and IT-21). 1413

d. Boundary 3 (B3): Communities of Interest (COI). 1414

e. Boundary 4 (B4): Application and host level. 1415

1416

Boundary, Demilitarized Zone (DMZ), and Communities of Interest (COI) Services are shared 1417

services. The TXS Contractor is designated as the primary service provider, and the ES 1418

Contractor is designated as the supporting service provider. The Contractors shall collaborate 1419

with each other and any other service providers to provide common management of the services 1420

described below. 1421

1422


a. Update and maintain the end-to-end security architecture design for boundaries, DMZs, 1424

and COIs in coordination with the TXS Contractor. 1425

b. Operate and maintain ES assigned boundary, DMZ, and COI components. 1426

1427


a. Operate and maintain the NGEN security boundaries: 1429

i. B1 security boundaries between NGEN and the NIPRNet or SIPRNet. 1430

ii. B2 boundaries between NGEN and other networks. 1431

iii. B3 boundaries between NGEN and specified NGEN COIs. 1432

iv. Unclassified and classified transport boundaries that connect all NGEN sites. 1433

v. Deployable Site Transport Boundaries (DSTBs). 1434

Attachment 1



61

b. Provide the transport components to support the implementation, operations, and 1435

maintenance of training classrooms at existing Naval Education and Training Command 1436

classroom locations. Maintain a COI network solution that supports access to NGEN 1437

training resources from other networks and NGEN electronic classroom seats. 1438

c. Provide its portion of the end-to-end architecture design documentation to the ES 1439

Contractor for incorporation into to the architecture documents submitted to the 1440

Government. 1441

1442

3.3.7.1 External Network Interface Services 1443

External Network Interface Services provide a network interface between the NGEN enclave and 1444

the Defense Information Systems Network (DISN) NIPRNet and SIPRNet, DoD DMZ, ONE-1445

NET, IT-21, Consolidated Afloat Network and Enterprise Services (CANES), commercial 1446

internet service providers, Defense Switched Network (DSN), and other networks. 1447

1448

The ES Contractor shall provide up-to-date situational awareness of external interface services, 1449

devices, and resources associated with service and network deep packet inspection including: 1450

a. Behavior-based intrusion detection. 1451

b. Malware inspection. 1452

c. Uniform Resource Locator (URL) filtering. 1453

d. Hypertext Transfer Protocol (HTTP) filtering. 1454

e. Hypertext Transfer Protocol Secure (HTTPS) inspection. 1455

1456


a. Provide Tier 2 and 3 Service Desk end user support for network services including 1458

network recovery. 1459

b. Provide B1 solutions to support Layer 2 and Layer 3 VPN, with the capability to 1460

remotely manage, monitor, and administer network interfaces from the Navy NOCs. 1461

c. Maintain classified and unclassified B1 configurations to comply with Navy Ports, 1462

Protocols, and Services (NPPS) Category Assurance for network access, DISA Enclave 1463

Attachment 1



62

Single Technical Implementation Guide (STIG), IA Vulnerability Management (IAVM) 1464

notices, and the DoD Ports, Protocols, and Services Category Assurance List. 1465

i. Operate and maintain B1 Citrix terminal services interfaces that support secure 1466

Layer 2 and Layer 3 traffic and protocol, and allow Citrix traffic from Science 1467

and Technology (S&T) seats to the server farms. 1468

d. Operate and maintain logical or physical interfaces to the DSN for basic voice transport 1469

from premise switches that are either part of a campus or Base Area Networks (BANs). 1470

e. Operate and maintain B1 network interfaces to local telephone line Incumbent Local 1471

Exchanges Carriers (ILECs), Competitive Local Exchange Carriers (CLECs), and Inter-1472

Exchange Carriers (IECs) via T1 interfaces that support an Integrated Services Digital 1473

Network - Primary Rate Interface (ISDN-PRI). 1474

f. Install, operate, and maintain Generic Transport Service Extension (GTSE) services. 1475

i. Implement GTSE to support unfiltered connectivity to NIPRNet from the NOC 1476

premise router. 1477

ii. Configure network devices to allow proper routing of GTSE traffic. 1478

1479

3.3.7.2 Maritime Operations Center (MOC) and Command and Control (C2) Services 1480

MOCs support the Navy’s Command and Control (C2) mission through interoperable Command, 1481

Control, and Communications (C3) systems. The MOC provides a flexible, robust command 1482

center capability that directs maritime operations and collaborates with joint, interagency, and 1483

multinational partners. There are a total of five MOCs in the Continental United States 1484

(CONUS) and Hawaii that together form a network to support the Navy’s C2 of forces at the 1485

operational level. There is also a separate C2 center in Hawaii that supports the USPACOM HQ 1486

21. 1487

1488

The Contractors shall provide local onsite component support at each MOC location and at 1489

USPACOM HQ 21. 1490

1491

3.3.7.3 Demilitarized Zone (DMZ) Services 1492

Attachment 1



63

A Demilitarized Zone DMZ is a logical and physical framework that allows protected access to 1493

resources from both internal and external networks. An e-DMZ Extension, for the purpose of 1494

this document, is a combination of hardware and software that creates a logical addition from a 1495

different physical facility to 1) the DMZ resources; or, 2) a single zone in the e-DMZ. 1496

1497

The ES Contractor shall operate and maintain public facing servers. 1498

1499

The TXS Contractors shall: 1500

a. Operate and maintain interfaces to the external firewall that permit allowable data 1501

communications between the DMZ and the external network. 1502

b. Operate and maintain interfaces to an internal firewall to allow communication between 1503

the public and private zones. 1504

c. Operate and maintain the remote management for DMZ infrastructure devices. 1505

d. Operate and maintain the NGEN DoD DMZ Extension infrastructure components to 1506

support standard and mission critical levels of availability and performance at the three 1507

NOCs, all e-DMZ extensions, and all e-DMZ Zone extensions. 1508

e. Configure static and routable IP addresses in public zones. 1509

f. Enable VPN connections to extend public zones to DMZ Extensions. 1510

g. Configure and maintain approved NGEN end user access into the DMZ. 1511

h. Enable VPN connections to extend private zones to DMZ Extensions. 1512

i. Operate and maintain NGEN DMZ Intrusion Prevention Systems. 1513

j. Maintain redundant switches and dual Network Interface Cards (NICs) to provide 1514

alternate paths within the DMZ. 1515

k. Maintain a Network Access Translation (NAT) capability to support the IP space 1516

required for DMZs and B3 COIs. 1517

l. Encrypt traffic via Internet Protocol Security (IPsec) tunnels established between the 1518

DMZ firewalls and firewalls used at the perimeter of the extension security zones to 1519

maintain appropriate security posture. 1520

m. Coordinate with ES contractor to design, implement, and maintain the TXS components 1521

of the end-to-end security architecture. 1522

Attachment 1



64

n. Operate and maintain asymmetric application acceleration to load balance servers in the 1523

public facing zones. 1524

1525

3.3.7.4 Deployable Site Transport Boundary (DSTB) Services 1526

Deployable Site Transport Boundary (DSTB) services consist of NGEN components that 1527

augment existing services to provide a mobile virtual NGEN environment. A single DSTB 1528

contains hardware and software for switches, routers, VPN and WAN equipment, and associated 1529

spares. 1530

1531

The ES Contractor shall apply software and security patches for all assigned components or 1532

elements at least once a month during deployment. 1533

1534


a. Configure components for new DSTBs. 1536

b. Maintain and operate DSTB components. 1537

c. Perform preventative and corrective maintenance on elements of DSTBs prior to 1538

deployment. 1539

d. Maintain non-deployed components for DSTBs. 1540

e. Apply software and security patches for all assigned components or elements at least 1541

once a month during deployment. 1542

f. Deliver TXS equipment and pack-up kits in coordination with the Government to end 1543

users and commands for the support of deployed units at non-NGEN sites or for use 1544

across network management domains. 1545

1546

3.3.8 Malware Detection and Protection Services 1547

Malware Detection and Protection (MDP) Services provide end-to-end network-based and host-1548

based (server and client) anti-malware capabilities. MDP services use a range of DoD approved 1549

software and hardware appliances throughout NGEN to enhance its security architecture. 1550

Centralized management and reporting are included as part of MDP services. All IA policies 1551

and regulations are listed in Section 2. 1552

Attachment 1



65

1553

Malware Detection and Protection (MDP) are shared services. The ES Contractor is designated 1554

as the primary service provider, and the TXS Contractor is designated as the supporting service 1555



a. Operate and maintain DON approved anti-malware detection and prevention solutions on 1558

all assigned equipment. 1559

i. Take corrective action as directed by the Government to malware alerts. 1560

ii. Scan installed storage devices at least every 30 days or upon GDA. 1561

a) Scan files and data dynamically as they are accessed. 1562

1563


a. Monitor and conduct incident response to alerts generated by the anti-malware software. 1565

i. Provide the Government with automatic malware alert feeds in a method and 1566

format compatible with the Government Computer Network Defense (CND) 1567

systems. No other malware reports should be generated without the authority of 1568

the Navy CNDSP(s). 1569

ii. Conduct a one-time full system scan within 45 days of completing transition as 1570

described in the Transition Services section of the PWS. 1571

iii. Conduct a full system scan of specific workstations and servers upon GDA. 1572

iv. Actively investigate newly discovered or emerging anti-malware that affects 1573

system devices. 1574

v. Monitor anti-malware organization advisories and websites. 1575

vi. Operate and maintain boundary anti-malware capabilities to protect servers, 1576

services, and end points by integrating and correlating the following: 1577

a) URL filtering. 1578

b) Anti-malware inspection. 1579

c) Intrusion prevention. 1580

d) Application and network-layer firewall. 1581

e) HTTP and HTTPS inspection. 1582

Attachment 1



66

1583

3.3.9 Security Event Management (SEM) Services 1584

SEM Services provide the ability to monitor and correlate security events that are generated 1585

from identified networked devices and sensors such as firewalls, IPSs, and anti-malware within 1586

NGEN using Government approved filtering strategies and designs. All IA policies and 1587

regulations are listed in Section 2. 1588

1589

SEM Services are shared services. The ES Contractor is designated as the primary service 1590

provider, and the TXS Contractor is designated as the supporting service provider. The 1591


management of the services described below. 1593

1594

The ES Contractor shall provide SEM data correlation and analysis reporting for all NGEN IA 1595

sensors and capabilities including (e.g., IPSs, anti-malware, scanners, and HBSS). (CDRL A028 1596

– Technical Report) 1597

1598

The TXS Contractor shall provide near real-time data feeds from designated TXS systems to the 1599

SEM system. 1600

1601

3.3.9.1 Intrusion Management Services 1602

Intrusion management refers to the process of utilizing an intrusion detection and prevention 1603

product that will collect security intrusions events from NGEN to comply with DON directives, 1604

analyze network traffic, and provide personnel with a centralized security event view. 1605

1606


a. Implement updated signatures on the NGEN Sensor Grid as soon as possible and no later 1608

than 24 hours after approval. 1609

b. Provide IAVM and analysis services: 1610

i. Conduct routine vulnerability scans twice a month using DoD standards, 1611

commercially equivalent tools, or other tools as directed by the Government. 1612

Attachment 1



67

a. Utilize the latest Government approved and provided configuration and 1613

definition files. 1614

b. Analyze and provide results of the vulnerability scan. (CDRL A028 – 1615

Technical Report) 1616

c. Remediate software vulnerabilities and system misconfigurations 1617

identified in routine scans, unless otherwise approved by the Government. 1618

i. Provide a Plan of Actions and Milestones (POA&M) if the 1619

remediation actions cannot be accomplished by the assigned 1620

completion date. 1621

d. Remediate vulnerabilities and misconfigurations identified by approved 1622

external network assessments. 1623

i. Provide a POA&M if the corrective actions cannot be 1624

accomplished by the assigned completion date. 1625

ii. Implement Government directed signatures within 24 hours in rapid deployment 1626

scenarios (e.g., zero day vulnerabilities). 1627

c. Conduct host based intrusion detection monitoring and prevention on all devices that 1628

support HBSS: 1629

i. Provide administrator access on the HBSS management servers to the designated 1630

Government POCs. 1631

ii. Implement only Government approved policies, configurations, and signatures on 1632

the host based sensors and management servers. 1633

iii. Provide data feeds from all HBSS intrusion detection and prevention modules for 1634

incorporation into the HBSS Enterprise Security Incident Management System. 1635

iv. Maintain Government-provided components of HBSS at the most current 1636

baseline, in accordance with USCYBERCOM and DON policy. 1637

v. Implement additional HBSS modules as approved by the Government. 1638

vi. Provide an operational status report of the HBSS managers and related SW 1639

repository servers to the Government. (CDRL A007 – Monthly Status Report) 1640

1641


Attachment 1



68

a. Configure, operate, and maintain the TXS elements of the NGEN Sensor Grid within the 1643

security infrastructure to provide intrusion signature data from multiple sources [e.g., 1644

firewalls, Intrusion Prevention Systems (IPSs), and Intrusion Detection Systems (IDSs)]. 1645

b. Operate and maintain TXS components of the CND systems (e.g., firewalls, IPS, and 1646

IDS): 1647

i. Update sensor software in accordance with the NGEN Change Management 1648

process described in the NPDM. 1649

ii. Provide access to the Government for the review of sensor or appliance log data 1650

as required. 1651

1652

3.3.9.2 Security Incident Handling Services 1653

CJCSI 6510.01 defines reportable incidents and outlines a standard operating procedure for 1654

incident response and management. 1655

1656


a. Provide incident response isolation for a specified network or system device upon 1658

Government provided direction to each Contractor’s designated POCs. 1659

i. Within 30 minutes for servers. 1660

ii. Within 15 minutes for end points. 1661

b. Provide evidence collection: 1662

i. Capture electronically volatile incident data within 1 hour of Government 1663

direction. 1664

ii. Provide magnetic and optical media related to a network incident utilizing the 1665

Government chain of custody procedures. 1666

iii. Support the restoration of network and system devices to the approved baseline. 1667

1668


a. Develop, operate, and maintain a Computer Network Defense (CND) Incident and Event 1670

Reporting System that provides automated ticket forwarding to the reporting CNDSP 1671

either by direct interface or Extensible Markup Language (XML) output. 1672

Attachment 1



69

i. Implement and maintain data feeds that meet all CNDSP reporting requirements 1673

and other supporting directives promulgated by the CNDSP. 1674

ii. Provide Contractor-acquired information to the CNDSP; additional disclosures 1675

cannot be made without Government approval. 1676

1677

3.3.9.3 Audit and Accountability Services 1678

Audit and Accountability Services provide for the collection and analysis of security data records 1679

to privileged access areas (e.g., end user permissions and system access history). 1680

1681


a. Develop and maintain a log audit system in accordance with DoD and DON policy and 1683

guidance. 1684

b. Monitor and analyze logs to identify unauthorized, illicit, or otherwise unwanted activity 1685

as directed by the Government. 1686

c. Capture transactional information during the auditing process as directed by the 1687

Government. 1688

1689

The TXS Contractor shall provide data feed of audit log data to the ES Contractor to develop an 1690

NGEN audit log system in accordance with DoD and DON policy. 1691

1692

3.3.10 Security and IT Certification and Accreditation (C&A) Services 1693

NGEN Security and IT Certification and Accreditation (C&A) Services execute the DoD 1694

Information Assurance Certification and Accreditation Process (DIACAP), in accordance with 1695

the DON DIACAP Handbook and the NGEN Enterprise Accreditation Strategy to provided as 1696

an attachment in Section J. The program maintains accreditation boundaries and solutions for 1697

twenty-seven components. All IA policies and regulations are listed in Section 2. 1698

1699

Security and IT Certification and Accreditation (C&A) Services are shared services. The ES 1700

Contractor is designated as the primary service provider, and the TXS Contractor is designated 1701

Attachment 1



70

as the supporting service provider. The Contractors shall collaborate with each other and any 1702

other service providers to provide common management of the services described below: 1703

a. Submit proposed updates to the accreditation boundary ATO approval cycle for 1704

stakeholder review. All sections of the Enterprise DIACAP Plan (EDP) must be 1705

reviewed and updated prior to the expiration of the Authority to Operate (ATO). (CDRL 1706

A018 - DoD Information Assurance Certification and Accreditation Package) 1707

1708


a. Prepare certification packages in accordance with DoD and DON security policies and 1710

requirements, as well as the NGEN Enterprise Accreditation Strategy. 1711

b. Conduct C&A testing in accordance with the NGEN Enterprise Accreditation Strategy, 1712

the DIACAP Implementation Plan (DIP), and other Government provided test plans. 1713

c. Participate in NGEN Technical Interchange Meetings, Conferences, and Workshops as 1714

directed by the Government POC e.g.: 1715

i. Certification Solution Review (CSR) for Architecture and Engineering (A&E) 1716

solutions. 1717

ii. Enterprise Configuration Control Board (ECCB). 1718

iii. Enterprise Residual Risk Panel (ERRP). 1719

iv. Security and Technical Accreditation Boundary Action Group and subgroups. 1720

v. Operational Designated Accrediting Authority (ODAA). 1721

vi. Designated Accrediting Authority (DAA). 1722

d. Implement accreditation boundary change requests following the established processes as 1723

outlined in the Navy Ports, Protocols, and Services (NPPS) Manual. 1724

e. Verify automated systems comply with security requirements and are accredited by the 1725

Operational Designated Accrediting Authority (ODAA) and the Designated Accrediting 1726

Authority (DAA) Command, Control, Communications, and Computers (C4) prior to 1727

operating in the production environment. 1728

f. Support the Government in the role of Validator and Certification Agent by conducting 1729

site visits, Information Assurance Manager (IAM) interviews, as well as Security Test 1730

Attachment 1



71

and Evaluations using Government provided test plans, building walkthroughs, and 1731

physical security inspections for room certifications. 1732

g. Submit C&A documentation to the Government in accordance with the DON DIACAP 1733

Handbook no later than seventy (70) days prior to packet submission impact date. 1734

(CDRL A018 - DoD Information Assurance Certification and Accreditation Package) 1735

i. Run tests no earlier than four (4) months prior to package submission. 1736

ii. Upload results to the IA Tracking Status (IATS) or available C&A tool. 1737

h. Perform Security Test and Evaluation (ST&E) in accordance with Government provided 1738

test plans. 1739

i. Support Independent Test and Audit Teams evaluations on systems or networks to verify 1740

and determine the extent a particular design and implementation meets a set of specified 1741

security requirements. Provide the Teams with the use of assigned servers to run remote 1742

scans and support of on-site POCs. Collaborate with the Government to collect and 1743

analyze test data and remediate findings. 1744

j. Participate in a weekly Production Conference Call to provide the status of all C&A 1745

packages in process and the resolution of issues impacting those packages. 1746

k. Evaluate proposed new products and protocols for impacts to C&A. 1747

l. Provide the Government architecture documentation, risk assessments, and risk 1748

mitigation plans to support DIACAP accreditation. 1749

m. Assist the Government in the transition from the Issue and Action Tracking System 1750

(IATS) to a future approved C&A tool set. 1751

n. Submit C&A packages to the Government for approval (CDRL A018 - DoD Information 1752

Assurance Certification and Accreditation Package): 1753

i. Package accuracy must be 90% on first submission and 100% on second 1754

submission. 1755

ii. All packages must be screened by the Contractor using the Government approved 1756

Quality Assurance Plan. Report weekly Quality Assurance metrics agreed to with 1757

the Government. 1758

iii. Achieve ATO for all sites granted Interim Authority to Operate (IATO) prior to 1759

expiration of the IATO. 1760

Attachment 1



72

o. Review U.S. Cyber Command (USCC) Coordinated Alert Messages and verify that 1761

NGEN sites are not identified as within 30 calendar days of IATO expiration. This 1762

requirement does not apply to Interim Authority to Test (IATT) sites. 1763

p. Populate C&A templates per DIACAP requirements. 1764

b. Provide annual forecast of packages to be delivered to the Government for C&A 1765

decisions and update the forecast monthly. (CDRL A018 - DoD Information Assurance 1766

Certification and Accreditation Package) 1767

q. Provide C&A status reports. (CDRL A007 - Monthly Status Report) 1768

r. Provide accreditation boundary documentation. (CDRL A018 - DoD Information 1769

Assurance Certification and Accreditation Package) 1770

s. Attend the Integration Certification Solution Review Board on behalf of the NGEN 1771

Program Manager and the NGEN Chief Engineer. 1772

t. Provide NGEN certification documentation [e.g., scans, Requirements Traceability 1773

Matrices (RTMs), or DoD Architecture Framework (DODAF) documents] for solutions 1774

being certified for inter-network use. 1775

u. Provide security design management control of NGEN core build processes for servers, 1776

services, and end points. 1777

v. Coordinate C&A packages with the TXS Contractor. 1778

1779


a. Support the development of certification packages in coordination with the ES Contractor 1781

and other service providers and in accordance with DoD and DON Security Policies and 1782

Requirements, as well as the NGEN Enterprise Accreditation Strategy. Support the 1783

development of certification packages at three (3) levels of C&A: 1784

i. Systems and projects for incremental changes and improvements. 1785

ii. Site installations. 1786

iii. Enterprise. 1787

b. Support the annual review of certification packages in coordination with the ES 1788

Contractor and other service providers. 1789

Attachment 1



73

c. Ensure automated systems comply with security requirements and are accredited by the 1790

Navy's ODAA prior to processing classified or sensitive unclassified data. 1791

d. Conduct C&A testing on TXS systems in accordance with the NGEN Enterprise 1792

Accreditation Strategy, the DIACAP Implementation Plan (DIP), and other Government 1793

provided test plans. 1794

e. Support the Government in the role of Validator and Certification Agent by conducting 1795

evaluations on systems or networks to verify and determine the extent a particular design 1796

and implementation meets a set of specified security requirements. 1797

f. Participate in NGEN Technical Interchange Meetings, Conferences, and Workshops as 1798

directed by the Government POC e.g.: 1799

i. Certification Solution Review (CSR) for Architecture and Engineering (A&E) 1800

solutions. 1801

ii. Enterprise Configuration Control Board (ECCB). 1802

iii. Enterprise Residual Risk Panel (ERRP). 1803

iv. Security and Technical Accreditation Boundary Action Group and subgroups. 1804

v. Security engineering reviews. 1805

g. Execute accreditation boundary change requests following the established processes as 1806

outlined in the Navy Ports, Protocols, and Services (NPPS) Manual. 1807

h. Review compliance with all non-inheritable IA Controls for each site (i.e., each Physical 1808

Site Indicator (PSI) Code and all tenant commands there) annually. 1809

i. Support site Validation testing in accordance with the Government provided test plan for 1810

each site by PSI Code for all non-inheritable IA controls applicable to that site. 1811

j. Produce and provide to the ES Contractor C&A related information, including detailed 1812

site topology drawings and other documentation such as the SIPRNet and NIPRNet 1813

Connection Questionnaire required by DISA for Approval to Connect to the GIG. (CDRL 1814

A012 – As-Built and Network Topology Drawings) 1815

k. Provide to the ES Contractor updates to the Enterprise System Security Authorization 1816

Agreement (eSSAA) document and its successor, the Enterprise DIACAP Plan (EDP) 1817

when implemented quarterly. 1818

Attachment 1



74

l. Submit proposed updates to the stakeholders (e.g., DAAs and CAs) for review and 1819

approval. 1820

m. Provide to the ES Contractor approved updates for inclusion in the Enterprise Security 1821

Architecture. 1822

1823

3.3.11 Authentication and Authorization Services 1824

Authentication and Authorization Services provides end user credential authorization and 1825

required access in accordance with applicable DoD policies. All IA policies and regulations are 1826

listed in Section 2. 1827

1828

Authentication and Authorization Services are shared services. The ES Contractor is designated 1829




1833

3.3.11.1 Identity and Access Management (IdAM) and Public Key Infrastructure (PKI) Services 1834

The ES Contractors shall: 1835

a. Implement strong authentication. 1836

b. Deploy, operate, and maintain an internal certification authority infrastructure to issue 1837

PKI certificates as needed to augment Government PKI certificate issuance capabilities. 1838

c. Manage certificate trusts and certificate stores on all NGEN end points, domain 1839

controllers, servers, and network components, as directed by the DON network 1840

operations authorities. 1841

d. Deploy, operate, and maintain an internal certificate validation (e.g., Online Certificate 1842

Status Protocol) infrastructure to provide certificate revocation status for PKI certificates 1843

issued from the DoD, DON, and DoD-approved external PKIs. 1844

e. Validate revocation statuses of PKI certificates using the NGEN certificate validation 1845

infrastructure or the DoD Robust Certificate Validation Services (RCVS). 1846

Attachment 1



75

f. Minimize certificate validation-related network traffic (e.g., certificate revocation list 1847

download requests) bound for PKIs external to NGEN through the use of web proxies 1848

and caching. 1849

g. Develop and obtain DAA approval for Certificate Policies and Certificate Practice 1850

Statements governing the operation of the NGEN certification authority and certificate 1851

validation infrastructures. 1852

h. Support the Department of Defense (DoD) smart card and the United States Navy (USN) 1853

ALT on the NGEN. 1854

i. Support Personal Identity Verification (PIV) cards issued by DoD-approved Federal 1855

Agencies and PIV-Interoperable (PIV-I) cards issued by DoD-approved industry partners 1856

on NGEN. 1857

j. Support the DoD SIPRNet Token. 1858

k. Participate in DoD testing and evaluation of smartcard platforms. 1859

l. Obtain and use Government-furnished smart card credentials for all NGEN Contractor 1860

and Sub-Contractor accounts. 1861

m. Authenticate all end users to access the NGEN network and network services, 1862

applications, resources, and components using only PKI-based authentication. 1863

n. Configure and deploy smart card readers with every end point, mobile devices, servers, 1864

and network components from which end users authenticate, encrypt, or digitally sign. 1865

o. Deploy and maintain any necessary middleware or software to support deployed smart 1866

card readers. 1867

p. Deploy and maintain a web-based, self-service tool for end users to establish and manage 1868

the relationship between the PKI certificate(s) on their smartcard and their network 1869

account. 1870

q. Publish end users' PKI encryption certificates automatically to network directory 1871

services. 1872

r. Provide digital signature and encryption capabilities for all NGEN electronic mail 1873

services. 1874

s. Install and maintain PKI machine (i.e., non-person entity) certificates on all NGEN end 1875

points, domain controllers, servers, network components, and applications. 1876

Attachment 1



76

t. Perform Local Registration Authority (LRA) functions to augment DON LRA 1877

capabilities. 1878

u. Develop, publish, and maintain on Homeport instructions for end users on smart cards 1879

and PKI certificates for network Log on, email message digital signature and encryption, 1880

and authentication to public-key enabled services. 1881

v. Operate and maintain authentication and authorization services on both classified and 1882

unclassified networks in compliance with DoD PKI initiatives. 1883

i. Implement Identity and Access Management (IdAM) in accordance with 1884

Information Sharing Environment Guidance (ISE-G-101). 1885

ii. Comply with DoD and DON policy to provide Cryptographic Log-On (CLO) for 1886

network authentication. 1887

iii. Comply with Government direction to provide a DON login mechanism that 1888

includes an end user name and password combination for enterprise assets that do 1889

not support CLO. 1890

w. Obtain and comply with current regulations, policy, and guidance for the implementation 1891

of the IdAM schema and access control mechanism. Maintain the established identity 1892

attribute schema with DAR. 1893

1894


a. Implement Identity and Access Management (IdAM) for TXS assigned infrastructure and 1896

services in accordance with Information Sharing Environment Guidance (ISE-G-108 19 1897

Dec 2008). 1898

b. Provide Cryptographic Log on (CLO) for access to all TXS services and infrastructure. 1899

c. Provide a login mechanism consisting of an end username and password for all TXS 1900

assigned infrastructure assets that do not support CLO. 1901

d. Limit consecutive unsuccessful access attempts to access a TXS assigned infrastructure 1902

item to three. 1903

e. Display an approved system use notification message before granting system access to 1904

the TXS information systems. 1905

f. Maintain session locking for account inactivity on the TXS assigned infrastructure. 1906

Attachment 1



77

g. Maintain a Government-approved trust relationship structure. 1907

h. Utilize two-factor authentication provided by DoD issued smart cards or Alternate Log 1908

on Tokens (ALT). 1909

i. Provide this capability for technology-refreshed devices. 1910

ii. Obtain prior Government approval for deviations from this requirement. 1911

i. Obtain and install required non-DoD issued X.509-class certificates from ES Enterprise 1912

Certificate Authority (CA) and Online Certificate Status Protocol (OCSP) instances. 1913

1914

3.3.12 Network Access Control (NAC) Services 1915

The Network Access Control (NAC) Services (IEEE 802.1X) are comprised of hardware and 1916

software used to provide device discovery and rogue device prevention. NAC Services check 1917

host machines for IA compliance before allowing access to the network. Non-compliant hosts 1918

are remediated before an NGEN IP address is issued [Dynamic Host Configuration Protocol 1919

(DHCP)] and a NGEN network connection is made. All IA policies and regulations are listed in 1920

Section 2. 1921

1922

NAC Services are shared services. The ES Contractor is designated as the primary service 1923




a. Device and End User Discovery - Provide infrastructure and services to implement, 1927

operate, and maintain the NAC end user and device discovery component. 1928

b. Security Scanning and Monitoring - Implement, operate, and maintain the NAC security 1929

scanning and monitoring component. 1930

c. Identity Based Compliance Evaluation and Verification - Implement, operate, and 1931

maintain the NAC identity based compliance component. 1932

d. Network Services – Comply with DoD Security Technical Information Guide (STIG). 1933

e. Remote Diagnostic and Configuration Port Protection - Implement, operate, and maintain 1934

the NAC remote diagnostic and configuration component. 1935

1936

Attachment 1



78


a. Operate and maintain NAC scanning. 1938

i. Perform remediation. 1939

ii. Develop and execute isolation plans 1940

b. Recommend, design, and implement enhanced NAC in alignment with NGEN Integrated 1941

Architecture. 1942

1943


a. Establish and maintain Virtual LANs (VLANs) for ES to scan, remediate, and activate 1945

isolation plans. 1946

b. Implement Port Blocking or port isolation, as directed by the CNDSP, for those clients 1947

that are found to be non-compliant and non-trusted. 1948

1949

3.3.13 Remote Access Services (RAS) 1950

Remote Access Services (RAS) support the design, implementation, operation, and maintenance 1951

of systems required to afford network service and resource access by remote end users. All IA 1952

policies and regulations are listed in Section 2. 1953

1954

RAS are shared services. The TXS Contractor is designated as the primary service provider and 1955

the ES Contractor is designated as the supporting service provider. The Contractors shall 1956


the services described below. 1958

1959


a. Operate, maintain, and manage the ES components [e.g., Secure Sockets Layer Virtual 1961

Private Network (SSLVPN) client, certificate integration, and enterprise authentication] 1962

to give end users secure access to both the NIPRNet and SIPRNet from remote locations 1963

via cellular access, or commercially available wired and wireless broadband internet 1964

access. ES components of the RAS solution include: 1965

Attachment 1



79

i. End user SSLVPN client [including integrated Public Key Infrastructure (PKI) 1966

and DoD Smart Card components and capabilities] and RAS supported 1967

middleware. 1968

ii. Enterprise authentication components that integrate remote access capabilities 1969

with the current directory services and PKI infrastructure. 1970

1971


a. Operate and maintain the Virtual Private Network (VPN) infrastructure resident at the 1973

Boundary 1 (B1) that supports end-to-end encryption for both clients and Very Small Site 1974

Design (VSSD) sites enabling end users to establish a secure, encrypted tunnel to NGEN 1975

network resources. 1976

b. Operate and maintain classified RAS for remote access to the Navy classified enclave 1977

with approved remote computing devices via approved Government Furnished Property 1978

(GFP) secure dial up capability and certified Type-1 cryptographic devices. 1979

c. Operate and maintain DON Routing and RAS servers. 1980

d. Integrate, operate, and maintain Government Furnished Equipment (GFE) remote 1981

transport connectivity components for designated Commanders in-flight. 1982

1983

3.3.14 End User Training Services 1984

End User Training Services includes the development and delivery of training to NGEN end 1985

users and network and computing support to Navy classrooms. End User Training Services will 1986

be delivered through classroom instruction, computer labs, computer-based training (CBT), web-1987

based e-learning, and on-the-job training (OJT). 1988

1989

End User Training Services are shared services. The ES Contractor is designated as the primary 1990

service provider and the TXS Contractor is designated as the supporting service provider. The 1991



1994


Attachment 1



80

a. Provide assigned service training materials (e.g., Procedures for publishing PKI 1996

certificates to the GAL). 1997

b. Provide end users with web accessible training materials in coordination with the TXS 1998

Contractor. 1999

c. Participate in the quarterly Government-chaired Training Readiness Review Board 2000

(TRRB). 2001

d. Provide classified and unclassified Electronic Classroom Training in accordance with the 2002

Automated Electronic Classrooms Guidelines, NAVEDTRA M-130B. 2003

i. Operate and maintain assigned ECR infrastructure. 2004

ii. Operate and maintain classroom management solution. 2005

e. Develop training solution alternatives and recommendations in accordance with the DoD 2006

Handbook: Instructional Systems Development (ISD)/Systems Approach to Training 2007

(SAT) (MIL-HDBK-29612-2A) and the NGEN Navy Training System Plan (N6-NTSP-2008

E-70-0817). (CDRL A031 – Training Program Documentation) 2009

i. Provide access to training content hosted in NGEN and other Navy networks (e.g. 2010

DMZ). 2011

ii. Provide training content, manuals, and job aids for any ES contractor-provided or 2012

deployed end user hardware and software upgrades procured within the NGEN 2013

ES contract (i.e., not part of the “as-is” baseline). 2014

iii. Operate and maintain the existing automated and Web-based account creation and 2015

management solution that is populated via automated feeds from Government 2016

legacy management systems to Active Directory. 2017

iv. Manage classroom-shared resources to allow and restrict students’ access to 2018

selected resources without reducing the native NGEN IA posture. 2019

f. Operate and maintain classroom management solution. 2020

i. Load authorized training content and curriculum. 2021

ii. Modify classroom workstation configurations and re‐connect to the NGEN 2022

Training COI. 2023

iii. Provide access controls to as well as backup and restoration services of file share 2024

storage data. 2025

Attachment 1



81

iv. Support both the Integrated Learning Environment (ILE) web based instructional 2026

content and the current inventory of legacy instructional content. 2027

v. Support the “On Demand” web based account creation tool. 2028

vi. Update end user and status of accounts every hour from 0800 to 1800 local time 2029

as well as part of the scheduled nightly updates. 2030

vii. Allocate file share storage space in 50GB increments. 2031

2032

3.3.15 Network Operations (NetOps) and Information Assurance (IA) Training Services 2033

Network Operations (NetOps) and Information Assurance (IA) Training Services are a shared 2034

service. The ES Contractor is designated as the primary service provider, and the TXS 2035

Contractor is designated as the supporting service provider. The Contractors shall collaborate 2036

with each other and any other service providers to provide common management of the services 2037

described below. 2038

2039

3.3.15.1 Network Operations (NetOps) Training Services 2040

NetOps Training Services provide Government staff responsible for oversight of the network 2041

with information and instruction on NGEN-specific Information Technology Service 2042

Management (ITSM) processes, NGEN-specific business processes, and NGEN network and 2043

service management tools. 2044

2045


a. Maintain and update training materials and systems. 2047

b. Provide training materials for all new tool, process, and solution development or 2048

deployment efforts including training requirements needed to achieve and support 2049

Government network and service management job skills requirements as outlined in the 2050

NGEN Navy Training System Plan N6-NTSP-E-70-0817. 2051

c. Provide NGEN deployables training including advanced network and process training 2052

and certification for DON fleet IT personnel (Unit IT) responsible for successful fleet 2053

deployment, deployed operation, and return of a command’s deployable end user devices 2054

and shore network services to the ashore network enclaves. 2055

Attachment 1



82

2056


a. Provide combined training which encompasses the hardware and software standards, 2058

solutions, and processes necessary to meet NGEN CTR requirements as outlined in the 2059

NGEN Navy Training System Plan. The minimum training requirement is 1-day, 2060

Instructor-Led Training (ILT) via Defense Connect Online (DCO) or Interactive Course 2061

Ware (ICW) for each of the following courses in accordance with Table 3.3.15.1-1. 2062

i. File Shares, Security Groups, and Distribution Lists Management. 2063

ii. Account Security. 2064

iii. Spillage Containment. 2065

iv. CTR Roles, Responsibilities, and Certification Process. 2066

v. CTR Communications Plan and Knowledge Management. 2067

vi. NGEN End User Services. 2068

vii. End User Accounts Management. 2069

viii. Customer Services. 2070

ix. Operations and Change Management. 2071

x. Ordering Services. 2072

xi. Asset Management. 2073

xii. Performing Technology Refresh 2074

xiii. Change Requests (Move, Add, and Change). 2075

xiv. Deployables. 2076

xv. Manage DoD Smart Card Exceptions List. 2077

2078

Table 3.3.15.1-1 USN CSR Training Training Requirements Students FY13 FY14 FY15 FY16

MIL/CIV 575 2125 700 700 Convening’s 23 85 28 28

2079

b. Provide NGEN-specific ITSM process training based on the NPDM and consisting of 2080

content for all prescribed NPDM life cycle management processes. Provide ILT via 2081

DCO for the courses identified in Table 3.3.15.1-2. 2082

Attachment 1



83

2083

Table 3.3.15.1-2 USN NGEN Process Training

Process Duration(Days) Delivery

Convening’s (per year) Seats

Demand Management 1 Instructor-DCO or ICW 3 25

Service Portfolio Management 2 Instructor-DCO or ICW 5 25

Financial Management 2 Instructor-DCO or ICW 2 25

Supplier Management 1 Instructor-DCO or ICW 5 25

Service Catalog Management 2 Instructor-DCO or ICW 3 25

Information Security Management 2 Instructor-DCO or ICW 5 25

IT Service Continuity Management 1 Instructor-DCO or

ICW 3 25

Capacity Management 2 Instructor-DCO or ICW 5 25

Availability Management 2 Instructor-DCO or ICW 5 25

Service Level Management 2 Instructor-DCO or ICW 5 25

Knowledge Management 1 Instructor-DCO or ICW 2 25

Transition Planning and Support 1 Instructor-DCO or ICW 5 25

Release and Deployment Management 2 Instructor-DCO or

ICW 5 25

Service Asset and Configuration Management 2 Instructor-DCO or

ICW 10 25

Change Management 2 Instructor-DCO or ICW 5 25

Request Fulfillment 3 Instructor-DCO or ICW 10 25

Event Management 4 Instructor-DCO or ICW 10 25

Access Management 2 Instructor-DCO or ICW 10 25

Evaluation 3 Instructor-DCO or ICW 3 25

Service Validation and Testing 2 Instructor-DCO or ICW 5 25

Attachment 1



84

Table 3.3.15.1-2 USN NGEN Process Training

Process Duration(Days) Delivery

Convening’s (per year) Seats

Problem Management 3 Instructor-DCO or ICW 10 25

Data Management 3 Instructor-DCO or ICW 3 25

Facilities Management 3 Instructor-DCO or ICW 3 25

Incident Management 3 Instructor-DCO or ICW 10 25

2084

c. Provide NGEN tools training in the operational NGEN environment in accordance with 2085

Table 3.3.15.1-3. 2086

2087

Attachment 1



85

Table 3.3.15.1-3 USN NGEN Tools Training

Tool Duration

(Days) Delivery

Convening’s

(per year) Seats

Configuration Management 2 Instructor-DCO or ICW 2 25

Service Catalog and Ordering

System 2 Instructor-DCO or ICW 2 25

Request Fulfillment 3 Instructor-DCO or ICW 2 25

Knowledge Management

(SKMS) 2

Instructor-DCO or ICW 2 25

Incident Management 3 Instructor-DCO or ICW 2 25

Change Management 3 Instructor-DCO or ICW 2 25

Problem Management 3 Instructor-DCO or ICW 2 25

Financial Systems 2 Instructor-DCO or ICW 2 25

Service Level Management 2 Instructor-DCO or ICW 2 25

Availability Management 2 Instructor-DCO or ICW 2 25

Auto Discovery Tools 2 Instructor-DCO or ICW 2 25

Asset Management 3 Instructor-DCO or ICW 2 25

Configuration Management 3 Instructor-DCO or ICW 2 25

Event Management 2 Instructor-DCO or ICW 2 25

Customer Relations 1 Instructor-DCO or ICW 2 25

Access and Identity 1 Instructor-DCO or ICW 2 25

2088

d. Place all NGEN training content on the NGEN web portal and provide access to other 2089

learning resources (e.g., current news and virtual communities of practice). NGEN 2090

training content includes Operating System functions and capabilities, core build 2091

applications, and end user applications. 2092

e. Host, operate, and maintain a Learning Management System (LMS), in accordance with 2093

the requirements specified in the NGEN Learning Management System Functional Area 2094

Description, to schedule training, track training progression, and record training 2095

completion metrics. 2096

Attachment 1



86

2097


a. Provide TXS training input to ES contractor for NGEN CSR requirements as outlined in 2099

the NGEN Navy Training System Plan. The minimum training requirement is 1-day, 2100

ILT via DCO for each of the following courses in accordance with Table 3.3.15.1-1: 2101

i. NGEN Transport Services 2102

ii. TXS Operations and Change Management elements 2103

iii. Asset Management 2104

iv. Performing Tech Refresh and Modernization 2105

v. Change Requests (Move, Add, Change) 2106

vi. Deployables 2107

b. Provide input and support to ES for NGEN-specific ITSM process training based on the 2108

NPDM and consisting of content for all prescribed NPDM management processes. 2109

Provide ILT via DCO for the courses Table 3.3.15.1-2. 2110

c. Provide TXS input to the ES contractor on NGEN tools training in the operational NGEN 2111

environment in accordance with Table 3.3.15.1-3. 2112

d. Provide TXS training content (e.g., RAS configurations) to ES for inclusion on the 2113

NGEN web portal. 2114

e. Provide required TXS input to the ES Contractor for inclusion in the LMS including 2115

training schedule, progression, and completion metrics. 2116

2117

3.3.15.1.1 Instructional Strategy Services and Training Materials 2118

Training Materials and Instructional Strategy Services are provided by the ES Contractor. 2119

2120


a. Recommend the most cost effective form of training materials. 2122

b. Recommend an instructional strategy (e.g., web based documents, computer based 2123

training, on the job training, classroom training, etc.) 2124

c. Develop training materials to address training issues identified by the Government. 2125

2126

Attachment 1



87

3.3.15.2 Information Assurance (IA) Training Services 2127

Information Assurance (IA) Training Services provide, operations-focused training for the 2128

Government IA and NETOps workforce on topics related to the specific IA systems and 2129

processes supporting the network. 2130

2131

The ES and TXS Contractors shall provide Information Assurance Workforce Improvement 2132

(IAWF) Program training and certification status for all personnel performing IA functions. 2133


2135

3.3.16 Testing Services 2136

NGEN Testing Services encompass a broad spectrum of testing events across the unclassified 2137

and classified enclaves. NGEN Testing Services consist of 1) risk assessments; 2) performance 2138

assessments; 3) hardware testing and certification; 4) software testing and certification; 5) core 2139

build testing and certification; 6) application testing and certification; 7) system integration 2140

testing; 8) release testing; and, 9) production testing. NGEN Testing Services validate the 2141

compliance of all changes, additions, or refresh of NGEN services in accordance with 2142

performance requirements stipulated in this PWS. The criteria of the performance metrics will 2143

be used to validate performance changes to the NGEN services. 2144

2145

A Contractor provided NGEN Testing Services Facility (USN) will be used to test and certify 2146

hardware and software systems in an applicable test environment to ensure compliance with 2147

NGEN performance requirements. The test facility will be used to assess hardware, software 2148

systems, and applications (GOTS and COTS products) to meet the performance metrics in the 2149

NGEN Service and Operational Levels document. 2150

2151

NGEN Testing Services requires participation and collaboration with various Government 2152

agencies and support Contractors to ensure compliance with established policies, technical, 2153

contractual, interoperability, and operational requirements of the NGEN services. 2154

2155

Attachment 1



88

Testing Services are shared services. The ES Contractor is designated as the primary service 2156




a. Provide testing services input to NGEN Test Readiness Reviews (TRR). (CDRL A001 – 2160

Meeting Minutes; CDRL A002 – Meeting Agenda; and, CDRL A003 – Presentation 2161

Materials) 2162

i. Provide testing services support for Engineering. 2163

ii. Plan and conduct NGEN operational testing and performance assessments. 2164

2165


a. Provide, operate, and maintain a test facility that can be connected to the GIG (e.g., 2167

connectivity to NIPRNet and SIPRNet) and represents the NGEN production 2168

environment (e.g., NNPI, MOC, and NCIS). 2169

b. Perform service, system, and application testing in support of services identified in 2170

Section 3.3 (ES Services Portfolio) of this PWS. 2171

i. Provide Computer-Electronic Accommodations Program (CAP-Section 508) 2172

certification letter to the Government. (CDRL A032 – Computer Electronic 2173

Accommodations Program Certification Letter) 2174

c. Provide test facility and production test plans, procedures, reports, as well as operator and 2175

end user impact information for all required test events. (CDRL A026 – Test Report and 2176

CDRL A033 – Test Procedures) 2177

i. Provide and implement remediation procedures in accordance with the test plans. 2178

d. Provide other NGEN service providers (e.g., TXS Contractor and DISA), designated 2179

Government and Contractor personnel access to the test facility to observe and participate 2180

in operations and testing. 2181

e. Store and maintain all testing and technical documentation in the Contractor provided 2182

Integrated Data Environment (IDE). 2183

2184


Attachment 1



89

a. Provide, operate, and maintain assigned hardware and software required to stand up and 2186

deliver a production representative environment in the test facility provided by the ES 2187

Contractor. 2188

b. Provide the ES Contractor with input to all required testing and technical documentation 2189

(e.g., plans, procedures, and reports). 2190

2191

3.3.17 Continuity of Operations (COOP), Disaster Recovery (DR), and Business Continuity 2192

Planning (BCP) Services 2193

Continuity of Operations (COOP) and Disaster Recovery (DR) involve 1) creating, testing, and 2194

executing plans for emergency response; 2) storage and backup operations; and 3) post-disaster 2195

recovery of information systems. COOP and DR is a collection of processes, policies, and 2196

procedures required for recovery or continuation of the infrastructure and services critical to an 2197

organization after a disaster. 2198

2199

Continuity of Operations (COOP), Disaster Recovery (DR), and Business Continuity Planning 2200

(BCP) are shared services. The ES Contractor is designated as the primary service provider, and 2201



the services described below. 2204

2205

3.3.17.1 Continuity of Operations (COOP) Services 2206


a. Operate and maintain the COOP capability consistent with existing architecture and 2208

redundancy characteristics. 2209

b. Adhere to OPNAV Instruction 3030.5B (20 OCT 2009), DOD Directive 3020.26, 2210

SECNAV Instruction 3030.4C, and other DoD and DON policies as described in the 2211

NPDM, for IT Service Continuity Management. 2212

c. Conduct COOP testing: 2213

i. Twice a year for all redundant NGEN standard services. 2214

Attachment 1



90

ii. For the MOC C2 COOP server farms when planned and authorized by each MOC 2215

site. 2216

d. Provide controlled degradation of services as requested by the Government in the event 2217

of a disaster, incident, or planned exercises for all services provided under this contract. 2218

e. Provide After Action Reports (AARs) for all exercises. (CDRL A034 – After Action 2219

Reports) 2220

2221


a. Consolidate all After Action Reports (AARs) for all exercises and submit to the 2223

Government. (CDRL A034 – After Action Reports) 2224

b. Provide as part of the monthly IPR recommended architecture, process, and tool 2225

enhancements or upgrades to address any identified deficiencies in COOP capabilities. 2226

(CDRL A008– Continuous Service Improvement Plan) 2227

c. Operate and maintain the data COOP capability for the C2 MOC located at Makalapa, 2228

Pearl Harbor, HI including: 2229

i. Provide ongoing monitoring, support, and maintenance of the server 2230

infrastructure. 2231

ii. Operate and maintain the required infrastructure to support COOP. 2232

iii. Operate and maintain the Storage Area Network (SAN) backup and restore 2233

(BUR) system. 2234

iv. Provide 30-day disk-to-disk backup and restore with off-site tape backup for the 2235

primary location. 2236

v. Provide an initial COOP capability that can be operational as the primary site 2237

within 15 minutes. 2238

vi. Provide support for single email mailbox recovery for all C2 MOC end users. 2239

vii. Provide a failover COOP site that can be operational as the primary site with full 2240

capability within 12 hours. 2241

2242

3.3.17.2 Disaster Recovery (DR) Services 2243

2244

Attachment 1



91


a. Operate and maintain DR capability consistent with existing architecture and redundancy 2246

characteristics. 2247

b. Develop and provide an annual update to the Disaster Recovery Plan (DRP) for 2248

restoration of operations in the event of a minor or major disaster. (CDRL A035 – 2249

Disaster Recovery Plan) 2250

c. Activate the assigned components of the approved DRP in the event of a disaster in 2251

coordination with the other Contractors and the Government Service Manager. 2252

d. Provide an AAR in the event of a disaster or exercise. (CDRL A034 – After Action 2253

Report) 2254

e. Conduct the DRP annual exercise for one large site, one NOC, and one server farm and 2255

provide AARs following the exercises. (CDRL A034 – After Action Report) 2256

2257

In addition to the above, the ES Contractor shall provide a consolidated annual update to the IT 2258

section of the DRP. (CDRL A035 – Disaster Recovery Plan) 2259

2260

3.3.17.3 Business Continuity Planning (BCP) Services 2261

BCP determines the Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs), 2262

and defines specific scenarios that trigger the activation of COOP and DR plans, subject to GDA. 2263

2264


a. Provide input to the BCP including: 1) prioritization of service and data restoration 2266

operations; 2) master service and data restoration schedule; and, 3) preferred source or 2267

storage locations based on the situational needs of each site or command. (CDRL A036 – 2268

Business Continuity Plan ) 2269

b. Create and maintain IT Service Continuity Plans, for organizations supported by the 2270

Navy Management Domain. (CDRL A037 - IT Service Continuity Plan) 2271

c. Conduct annual exercises to ensure the effectiveness of the Government approved IT 2272

Service Continuity Plans in coordination with the other Contractors and the Government 2273

Service Manager. 2274

Attachment 1



92

2275

In addition to the above, the ES Contractor shall create and submit to the Government a 2276

consolidated IT Service Continuity Plans. (CDRL A036 – Business Continuity Plan) 2277

2278

3.3.17.4 Contingency Operations Services 2279

Contingency Operations Services provide IT capabilities in support of Operations Other Than 2280

War (OOTW), disaster relief, defense support to civil authorities, foreign humanitarian 2281

assistance, etc. 2282

2283

3.3.17.4.1 Determine and Test Contingency Operations Hardware and Software Configurations 2284

2285


a. Determine the standard HW and SW configurations in coordination with the other 2287

Contractors and the Government. 2288

b. Test the approved standard contingency HW and SW configurations at an agreed upon 2289

NGEN site with more than 25 end users. 2290

2291

3.3.17.4.2 Deploy IT Capabilities to Support Contingency Operations 2292

2293


a. Develop a deployable contingency design and Bill of Materials (BOM) to support 2295

identified operational requirements and intended operational environment. 2296

b. Obtain required HW and SW. 2297

c. Develop personnel resource estimate to include quantity, billet type, and logistics 2298

requirements (e.g., transportation, housing accommodations, and food) for those 2299

contingencies requiring on-site support. 2300

d. Submit personnel foreign country clearance requests and obtain necessary visas. 2301

e. Document the result of the deployment in a Government provided template with input 2302

and conduct a post-deployment review with the Government. 2303

f. Return any unused and reusable equipment to stock. 2304

Attachment 1



93

2305


a. Develop and obtain Government approval of a consolidated deployable contingency 2307

design and Bill of Materials (BOM) to support identified operational requirements and 2308

intended operational environment that includes input from all Contractor. 2309

b. Provide for the transportation of all ES and TXS HW and SW required to support 2310

contingency operations and obtain all import permits. 2311

c. Submit a consolidated document of the result of the deployment in a Government 2312

provided template with input from the TXS Contractor and conduct a post-deployment 2313

review with the Government. 2314

2315

In addition to the above, the TXS Contractor shall coordinate with the ES Contractor to transport 2316

all TXS HW and SW required to support contingency operations and to obtain import permits. 2317

2318

3.3.18 File Removal Services 2319

File Removal Services (formerly known as Spillage) provide resolution when electronic spillage 2320

has occurred where classified information, Personally Identifiable Information (PII), Navy 2321

Nuclear Propulsion Information (NNPI), or Community of Interest (COI) information has been 2322

introduced on an IT system, network, or component that is not authorized to hold or process such 2323

information. 2324

2325

File Removal Services are shared services. The ES Contractor is designated as the primary 2326

service delivery provider, and the TXS Contractor is designated as the supporting service 2327

delivery provider. The Contractors shall collaborate with each other and any other service 2328

providers to provide common management of the services described below. 2329

2330


a. Quarantine known electronic spillage locations within one hour of incident discovery. 2332

Attachment 1



94

b. Remove all instances of the electronic spillage from the network, backup systems, and 2333

media within 24 hours of notification in accordance with procedures approved by the 2334

Navy Designated Approval Authority (DAA) (NTD 11-08, 032052ZNOV08). 2335

c. Start the trace process within 30 minutes of notification by an authorized Government 2336

authority to determine the extent of the electronic spillage proliferation across systems 2337

(e.g. desktop, laptop, servers, and monitoring systems). 2338

d. Provide trace report in accordance with Government provided parameters. (CDRL A038 - 2339

Trace Report - File Removal Services) 2340

i. Submit a Plan of Action and Milestones (POA&M) for actions that cannot be 2341

completed within 24 hours of notification. 2342

e. Notify designated Government authority upon completion of electronic spillage cleanup. 2343

f. Report last known locations of files that may have been further distributed, but cannot be 2344

traced to service level network operations centers (e.g., email files that were opened and 2345

read or files that may have been copied). (CDRL A038 - Trace Report - File Removal 2346

Services) 2347

g. Coordinate with designated TXS personnel to remove electronic spillage from equipment 2348

and systems assigned to the TXS Contractor. 2349

h. Report unauthorized or inadvertent disclosures of unclassified and classified NNPI data 2350

in accordance with current version of OPNAV Instruction 9210-3 as directed by the 2351

designated Government representative. 2352

i. Report the unauthorized or inadvertent disclosure summary data and results to the 2353

designated Government representative quarterly. (CDRL A038 - Trace Report - File 2354

Removal Services (FMS) Trace Report) 2355

2356

The TXS Contractor shall coordinate with and support ES personnel to remove electronic 2357

spillage from equipment and systems assigned to the TXS Contractor. 2358

2359

3.3.19 Electronic Software Delivery Services (ESDS) 2360

Attachment 1



95

Electronic Software Delivery Services (ESDS), also known as digital distribution, refers to the 2361

practice of having SW products delivered or updated remotely as opposed to loaded and installed 2362

locally from physical media. 2363

2364

ESDS are shared services. The ES Contractor is designated as the primary service provider, and 2365



the services described below: 2368

a. Deliver software, patches, updates, and firmware to all components on the network in 2369

accordance with the Release and Deployment Management (RDM) process as described 2370

in the NPDM. 2371

2372

The ES Contractor shall provide the combined status of all security and software patches. 2373


2375

The TXS Contractor shall provide the ES Contractor with the status of all security and software 2376

patches and updates to its equipment. 2377

2378

3.3.20 Service Desk Services 2379

Service Desk Services manage and coordinate the handling of incidents, problems, and requests 2380

with end users and IT groups for unclassified and classified equipment. The Service Desk 2381

provides multiple means (e.g., single toll-free number and single Web interface) for requesting 2382

service. The Service Desk manages the life cycle of incidents, problems, and service requests 2383

including fulfillment, verification, and closure. Service desk support includes multiple tiers in 2384

accordance with the Incident Management process as described in the NPDM: 2385

a. Tier 0: End user self service 2386

b. Tier 1: Basic service support to end users and IT groups. 2387

c. Tier 2: More complex service support requiring the involvement of Subject Matter 2388

Experts (SMEs). 2389

Attachment 1



96

d. Tier 3: Onsite support for complex service support requirements that may involve 2390

certified systems engineers or touch labor. 2391

e. Tier 4: Engineering technology support. 2392

2393

Service Desk Services encompasses support for two basic customer types 1) War Fighter; and, 2) 2394

Business. Further automation of and enhanced processes will improve the efficiency and 2395

effectiveness of the NGEN Service Desk. An example of potential improvements is a web based 2396

knowledge management system to increase end user self-sufficiency (e.g., end user password 2397

reset and GAL updates). 2398

2399

Service Desk Services are shared services. The ES Contractor is designated as the primary 2400

service provider, and the TXS Contractor is designated as the supporting service provider. The 2401



2404


a. Provide Service Desk Services for defined enclaves (e.g., classified, unclassified, and 2406

COIs). 2407

b. Provide geographically diverse facilities to provide redundant Service Desk Services 2408

within the Continental United States (CONUS). Each location must be capable of 2409

servicing the entire NGEN population in the event of a natural disaster or loss of 2410

capabilities. 2411

c. Provide Service Desk Services availability for all users, 24x7x365. 2412

d. Provide Service Desk ticket submission and tracking through multiple means (e.g., email, 2413

single toll-free number and single web interface), to include a routing system for end user 2414

classifications (e.g., NIPRNet, SIPRNet, War Fighter, and Standard Business). 2415

e. Document, assess, track, and resolve or fulfill Service Desk incidents, problems, and 2416

requests in accordance with the NGEN SMP and the processes as described in the 2417

NPDM. 2418

Attachment 1



97

f. Coordinate with the other service providers to resolve incidents and fulfill requests [e.g., 2419

Move, Add, Changes (MACs)]. 2420

g. Operate and maintain an Online status system to initiate, query, track, update, and display 2421

information (e.g., aging and backlog) pertaining to incidents, problems, and requests. 2422

h. Track the resolution of all service desk incidents, problems, and Service Requests to 2423

closure. 2424

i. Verify resolution with the customer prior to closing incidents, problems, and requests. 2425

j. Upon resolution of an incident for outage of service, provide the Government with 2426

written information regarding the reason for the outage, corrective actions taken, and any 2427

follow-on actions. (CDRL A034 – After Action Report) 2428

k. Provide Service Desk Services for NGEN deployed and Broadband Unclassified Remote 2429

Access Services (BURAS) end users, including support for appropriate services [e.g., 2430

remote access, Outlook Web Access (OWA), email, email redirection, client hardware, 2431

client software, and deployable process support]. 2432

l. Provide an interface between the NGEN Service Desk and legacy networks, Government 2433

application Service Desks, as well as third party providers (e.g., PDA and end user 2434

equipment). This interface includes redirecting end user calls to the applicable legacy 2435

system Service Desk after confirming NGEN services are not the source of the legacy 2436

system anomaly or outage. 2437

m. Escalate and resolve incidents in coordination with the base, post, or station desk side 2438

support agents when Tiers 1 and 2 have not been able to resolve. 2439

n. Automatically generate, post, and retain historical information for monthly Service Desk 2440

performance measurements on a Government designated website and report this 2441

information as part of the monthly IPR. 2442

2443


a. Provide Service Desk Services in accordance with OLA-006 “End User Incident 2445

Resolution”, OLA-007 “Incident Resolution for Government Applications”, and OLA-2446

008 “First Call Resolution”. 2447

b. Provide Tier 1 troubleshooting scripts and job aids. 2448

Attachment 1



98

c. Provide Tier 2, Tier 3, and Tier 4 support to troubleshoot and resolve TXS related 2449

incidents. 2450

2451

3.3.20.1 Move, Add, and Change (MAC) Services 2452

Move, Add, and Change (MAC) Services are a subset of Service Desk Services and provide two 2453

support categories: 1) Simple MACs; and 2) Project MACs. 2454

a. Simple MACs address request fulfillment to deliver a piece of HW and SW to a single 2455

end user. This includes the capability to: 2456

i. Move, connect, and integrate NGEN HW from one NGEN location to another 2457

NGEN location for an end user. 2458

ii. Add HW or SW to an existing end user configuration or install a new end user 2459

HW and SW configuration. 2460

iii. Modify the configuration of NGEN HW and SW for an end user. 2461

b. Project MACs are more complex, involve multiple end users and pieces of HW and SW, 2462

and are handled via separate task orders (e.g., movement of multiple end users or 2463

organizations to locations that potentially require the installation of an NGEN 2464

infrastructure). 2465

2466

Move, Add, and Change (MAC) Services are shared services. The ES Contractor is designated 2467




2471


a. Perform requested simple MAC services. 2473

b. Process, manage, and execute classified and unclassified MAC requests. 2474

c. Perform MACs in accordance with the CMIP and the AMIP. 2475

d. Provide end users technical assistance and guidance to resolve service delivery issues 2476

related to MAC processing. 2477

e. Perform requested project MAC services . 2478

Attachment 1



99

i. Analyze and develop a detailed implementation plan for requested project MACs. 2479

(CDRL A039 – Implementation Plan) 2480

ii. Develop detailed cost estimate including Bill of Materials. 2481

iii. Develop Request for Change (RFC). (CDRL A023 – Engineering Change 2482

Proposal – Request for Change) 2483

iv. Provide the Government with access to a website containing a status of received 2484

project MACs and aging report. 2485

2486

The TXS Contractor shall provide the touch labor, network reconfiguration, inside cable plant, 2487

and closet port management support associated with MACs. 2488

2489

3.3.21 Base Area Network (BAN) Services and Local Area Network (LAN) Services 2490

Base Area Network (BAN) Services include the installation, operation, and maintenance of the 2491

cable, wireless, and switching infrastructure that connects a base, post, or station Wide Area 2492

Network (WAN) to the Local Area Network (LAN)s, server farms, datacenters and MOC in the 2493

buildings on the base, post or station and to associated piers serving Navy ships. The BAN 2494

supports NIPRNet and SIPRNet IP based voice, video, and data services. 2495

2496


a. Operate and maintain the existing BAN infrastructure, which includes all necessary cable 2498

plant (inside and outside) and equipment required to provide information transport 2499

functionality between LANs located on given bases/posts/camps/stations and connecting 2500

them to the BAN/LAN/SDP. BAN infrastructure shall provide a reliable IP-based 2501

network that supports a dual stack Internet Protocol version 4 and version 6 (IPv4/IPv6) 2502

environment and necessary IA services. 2503

b. Operate and maintain GFP and the existing LAN infrastructure, including cable plant 2504

(inside and outside) and equipment, wall jacks, Layer 2 and Layer 3 LAN switches, and 2505

WLAN devices. In the case of a very small site, the LAN is directly connected to the 2506

WAN or Internet Service Provider premise equipment. 2507

Attachment 1



100

i. Comply with the RFC 1918 requirements and maintain private IP space in the 2508

NGEN interior. 2509

ii. Comply with RFC 4193 for Testing and COI support. 2510

iii. Develop a recommended design and infrastructure assessment and test plan for 2511

transitioning of private IP address spaces to public IP addresses in accordance 2512

with Government direction. (CDRL A022 – Contract Change Proposal) 2513

iv. Migrate the NGEN IP space from private to public address space per approved 2514

migration plan. 2515

v. Assign static IP addresses as required on a case-by-case basis. 2516

c. Develop and maintain Routing Plan. (CDRL A040 – Routing Plan) 2517

i. Maintain and update quarterly the Master IP Routing Plan. 2518

ii. Design/document the routing. 2519

iii. Maintain interior routing of private IP addresses up to the site interior router and 2520

other infrastructure that utilizes private IP addresses. 2521

iv. Design, test, plan and pilot approach for transition of static routing to dynamic 2522

routing. 2523

d. Provide updated design documentation, installation as needed, maintenance, and 2524

operation of all required network and network security infrastructure needed to deliver all 2525

network/contract services (e.g. e-mail, web portal, workflow and collaboration, 2526

application hosting). 2527

e. Provide capacity and utilization monitoring of TXS components needed to deliver all ES 2528

provided services. 2529

f. Maintain IPv6/IPv4 Coexistence and Interworking Practices. 2530

i. Operate and maintain dual stack IPv4/IPv6 network devices. 2531

ii. Develop plan and implement migration to full IPv6 environment. 2532

g. Operate and maintain BAN/LAN/WAN interfaces for NGEN designated C2 sites. 2533

h. Comply with Government DIACAP processes prior to connecting any new device into 2534

the NGEN environment. 2535

i. Comply with the Navy Ports, Protocols and Services (NPPS) Manual. 2536

Attachment 1



101

j. The network technical and security architecture shall be consistent with Category 2537

Assignments List (CAL) (e.g., IP unicast and multicast at the network layer and Ethernet 2538

at the physical layer). 2539

k. Notify the Government if the addition of a network device or service will exceed 75% of 2540

existing port capacity, transport infrastructure element (e.g., rack space), WAN access 2541

circuit capacity, WAN subscription capacity, and inside and/or outside cable plant 2542

utilization. 2543

l. Maintain and configure Virtual Local Area Networks (VLANs) [e.g., providing single 2544

VLAN, multiple VLANs within a DMZ, B3 COI, to support Access Control List (ACL) 2545

solution]. 2546

m. Implement network layer access control lists and data link layer port security in TXS 2547


n. Maintain, configure, and provide support for port aggregation protocol (e.g., Ether 2549

Channel) for Government identified devices. 2550

o. Operate and maintain existing IP Multicast traffic. 2551

p. Operate and maintain very high bandwidth connectivity (≥10 Gbps) for select mission 2552

critical and standard application servers at ordered sites. 2553

q. Maintain and update SW and firmware required for BAN/LAN components. 2554

r. Provide annual BAN/LAN components tech refresh recommendations six months prior to 2555

the beginning of the Fiscal Year to update the Government provided annual NGEN TXS 2556

Technology Refresh Plan (TRP). (CDRL A014 - Technology Refresh Plan ) 2557

s. Conduct BAN/LAN tech refresh in accordance with Government provided NGEN TRP. 2558

t. Operate and maintain TXS infrastructure at Very Small Sites (VSS). 2559

u. Perform requirements analysis for future BAN and LAN services in support of NGEN 2560

modernization. 2561

v. Conduct annual service continuity BAN/LAN site assessments, identify deficiencies and 2562

provide future design/operations recommendations. (CDRL A028 – Technical Report) 2563

2564

Provide TXS waterfront support (to include recommending, receiving and managing inventory of 2565

material) to Shipyard environments that does not have an NGEN compatible infrastructure that 2566

Attachment 1



102

meets NGEN standards, to support the movement, repair and reinstallation of Data Seats that are 2567

subjected to waterfront surge events or shipyard environment limitations and hazards or where 2568

shipyard mission requirements dictate expedited handling. 2569

2570

3.3.21.1 Pierside Connectivity 2571

Enterprise Pier Connectivity Architecture (EPCA) provides network connectivity and TXS 2572

between ships and/or submarines with Government approved connection points and the 2573

corresponding supporting Fleet Network Operations Center (FLTNOC) or regional Mini‐NOC 2574

via the fiber optic Umbilical Cable Assembly (UCA) or Government approved wireless system. 2575

The EPCA consists of a system of elements located at the piers or wharves, at the Pier‐head 2576

Information Transfer Nodes, and the Pier Consolidation Point (PCP) ‐ and WAN TXS 2577

infrastructure and within the FLTNOC or regional Mini‐NOC as required. 2578

2579


a. Operate and maintain secure transport infrastructure between pierside connections from 2581

the shore to docked ships and submarines and the corresponding Information Technology 2582

for the 21st Century (US Navy IT program to improve shipboard communications and 2583

computing capability) (IT-21) FLTNOC facility. The TXS infrastructure supports the 2584

transmission of voice, video, and data via either wired, copper, standard fiber optic 2585

Umbilical Cable Assembly (UCA), or Government-approved wireless system. 2586

b. Maintain cables (UCA), connectors, risers, Government-installed wireless system and all 2587

other equipment supporting EPCA, inside and outside cable plants used from pier ITN 2588

building to connect with ship/sub connection box in accordance with the specifications 2589

provided in the NNWC memo dated 6 Dec 07 and per the sites and quantities listed in 2590

NGEN locations. 2591

c. Maintain an inventory of all EPCA equipment being maintained, including Government 2592

provided spares (e.g., inventory of all pierside networking equipment, cabling) in 2593

accordance with NGEN Asset Management tools and processes. 2594

Attachment 1



103

d. Development of a technical obsolescence and service delivery mitigation options 2595

(including alternative access schemes) for locations that will not be refreshed during the 2596

period of performance for the contract. (CDRL A028 – Technical Report) 2597

i. Provide TXS from vessel fiber optic interface at designated pier locations to Fleet 2598

NOC or regional mini-NOC. 2599

ii. Provide wide-area connectivity and bandwidth to naval vessels connected to the 2600

Pier Connectivity Architecture (PCA) access point. 2601

iii. Operate and maintain existing service for pier fiber optic cable plant Operate and 2602

maintain existing service when pier infrastructure is upgraded by the Government. 2603

iv. Operate and maintain newly installed PCA. 2604

v. Maintain PCA infrastructure and fiber optic cable plant with Original Equipment 2605

Manufacturer (OEM) or equivalent HW and SW. 2606

vi. Provide maintenance for the pierside network equipment and SW provided by the 2607

TXS Contractor. 2608

vii. Perform remote diagnostics with the end user when problems are identified. 2609

viii. Before an Incident ticket is closed, the TXS Contractor shall advise the Navy via 2610

the incident ticket of the actions taken. 2611

ix. Conduct ongoing analysis of Equipment maintenance and call history to track 2612

service trends. 2613

e. Maintain cables, Umbilical Cable Assembly (UCA), connectors, risers, Government-2614

installed wireless system and all other equipment supporting EPCA, inside and outside 2615

cable plants used from pier ITN building to connect with ship/sub connection box in 2616

accordance with the specifications provided in the NNWC memo dated 6 Dec 07 and per 2617

the sites and quantities listed in NGEN locations attached to contract. 2618

i. Provide and maintain fiber optic UCA to meet specifications described in Military 2619

Standard 2042-7(SH) and Naval Sea Systems Command (NAVSEA) drawing 2620

numbers 7325759, 7379171, and 7379173. 2621

ii. Maintain quantities of UCA cables at pier sites to meet fleet operational 2622

requirements. 2623

iii. Store, deliver and pick-up UCA to meet fleet operational requirements. 2624

Attachment 1



104

iv. Connect and disconnect UCAs to the ships/submarines and the Piers junction 2625

boxes (i.e., Pier risers). 2626

2627

3.3.21.2 Application Server Connectivity 2628

The TXS Contractor shall provide the following Standard Application Server Connectivity 2629

Services for all physical and virtual application servers managed by their respective DON 2630

organizations (such as NAVSEA and other Claimants) to enable their incorporation into the 2631

NGEN Enterprise environment: 2632

a. Assign a standard host name to the server. C27XXXXXYYYYNNO, where XXXXX is 2633

the system acronym, YYYY is the site code, NN is the server number, and O is an 2634

optional alpha identifier. Legacy naming will be maintained on an as needed basis. 2635

i. Validate the server connection status via the use of Ping and Trace commands. 2636

ii. Notify by email and/or telephone the Government’s identified point of contact 2637

when the TXS Contractor determines that the cause of an incident ticket 2638

concerning access to a Government application is not the Contractor’s 2639

responsibility. 2640

iii. Support failover connection for each mission critical server. 2641

iv. Provide inbound and outbound Secure Shell (SSH) protocol access for each server 2642

as directed by Government. 2643

v. Provide network access for inbound SSL traffic if the implementation meets 2644

NPPS and is approved by the Navy ODAA. 2645

vi. Provide network access to the designated NGEN Enterprise OCSP responder. 2646

vii. Provide access to 10 Multicast channels within the transport boundary for the 2647

LAN to which the server is connected. 2648

viii. Provide the capability and network access for the server to print to network 2649

printers using Windows print services and Line Printer Request (LPR). The use 2650

of LPR is contingent upon receipt of all Government-required approvals. 2651

ix. Provide the capability and network access for the server to print to network 2652

printers using Windows print services and Line Printer Request (LPR) from 2653

Attachment 1



105

within a Boundary 3 (B3) COI. The Servers may be using customer’s Active 2654

Directory. 2655

x. Perform Interim Authority to Connect (IATC) security scans of servers that will 2656

be or currently are placed within the USN network (enclave, B3 COI, DMZ.) As a 2657

result of the NOC IATC scan, the Contractor will provide the appropriate 2658

Government POC with the results that include Information Assurance 2659

Vulnerability Advisories /Information Assurance Vulnerability Bulletins status of 2660

the device, and overall security vulnerability assessment. 2661

xi. Provide network access to NGEN standard anti-virus definition files. 2662

b. The TXS provider shall also provide these supplemental functions to support physical and 2663

virtual Application Servers based on the requirements of the Claimant to ensure proper 2664

application functionality in the NGEN environment: 2665

i. Provide Network Address Translation (NAT) capabilities to address customers 2666

with permanent IP address space. 2667

ii. Provide multicasting capability and ongoing support within the transport 2668

boundary for the LAN to which the server is connected. 2669

2670

3.3.21.3 Program of Record Workstation Connectivity 2671

The TXS Contractor shall provide for the connection and access of Program of Record (POR) 2672

workstation to the network to include: 2673

a. Obtain and assign a static IP address. 2674

b. Deliver the static IP address to an assigned wall plug. 2675

c. Register the POR device. 2676

d. Establish a virtual local area network, if required. 2677

e. Invoke Network Layer access control lists and Data Link Layer port security as required. 2678

f. Allow the POR device to connect to an application server, as required. 2679

2680

3.3.21.4 Wireless Local Area Network (WLAN) Services 2681

Attachment 1



106

NGEN WLANs are deployed in infrastructure mode-only, via wireless access points, as 2682

extensions to existing wired networks in order to allow clients to access network resources or the 2683

Internet without physical connections to the network via a cable. 2684

2685


a. Conform to DoD Directive 8100.02, 23 April 2007. 2687

b. Maintain and operate wireless connections to the network ensuring compliance with 2688

DISA Wireless STIG and SECNAVINST 2075.1 guidance. 2689

c. Utilize, as a minimum, WPA2 Encryption (802.11i) for all unclassified wireless traffic. 2690

d. Maintain and operate WLAN service for wireless transmission of classified information 2691

using approved client devices. 2692

e. Design and implement WLAN service for wireless transmission of classified information 2693

using approved client devices. 2694

f. Operate and manage GFP National Security Agency (NSA) Type 1 encryptors for all 2695

Classified WLAN services. 2696

g. Integrate and install GFP NSA Type 1 encryptors for all new Classified WLAN services. 2697

h. Provide the capability to detect, isolate and remediate unknown or rogue wireless device 2698

within the vicinity of a network WLAN. 2699

i. Implement new or maintain the currency of WLAN access capabilities (e.g., IEEE 2700

802.11n) to the network as required by the Government- approved NGEN TXS. 2701

j. Technology Refresh Plan (TRP). [See Logistics section]. 2702

k. Develop WLAN access point design documentation as required in the TRP; provide 2703

configuration and installation of all APs to include ‘as built’ drawings. (CDRL A011 – 2704


l. Provide the capability to execute Government directed wireless port activation, switch 2706

activation and switch configuration. 2707

m. Provide monitoring and maintenance services for NGEN wireless capabilities to include 2708

the following: 2709

i. Per Site – updates to WLAN controller, operating environment and associated 2710


Attachment 1



107

ii. Per Access Point – device configuration, Information Assurance Vulnerability 2712

Advisories patching, SW maintenance and upgrades. 2713

n. Operate and maintain TXS components supporting as-is radio frequency identification 2714

environment – to include device configuration, Information Assurance Vulnerability 2715

Advisories patching, SW maintenance and upgrades for access points supporting radio 2716

frequency identification devices used in radio frequency identification tag environment. 2717

2718

3.3.22 Wide Area Network (WAN) Services 2719

WAN services provide separate connections to external networks, including NIPRNet, SIPRNet, 2720

Defense Research Engineering Network (DREN) and the Internet. WAN services provide 2721

transport of voice, video and data from Government base, facility and office locations, across 2722

non-Government property, to other Government base, facility and office locations. WAN 2723

requires connectivity to the NIPRNet at the unclassified B1 gateway, and SIPRNet at the 2724

classified B1gateway. This will allow the individual unclassified NGEN seats to access resources 2725

on NIPRNet and the Internet, and classified seats to access resources on SIPRNet. 2726

2727

The Navy expects to accelerate implementation of Thin Client Services (TCS) that provides for a 2728

client computer or client software in client-server architecture networks that depends primarily 2729

on the central server for processing activities, and mainly focuses on conveying input and output 2730

between the end user and the remote server. TCS can include the use of virtualization to support 2731

centrally housed and managed desktops that are “streamed” to the end user, or hosted desktops 2732

such that operating system processing itself occurs centrally. TCS can also incorporate centrally 2733

managed streamed applications, or centrally managed server/web-based application capabilities. 2734

2735


a. Provide Government with technical information required to place a DISN circuit order. 2737

b. Propose, design, install and document site modifications to connect BAN and/or LAN to 2738

local DISN SDP in accordance with Site-WAN circuit mapping. (CDRL A011 –2739


c. Maintain WAN Routing Plan. (CDRL A040 – Routing Plan) 2741

Attachment 1



108

i. Maintain interior routing of private IP addresses up to the site interior router and 2742

other infrastructure that utilizes private IP addresses. 2743

ii. Design, test, pilot and implement a solution for migration from static routing to 2744

dynamic routing. 2745

d. Provide the following services required to complete installation of circuit services: 2746

i. Install and test circuit extensions and base extensions, including coordination with 2747

Base Communications Office (BCO), DISA and Government Program Manager 2748

for end-to-end testing and activation of DISN circuits. 2749

ii. Document WAN interface HW and SW to support Certification and 2750

Accreditation. (CDRL A018 – DoD Information Assurance Certification and 2751

Accreditation Package) 2752

e. Provide a Capacity Planning report based on LAN/WLAN/BAN/WAN network data. 2753

(CDRL A028 – Technical Report) 2754

i. Maintain as-is modeling capabilities to support the planning of changes to the 2755

network infrastructure, specifically to estimate future volume, usage, and 2756

application characteristics, as well as integration of emerging technology and 2757

utilization of DISN provided as GFP. 2758

ii. Provide quarterly analysis of the network capacity and recommendations for 2759

future engineering changes. 2760

f. Configure external network connections to allow for interoperability with other DoD 2761

networks such as Marine Corps Tactical Data Network (MCTN) and IT-21, and to major 2762

commercial partners of DON stakeholders. 2763

g. Operate and maintain transport boundary infrastructure and services providing 2764

connectivity for operational Command, and Control, Intelligence Surveillance and 2765

Reconnaissance (C2ISR) on classified networks (and unclassified networks where 2766

appropriate) at the MOCs, NOCs, and Fleet NOCs. This includes support for establishing 2767

and maintaining Multiprotocol Label Switching (MPLS) QOS, where enabled. 2768

h. Manage the connection to long-haul services provided by the Government to the 2769

Government identified point-of-presence for the purposes of configuration, maintenance, 2770

and troubleshooting. 2771

Attachment 1



109

i. Accept and manage the connections of NSA Type 1 Encryptors from the Government for 2772

installation, configuration and use. 2773

j. Submit annual WAN Transport Boundary TRP. (CDRL A014 - Technology Refresh 2774

Plan) 2775

k. Operate and maintain NGEN DCE/C2 Nodes: 2776

i. Provide for remote network management for NGEN DCE Transport Boundary 2777

elements. 2778

ii. Test, implement, and document Government-approved material and nonmaterial 2779

configuration changes in accordance with the CMIP. 2780

iii. Provide on-site support and touch labor to support incident management at all 2781

NGEN DISN Core Extension (DCE) WAN locations. 2782

iv. Provide 24x7x365 on-site maintenance for the fielded system. 2783

2784

3.3.22.1 Non-Secure Internet Protocol Router Network (NIPRNet) and Intranet 2785

The NIPRNet is a global long-haul IP-based network to support unclassified IP data 2786

communications services for combat support applications to the DoD, Joint Chiefs of Staff (JS), 2787

Military Departments (MILDEPs) and Combatant Commands. The NIPRNet provides seamless 2788

interoperability IP services to customers with access data rates ranging from 56 kbps to OC-192 2789

via direct connections to a NIPRNet router, remote dial-up services (56 kbps), services to the 2790

Tactical community via Integrated Tactical Strategic Data Network/STEP sites and access to the 2791

Internet. 2792

2793

The TXS Contractor shall operate and maintain B1 TXS components connecting to the NIPRNet. 2794

Monitor network status and resolve connectivity issues surrounding the operation and 2795

maintenance of the NIPRNet B1. 2796

2797

3.3.22.2 Secret Internet Protocol Router Network (SIPRNet) 2798

The SIPRNet is DoD's interoperable C2 data network, supporting the Global Command and 2799

Control System, the Defense Message System (DMS), collaborative planning, and numerous 2800

Attachment 1



110

other classified warfighter applications. Direct connection data rates range from 56 kbps to OC-2801

24. Remote dial-up services are available up to 115.2kbps. 2802

2803


a. Operate and maintain B1 solutions for secure traffic exchange with the SIPRNet at 2805

Government designated locations. 2806

i. Monitor network status and resolve connectivity issues surrounding the operation 2807

and maintenance of the SIPRNet B1. 2808

b. Comply with all pertinent Government/DISA STIGs except as authorized by the Navy 2809

ODAA. 2810

c. Interface DON SECRET enclaves or COIs to SIPRNet. 2811

d. Transport classified data using approved physical and/or cryptographic separation 2812

mechanisms. 2813

e. Protect SECRET and below data in transit as specified in NGEN Enterprise Systems 2814

Security Authorization Agreement (eSSAA) security plans or DIACAP equivalent 2815

including support for incorporating required protection mechanisms in accordance with 2816

DoDI 8500.2 Mission Assurance Categories I and II Classified IA Controls (Mission 2817

Assurance Category I is to support MOC connectivity). 2818

f. Comply with the SIPRNet Connection Approval Process security standards and continue 2819

to comply with the updated security requirements that the Defense IA/ Security 2820

Accreditation Working Group (formerly DISN Security Accreditation Working Group 2821

imposes on the SIPRNet. 2822

g. Incorporate process and resources to support the execution of DIACAP (the 2823

identification, installation, configuration, and operation of SIPRNet connections. 2824

2825

3.3.22.3 Satellite Communications (SATCOM) Services 2826

SATCOM is a service that connects satellite-based up/down communication linkage to network 2827

SDPs within the logical network enclave to secure points outside the network enclave. The TXS 2828

Contractor is not being tasked to provide the SATCOM link. 2829

2830

Attachment 1



111


a. Provide for the extension of the network via commercial satellite communications, 2832

terminating at DON or commercial mobile Earth stations. 2833

b. Provide engineering support to deploy with communication link to establish and 2834

configure service. 2835

c. Provide HW and SW support and maintenance satellite communication interface 2836


d. Provide network services over high latency circuits (satellite connection) with the 2838

following where needed: 2839

i. DSTB service via SATCOM link that allows network end users the ability to have 2840

direct secure access into NGEN and resources (via B1) while deployed. 2841

a) Utilize Bandwidth optimization (WAN acceleration) technologies. 2842

b) Pre-load cache for deployable WAN acceleration device. 2843

ii. Tactical printer solution (in coordination with ES). 2844

a) Enables local printer access for in-field printing (i.e., bypassing print 2845

servers while deployed). 2846

b) Allows for connection of only printers certified for use on network. 2847

e. Maintain Satellite interface solution that meets DON security requirements for 2848

NIPRNet/SIPRNet traffic to include: 2849

i. VPN/ IP Security (IPsec) encrypted traffic—by requesting the appropriate class 2850

certificate(s) from ES for installation of each VPN concentrator or server 2851

instance--over NIPRNet and Internet. 2852

ii. Coordinate all solutions/connections with the Navy ODAA. 2853

iii. VPN encrypted on location when utilizing DON tactical circuit. 2854

a) Maintain existing services over High latency circuits (satellite 2855

connection). 2856

b) Maintain existing Bandwidth optimization (WAN acceleration) 2857

technologies. 2858

f. Maintain DSTB service via SATCOM link while deployed. 2859

2860

Attachment 1



112

3.3.23 Data Storage Services 2861

Data Storage Services provide storage solutions for Online, near-line, and off-line storage. 2862

2863


a. Operate and maintain classified and unclassified storage capabilities including SW, HW, 2865

processes, and tools to facilitate the management and reporting of different classes of 2866

storage services across a wide range of workloads and applications. 2867

b. Provide end users the ability to store and retrieve files on shared and controlled-access 2868

storage media. 2869

c. Manage on-demand access to scalable storage space to optimize performance for storage 2870

intensive applications. 2871

d. Perform file share and folder administration capabilities: 2872

i. Provide, operate and maintain storage management and reporting tools that 2873

provide the Government and the Contractor the following capabilities: 2874

a) Government organizational units’ allocation. 2875

b) Group allocation. 2876

c) End user allocation. 2877

d) Storage utilization reporting. 2878

e) Security management for the storage and transmission of data. 2879

f) Capacity management to enable the on-demand addition of capacity or the 2880

physical or logical reallocation at any tier, within hardware constraints. 2881

ii. Provide storage report by participating command. (CDRL A028 – Technical 2882

Report) 2883

a) Actual Usage: The amount of data actually stored on a device at a specific 2884

time or over a period of time. 2885

b) Threshold Violations: The situation when a storage array exceeds 75% 2886

capacity. 2887

c) Anticipated Usage: The amount of data that is allocated for storage on a 2888

device. 2889

d) Rate of Access: The frequency with which data files are accessed. 2890

Attachment 1



113

iii. Assign individual and group permissions at the file and folder level to include the 2891

ability to open, list, read, modify, save, copy, delete, and rename as well as print 2892

files and map folders. 2893

iv. Control the manipulation of shared folders at the individual and group level 2894

including the ability to: 2895

a) Change folder security permissions even when explicit rights are taken 2896

away from the File Share Manager by an end user. 2897

b) Determine who has locked files on a file server and, when necessary, 2898

unlock the files. 2899

v. Set up file type filtering on a folder and all sub-folders within a Government 2900

organizational unit’s shared space, and provide the ability to restrict by file type. 2901

vi. Control the physical size limit quota of a folder and all sub-folders within a 2902

Government organizational unit’s shared space: 2903

a) Set the maximum size quota of a folder to prevent the aggregated size of 2904

the files contained in the folder and sub-folders from exceeding an 2905

established limit quota. 2906

b) Set thresholds for folders and sub-folders and alert the identified folder 2907

manager when they are approaching the size limit. 2908

c) Grant sufficient permissions to Government authorized POCs to produce 2909

on-demand space utilization reports with sub-level folder totals. 2910

d) Operate and maintain Microsoft Exchange Services email and public 2911

folder storage systems for the allocated storage and auto-archiving. 2912

e) Operate and maintain end user and Government organizational unit’s file 2913

server storage provisions. 2914

e. Provide incremental daily backup of all file shares. 2915

f. Provide for recovery for all stored data: 2916

i. For online backup - within 24 hours of a restore request. 2917

ii. For offline backup - within 48 hours of a restore request. 2918

iii. For offline, offsite backup - within 72 hours of a restore request. 2919

Attachment 1



114

g. Operate and maintain the storage environment of critical information assurance logging 2920

data stored for forensic analysis and provisions in accordance with requirements outlined 2921

in DoD Instruction 8500.2 and JTF-GNO INFOCON Level 3 Clarification and Guidance. 2922

2923

3.3.24 Enterprise Messaging Services 2924

Enterprise Messaging Services include the operation and maintenance of NIPRNet and SIPRNet 2925

e-mail messaging systems. 2926

2927


a. Operate and maintain the enterprise messaging capability to process, deliver, store, and 2929

receive email, and associated attachments. 2930

i. Operate and maintain required software (e.g., Exchange 2010 and Server 2008R2) 2931

and required licenses to deliver messaging to end users [e.g., Client Access 2932

Licenses (CAL)] 2933

ii. Operate and maintain the NGEN messaging server infrastructure, message 2934

archiving, spam filtering, mail security, and anti-malware capabilities. 2935

a) Provide, operate, and maintain content filtering capabilities to prevent 2936

unwanted incoming email or embedded malicious code in incoming email. 2937

i. Provide spam filtering that blocks unwanted email, contains 2938

content that is prohibited by policy, or is coming from a 2939

masqueraded source. 2940

ii. Provide malicious code filtering that blocks incoming email that 2941

contains malware from reaching the end recipients. 2942

iii. Allow users and organizations to create, modify, and delete all 2943

personal, command, echelon, and organizational messaging 2944

distribution lists. 2945

b. Configure the email client with the ability to send and receive signed and encrypted email 2946

and attachments using PKI certificates issued by the DoD PKI certifying authority and 2947

DoD-approved external PKI certifying authorities. 2948

Attachment 1



115

c. Configure email service to conform with 1) Simple Mail Transfer Protocol (SMTP), 2949

native Remote Procedure Calls (RPC), and Hypertext Transfer Protocol (HTTP); and, 2) 2950

approved Designated Approving Authority (DAA) configuration to ensure 2951

interoperability and remote access. 2952

d. Operate and maintain capability to execute mailbox restore within 4 hours of loss for 2953

Government identified mission critical end users. For all others, restore mailbox within 7 2954

days. 2955

e. Operate and maintain the BlackBerry (BB) and other smartphone email service 2956

infrastructures [e.g., BlackBerry Enterprise Servers (BES) or the BES successors]. 2957

i. Configure BB and other smartphones to support PKI certificates issued by the 2958

DoD PKI certifying authority and DoD-approved external PKI certifying 2959

authorities. 2960

ii. Configure and integrate NGEN BB service provider phones and smartphones (e.g 2961

AT&T, Sprint, T-Mobile, and Verizon) devices into NGEN end user workstations 2962

and BES and other PDA email servers. 2963

iii. Install, configure, and support vendor specific software for approved BB and 2964

other smartphone devices (e.g., BB Desktop management software). 2965

iv. Install, configure, and support tethering functionality for all NGEN BB and other 2966

smartphone service provider devices 2967

v. Provide integration, certification, and accreditation of new BB and smartphone 2968

devices. 2969

f. Provide, operate, and maintain the NIPRNet and SIPRNet capability to access email via a 2970

web-based application [e.g., Outlook Web Access (OWA)]. 2971

i. Enable only PKI-based end user authentication to control access to the NIPRNet 2972

application. 2973

ii. Allow PKI-based end user authentication to control access to the SIPRNet 2974

application. 2975

2976

3.3.25 Enterprise Web Portal Services 2977

Attachment 1



116

Enterprise Web Based Services consist of the Homeport classified and unclassified websites, and 2978

SearchNAVY Content Discovery tool. 2979

2980

3.3.25.1 Homeport 2981

Homeport serves as a single gateway for DON personnel to access information, services, 2982

support, and training resources for the NGEN services. 2983


a. Operate and maintain the unclassified and classified Homeport. 2985

i. Promulgate service alerts, as well as outage and degradation notification 2986

messages. 2987

ii. Publish scheduled maintenance information and impact statements. 2988

iii. Provide and update contact information for the NGEN Service Desk, including 2989

alternate contact information for USN desks, classified desk, and Special 2990

Assistance desks. 2991

iv. Provide content discovery and search capability. 2992

v. Provide a searchable library of existing training materials that address primary 2993

end user needs including [(e.g., 1) operating system functions and capabilities; 2) 2994

core build applications; 3) common issues, and 4) common end user 2995

applications)]. 2996

vi. Provide a searchable archive of end user communications, alerts, and 2997

notifications. 2998

vii. Provide a list of all HW and SW that have been certified for use on the Network 2999

including the OEM name, hardware model, and software version. 3000

viii. Provide NGEN program, contract, and public affairs materials as published by the 3001

NGEN Public Affairs Officer and post links, as directed by the Government, to 3002

other NGEN related information. 3003

ix. Restrict access and usage to elements of Homeport, sub-sites or specific content 3004

areas when directed by the NGEN Program Office. 3005

3006

3.3.25.2 Content Discovery 3007

Attachment 1



117

SearchNAVY provides enhanced search features that allow fast and secure discovery of 3008

information within the Navy management domain using simple keywords and phrases. 3009

Information sources include structured and unstructured data from: 3010

a. Intranet websites 3011

b. Portal data 3012

c. Local file shares 3013

d. Exchange folders 3014

e. Legacy systems 3015

f. Databases 3016

g. Document management systems 3017

h. Service desk systems 3018

i. Homeport 3019

3020


a. Maintain and operate the current capabilities of SearchNAVY in accordance with the 3022

detailed SearchNAVY requirements provided in Reference AXXXX, Content Discovery 3023

Requirements. 3024

b. Provide a self-service capability for the specified Government representatives to obtain 3025

usage heuristics. 3026

c. Restrict access and usage to sub-sites or specific content areas when directed by the 3027

Government. 3028

3029

3.3.26 Collaboration Services 3030

Defense Connect Online (DCO) provides Web conferencing (to include audio, video, chat, 3031

instant messaging, screen sharing etc.) and chat capabilities for DoD end users. DCO is 3032

composed of two commercial tools and a custom portal for access. Adobe Connect is the Web 3033

conferencing application and Jabber is the XMPP secure chat service and client. 3034

3035


Attachment 1



118

a. Operate and maintain desktop tools and browser configurations to enable end users on the 3037

NGEN network the ability to fully utilize the collaboration functionality provided by 3038

DCO as contained in USCYBERCOM Communications Tasking Order (CTO) 10-033A. 3039

b. Integrate and install updated or revised NCES services. 3040

3041

3.3.27 Voice over Internet Protocol (VoIP) Options and Services 3042

VoIP Services enables voice communications over an Internet Protocol (IP) network interfaced 3043

with the Public Switched Telephone Network (PSTN). The NGEN VoIP system supports 3044

communications via analog and digital handsets, computer terminals, fax machines, and 3045

conference speakerphones [analog connections are via Analog Telephone Adapter (ATA) 3046

devices]. The NGEN VoIP system must be compliant with the DoD CIO Unified Capabilities 3047

Master Plan (UCMP) Version July 2011, the Defense Information Systems Agency (DISA) 3048

Unified Capabilities Requirement (UCR) Version 2008 Change 2, relevant security 3049

requirements, and VoIP relevant Security Technical Implementation Guides (STIGs) in order to 3050

deliver Assured Services (AS) capabilities. 3051

3052

DSN trunks, NSA approved Type-1 encryption devices, as well as PSTN, Federal 3053

Telecommunications Service (FTS) / Networx, and DSN circuits will be Government Furnished 3054

Property (GFP). 3055

3056


a. Support the delivery of VoIP services 3058

i. Operate and maintain assigned VoIP components e.g.: 3059

a) Media servers. 3060

b) Application servers. 3061

c) End user devices and handsets. 3062

d) VoIP-enable fax machines. 3063

ii. Update continually NGEN VoIP design as well as Certification and Accreditation 3064

(C&A) documentation for end-to-end VoIP configurations for all components 3065

[e.g., Quality Of Service (QOS) aware gateways, switches, routers, servers, PSTN 3066

Attachment 1



119

interfaces, end user devices, Local Session Controllers (LSC), Edge Boundary 3067

Controllers (EBC), and other equipment supporting VoIP services]. 3068

iii. Maintain telephony administration database that includes a web interface for end 3069

users and captures monthly usage information [e.g., individual base, command, 3070

and Physical Site Identifier (PSI)]. 3071

iv. Provide Move, Add, and Change (MAC) services for assigned VoIP components 3072

in accordance with the NGEN MAC process. 3073

v. Provide receipt, tracking, and resolution of assigned VoIP incidents in accordance 3074

with the NGEN Incident Management process. 3075

3076

3.3.28 Unclassified Mobile Phone Services 3077

Unclassified Mobile Phone Services are a comprehensive set of wireless cellular capabilities, 3078

available through multiple carriers with the service plans to support end users throughout the 3079

United States and its territories, which includes cellular phones, Personal Digital Assistant 3080

(PDA) devices, paging services, and cellular data network access devices. 3081

3082


a. Provide data integration services of Government furnished mobile devices (e.g., iPhone, 3084

iPad, BlackBerry, and Android) to: 3085

i. Enable secure email, text, tethering, and messaging services. 3086

ii. Integrate Government provided cellular data card and service from a Tier 1 3087

mobile services provider (e.g., AT&T, Sprint, and Verizon). 3088

b. Collaborate with designated Government representatives to enable delivery on a new 3089

account order within 14 business days of receiving the request. 3090

c. Provide ongoing end user support initiated through requests to the NGEN Service Desk. 3091

3092

3.3.29 Classified Mobile Phone Services 3093

Classified Mobile Phone Services provide classified voice services that are certified by the 3094

National Security Agency (NSA) and are compliant with DOD Directive 8100.2. Secure 3095

Wireless Cellular Service consists of cellular data network access services and the connection of 3096

Attachment 1



120

Government-supplied Secure Multi Environment Personal Electronic Devices (SME PED) and 3097

SIPRNet email accounts. The SME PED, with its dedicated infrastructure, provides end-to-end, 3098

secure solutions for voice and data to Senior Commanders and their senior staff members. 3099

3100


a. Provide data integration services of classified Government furnished SME PEDs to: 3102

i. Enable secure classified email, text, tethering, and messaging services. 3103

ii. Provide integration to the DOD Light Directory Access Protocol (LDAP) or the 3104

Online Certificate Status Protocol (OCSP) servers for real time certificate 3105

validation of the SIPRNet hard tokens. 3106

b. Operate and maintain the SME PED Management Server and software. 3107

c. Operate and maintain a dedicated Mail Proxy Server connected to the Microsoft 3108

Exchange system. 3109

d. Operate and maintain a dedicated Policy and Management Server. 3110

e. Review, comply with, and implement Security Technical Implementation Guide (STIG) 3111

requirements for wireless STIG. 3112

f. Prepare all certification documentation required for the Authority to Operate (ATOs) 3113

from the Navy Operational Designated Approval Authority (ODAA). 3114

3115

3.3.30 Video Teleconferencing (VTC) Services 3116

Video Teleconferencing (VTC) Services are comprised of the hardware, software, network, and 3117

scheduling services necessary to deliver real time video and audio communications between end 3118

users at two or more locations. 3119

3120

VTC Services include: 1) cameras; 2) coder-decoder (CODECs); 3) monitors; 4) onscreen 3121

menus; 5) dynamic speaker technology; 6) far-end camera control; 7) collaborative tools; 8) 3122

VTC scheduling set-up and operations; 9) Internet Protocol (IP) infrastructure; 10) multi-session; 3123

11) Multi-point Control Unit (MCU) bridging service; and, 12) remote diagnostics. The VTC 3124

Services provide VTC connectivity throughout NGEN and with external participants via high 3125

bandwidth communications, point-to-point, and point-to multi-point switching. 3126

Attachment 1



121

3127


a. Operate and maintain hardware, software, and scheduling tools required for end users to 3129

conduct video conferences with other parties on the network or on other DON, DoD, 3130

federal, or commercial networks. 3131

b. Comply with DISA Uniform Capabilities Requirements and Federal Telecommunications 3132

Recommendations (FTR) 1080B-2002 standards (H.320 and H.323) for IP VTC sessions 3133

for all future designs. 3134

c. Support the following service elements: 3135

i. Fixed Video: Configure, operate, and maintain existing audio-visual services in 3136

existing dedicated facilities where end users can initiate and participate in live 3137

video teleconferences connectivity within and external to NGEN. Configure, 3138

operate, and maintain room cameras with full area coverage, large monitors, on-3139

screen menus, dynamic speaker technology, far end camera control, as well as 3140

video player and recorder capability. 3141

ii. Moveable Video: Configure, operate, and maintain movable VTC capability. 3142

iii. Desktop: Configure capability for end users to participate in live video 3143

teleconferences from any NGEN seat. 3144

d. Provide facilitator-assisted videoconference setup and operation on a 24x7x365 basis. 3145

e. Configure video service to be delivered via Integrated Services Digital Network (ISDN) 3146

or other digital transmission service. 3147

f. Configure VTC system that enables the routing of video calls: 3148

i. To off-net locations over the NGEN to the NGEN location nearest the destination 3149

point. 3150

ii. Over the Defense Information Systems Network (DISN) Video Services Global 3151

(DVS-G) or Federal Telecommunications System 2001 (now General Services 3152

Administration Network Contract), ISDN, and other commercial digital services 3153

when specified by the end user. 3154

g. Configure the equipment to support transfer of multimedia data (e.g., text, graphics, 3155

images, video, and audio) to a format the receiving side can integrate. 3156

Attachment 1



122

h. Provide remote diagnostics for videoconferencing from the NOCs. 3157

i. Provide software distribution and upgrades to videoconference software and firmware. 3158

j. Configure NGEN VTC system to support multi-point bridging. 3159

k. Configure movable VTC seats to operate over temporary connections such as the 3160

Deployable Site Transport Boundary (DSTB). 3161

3162

3.3.31 End User Computing Services 3163

End User Computing Services include the provisioning, storage, configuration, integration, 3164

installation, operation, maintenance, and end-of-life disposal of classified and unclassified 3165

workstations (fixed or portable) and deployable workstations and associated peripherals. 3166

3167

3.3.31.1 Workstations (Fixed, Portable, or Virtual) 3168


a. Provide end user hardware as a service (ES Contractor owned HW[dls1]), if ordered. 3170

b. Procure, ship, track, stage, configure, and install hardware and software (including GFE 3171

equipment) based on NGEN orders (classified and unclassified). 3172

i. Provide and track equipment and execute custody transfer of any GFE hardware 3173

received at the site in accordance with FAR 52.245-1 (Alt 1) and the ES Asset 3174

Management Implementation Plan (AMIP). 3175

a) End user computers (ES provided) 3176

b) Additional hardware and peripherals (GFE or ES provided) 3177

c) Computer /Electronic Accommodations Program (CAP-Section 508) HW 3178

(GFE) 3179

ii. Update asset and configuration management databases as required in accordance 3180

with the NGEN Asset and Configuration Management plans. 3181

a) Perform asset identification, scanning and logging of assets that have been 3182

delivered (tagging). 3183

iii. Configure and deploy end user HW and SW. 3184

Attachment 1



123

a) Configure HW with core build, Functional Area Manager (FAM) 3185

approved applications, NGEN certified applications, and approved SW to 3186

the HW identified in end user profiles. 3187

i. Support COI-specific core build integration for all NGEN COIs 3188

[e.g., NCIS, NNPI, unclassified, classified, NLSO (Tax), and 3189

PACOM]. 3190

b) Configure workstations based on DAA approved configurations, DoD and 3191

DON policy and guidance to include the Defense Information Systems 3192

Agency (DISA) Security Technical Implementation Guidelines (STIGs), 3193

DISA Enclave STIG, and SECNAVINST 2075.1 Guidance as specifically 3194

agreed upon and approved by the Navy Operational Designated 3195

Approving Authority (ODAA) for the Network. 3196

c) Configure all workstations to include a DoD-approved smart card reader 3197

in accordance with DoD Directive 8190.3 and DoD Instruction 8520.2, 3198

Smart Card Technology. 3199

d) Configure all workstations in the NGEN environment so they are locked 3200

down and no additional software can be added by the end user with the 3201

exception of plug and play and approved devices or print drivers[dls2]. 3202

iv. Perform data migration from previous to new HW, as applicable. 3203

a) Provide access to migrated data or external data storage devices to ensure 3204

end user data sources are valid and accessible. 3205

b) Transfer data from external devices enabled with Data at Rest (DAR) 3206

solutions. 3207

v. Notify the Government Custodian or designated representative that equipment has 3208

been delivered, data migrated and installed applications are functioning properly. 3209

vi. Install and Deploy clients and additional peripheral hardware. 3210

a) Provide onsite resources to support deployment and operational validation 3211

of clients. 3212

i. Develop workstation deployment test plan to be approved by the 3213

Government. (CDRL A026 – Test Plans) 3214

Attachment 1



124

ii. Conduct performance tests on each workstation after it is fully 3215

loaded with all applicable software and security configurations in 3216

accordance with Contractor provided and Government approved 3217

workstation test plan. 3218

a. Ensure client can map to network printers and assigned 3219

network drives. 3220

b. Ensure Email client has been configured and mail is 3221

operational and integrated with smart card reader. 3222

c. Ensure core build software is available and operational. 3223

d. Ensure transferred data is available and complete. 3224

vii. Maintain installed end user equipment 3225

a) Repair or replace defective end user hardware. 3226

b) Manage warranties on end user hardware. 3227

c) Provide loaner or spare end user hardware to end users during the period 3228

that their equipment is not available for use. 3229

d) Upgrade client software upgrades, configurations, tool extensions, and 3230

templates, in accordance with the Government-approved core build 3231

Software Update Plan, DAA approved configurations, IAVA or IAVMs or 3232

as directed by the Government to meet emergent security requirements. 3233

e) Install additional end user HW and SW, at the end user location including 3234

connecting approved peripherals (as ordered). 3235

f) Provide the capability to access and load approved device drivers online 3236

via available website to include printer drivers. 3237

g) Dispose of end-of-life classified and unclassified workstations and 3238

associated peripherals in accordance with FAR 52.245-1 (Alt 1). 3239

3240

3.3.31.2 Portable End User Device (Computing Services) 3241

In addition to the above, the ES Contractor shall configure and deploy portable end user HW and 3242

SW with the following capabilities: 3243

a. Battery power display and management tools. 3244

Attachment 1



125

b. 802.11 a/b/g/n wireless connectivity hardware. 3245

c. 802.11 a/b/g/n wireless connectivity management software. 3246

3247

3.3.31.3 Deployable End User Computing 3248

In addition to the above, the ES Contractor shall provide, maintain, and support deployable end 3249

user devices for use in an expeditionary or field environment: 3250

a. Provide deployment support services and logistics support services of loaners and spares 3251

for operational forces in a deployed environment. 3252

b. Provide worldwide logistics support for deployed end user devices and software to meet 3253

war fighter requirements including: 3254

i. Replacement devices for deployed hardware. 3255

ii. Integration of forward "points of service”. 3256

iii. Remote troubleshooting. 3257

iv. Technical liaison and support for Deployed Naval Unit Information Technology 3258

(IT) specialists. 3259

c. Coordinate with the Government to have spares available (up to 5% whole unit and up to 3260

5% hard drive of deployed devices), as part of the Pack up Kit (PUK) to facilitate 3261

operations at sea or for forward deployed locations. 3262

d. Provide to the Government alerts of equipment failures while deployed. 3263

e. Ensure that any replacement parts are shipped via means approved by the Government. 3264

f. Assume all costs associated with the commercial shipment of devices and spares to 3265

deployed units. 3266

g. Perform configuration, reconfiguration, upgrades, and software maintenance upon return 3267

of the deployed devices and prior to reconnection with the shore NGEN infrastructure in 3268

accordance with the pertinent IAVA. 3269

i. Reconfigure deployed end user devices for return and interface with NGEN in the 3270

event that the Government IT support does not return with the unit. 3271

ii. Submit the required MACs[dls3] 3272

iii. Scan the returning deployable end user devices, if requested by Government, to 3273

validate compatibility with the network. 3274

Attachment 1



126

h. Provide deployable end user devices that are capable of interfacing with 1) IT-21 3275

shipboard networks; 2) the Marine Corps Tactical Network (MCTN); 3) the ONE-NET 3276

environment; and. 4) other DON and DoD networks. 3277

i. Provide deployable services for scheduled movements that are known in advance, 3278

contingency operations, and other unplanned movements. 3279

j. Provide trained DON IT personnel system administrator rights to perform all functions 3280

required to operate and maintain deployed end user devices in the embarked 3281

environment. 3282

k. Maintain needed curricula to train end users in the use of NGEN equipment in deployed 3283

environments. 3284

i. Provide the curricula electronically via the DON Portal Environment (currently 3285

Homeport) for use by the NGEN end user community. 3286

ii. Update the curricula continually to incorporate relevant changes in the 3287

deployment tools, processes, and networks. 3288

l. Provide the tools and training to enable deployed command to locally rebuild end user 3289

devices. 3290

m. Provide a copy of the core build media and authorized application software loaded on the 3291

deployed end user devices to facilitate a rebuild. 3292

n. Provide email redirection, forwarding, and reimplementation of full service email for 3293

deployed accounts. 3294

o. Provide email redirection to a “.mil” or “.gov” address only. 3295

p. Implement and maintain the email redirection capability to allow deployed end users to 3296

remotely and securely start, stop, or modify their email redirection configuration. 3297

q. Provide an automated web based deployable tool solution to allow the Government IT 3298

unit to remotely choose, schedule, and execute the deployment of end user devices. 3299

3300

DON Desktop Virtualization Services Implementation 3301

The ES Contractor shall implement Desktop Virtualization services to provide a server-centric 3302

computing model that supports the delivery of end user services such as data storage and 3303

messaging services in accordance with requirements outlined in (Attachment).[LM4] 3304

Attachment 1



127

3305

3.3.31.4 Desktop Virtualization Services 3306

Desktop Virtualization Services provide a server-centric computing model for delivery of end 3307

user services. 3308

3309


a. Operate and maintain the NGEN Desktop Virtualization services. 3311

b. Procure, ship, track, stage, configure, and install Desktop Virtualization HW and SW 3312

equipment (classified and unclassified). 3313

i. Deliver and tag ordered services and associated HW in accordance with FAR 3314

52.245-1 (Alt 1) and the AMIP including: 3315

a) Desktop Virtualization client terminals. 3316

b) Optional HW and peripherals (GFE or ES Contractor provided). 3317

ii. Update asset and configuration management databases as required in accordance 3318

with the AMIP, CMIP, and the FAR 52.245-1 (Alt 1). 3319

a) Perform asset identification, scanning, and logging of assets that have 3320

been delivered. 3321

iii. Configure and deploy Desktop Virtualization HW and SW. 3322

a) Configure servers withthe NGEN core build and other Functional Area 3323

Manager (FAM) approved, NGEN certified software. 3324

i. Support COI specific core build integration for all NGEN COIs 3325

[e.g., Naval Criminal Investigation Service (NCIS), Naval Nuclear 3326

Propulsion Information (NNPI), unclassified, classified, Naval 3327

Legal Service Office (NLSO-Tax), Pacific Command (PACOM)]. 3328

ii. Configure servers based on DAA approved configurations. 3329

iii. Configure servers to comply with DoD and DON policy and 3330

guidance [e.g., 1) Defense Information Systems Agency (DISA) 3331

Security Technical Implementation Guidelines (STIGs); 2) DISA 3332

Enclave STIG; and, 3) SECNAVINST 2075.1 guidance as 3333

Attachment 1



128

specifically interpreted by the Navy Operational Designated 3334

Approving Authority (ODAA) for the Network]. 3335

iv. Configure all Desktop Virtualization client HW to include a DoD-3336

approved smart card reader in accordance with DoD Directive 3337

8190.3 series and DoD Instruction 8520.2 series. 3338

iv. Perform data migration from previous end user data stores to new Desktop 3339

Virtualization server(s) and associated storage HW, as applicable, including 3340

devices enabled with DAR solutions. 3341

v. Install Desktop HW. 3342

a) Provide onsite resources to support deployment and operational validation 3343

of virtualized clients. 3344

i. Develop Desktop Virtualization performance test plan (CDRL 3345

A024 – Test Plans). The minimum set of validation tests are: 3346

a. Validation the Desktop Virtualization client HW can map 3347

to network printers and assigned network drives. 3348

b. Validate email client has been configured and mail is 3349

operational and integrated with the smart card reader. 3350

c. Validate the core build SW is available and operational. 3351

d. Validate the transferred data is available and complete. 3352

ii. Conduct a core set of performance tests on each Desktop 3353

Virtualization client HW in accordance with the Government 3354

approved test plan and document results. (CDRL A026 – Test 3355

Reports) 3356

vi. Operate and Maintain installed VDI service: 3357

a) Maintain assigned VDI. 3358

i. Microsoft SQL server. 3359

ii. Wyse Device Management server or Virtual Desktop Management 3360

server. 3361

Attachment 1



129

b) Maintain Desktop Virtualization client HW in accordance with the 3362

requirements listed under End User Computing Services described in this 3363

PWS. 3364

c) Maintain the existing virtual application images that are common to all 3365

NGEN virtual desktop users and any other applications that are added 3366

through the appropriate application certification process. 3367

d) Provide client software upgrades, configurations, tool extensions, and 3368

templates. Implement these, in accordance with the Government approved 3369

Core Build Software Update Plan, the core build services outlined in this 3370

PWS, DAA approved configurations, IAVAs, or as directed by the 3371

Government to meet emergent security requirements. 3372

e) Remove from service end-of-life Desktop Virtualization client HW in 3373

accordance with FAR 52.245-1 (Alt 1). 3374

c. Expand the VDI, including deployment of additional servers and network storage. 3375

i. Develop and maintain a “virtual application store” from which authorized end 3376

users can select and run applications. 3377

ii. Applications can be run from Virtualized Desktops, thick clients, and other 3378

potential clients that are IA approved and authorized. 3379

a) When natively connected to the NGEN network. 3380

b) When remotely connected to NGEN. 3381

iii. Maintain a virtual image of active applications for a specified period of time 3382

during periods of thick client offline activity. 3383

iv. Synchronize data created while not connected to the network with the network 3384

storage when the thick client is reconnected to the NGEN network. 3385

d. Create a process and mechanism for authorized representatives to 1) add and remove 3386

applications; and, 2) authorize end users to use those applications. 3387

i. Provide Server Based Computing that provides Online terminal emulation of 3388

basic NGEN services excluding multimedia, video conferencing, and the Net 3389

Meeting application. 3390

Attachment 1



130

a) Provide a web based solution that provides basic NGEN services to non-3391

NGEN end user workstations through a virtual front end. 3392

ii. Accommodate the special requirements of the Science & Technology (S&T) 3393

community by providing Server Based Computing (SBC) service to non-NGEN 3394

networks: 3395

a) Access NGEN core build applications through a web browser. 3396

b) Access the SBC servers through B2 connections that allow only SBC 3397

traffic from the designated S&T network to the SBC servers. 3398

c) Access the SBC servers through the public B1 via an authorized means 3399

[e.g., the Citrix Access Gateway (CAG)]. 3400

3401

3.3.31.5 Navy Recruiting Command (NRC) Mobile Computing Solution 3402


a. Provide ongoing support for the mobile computing devices (convertible laptops) used by 3404

the Navy Recruiting Command (NRC). 3405

i. Provide Tier 1 and Tier 2 Service Desk support to 27 NRC System 3406

Administrators, including 1 designated System Administrator at each of the 26 3407

Navy Recruiting Districts (NRD) and 1 designated System Administrator at Navy 3408

Recruiter Orientation Unit (NORU) Pensacola FL. Provide Service Desk support 3409

during normal working hours of 0800-1700 local time, Monday through Friday 3410

(i.e., 9 hours a day x 5 days a week), across the 4 continental U.S. time zones. 3411

ii. Provide NGEN break-fix support for NRC Mobile Computing devices. 3412

iii. Provide software maintenance for the following: 3413

a) CAE Software Suite. 3414

b) Mobile Armor. 3415

c) MS Office Suite. 3416

d) MS SQL Server. 3417

e) Active Client. 3418

f) VM Ware. 3419

Attachment 1



131

iv. Provide software updates to the Mobile Recruiter Build (MRB) as needed, up to 3420

three times per year. 3421

v. Provide one (1) free MAC per Mobile Computing unit, per year. (move into MAC 3422

section) 3423

3424

3.3.32 Optional Hardware and Software Services 3425

Optional Hardware and Software Services provide: 1) enhanced, optional SW, HW, and HW 3426

peripherals to end users; and, 2) the associated engineering services required to support the 3427

installation of the optional SW, HW, and HW peripherals. End users may choose from a wide 3428

selection of items that utilize the latest Commercial off the Shelf (COTS) technology to best 3429

meet their requirements beyond the basic services. The term “optional” means SW, HW, and 3430

HW peripherals determined and ordered by the Government as an option that the Contractor 3431

must fulfill. 3432

3433


a. Publish a catalog of optional SW, HW, and HW peripheral service options certified for 3435

use on the network. The catalog will include: 1) the original equipment manufacturer 3436

(OEM) name; 2) make of the SW, HW, and HW peripherals; 3) model of the HW; 4) 3437

version of the SW; and, 5) the date the item was certified for use on the network. 3438

b. Operate and maintain optional HW and HW peripherals ordered by the Government. 3439

c. Operate and maintain optional SW ordered by the Government. This service will include 3440

providing SW updates and patches. 3441

d. Provide optional peripherals for cellular service to provide enhanced use via a CLIN 3442

ordering process. 3443

3444

3.3.33 Printing Services 3445

Printing Services include labor, HW, and SW to enable end users to access and use local and 3446

network printers. 3447

3448


Attachment 1



132

a. Provide print services to the Government (ES Contractor owned HW). 3450

b. Provide printers on a tiered basis: 3451

i. Tier 1: Black and white printers. 3452

ii. Tier 2: Color printers. 3453

iii. Tier 3: Other printers [e.g., color plotters, Multi-Function Devices (MFD), and 3454

color photography printers]. 3455

c. Provide, operate, and maintain printers in accordance with below requirements: 3456

i. Provide an end user to printer ratio that does not exceed twenty-five to one (25:1) 3457

for networked black and white printers. 3458

ii. Provide access to a networked black and white printer within fifty (50) feet of 3459

each end user device where access does not cross a physical security boundary or 3460

a safety hazard. 3461

iii. Provide an end user to printer ratio that does not exceed one hundred to one 3462

(100:1) for networked color printers. 3463

iv. Provide access to a networked color printer within two hundred (200) feet of each 3464

end user device where access does not cross a physical security boundary or a 3465

safety hazard. 3466

v. Provide printers on the same floor as the supported end user device with no 3467

separation by ceilings, floors, or true walls. 3468

vi. Provide local print solutions to remote and Very Small Site Design (VSSD) end 3469

users which meet NGEN print capability requirements. 3470

vii. Provide maintenance and troubleshooting services for Contractor owned printers 3471

with the exception of consumables as defined by the OEM. 3472

d. Integrate and deploy NGEN approved printers. 3473

i. Provide configuration and connection services for Contractor owned printers, 3474

printers ordered from the catalog, and Government furnished printers. 3475

ii. Provide the capability for end users to map and connect to any available 3476

networked NGEN printer. 3477

iii. Operate and maintain capability for end users to download and install current, 3478

certified printer drivers from the NGEN website (currently Homeport). 3479

Attachment 1



133

iv. Configure, operate, and maintain print servers. 3480

v. Remove from service Contractor owned printers that are no longer supported by 3481

the manufacturer or are inoperable for more than thirty (30) consecutive days. 3482

3483

3.3.34 Desk Side Support Services 3484

Desk Side Support Services consist of providing assistance with computer HW, SW, or other 3485

electronic or mechanical devices. Desk Side Support is in support of a trouble ticket that has 3486

been transferred from the initial Service Desk Service. VIP support capability provides specified 3487

NGEN end users in key leadership and management positions with enhanced help desk and desk 3488

side service support. 3489

3490


a. Provide on-site (base, post, camp, station) technical support to all NGEN end user bases, 3492

including clients, servers, legacy systems, computer HW, SW, and other electronic base, 3493

waterfront and pier side equipment. 3494

b. Investigate, resolve, and report causes and corrective actions for all issues identified 3495

through Service Desk. 3496

c. Maintain a sufficient loaner equipment pool to support break-fix scenarios. 3497

d. Define and follow transfer or escalation procedures to ensure timely resolution of 3498

assigned trouble tickets. 3499

e. Provide touch labor support to physically move or transfer HW or SW in accordance with 3500

Move Add Change (MAC) service. 3501

f. Comply in accordance with FAR 52.245-1 (Alt 1). 3502

g. Provide dedicated and elevated support services, consisting of continuous technical 3503

support and rapid remediation in the event of failures in the following areas: 3504

i. End User Problem Resolution. 3505

ii. MAC services in accordance with Government priority. 3506

iii. Enhanced VIP Desk Side end user support on a 24x7 basis. 3507

h. Comply with Government approved issue escalation and problem resolution processes. 3508

i. Provide for receipt of MAC requests from Government ordering tool (e.g., NET). 3509

Attachment 1



134

j. Maintain web enabled tools for tracking status of requests. 3510

k. Generate and submit monthly MAC Backlog Exception report. 3511

l. Provide a single point of contact to interface with the Service Request Management 3512

(SRM) team for IMAC services. 3513

m. Update assigned change or trouble ticket as the status changes. 3514

n. Close tickets only when approved by Government representatives, to include the end user 3515

that submitted the ticket. Tickets may be closed without Government approval after 3 3516

non-responses to attempts to contact the end user over 6 business days. 3517

o. Execute physical MACs on site during business hours, 0600 to 1800 local, on 3518

Government work days only. 3519

p. Provide at no additional cost one MAC per end user per year. 3520

3521

3.4 IT Service Management (ITSM) 3522

The objectives of the NGEN ITSM are to: provide for stability of the current environment 3523

during the transition to NGEN; ensure reliable quality of service to end users with continuous 3524

service improvement; respond to dynamic mission requirements; and establish the mechanisms 3525

to continually improve service management. 3526

3527

IT Service Management (ITSM) is a shared service. The ES Contractor is designated as the 3528

Primary Process Manager and the TXS Contractor is designated as the Supporting Process 3529

Manager. The Contractors shall collaborate with each other and any other service providers to 3530


3532


a. Designate a Process Manager POC for each of the NGEN ITSM processes. 3534

b. Designate a Service Manager POC for each of the NGEN services. 3535

c. Coordinate with other service providers to develop, document, implement, manage, 3536

execute, and improve end-to-end processes and procedures. 3537

d. Develop process metrics in collaboration with the Government and other service 3538

providers. 3539

Attachment 1



135

e. Provide monthly process metric analysis and assessment within the monthly In-Progress 3540

Review (IPR). (CDRL A007 – Monthly Status Report) 3541

f. Collaborate with other segment Contractors to avoid service disruption caused by a lack 3542

of coordination. 3543

g. Participate in monthly and emergency service and process council meetings. 3544

h. Develop a Service Management Plan (SMP) in collaboration with the Government and 3545

other service providers to address how the ITSM processes, procedures, and tools are 3546

managed, executed, measured, and controlled to successfully deliver the services: (CDRL 3547

A042 – Service Management Plan – Under Development)[LM5] 3548

i. Service Catalog Management 3549

ii. Capacity and Demand Management 3550

iii. Availability Management 3551

iv. Service Asset Management 3552

v. Configuration Management 3553

vi. Change Management 3554

vii. Release and Deployment Management 3555

viii. Knowledge Management 3556

ix. Event Management 3557

x. Incident Management 3558

xi. Request Management 3559

xii. Problem Management 3560

3561

The ES Contractor shall provide the consolidated Service Management Plan to the Government 3562

as required. (CDRL A042 – Service Management Plan – Under Development[LM6])[LM7] 3563

3564

3.4.1 Service Management Tools 3565

Service Management Tools include the operation and maintenance of the applications, data 3566

bases, sensors, associated software, servers, portal connections, and report generators that 3567

support the management of network, computing, and security services. 3568

3569

Attachment 1



136

Service Management Tools are shared. The ES Contractor is designated as the primary service 3570

provider, and the TXS Contractor is designated as the supporting service provider. 3571



a. Operate and maintain Contractors’ service management tools. Current suite of service 3574

management tools is provided as an Attachment. Processes and functions that must be 3575

supported by the Contractors' service management tools are provided as an Attachment. 3576

i. Provide licenses for NGEN Government and Contractor personnel with network 3577

management responsibilities. 3578

ii. Provide access to tools and associated data bases to designated Government 3579

personnel and to other Contractor personnel requiring access to view and generate 3580

reports. Such access will generally be limited read only except as otherwise 3581

defined in the NGEN Program CONOPS. 3582

iii. Implement patches, DISA STIGS, updates, and revisions as they become 3583

available. 3584

iv. Integrate service management tools across the Multi-Contractor environment. 3585

b. Propose improvements to the existing NGEN tools and associated systems that reduce 3586

Government costs or improve capabilities. Include a cost estimate for implementation 3587

and integration into the overall NGEN tools architecture, a schedule for implementation, 3588

and a business case that addresses projected cost savings for the Government. Needs to 3589

be included in and IPR section. 3590

c. Notify the Government of any COTS tools that within two years will reach end of life, 3591

end of service, or end of software maintenance release, in accordance with 3592

SECNAVINST 5230.15, Information Management/Information Technology Policy for 3593

Fielding of COTS software. 3594

d. Register all new tools in DADMS. 3595

3596

In addition to above, the ES Contractor shall integrate Government, ES, TXS, and other NGEN 3597

Contractors tools, into an Enterprise management capability. 3598

3599

Attachment 1



137

3.4.2 Continual Service Improvement (CSI) Process 3600

Continual Service Improvement (CSI) process is improvement of IT service management, 3601

performance, processes and supporting tools. 3602

3603

Continual Service Improvement (CSI) is a shared process. The ES Contractor is designated as 3604

the primary service provider, and the TXS Contractor is designated as the supporting service 3605



a. Execute CSI in accordance with the SMP. 3608

b. Perform service and process evaluations and provide recommendations. 3609

i. Submit CSI recommendations as part of the monthly IPR. 3610

ii. Execute the next steps identified and approved at the IPR. 3611

c. Implement modified processes or services as approved by the Government. Update 3612

appropriate processes and documentation, as required, through the NGEN Configuration 3613

Management Process. 3614

d. Assess the enhanced processes or services, no later than 6 months post implementation, 3615

and include the assessment as part of the monthly IPR. 3616

e. Conduct a trend analysis of NGEN services quarterly and include as part of the monthly 3617

IPR. 3618

3619

3.4.3 Service Design Processes 3620

Service Design Processes is a shared process. The ES Contractor is designated as the primary 3621




3625

3.4.3.1 Service Catalog Management 3626

The purpose of Service Catalog Management (SCM) is to provide a single, accurate, consistent 3627

source of information on all available NGEN products and services. 3628

3629

Attachment 1



138


a. Establish and maintain a Technical Service Catalog that includes service offerings that 3631

align with the NGEN Service Catalog. 3632

b. Integrate the Technical Service Catalog with the NGEN Service Catalog in accordance 3633

with the CMIP. 3634

3635

In addition to the above, the ES Contractor shall maintain and submit a consolidated Technical 3636

Service Catalog. 3637

3638

3.4.3.2 Service Level Management (SLM) 3639

The purpose of Service Level Management is to ensure that an agreed upon level of service is 3640

provided for all IT services, and that future services are delivered in accordance with SLRs. 3641

Proactive measures are also taken to seek and implement improvements to the level of service 3642

delivered. Service Level Management encompasses Service Level creation, updates and 3643

assessments, and is responsible for monitoring performance to ensure SLRs are upheld. 3644

3645


a. Establish and maintain processes and procedures to support service coordination and 3647

collaboration with the Government and other service providers. 3648

b. Identify common management approaches and procedures to ensure that services are 3649

provided effectively and efficiently across the NGEN enterprise regardless of contractual 3650

boundaries. 3651

c. Design and implement Service Level Management tools, processes, and procedures that 3652

align with the Government Service Level Management Processes. 3653

d. Develop a Service Level Management Plan to ensure all operational services and their 3654

performance is measured in a consistent manner throughout the IT organization. The 3655

plan shall include: 3656

i. Service Level Management procedures. 3657

ii. Specific and measurable service levels for each service offered in the Service 3658

catalog. 3659

Attachment 1



139

iii. Clear and unambiguous service targets. 3660

iv. Method for monitoring service targets. 3661

e. Execute approved changes to SLRs. 3662

f. Develop and implement cross supplier procedures to enable integrated enterprise 3663

reporting. 3664

i. Report all breaches of service in accordance with the Incident Management 3665

Process. 3666

ii. Identify cause of loss of service and how to prevent recurrence. 3667

iii. Identify service levels that are unachievable and recommend different service 3668

targets to the Government. ( all been met under NMCI and) 3669

i. Implement an automated solution for tracking and managing service levels. 3670

j. Conduct service reviews, as part of the Monthly IPRs, to: 3671

i. Review with the Government all IT Services to be included in the Service Catalog 3672

ii. Provide status of service level monitoring. 3673

k. Ensure alignment of SLRs against Operational Level Agreements (OLAs), Underpinning 3674

Contracts with external providers of IT products and services, and IT capabilities (i.e. 3675

Availability, Capacity). 3676

l. Recommend service improvement to the Government. 3677

m. Develop NGEN service improvement plans to be submitted to the Government. 3678

3679


a. Collect, organize and integrate service improvement recommendations from the TXS 3681

Contractor and collaboratively develop NGEN service improvement plans to be 3682

submitted to the Government. 3683

b. Collect, organize, and provide to the Government results of Government led Cross 3684

Supplier Service Reviews. 3685

c. Monitor end-to-end service performance against Service Level Agreements and produce 3686

and submit consolidated service reports. 3687

3688

3.4.3.3 Capacity and Demand Management 3689

Attachment 1



140

Capacity Management addresses the capacity and performance of IT services and systems to 3690

meet the current and future business requirements in the most cost-effective and timely manner. 3691

The objectives of Capacity Management are to optimize performance and efficiency as well as 3692

provide information to plan for and justify financial investments. Demand Management 3693

provides a decision-making and analysis framework that utilizes available capacity, mission, and 3694

business data to assess demand for services. 3695

3696


a. Develop and implement an NGEN Capacity and Demand Management Plan in 3698

coordination with the Government and other NGEN providers (i.e., DISA). (CDRL A043 3699

– Demand and Capacity Management Plan) 3700

b. Identify and analyze NGEN service and component capacity and demand requirements 3701

and develop metrics and measurements to implement capacity and demand management. 3702

c. Perform capacity and demand management in accordance with the NGEN Capacity and 3703

Demand Management Plan. 3704

d. Extend the instrumentation of the NGEN environment to monitor the capacity and 3705

demand metrics identified in the NGEN Capacity and Demand Management Plan and 3706

incorporate into the EPMD and CPMD. 3707

e. In collaboration with NGEN operations, engineering, and services providers, recommend 3708

service modifications that optimize the use of the existing infrastructure. (CDRL A008 – 3709

Continuous Service Improvement Plan) 3710

f. Document and assess the current and future demands for services and computing 3711

resources as well as future plans for workload growth. 3712

i. Document influences and projections on demand for computer and network 3713

resources. 3714

ii. Incorporate capacity and demand engineering services into the requirements and 3715

design activities of new and modified services. Analyze measurement data to 3716

include the impact of new releases on capacity. 3717

g. Collect and analyze capacity and demand information and provide the outcome at the 3718

monthly In-Progress Review (IPR). 3719

Attachment 1



141

3720

In addition to the above, the ES Contractor shall establish and implement, in collaboration with 3721

the Government, a system and tools to electronically capture, model, and readily generate 3722

tailored information on the capacity of and demand for services and systems. 3723

3724

In addition to the above, the TXS Contractor shall provide TXS input into the current and future 3725

demands for services and computing resources and future plans for workload growth for 3726

consolidation by the ES contractor to support the monthly IPR. (CDRL A007 – Monthly Status 3727

Report) 3728

3729

3.4.3.4 Availability Management 3730

The Availability Management process provides a framework to address the availability of 3731

services and infrastructures to meet mission needs in a cost-effective manner. 3732

3733

The Contractors shall conduct availability trend analysis of assigned systems and services against 3734

established thresholds and provide the outcome of this analysis and recommendations at the 3735

monthly IPR. (CDRL A007 – Monthly Status Report) 3736

3737

In addition to the above, the ES Contractor shall analyze and refine, as required, assigned NGEN 3738

service and component availability metrics and associated measurements. 3739

3740

3.4.4 Service Transition Processes 3741

Service Transition Processes are shared services. The ES Contractor is designated as the primary 3742



management of the services described in the sections below. 3745

3746

3.4.4.1 Asset Management 3747

Attachment 1



142

The NGEN Information Technology Asset Management (ITAM) program is governed in 3748

accordance with FAR 52.245-1 (Alt 1), which provides high level goals, objectives, and overall 3749

structure for managing Navy assets. 3750

3751


a. Develop and provide an Asset Management Implementation Plan (AMIP) in accordance 3753

with FAR 52.245-1 (Alt 1). (CDRL A021 – Asset Management Implementation Plan) 3754

b. Manage all assets within the NGEN environment in accordance with the approved AMIP 3755

and CMIP. 3756

c. Operate and maintain the NGEN CMDB and associated asset elements as identified in 3757

FAR 52.245-1 (Alt 1), and in accordance with the approved AMIP and CMIP. 3758

i. Provide the SW licenses necessary to operate and maintain the CMDB, which 3759

includes all NGEN GFE and CFE. 3760

ii. Upload and maintain all asset procurement data in the CMDB in accordance with 3761

the AMIP. 3762

d. Configure and mark all assets procured for the Government with the Unique Item 3763

Identifier (UII) in accordance with the criteria established in 1) the NGEN Item Unique 3764

Identification (IUID) Implementation Plan listed as an attachment in Section J; 2) 3765

DFARS 211.274, Item Identification and Valuation Requirements; and, 3) DFARS 3766

252.211-7003, Item Identification and Valuation for new asset procurements and legacy 3767

equipment undergoing maintenance. 3768

3769


a. Provide an integrated, enterprise level view of all NGEN assets in the CMDB including 3771

the capability to develop, store, and disseminate structured, as well as ad hoc reports. 3772

b. Design, develop, implement, and maintain interface(s) with DoD asset systems [e.g., 3773

Defense Property Accountability System (DPAS)] in accordance with the approved 3774

AMIP. (CDRL A021 – Asset Management Implementation Plan) 3775

c. Assist the Government in performing audits and inspections and identify and correct asset 3776

discrepancies. 3777

Attachment 1



143

d. Dispose of the end-of-life assets, including electronic media, in accordance with 3778

NETWARCOM NTD 03-11(DTG 021854Z May 11) and DON CIO policy (DTG 3779

221633Z Aug 10). Property shall be turned in to the Defense Logistics Agency (DLA) 3780

Disposition Services Site in accordance with DoD4000.25-1-M, Appendix C46A. 3781

3782

3.4.4.2 Configuration Management 3783

The NGEN CMP is the primary Configuration Management (CM) document for the program and 3784

defines the program CM approach, policies, processes, roles and responsibilities, and interactions 3785

with other processes such as Change Management listed as an attachment in Section J. The 3786

NGEN CMP addresses the major CM activities: 1) Configuration Identification; 2) 3787

Configuration Control, 3) Configuration Status Accounting (CSA); and, 4) Configuration 3788

Verification and Audit. The NGEN CM process is documented in the NPDM. 3789

3790


a. Develop and deliver the CMIP to the Government for approval. (CDRL A044 – 3792

Configuration Management Implementation Plan) 3793

b. Provide CM of the Configuration Items (CIs). 3794

c. Propose additional CIs for Government approval. (CDRL A008 – Continuous Service 3795

Improvement Plan) 3796

d. Manage the technical baselines. 3797

e. Audit configuration management activities. 3798

i. Execute monthly operational self-audits and provide reports in accordance with 3799

the CMIP. 3800

f. Perform annual Physical Configuration Audits (PCAs) to validate the system is 3801

accurately represented in the design documentation. (CDRL A045 – Configuration 3802

Audit Report) 3803

g. Perform annual Functional Configuration Audits (FCAs) to validate system test results 3804

meet the performance specification requirements. (CDRL A045 – Configuration Audit 3805

Report ) 3806

3807

Attachment 1



144

In addition to the above, the ES Contractor shall provide, operate, and maintain an NGEN 3808

CMDB. 3809

a. Provide system administration for the NGEN CMDB. 3810

b. Provide regular updates of configuration records. 3811

c. Maintain all change records for CIs in the CMDB and communicate the status of all 3812

changes to the Government or authorized designee. 3813

d. Provide the ability for and allow the Government to generate tailored reports on CIs. 3814

e. Provide other NGEN service provider’s access to the CMDB as required. 3815

3816

3.4.4.3 Change Management 3817

Change Management enables beneficial changes, with minimum disruption to IT services, by 3818

ensuring changes are recorded, evaluated, authorized, prioritized, planned, tested, implemented, 3819

documented, and reviewed in a controlled manner. The NGEN Change Management process is 3820

documented in the NPDM. 3821

3822


a. Execute NGEN Change Management activities in accordance with the approved CMIP. 3824

i. Maintain and provide to the Government a list of names and roles of the systems 3825

administrators assigned to execute change activities. 3826

ii. Develop the change and remediation plan. (CDRL A046 – Change Remediation 3827

Plan) 3828

iii. Develop draft change communication including schedule, expectations, and any 3829

impacts to or changes in the associated service. 3830

iv. Test the change and remediation plan and report results. 3831

v. Implement the change. 3832

vi. Report unsuccessful changes and apply remediation as required. 3833

vii. Establish, maintain, and promulgate change schedules containing details of the 3834

approved changes and their proposed deployment dates. Use the schedules of 3835

change as the basis for planning the deployment of releases. (CDRL A047 – 3836

Forward Schedule of Changes – Under Development) 3837

Attachment 1



145

3838

In addition to the above, the ES Contractor shall 3839

a. Support and participate in the ECCB and the Change Advisory Board (CAB), with input 3840

from the TXS Contractor. 3841

b. Document, deliver, and manage all Requests for Change (RFC) and associated change 3842

packages including inputs from all NGEN service providers in accordance with the 3843

CMIP. (CDRL A023 - Engineering Change Proposal - Request for Change) 3844

c. Provide a web accessible change documentation library that contains in development, 3845

requested, planned, in progress, and completed RFCs. Provide and manage access to the 3846

change documentation library as directed by the Government. 3847

3848

3.4.4.4 Release and Deployment Management 3849

The purpose of Release and Deployment Management (RDM) is to provide life cycle 3850

management to support the development, deployment, and reporting of services including HW 3851

and SW releases. The existing NGEN Release and Deployment Management process is 3852

documented in the NPDM. NGEN RDM supports: 3853

a. Quarterly software update releases. 3854

b. Semi-annual hardware upgrade releases. 3855

c. Urgent hardware and software release packages based on GDA, IAVA or IAVM, and 3856

other NGEN incidents. 3857

3858


a. Plan and document all NGEN planned builds and associated releases. 3860

i. Document, manage, and deliver all NGEN technical release packages including 3861

incorporation of inputs from all NGEN service providers. 3862

ii. Develop the Release and Deployment Plan. (CDRL A029 – Service Operations 3863

Report ) 3864

a) Develop the deployment schedule(s), remediation plan(s), and the 3865

supporting communications plan. 3866

Attachment 1



146

b) Develop, as required, new or updated training package(s) as well as 3867

deployment and support documentation. 3868

c) Develop release test plans and procedures for the lab and live environment 3869

including pass or fail criteria and the criteria for deployment completion. 3870

b. Provide and present release packages to the CAB and the ECCB. (CDRL A003 – 3871

Presentation Material) 3872

c. Execute approved NGEN releases. 3873

i. Develop and obtain NetOps approval for the deployment of the release. 3874

ii. Develop draft release communication including schedule, expectations, and any 3875

impacts to or changes in the associated service. (CDRL A029 - Service 3876

Operations Report) 3877

iii. Stage and configure required deployment resources, systems, and tools and record 3878

Government ownership in accordance with the AMIP. 3879

iv. Prepare and execute operations turn-over checklists and track checklist 3880

completion. (CDRL A029 - Service Operations Report) 3881

v. Deliver release test reports including operator and end user impact information to 3882

the Government for review. (CDRL A029 - Service Operations Report) 3883

vi. Distribute, install, and verify deployment items. 3884

vii. Perform integrity, operability, and interoperability checks. 3885

viii. Track the deployment of the release and run remediation procedures, as needed. 3886

d. Review and close the deployment. 3887

i. Communicate deployment acceptance and completion to the Government. 3888

ii. Update site drawing packages, security documentation, integrated architectures, 3889

CIs, and the Asset and CM data bases throughout the RDM process. 3890

iii. Track and close release deployment issues. 3891

iv. Record the Lesson Learned within two weeks of completing the release. 3892

e. Conduct a monthly Post-Implementation Review. 3893

f. Produce a gap analysis between the intended and actual results of the NGEN release, and 3894

present process improvement recommendations at the IPR. (CDRL A008 – Continuous 3895

Service Improvement Plan) 3896

Attachment 1



147

3897

In addition to the above, the ES Contractor shall store all release, design, deployment, testing, 3898

and technical documentation in the NGEN Technical Library provided by the ES Contractor. 3899

3900

In addition to the above, the TXS Contractor shall provide release, design, deployment, testing, 3901

and technical documentation to the ES Contractor for inclusion in the NGEN technical solution 3902

library. 3903

3904

3.4.5 Service Operations Processes 3905

Service Operations Processes is a shared process. The ES Contractor is designated as the 3906

primary service provider, and the TXS Contractor is designated as the supporting service 3907



3910

3.4.5.1 Event Management 3911

The purpose of Event Management is to collect, collate, filter, categorize, and respond to NGEN 3912

service and system events. The NGEN Event Management process is documented in the NPDM. 3913

3914


a. Execute Event Management in accordance with the SMP. 3916

b. Collect, monitor, detect, assess, display, notify, correlate and respond to events. 3917

c. Provide near real-time situational awareness of events (e.g., the status and impact on 3918

NGEN systems, IT services, and Navy operations). 3919

3920


a. Provide near real-time integrated situational awareness (e.g., ES, TXS, DISA, and other 3922

service providers) of events (e.g., the status and impact on NGEN systems, IT services, 3923

and Navy operations). 3924

b. Publish Event Management correlated data from the NGEN Event Management tools in 3925

accordance with the NESP. 3926

Attachment 1



148

3927

3.4.5.2 Incident Management 3928

The purpose of the Incident Management process is to document, track, and mitigate incidents as 3929

quickly as possible to support the return to normal service operation of the NGEN IT 3930

infrastructure and minimize adverse impact on mission operations. The NGEN Incident 3931

Management process is documented in the NPDM. 3932

3933


a. Execute Incident Management in accordance with the SMP. 3935

b. Participate in the monthly, Government led, Incident Management Review Board. 3936

3937


a. Provide and manage access to the NGEN incident management tools to support the 3939

execution of the NGEN Incident Management Process. 3940

i. Integrate any additional incident management tools with the Government 3941

furnished tools. (CDRL A029 – Service Operations Reports) 3942

b. Manage the resolution of all NGEN IT incidents in accordance with the Government 3943

approved NGEN Incident Management process. 3944

i. Provide near-real time status of all NGEN IT incidents. 3945

ii. Maintain the NGEN Incident Management process in accordance with GDA. 3946

a) Log, correlate, categorize, prioritize, allocate, track, and escalate incidents. 3947

b) Provide prioritization recommendations of physical infrastructure and IT 3948

service incidents based on the Navy mission and operational impact. 3949

iii. Conduct an initial analysis of incidents and designate responsibility to the 3950

appropriate owners (e.g., the TXS Contractor and other service providers). 3951

iv. Convene, as required, the Incident Working Group to analyze, allocate, and 3952

resolve joint incidents. 3953

v. Close assigned incidents in accordance with the NGEN Incident Management 3954

processes and procedures. 3955

Attachment 1



149

vi. Track and report all incidents in coordination with the TXS Contractor and other 3956

service providers, and include in the monthly IPR incident. (CDRL A029 – 3957

Service Operations Reports) 3958

3959


a. Coordinate with the ES Contractor to gain access and appropriate administrative rights to 3961

the NGEN incident management tools to support the execution of the NGEN Incident 3962

Management process. 3963

b. Manage the resolution of assigned NGEN IT incidents in accordance with the 3964

Government approved Incident Management process. 3965

i. Provide TXS input into near-real time status tool for all assigned NGEN 3966

incidents. 3967

ii. Track and resolve assigned incidents: 3968

a) Provide recommended prioritization of physical infrastructure and IT 3969

service incidents based on the Navy mission and operational impact. 3970

b) Close all assigned incidents in accordance with the NGEN Incident 3971

Management process. 3972

c. Track and provide input to the ES Contractor for the monthly incident report. 3973

3974

3.4.5.3 Request Fulfillment 3975

Request Fulfillment supports the request for and delivery of IT products and services available 3976

under the contract(s). Task records are generated through the NGEN ordering tool [(e.g., NMCI 3977

enterprise tool, (NET)] and passed to the appropriate service provider through interfaces to 3978

Contractor ordering tools. These tasks are assigned to one or more Contractors or Government 3979

entities for fulfillment. When the request is fulfilled, the task record is closed. The NGEN 3980

Request Fulfillment process is documented in the NPDM. 3981

3982


a. Execute Request Fulfillment in accordance with the SMP. 3984

Attachment 1



150

b. Accept, document, and deliver ordered services in accordance with the prescribed process 3985

and CLIN delivery requirements. 3986

c. Provide monthly service delivery and backlog report as part of the monthly IPR. (CDRL 3987

A007 – Monthly Status Report) 3988

3989


a. Provide primary service delivery confirmation for service orders requiring support from 3991

multiple service providers. 3992

i. Develop a joint service delivery schedule for requested task orders with other 3993

service providers. 3994

ii. Track and report progress on task order delivery. (CDRL A007 – Monthly Status 3995

Report) 3996

3997


a. Coordinate and integrate TXS service components with the ES Contractor for the 3999

delivery of service orders requiring support from multiple providers. 4000

i. Provide input to the ES Contractor on the joint task order delivery schedule. 4001

ii. Deliver TXS components and services in accordance with the joint task order 4002

delivery schedule. 4003

4004

3.4.5.4 Problem Management 4005

The Problem Management process provides a framework to conduct troubleshooting, trend, 4006

diagnosis, and analysis of root cause. Problem Management identifies similar incidents that are 4007

grouped into “problems” and initiates Requests for Change (RFCs) when appropriate, to resolve 4008

those problems. The NGEN Problem Management process is documented in the NPDM. 4009

4010


a. Execute Problem Management in accordance with the SMP. 4012

b. Identify, monitor, diagnose, mitigate, and report problems in accordance the NGEN 4013

Problem Management Process. 4014

Attachment 1



151

i. Identify underlying root cause of assigned problems and generate, as required, 4015

RFC(s) to resolve problem. (CDRL A007 - Monthly Status Reports) 4016

ii. Convene joint service provider resolution sessions, as required, to resolve 4017

problems. 4018

4019


a. Record, prioritize, and provide near real time information on all NGEN problems. 4021

b. Recommend allocation of problems to the appropriate service provider or Government 4022

entities. 4023

c. Track resolution of NGEN problems and provide monthly Problem Management 4024

summary as part of the monthly IPR. (CDRL A007 - Monthly Status Report) 4025

4026

In addition to the above, the TXS Contractor shall track resolution of assigned TXS problems 4027

and provide input to the ES Contractor for the monthly Problem Management summary, and 4028

include the TXS Problem Management summary in the monthly IPR. (CDRL A007 - Monthly 4029

Status Report) 4030

4031

3.5 Logistics 4032

Logistics Management includes the personnel, processes, and tools required to sustain ES 4033

services and associated infrastructure (e.g., hardware, software, and facilities). NGEN‘s support 4034

strategy and approach are governed by the NGEN Life Cycle Sustainment Plan (LSCP) listed as 4035

an attachment in Section J. 4036

4037

Logistics Management is a shared service. The ES Contractor is designated as the primary 4038




4042

3.5.1 Installation Support 4043

Attachment 1



152

IT installations include the installation of new equipment, technology refresh, modernization, 4044

and equipment relocations. 4045

4046

Installation Support is a shared service. The ES Contractor is designated as the primary service 4047




a. Plan, communicate, and execute NGEN installations in accordance with the NGEN 4051

Release and Deployment process, the NGEN Change Management process, the IT Asset 4052

Management process, and the NGEN Configuration Management process described in 4053

the NPDM as well as the SPAWAR Shore Installation Process Handbook (SIPH). 4054

b. Submit quarterly status reports on the status of installation tasks at the monthly IPR. 4055

c. Perform site installations and maintain and leave all work areas neat and orderly and 4056

dispose of all waste material daily. 4057

d. Ensure all configuration and asset records are added, modified, or updated in accordance 4058

with the CMIP and AMIP. 4059

e. Develop and provide Installation Technical Documentation and Plans in accordance with 4060

Government direction. (CDRL A025 – Installation Technical Documentation and Plans) 4061

i. Develop and provide Installation Requirements Drawing (IRD) packages for new 4062

equipment, technology refresh, modernization, and equipment relocations 4063

associated with Large sites, Small sites, and Very Small Site Design (VSSD) 4064

sites, server farms, network operations centers, service desks and any other 4065

category that has multiple same assets, using SPAWARINST 4720.5 as guidance. 4066

ii. Perform site surveys and provide copies of the site survey documentation to the 4067

Government, in accordance with the SIPH. 4068

iii. Prepare Base Electronic System Engineering Plans (BESEPs) to reflect processes 4069

associated with new equipment, technology refresh, modernization, and 4070

equipment relocations, in accordance with the SIPH. 4071

iv. Develop and provide an Installation Design Plan (IDP) for each site to reflect new 4072

equipment, technology refresh, modernization, and equipment relocations 4073

Attachment 1



153

installation processes using the appropriate IRD as the starting point, if one is 4074

available, and use the SIPH (Appendices AC and Q) as guidance. Provide red-4075

line updates based on actual installations. 4076

v. Develop System Operational Verification Test (SOVT) plans to reflect new 4077

equipment, technology refresh, modernization, and equipment relocations at the 4078

system level and site-specific SOVT plans for each site in accordance with the 4079

SPAWAR System Operational Verification and Test (SOVT) Preparation and 4080

Execution Guide (SPEG) for Ship, Shore, and Submarine Installations. Perform 4081

system checkout and SOVTs for new equipment, technology refresh, 4082

modernization, and equipment relocations installation activity at each site in 4083

accordance with the approved site-level SOVT document. Immediately report 4084

major discrepancies and deficiencies to the designated Government representative 4085

and correct all installation related deficiencies discovered during the SOVT in 4086

accordance with SIPH. 4087

f. Develop and submit a Plan of Action and Milestones (POA&M) containing an 4088

installation schedule for all installation. 4089

g. Provide an Installation Completion Report (ICR) to reflect new equipment, technology 4090

refresh, modernization, and equipment relocations. 4091

4092

3.5.2 Maintenance 4093

Maintenance planning and execution includes preventive and corrective maintenance of 4094

Contractor assigned GFE (HW and SW) consistent with requirements (e.g. availability) specified 4095

in this PWS. The Contractors shall collaborate with each other and any other service providers 4096

to provide common management of the services described below: 4097

a. Prepare and implement a maintenance approach that describes how the Contractor will 4098

perform, document, track, and report maintenance on assigned GFE. (CDRL A048 – 4099

Maintenance Approach) 4100

b. Plan and communicate scheduled and unscheduled maintenance activities in accordance 4101

with the CMIP and the maintenance approach. Collect, analyze, and post maintenance 4102

history metrics. (CDRL A049 – Maintenance Report) 4103

Attachment 1



154

c. Provide Break Fix services including the labor and parts required to repair GFP that may 4104

have failed due to defects in material and workmanship or as a result of normal use. 4105

4106

3.5.3 Warranty Management 4107

The Contractors shall collaborate with each other and any other service providers to track and 4108

manage warranties within the CMDB. 4109

4110

3.5.4 Supply Support 4111

Supply Support for the Navy portion of the NGEN program encompasses the management and 4112

handling of spares. 4113

4114


a. Provide, as required, sparing for Contractor assigned assets on the network. 4116

b. Transfer ownership of spares, with exception of end user hardware, to the Government 4117

once installed. 4118

c. Mark and report spares in accordance with the AMIP. 4119

4120

3.5.5 Diminishing Manufacturing Sources and Material Shortages (DMSMS) 4121

DMSMS is the loss, or impending loss, of manufacturers of items or suppliers of items or raw 4122

materials. The NGEN DMSMS Plan provides guidance for the planning and execution of 4123

NGEN DMSMS activities. The Contractors shall collaborate with each other and any other 4124

service providers to provide common management of the services described below: 4125

a. Incorporate DMSMS considerations into the Annual Technology Refresh Plan. (CDRL 4126

A014 - Technology Refresh Plan) 4127

b. Provide any identified DMSMS risks via the Risk Management process. (CDRL A007 - 4128

– Monthly Status Report and CDRL A009 - Risk Management Plan) 4129

4130

3.5.6 Demilitarization and Disposal 4131

Government policies, regulations, and instructions (e.g., DoD 4160.21-M-1 and Executive Order 4132

13423) require the demilitarization and disposal of all Global Information Grid (GIG) HW, SW, 4133

Attachment 1



155

and electronic components at the end of service life. The Contractors shall collaborate with each 4134

other and any other service providers to provide common management of the services described 4135

below: 4136

a. Demilitarize and dispose of HW, SW, and electronic components at cleared Contractor 4137

facilities in accordance with the AMIP and the NGEN Programmatic Environment, 4138

Safety, and Occupational Health Evaluation (PESHE) listed as an attachment in Section 4139

J. 4140

b. Maintain accountability records for assigned GFE and CFE within the CMDB in 4141

accordance with the NGEN Life Cycle Sustainment Plan (LCSP), the CMIP, and the 4142

AMIP. 4143

4144

3.5.7 Environmental Safety and Occupational Health 4145



a. Develop and provide to the Government a Hazard Analysis that identifies potential 4148

health, fire, and safety hazards for the NGEN environments in accordance with the 4149

PESHE. (CDRL A050 – Hazard Analysis Report) 4150

b. Develop and provide to the Government a Safety and Health Risk Assessment that 4151

determines the severity and likelihood of occurrence for safety and health risks in NGEN 4152

operational and maintenance environments. (CDRL A051 – Safety and Health Analysis 4153

Report) 4154

4155

3.5.8 Packaging, Handling, Storage, and Transportation (PHS&T) 4156

Packaging, Handling, Storage, and Transportation (PHS&T) is the combination of resources, 4157

processes, procedures, design considerations, environmental consideration, and methods to 4158

ensure all systems, equipment and support items are preserved, packaged, handled, transported, 4159

and stored properly. The Contractors shall collaborate with each other and any other service 4160


a. Attach a complete packing list to each shipment. 4162

Attachment 1



156

b. Mark hazardous material and parts in accordance with the Occupational Safety and 4163

Health Administration Standard, the Code of Federal Regulations 29 Part 1910.1200, as 4164

well as applicable Environmental Protection Agency (EPA) and Department of 4165

Transportation requirements. 4166

4167

3.5.9 Facilities Management 4168

Government Furnished Facilities (GFF) will be transitioned to the NGEN Contractors in an “as 4169

is, where is” condition. The Contractors shall collaborate with each other and any other service 4170


a. Develop and provide to the Government a Facility Management, Operation, and 4172

Maintenance Plan in accordance with the NGEN Facilities Plan. (CDRL A052 – 4173

Facilities Management, Operation, and Maintenance Plan) 4174

b. Manage, operate, and maintain facilities in accordance with the Facilities Management, 4175

Operation, and Maintenance Plan. 4176

c. Provide facilities utilization information with any recommendations for the optimal mix 4177

of Government or commercial facilities within the monthly IPR. (CDRL A007 – 4178

Monthly Status Report) 4179

d. Plan, procure, and implement required facilities IT refresh. 4180

e. Provide a POC for each facility with knowledge of facilities support equipment, or 4181

subsystems, at each location. (CDRL A052 – Facilities Management, Operation, and 4182

Maintenance Plan) 4183

i. Document and report all additions, changes, or deletions made to the site 4184

electrical and mechanical systems in accordance with the CMIP and the SIPH. 4185

f. Execute facilities incident management in accordance with the NGEN Incident 4186

Management process and the NGEN Facilities Plan listed as an attachment in Section J. 4187

g. Provide physical access control to all assigned facilities including integration with local 4188

physical security requirements. 4189

h. Develop a process for the Government to gain access to spaces where the Contractor(s) 4190

operates and maintains equipment. 4191

4192

Attachment 1



157


a. Validate, operate, and maintain the “as is, where is’ facilities inventory data within the 4194

CMDB. 4195

b. Provide consolidated facilities utilization information with any recommendations for the 4196

optimal mix of Government or commercial facilities within the monthly IPR. (CDRL 4197

A007 - Monthly Status Report) 4198

c. Perform system operation, maintenance, auditing, inspections, testing, and repair 4199

functions to support all NGEN ES Government Furnished Facilities (GFF) and 4200

Government Furnished Equipment (GFE): 4201

i. Heating, Ventilating, and Air Conditioning (HVAC). 4202

ii. Electrical System. 4203

iii. Fire Detection and Suppression Systems. 4204

iv. UPS, Battery, and Generator. 4205

v. Fuel Storage and Transfer. 4206

vi. All other facility related support systems with the exception of BAN and LAN 4207

GFF in dedicated wiring closets. 4208

d. Provide administrative equipment needed to support on site ES personnel (e.g., 4209

telephones, PCs, servers, copiers, printers, fax machines, and consumables). 4210

4211


a. Perform system operation, maintenance, auditing, inspections, testing, and repair 4213

functions to support all NGEN TXS GFF and GFE: 4214

i. BAN and LAN GFF contained in dedicated wiring closets. 4215

b. Provide updated “as is, where is’ facilities CMBD data to the ES Contractor. 4216

4217

3.5.10 Data Management (DM) 4218

The NGEN Data Management Plan (DMP), (Attachment), articulates the Government’s 4219

overarching vision to ensure all NGEN data will be accessible, visible and usable as needed, and 4220

that it is actively managed from creation to final disposition or destruction within the IDE. 4221

4222

Attachment 1



158

The NGEN Integrated Digital Environment (IDE) will be a physically distributed, logically 4223

linked data structure for the collection of shared product and support data for NGEN in which 4224

technical and business information is warehoused, readily accessible, in a real-time environment, 4225

to all functional participants and decision makers across all NGEN life cycle processes. 4226

Data Management is a shared service. The ES Contractor is designated as the primary service 4227


Contractors shall collaborate with each other and any other service providers to provide the 4229

following common services of its own portion of the NGEN program. 4230

4231


a. Develop and deliver the Data Management Implementation Plan (DMIP). (CDRL A053 – 4233

Data Management Implementation Plan) 4234

b. Provide, operate and maintain internal Data Management capabilities (processes, 4235

procedures and tools) internal to the contractors to support the creation, validation, 4236

maintenance, cataloging and storage, and which serve as the authoritative source of data 4237

feeds, to the NGEN IDE. 4238

i. Provide and maintain as-is data feeds to the NGEN IDE (e.g., performance data) 4239

in accordance with the NGEN DMP and IA policies. 4240

ii. Implement data tagging standards as described in the NGEN DMP. 4241

iii. Manage changes to the IDE data feeds and structure in accordance with the 4242

CMIP. 4243

iv. A comprehensive list of data and its associated schemas as identified in the 4244

NGEN DMP. 4245

4246

In addition to above, the ES Contractor shall: 4247

a. Collect and integrate TXS and other service provider inputs into a single NGEN DMIP. 4248

(CDRL A053 – Data Management Implementation Plan) 4249

b. Operate, maintain and provide systems administration for the as-is NGEN IDE in 4250

accordance with the NGEN DMP (i.e. tools, applications, databases, data warehouses, 4251

ETL tools, repositories, etc). 4252

Attachment 1



159

i. Perform daily, incremental backup of data environment. 4253

ii. Provide for the restoration of lost data within 24 hours of notification. 4254

iii. Implement and maintain defined taxonomy and metadata standards as published 4255

in the NGEN DMP. 4256

iv. Manage changes to the NGEN IDE in accordance with the CMIP. 4257

v. Configure, operate and maintain SearchNAVY (Autonomy COTS tool) in 4258

accordance with the DMIP. 4259

vi. Integrate updated and refined data sources into the IDE. 4260

vii. Maintain a comprehensive list of NGEN data structures, sources, categorizations 4261

and formats to be aligned with the data feeds. 4262

viii. Provide system integrity reports on unauthorized access attempts, testing results, 4263

or related system integrity metrics as required by the Data Governance Board 4264

(DGB) for ongoing monitoring purposes. (CDRL A007 – Monthly Status Report ) 4265

ix. Provide access and SME support as required for the Government to perform 4266

annual audits related to the integrity of the IDE to ensure execution and support of 4267

NGEN DMP and data security requirements are met. 4268

x. Process requests for user access to the IDE and provide system administration and 4269

support of the IDE data management tools by assigning rights based on roles and 4270

responsibilities identified in the NGEN DMP. 4271

xi. Receive, catalog, and integrate all NGEN service provider data feeds and data 4272

updates to the IDE. This includes timely execution of all inspection and 4273

acceptance procedures as approved by the DGB. 4274

c. Execute continual process and product improvements to the IDE to deliver improved 4275

capabilities, maturity and efficiency. 4276

i. Provide design and implementation documentation for a to-be IDE that promotes 4277

and enables industry best practice for data management and provides a process 4278

and technology roadmap to transition from the current state to the to-be state 4279

outlined in the NGEN DMP. (CDRL A008 – Continuous Service Improvement 4280

Plan): 4281

a) Design documentation 4282

Attachment 1



160

b) Implementation plan 4283

c) Bill of Materials 4284

d) Test Plan 4285

e) Request for Change (RFC) 4286

f) IDE Operations and Maintenance Concept of Operations (CONOPS) 4287

4288


a. Catalog and maintain TXS data. 4290

b. Provide TXS design documentation inputs for the to-be state IDE to the ES Contractor. 4291

4292

3.6 Transition Services 4293

3.6.1 Transition Overview 4294

The over-arching goal of transition is to maintain uninterrupted, quality services (e.g., security, 4295

functionality, and performance) to Navy commands and end users. Transition is the planning 4296

and completion of activities necessary for phase-out from the CoSC Incumbent (hereinafter 4297

Incumbent) providing the services and the phase-in to the NGEN Successors (hereinafter 4298

Successors) providing the services. The Successors will be both Government and other 4299

Contractors. 4300

4301

During the CoSC phase-out, the Incumbent relinquishes responsibility for the provisioning and 4302

operational sustainment of the network as the Successors assumes full operational responsibility, 4303

as defined in the Transition Management Plan (TMP) listed as an attachment in Section J. A 4304

successful transition is measured by the Contractors’ Successors’ ability to provide the required 4305

services. 4306

4307

The Navy’s phase-in approach for the TXS and ES contract segments is based on the 4308

simultaneous transfer of the NGEN infrastructure and services as coordinated among the 4309

Contractors and the Government. The Navy will require phase-out services from the Contractors 4310

to phase-in future NGEN Successor(s). 4311

4312

Attachment 1



161


common management of the services described below. 4314

4315


a. Provide transition services for the phase-in and phase-out periods within the NGEN 4317

environment. 4318

b. Assume responsibility for Work-In-Progress (WIP) for outstanding efforts required to be 4319

assumed during phase-in. 4320

c. Perform transition activities in accordance with the NGEN TMS and the TMP. 4321

4322

3.6.2 Navy Transition Profiles 4323

NGEN Services are provided and supported using IT Service Management (ITSM). For 4324

transition purposes NGEN comprises ITSM and the following profiles: Global Services, Field 4325

Services, Service Desk Services. There are three Global Services profiles five Field Services 4326

profiles and one Service Desk profile. ITSM addresses the tools, processes, and integration 4327

responsibilities required to accomplish NGEN service delivery within the multi-Successor 4328

environment. 4329

4330

Global Services affect the delivery of services across NGEN and are managed centrally. These 4331

services are performed either at a specific site or delivered through a virtual team arrangement. 4332

Global Services include common services that are shared among the service providers. 4333

4334

Field Services are the local resources for touch labor necessary to deliver the NGEN services. 4335

The sites are grouped into five profiles. The criteria for establishing the field services profiles 4336

are a combination of seats, users, and network devices that interface physically with the NGEN 4337

network. 4338

4339

The Service Desk Services profile includes Tier 1 support. Tier 2, Tier 3 and Tier 4 Service 4340

Desk Services are embedded within the Global and Field Service profiles and do not have 4341

dedicated service desk profiles. 4342

Attachment 1



162

4343

Each site is designated with a physical site identifier (PSI) code and with the appropriate 4344

profile(s) within the Site Scheduling Tool. The Contractors shall collaborate with each other and 4345

any other service providers to provide common management of the services described below. 4346

4347

The Contractors shall phase-in NGEN using the Services Profiles in the Profile Summary table 4348

below: 4349

Profile 1 Profile 2 Profile 3 Profile 4 Profile 5 Global Services

GSP1 – Are NOC/ SOC activities and B1 Boundary Suite activities

GSP2 – Are Server Farm/Demilitarized Zone (DMZ) activities and B2 Boundary Suite activities

GSP3 – contains Engineering activities within the EDSS subject matter expertise, Technology Refresh services, Security and IT Certification and Accreditation (C&A) Services support in global processes and global Logistic

n/a n/a

Field Services

FSP1 – Are sites co-located with NOC/SOCs or Contain B1 Boundary Suites

FSP2 – Are sites co-located with Server Farms or Contain B2 Boundary Suites

FSP3 – Contain over 250 seats

FSP4 – Are remotely managed sites and contain between 24 – 249 seats

FSP5 – Are remotely managed sites and contain 23 or less seats

Service Desk Services

SDSP1 - Tier 1 Service Desk Services

n/a n/a n/a n/a

Table 3.6.2-1 Profile Summary 4350 4351

3.6.3 Phase-In Services 4352

The Contractors transition execution period shall not exceed 10 months from the successful 4353

completion of CDR. The Contractors are encouraged to reduce this duration without interruption 4354

to service. 4355

Attachment 1



163

4356 Figure 3.6.3-1 Notional Navy Phase-In Timeframe 4357


common management of the services described below, to accomplish a fully coordinated, 4359

simultaneous phase-in. 4360

4361

The Contractors shall ensure continuity of services during the transfer of service delivery 4362

responsibilities 4363

4364

3.6.3.1 Planning 4365

The Contractors shall deliver a Phase-In Plan and associated Detailed Phase-In Project Plans 4366

including the phase-in schedule to transfer the services, tools, ITSM processes, assets, and 4367

facilities from the incumbent without disrupting end-user services within the NGEN multi-4368

provider community. 4369

4370

3.6.3.1.1 Phase-In Plan and Readiness Templates 4371

The Phase-In Plan provides a description of the Contractors’ technical approach for transferring 4372

services from CoSC to NGEN. The Readiness Templates identify the repeatable process and 4373

Notional Navy TXS & ES Transition TimelineFY13 FY14

Qtr 1 Qtr 2 Qtr 3 Qtr 4 Qtr 1 Qtr 2

n/a n/a 30 60 90 120 150 180 210 240 270 300 330 360 390 420 450 480 510

TXS Services & ES Services Phase-In

SOLICITATION / CONTRACT

PLANNING

Phase-In Plan

Detailed Plans for Identified Projects

PRE-EXECUTION & PROGRAM EVENTS 2%

Systems Engineering Technical Reviews

Preliminary Design Review (PDR)

Critial Design Review (CDR)Project Readiness to Transition Reviews (RTR) %

EXECUTION

Project 1 Service Management Phase-In

Project 2 (GSP 1, 2, 3 and FSP 1)

Project 3 (Service Desk Services)

Project 4 (GSP 2 and FSP 2 & 3)

Project 5 (FSP 4)

TXS / ES Award

ES & TXS PDR

100%100%100%100%100%100%

ES & TXS Phase‐in Plan

ES & TXS CDR

ES & TXS Execution

23

54

ES & TXS Detailed Phase‐in Project Plans

Pre‐Execution & ProgramEvents

Planning

1

1 2 53+4

Attachment 1



164

reusable tools that can be applied, as appropriate, to Service Management or a Global, Service 4374

Desk, or Field Services Profile for purposes of phase-in. 4375

4376

The Contractors shall prepare the Phase-In Plan containing the Readiness Templates. (CDRL 4377

A016 - Phase-In Plan) 4378

4379

In addition to the above, the ES Contractor shall deliver an integrated Phase-in Plan and 4380

Readiness Templates to include the TXS Contractor’s portion. 4381

4382

3.6.3.1.2 Detailed Phase-In Project Plans 4383

The purpose of a Detailed Phase-In Project Plan is to identify the detailed tasks and schedule to 4384

accomplish each transition Phase-In project. 4385

4386

The Contractors shall prepare the Detailed Phase-In Project Plans. (CDRL A054 – Detailed 4387

Phase-In Project Plans) 4388

4389

In addition to the above, the ES Contractor shall deliver the integrated Detailed Phase-In Project 4390

Plans to include the TXS Contractor’s portion. 4391

4392

3.6.3.2 Pre-Execution 4393

Pre-Execution activities include coordination with the Government, NGEN Contractors, and 4394

other Successor Providers to become ready for Execution. 4395

4396


a. Complete readiness activities identified within the Contractors’ Phase-In Plans, Detailed 4398

Project Phase-In Plans, and Readiness Templates. 4399

b. Conduct PDR and CDR, training, and Readiness to Transition Reviews (RTR). 4400

4401

3.6.3.2.1 Readiness Templates 4402

Attachment 1



165

The Contractors shall complete the appropriate Readiness Template with the relevant 4403

information and current status of all readiness activities for ITSM and the Global, Field and 4404

Service Desk profiles as necessary to accomplish the five (5) Phase-In projects described in the 4405

NGEN Transition Phase-In Execution of the PWS. For the five Phase-In Projects the 4406

Contractors shall deliver the Readiness Template information as follows: (CDRL A055 – 4407

Readiness Templates) 4408

a. ITSM, Global, Field and Service Desk Readiness Templates containing the relevant 4409

information and current status for each site within Projects 1, 2, 3, and 4. 4410

b. A single report containing all the relevant information and current status for the Field 4411

Services for sites in Project 45. 4412

4413

In addition to the above, the ES Contractor shall deliver integrated completed Readiness 4414

Templates to include the TXS Contractor’s portion. 4415

4416

3.6.3.2.2 Readiness to Transition Review (RTR) 4417

During an RTR, the Contractors demonstrate transition readiness based on successful completion 4418

of the tasks contained on the applicable template. Upon successful conclusion of an RTR, the 4419

Contractors will have Government approval to Assume Full Operational Responsibility (AFOR) 4420

on the agreed upon dates for the services and sites presented at the RTR. RTRs shall be 4421

conducted in accordance in the Table 3.6.3-1 below. 4422

4423


a. Prepare an RTR Package, to demonstrate readiness to Phase-In the applicable services at 4425

the sites identified within each Detailed Phase-In Project Plan. (CDRL A056 – Readiness 4426

to Transition Review Package) 4427

b. Conduct the RTRs: 4428

i. Provide presentation via Defense Connect Online for remote Navy participants. 4429

4430


a. Integrate the TXS Contractor’s portion into the final RTR packages 4432

Attachment 1



166

b. Host the RTRs. Ensure requirements are in meeting requirements 4433

4434

3.6.3.3 NGEN Transition Phase-In Execution 4435

The sequence of Phase-In Execution is for the Successors to assume responsibility of the ITSM 4436

services first, followed by Global services and then the remaining services. 4437

4438

The Contractors shall execute the Phase-In Projects as described in the table below: 4439

Project Short Description Sites: Execution

Timeframe* 1 • Phase-in of the NGEN ITSM

Capabilities • N/A • RTR conducted

at PDR • Project shall not

exceed 30 days • AFOR being 40

days after PDR / RTR

2 • GSP1 Services within the three NOC/SOC Services

• GSP1 Services for sites with B1 Boundaries

• GSP2 Services within any Server Farms co-located with the NOC/SOC or B1 Boundary sites

• FSP1 services for users co-located with the NOC/SOC and B1 Boundary sites

• GSP3 Services

• NOC/SOC Sites: NRFK, PRHL, SNDI

• B1 Boundary Sites: PAXR, BRM, PTNH, CHLK, JAXS

• Server Farm Sites: NRFK, SNDI, PRLH, PAXR, BREM, JAXS

• B2 Boundary Sites: NRFK, PRLH, SDNI, PAXR, CHLK,JAXS, BREM

• RTR conducted at CDR

• Project shall not exceed 90 days

• AFOR begins 40 days after PDR

3 • SDSP1 • Service Desk Sites: NRFK (GFF) and Contractor provided redundant location

• RTR conducted 90 days after CDR

• AFOR begins 40 days after RTR


4 • GSP2 Services for all remaining Server Farms

• GSP2 Services for all remaining B2 Boundary Sites

• FSP2 services for users co-located with the remaining Server Farms and

• Remaining Server Farm Sites: WNYD, NWOR, LEMR, PRTH, MECH, SPSC, MUGU, SDNS, CHRL, FALN, CRAN, OCEN, CHRL, MILL

• RTR conducted 90 days after CDR


Attachment 1



167

B2 Boundary Sites • FSP3 services for users co-located at

PHIL • FSP3 services for sites with over 250

users

• B2 Boundary Sites: WNYD, NWOR, LEMR, PRTH, MECH, MUGU, SDNS, FALN, CRAN, OCEN, CHRL, MILL, PHIL

• Sites with over 250 users: See Site Scheduling Tool


5 • FSP3, FSP4, and FSP5 Services for users located at the remotely managed sites

See Site Scheduling Tool • RTR conducted 180 days after CDR



*Reflects calendar days Table 3.6.3-1 Phase-In Projects 4440

4441

3.6.3.4 Success Criteria 4442

Completion of Pre-Execution activities is a prerequisite for entering the Execution Stage of 4443

Phase-In. During Phase-In, the Contractors shall perform the activities, plans, and processes 4444

prescribed in the approved Detailed Phase-In Project Plans in order to AFOR. 4445

4446


a. Deliver all planning artifacts per the Contractor developed Phase-In schedule 4448

b. Complete Pre-Execution activities on the schedule identified within the Contractor 4449

Readiness Templates. 4450

c. Meet staffing levels (i.e., inventory of workload capacity and current staff 4451

availability) identified in the Contractor’s Phase-In Plan. (CDRL A016 – Phase In 4452

Plan) 4453

d. Assume asset management of the NGEN GFP in accordance with the requirements 4454

identified in the PWS. 4455

e. Assume operations, maintenance, auditing, inspections, repair, and accountability for 4456

and access control to all GFF space and related infrastructure assigned. 4457

f. Deliver Finalized Readiness Templates. (CDRL A055 – Readiness Templates) 4458

Attachment 1



168

g. Assume full responsibility for the service management capabilities in the NGEN 4459

environment. 4460

h. AFOR for the provisioning and sustainment of NGEN Services 4461

i. Completed within the time specified in the Phase-In Projects table above. 4462

4463

3.6.4 NGEN Phase-Out Services 4464

At a future time, when NGEN Successor(s) are selected to replace the Contractors, Phase-Out 4465

services to relinquish the responsibility for the provisioning and operational sustainment of the 4466

network will be required. The Contractors shall collaborate with each other and any other 4467

service providers to provide common management of the services described below, to 4468

accomplish a fully coordinated Phase-Out. 4469

4470

3.6.4.1 Planning 4471

The Contractors shall prepare its Phase-Out Plan. (CDRL A057 – Phase-Out Plan) 4472

4473

3.6.4.2 Pre-Execution 4474

Phase-Out Pre-Execution includes preparing the NGEN environment and the Successor(s), both 4475

Government and Contractor, to AFOR the provisioning and sustainment of NGEN operations. 4476

4477

3.6.4.2.1 Work In Progress 4478

The Contractors shall, within 30 days of Government notification of intention to Phase-Out, 4479

identify any backlogged work and provide all associated information necessary to identify unmet 4480

requirements for all the remaining Work In Progress (WIP). 4481

4482

3.6.4.2.2 Successor Preparation for the NGEN Environment 4483

Activities during the Phase-Out Pre-Execution period include preparation of the Government and 4484

the Successor Contractors. 4485

4486

Prior to Phase-Out, The Contractors shall: 4487

a. Provide Successor Preparation Services to include: 4488

Attachment 1



169

i. Provide a total of 4,000 hours of SME to SME knowledge transfer sessions. 4489

ii. Within the NGEN operational environment, provide job shadowing for a total of 4490

360 people prior to, during, and post Successor AFOR. This includes allowing the 4491

successor contractor employee to handle live work, and can be in a collocated 4492

situation or remote. 4493

iii. Provide critical situation simulations allowing the successor contractor employee 4494

to demonstrate proficiency in managing services during an event that has high 4495

negative impact on the Intranet services. 4496

4497

3.6.4.2.3 Business Operational Support 4498

The Contractor shall deliver the underlying processes and tools necessary to monitor and assist 4499

with the fulfillment of contracted requirements, solutions, and implementations. To facilitate 4500

transitioning responsibilities in a “step-down” fashion, where a portion of the service has been 4501

transferred to the new Successor(s) the Contractors shall provide access to the systems required 4502

to perform its tasks: 4503

a. Modify processes and supporting tools to grant access. 4504

b. Incorporate transition business rules into the tools as required. 4505

4506

3.6.4.3 Execution and Success Criteria 4507

Prior to the end of contract performance, the Contractors perform Phase-Out Execution activities 4508

to transfer relinquish the Global, Field and Service Desk Services as defined in this PWS to a 4509

Successor(s). 4510

4511


a. Continue to provide operational staff and expertise during the Phase-Out Execution for 4513

stabilization of the three Global Service Profiles and Service Desk Services Profiles, and 4514

the five Field Services Profiles after the transfer of operational responsibility to minimize 4515

disruption and maintain available and on-going services. 4516

b. Provide Tier 2, 3, and 4 support services as defined in this PWS to ensure stabilization of 4517

the NGEN environment. 4518

Attachment 1



170

c. Transfer ITSM processes. 4519

d. Participate in Successor monthly IPR to validate progress towards Phase-Out. 4520

e. Report and document transition status in Monthly IPR and in Monthly Status Report. 4521

(CDRL A003 – Presentation Materials, CDRL A007 – Monthly Status Report) 4522

f. Complete Phase-Out of NGEN Services. 4523

4524

In addition to the above, the ES Contractor shall provide Tier1 support services as defined in the 4525

PWS to ensure stabilization of the NGEN environment. 4526

4527

3.6.5 NGEN Optional Transition Services Move to Section C under CLIN 56 4528

Optional Phase-In services may include additional seats within Navy Legacy Networks and other 4529

services required to achieve the Phase-In and Phase-Out services detailed in the PWS. The 4530



4533

3.7 Litigation 4534


a. Assist DON attorneys according to the parameters set by the lead DON attorney to 4536

respond to subpoenas, discovery requests, court orders and other matters related to 4537

litigation that require the discovery, production, archiving, retention, or rotation of end 4538

user electronic information and Internet or Intranet activity information. Such assistance 4539

will not include any subjective decision making by the Contractor(s). 4540

b. Respond within 10 calendar days (or 20 calendar days in the case of retrieving 4541

information from network backup tapes) from the date of the lead DON attorney’s 4542

written request unless otherwise agreed by the lead DON attorney. 4543

c. Provide the following Litigation Support Services: 4544

i. Accurate, timely and complete information as requested by the lead DON attorney 4545

for DON responses to discovery requests served on the Government. The DON 4546

Lead Attorney will direct the Contractor(s) by describing the type of information 4547

Attachment 1



171

sought. Contractor(s) will not make any determination as to whether such 4548

information requested is “responsive” or no. 4549

ii. Accurate information and documentation concerning infrastructure configuration 4550

and information that describes management of any network under the 4551

Contractors’ control, including encryption, protocols for network back-up 4552

procedures, enterprise and other legacy systems, preservation protocols, and data 4553

applications used, etc. (if not classified). 4554

iii. Information concerning electronic discovery and data issues as these topics apply 4555

to networks and any enterprise and other legacy systems controlled by the 4556

Contractor(s) (e.g., information required for the Government in to evaluate the 4557

scope of potential electronic discovery agreements and electronic data 4558

preservation orders). 4559

a. Information on electronic discovery issues related to items under the 4560

Contractor’s control. 4561

b. Data to authenticate electronic information. 4562

c. Recovery of network backup tapes within reason, for up to 30 calendar 4563

days from the date of the lead DON attorneys request or a litigation hold, 4564

including signed and dated affidavits by a Contractor(s) information 4565

custodian stating that data is accurate to the best of his or her knowledge, 4566

as well as where, how, and when the electronic information on the backup 4567

tapes was collected and recovered. 4568

i. Preservation of relevant network backup information, including 4569

taking network media out of the Contractors’ network backup 4570

rotation and storing as required to respond to Government 4571

litigation needs. 4572

ii. Accurate data from data seats or mobile devices, including sector-4573

by-sector imaging that preserves the integrity of the original data 4574

and metadata. 4575

Attachment 1



172

iii. Periodic audit planning for electronic records, including 4576

conducting audits as directed by the Government and providing 4577

reports of compliance on a periodic basis. 4578

d. Provide the following Litigation Holds services: 4579

i. When notified by the Government to place a litigation hold on a category of 4580

records, the Contractor(s) shall locate, secure and preserve, within reason those 4581

records found in Contractor-controlled Online and off-line storage. A single 4582

litigation hold notice may cover one, few or many different categories of records. 4583

In addition, the Contractor(s) shall search end user controlled online storage areas 4584

of specified end users. If the Government does not specify the manner or method 4585

of performance for the litigation hold, the Contractor(s) may use any means 4586

generally accepted in the industry for preserving evidence in anticipation of 4587

litigation. A generally accepted preservation method would be to make a read-4588

only copy of the pertinent native files on a hard drive or portable media with 4589

back-up copies stored at a different site. The Contractor(s) shall discontinue 4590

routine destruction of those records. The Contractor(s) shall continue to locate, 4591

secure and preserve that category of records or end usercontrolled online storage 4592

areas of specified end users until notified by the Government that the litigation 4593

hold has ended. After the litigation hold has ended, the Contractor(s) may resume 4594

normal records management practices including the routine destruction of records. 4595

ii. Provide the Government copies of the records held for each litigation hold 4596

request. Unless otherwise specified by the Government, the Contractor(s) may 4597

produce the records as preserved by providing a read-only copy on hard drive or 4598

portable media. The Contractor(s) shall also provide documents identifying the 4599

records, their file type, the corresponding litigation hold and category. 4600

iii. Maintain a record of its actions on each litigation hold request and report the 4601

status of litigation holds to the Government upon request. Upon request, the 4602

Contractor(s) shall report, for each litigation hold request, a description of the 4603

records preserved, including their quantity, category, file type, and location. 4604

e. Provide the following Records Searches and Production Services: 4605

Attachment 1



173

i. When the lead DON attorney requests a search for a category of records, the 4606

Contractor(s) shall search Contractor controlled online and offline storage for the 4607

requested records. A single search request may request one, few or many 4608

different categories of records. In addition, the Contractor(s) shall search end user 4609

controlled online storage areas of specified end users. The Contractor(s) shall 4610

secure and preserve all responsive records found. If the Government does not 4611

specify the manner or method of performance, the Contractor(s) may use any 4612

means generally accepted in the industry for preserving evidence in anticipation 4613

of litigation. A generally accepted preservation method would be to make a read-4614

only copy of the pertinent native files on a hard drive or portable media with 4615

back-up copies stored at a different site. The Contractor(s) shall discontinue 4616

routine destruction of those records. The Contractor(s) shall continue to locate, 4617

secure, and preserve that category of records until notified by the Government. 4618

ii. Produce all responsive records found as soon as practical, and give to the 4619

Government as soon as practical. Unless otherwise specified by the Government, 4620

the Contractor(s) may produce the records as preserved by providing a read-only 4621

copy of all responsive records on hard drive or portable media. With each 4622

production, the Contractor(s) shall provide a document identifying the records, 4623

their file type, corresponding request, and the category. 4624

iii. Maintain a record of actions on each search request and report the status of the 4625

searches to the Government upon request. Upon request, the Contractor(s) shall 4626

report for each search request a description of the records found and preserved, 4627

including their quantity, category, file type, and location. 4628

iv. Respond to written requests for information retrieval from end user hardware and 4629

all other equipment on the network including Contractor controlled online and 4630

offline storage and end user controlled offline storage. The Contractor(s) shall 4631

locate, secure, preserve, and provide records responsive to identified document 4632

records or record categories. Unless otherwise specified, the Contractor(s) may 4633

use any means generally accepted in the industry to preserve retrieved documents. 4634

Attachment 1



174

Upon request, the Contractor(s) shall produce responsive records found as soon as 4635

practical, unless a response perior is otherwise specified. 4636

d. Provide the following Testimony Services: 4637

i. Upon timely request by the Government, the Contractor(s) shall provide credible, 4638

qualified knowledgeable individuals to testify as “Keeper of the Records” in 4639

litigation and investigations before various courts, boards, agencies and other 4640

forums. This often requires travel to various locations within the United States, 4641

review and analysis necessary to form conclusions and opinions, interviews by 4642

various attorneys, and preparation for testimony and cross-examination. It may 4643

also involve assisting attorneys representing the Government in preparing 4644

disclosures of the substance of facts and opinions of the witness’s expected 4645

testimony. The testimony may consist of both factual and expert testimony and 4646

may among other subjects address: authenticity of evidentiary copies of electronic 4647

records, search efforts related to document requests, preservation efforts related to 4648

litigation hold requests, missing and destroyed electronic records, and the 4649

Contractors’ routine business practices including policy and procedures regarding 4650

the routine destruction of records. In testifying about Government records and 4651

information the Contractor(s) and witnesses shall follow all reasonable 4652

instructions of the attorneys representing the Government, (e.g., the assertion of 4653

privileges and instructions limiting testimony). Testimony may take three forms 4654

and in all forms must be accurate. 4655

a) Testimony may be presented through an Affidavit or Declaration under 4656

penalty of perjury rather than live testimony, such as in support of a 4657

summary judgment motion. 4658

b) Testimony may be presented Under Oath in response to oral or written 4659

questions for a deposition. Although a judge may not attend the 4660

deposition, the deposition is still in effect before a judge or other presiding 4661

official. Testimony is recorded by a court reporter that prepares a written 4662

transcript and may prepare a video recording. The testifying witnesses 4663

shall review, correct, and sign video and written deposition transcripts in 4664

Attachment 1



175

accordance with the procedures of the respective forum. Contractor(s) 4665

reserves the right to have its counsel present for such proceedings. 4666

c) Testimony is presented at a Trial or Hearing, under oath in accordance 4667

with procedures set by the presiding official. Testimony may be presented 4668

either orally or in writing, in the form of a narrative report or questions 4669

and answers. Contractor(s) reserves the right to have its counsel present 4670

for such proceedings. 4671

e. Provide the following Technical Advice and Assistance to Government Attorneys: 4672

i. Provide technical advice and assistance regarding NGEN network administered 4673

by the Contractor(s) and the information contained therein to attorneys 4674

representing the Government upon request. 4675

ii. Provide technical assistance in preparing the Government’s case. This includes 4676

preparing for cross-examination of opposing witnesses. 4677

iii. Assist the Government in preparing for discovery of opposing experts’ opinions, 4678

including preparation for and attendance at opposing experts’ depositions. 4679

iv. Provide technical assistance in presenting the Government’s case at trials and 4680

hearings. 4681

v. Assist the Government in preparing for and in conducting cross-examination of 4682

opposing experts, including attendance at trials and hearings during testimony by 4683

opposing experts. 4684

vi. Provide technical assistance in drafting motions and briefs. This includes, among 4685

other things, reviewing and analyzing portions of opposing briefs and motions, as 4686

well as reviewing Government drafts. 4687

f. Adhere to the following Confidentiality and Release of Government Information 4688

provisions: 4689

i. Classified and “No Foreign” information procedures are not relaxed for litigation 4690

or because information might be relevant to litigation. 4691

ii. Unclassified information about the services provided under this section, and the 4692

Government records involved, may be privileged and shall be treated as For 4693

Official Use Only (FOUO), until otherwise directed by the Government. 4694

Attachment 1



176

iii. Information about the services provided or records involved shall not be released 4695

without prior authorization by the Contracting Officer, the Contracting Officer 4696

Representative, or the representative of the office that placed the litigation hold, 4697

or, in the case of actual litigation, an attorney representing the Government in the 4698

matter. 4699

g. If the records involved include records on individuals, the Contractor shall also comply 4700

with the Privacy Act of 1974 and agency rules and regulations issued under the act as 4701

required by the Privacy Act clauses, FAR 52.224-1 and 52.224-2 (April 1984). 4702

4703

4. MARINE CORPS ENTERPRISE SERVICES REQUIREMENTS 4704

4.1 Scope of Work 4705

The scope of this effort is to establish operational control and transition of current enterprise 4706

services from the incumbent service provider; to provide services for the day-to-day operation 4707

and maintenance of the network; and to provide services for technology refresh and 4708

modernization. 4709

4710

The NGEN Functional Baseline was established upon approval of the Systems Design 4711

Specification (SDS) and the successful completion of the Program's System Functional Review 4712

(SFR). NGEN is comprised of 38 NGEN services, covering the breadth of the capabilities 4713

currently provided by the Incumbent Provider. These 38 services are further divided into 4714

"segments" based on whether the services relate directly or indirectly to network Transport 4715

Services (TXS), Enterprise Services (ES) (including non-end user software licensing, some end 4716

user software licensing, and end user hardware), and End User Software Licenses. 4717

4718

For the Marine Corps Management Domain (MD), enterprise services will be managed by 4719

government personnel, with additional support provided by the ES contractor. Notional tasks 4720

include operating, troubleshooting, and monitoring enterprise hardware, infrastructure and 4721

software and may include 24/7 operations, information technology management, data and 4722

migration services, and various support functions. 4723

4724

Attachment 1



177

Throughout the contract period, the contractor will be required to coordinate schedules, support 4725

data collection for assets, provide engineering and technical support, support Enterprise 4726

management and operations, end user requirements management, application and hardware 4727

inventory, transition activities, technical refresh schedules and activities, and life-cycle 4728

sustainment in the USMC IT environment (e.g. SRM data collection, asset reconciliation and 4729

tracking). The scope of task orders will be structured to reflect centralized and distributed 4730

support at all Marine Corps locations including any outlying sites listed in Appendix J. 4731

4732

The contractor will support the USMC operation, maintenance, and sustainment of enterprise 4733

services, perform associated services, provide hardware and software procurement and 4734

associated training. The life cycle support for enterprise services includes the following, which 4735

are detailed in section 4.6 as indicated: 4736

a. Enterprise Engineering Design and Support Services 4737

b. Enterprise Operations Services 4738

c. Data Storage Services 4739

d. Enterprise Messaging Services 4740

e. Application Hosting Services 4741

f. Enterprise Web Portal Services 4742

g. Workflow and Collaboration Services 4743

h. Directory Services 4744

i. COOP/Disaster Recovery/Business Continuity Services 4745

j. File Removal Services 4746

k. Electronic Software Delivery Services 4747

l. Commercial Voice Services 4748

m. VOIP Options and Services 4749

n. Unclassified Mobile Phone Services 4750

o. Classified Mobile Phone Services 4751

p. VTC Services 4752

q. Cross Domain Security Services 4753

r. Security Configuration and Management Services 4754

Attachment 1



178

s. Boundary, DMZ, and COI Services 4755

t. Malware Detection and Protection Services 4756

u. Security Event Management Services 4757

v. Security and IT Certification and Accreditation Services 4758

w. Authentication and Authorization Services 4759

x. Network Access Control Services 4760

y. Fixed and Portable Computing Services 4761

z. Thin Client Computing Services 4762

aa. Optional Hardware and Software Services 4763

bb. Remote Access Services 4764

cc. Printing Services 4765

dd. Service Desk Services 4766

ee. Desk Side Support Services 4767

ff. End user Training Services 4768

gg. Network Operations and Cyber Security Training Services 4769

hh. Testing and Evaluation Services 4770

4771

4.2 Program Management 4772

This section describes the types of work the ES contractor shall provide under this contract to 4773

achieve management, technical, logistical, cost and schedule objectives. The ES contractor shall: 4774

a. Maintain a formal program management organization and identify responsible key 4775

personnel who will provide program planning, support, development, and maintenance of 4776

a management plan that describes the ES contractor’s organizational assignment of 4777

functions, duties, and responsibilities. Designate at least one individual and alternate 4778

with the responsibility and authority to execute required courses of action as directed by 4779

the government. 4780

b. Define and establish clear lines of authority and responsibility between all organizational 4781

elements and update the Government when changes are made. 4782

Attachment 1



179

c. Provide input and comments into requirements development, discussions, designs, 4783

testing, evaluations, implementation, deployments, sustainment, risk management, and 4784

recommendations to the Government. 4785

d. Plan required post-install site certification, implementation, testing, resources, and 4786

coordination activities and identify roles and responsibilities, to include migration of user 4787

data. 4788

e. Provide project management and technical support (e.g., participate in discussions, design 4789

solutions, risk identification, make recommendations and develop schedules for approval) 4790

such as: 4791

i. Attend leadership team meetings. 4792

ii. Prepare briefing material as required to address the agenda items proposed by the 4793

government before the scheduled meetings. (CDRL AXXX) 4794

iii. Attend and provide support for Conferences. 4795

iv. Provide SME support, briefings and technical material as required. 4796

v. Conferences will be sponsored by the Government. 4797

f. Conduct Program Management Reviews (PMRs) quarterly including an overview of 4798

enterprise operations, schedule performance (review of the master schedule of key 4799

projects), contract status (including a discussion of open issues and negotiations in 4800

process), status of legacy operations, operational metrics and trending, metrics for key 4801

projects, and an overall assessment of program risk. 4802

i. Provide a venue for the PMRs 4803

ii. Develop agendas and record minutes for PMRs. (CDRL AXXX) 4804

iii. Provide a proposed draft agenda to the government 21 business days prior to the 4805

scheduled PMR. Modify or add items to the PMR agenda when requested by the 4806

government, provided these requests are transmitted to the ES contractor within 4807

five business days of government receipt of the draft agenda. Track and provide 4808

status of official communication with the Contracting Officer’s Representative 4809

(COR) such as technical direction and transmittals. (CDRL AXXX) 4810

Attachment 1



180

iv. Comply, measure and report the service level requirements, service level 4811

objectives and operational level agreements for each of the transport-related 4812

services using government provided tools and processes. 4813

g. Maintain web enabled tools for tracking status of requests that have been received by the 4814

contractor. 4815

h. Notify the government POC when agreed upon deadlines will not be met and what are 4816

the risks associated with schedule slip. 4817

i. Provide quality assurance plans (QAPs) for designated NGEN initiatives including, but 4818

not limited to, plans, training materials, process improvement and conflict resolution 4819

processes, customer feedback processes, and trend analysis (CDRL AXXX). 4820

j. For all meetings/briefings, provide executive level and/or SME support, briefings, 4821

technical material, meeting minutes and action items, as required. 4822

k. Provide SME support, briefings and technical material as required and provide meeting 4823

minutes. 4824

l. Execution Discipline Decision meetings will be held as required to validate completion of 4825

program/project milestones. 4826

m. Provide SME support, briefings and technical material as required. 4827

n. Joint Government/Contractor WAN Team meetings will be held to review and update 4828

issues and actions. 4829

o. Have the Program Manager (or designee) and key Contractor personnel attend PMRs. 4830

p. Provide ad hoc reports as required by the Government in accordance with (CDRL 4831

AXXX). 4832

q. Provide Contractor Management Plan in accordance with (CDRL AXXX). 4833

r. Provide PMR Action Items, Requests for Information and Timelines for closure in 4834

accordance with (CDRL AXXX). 4835

4836

4.3 Risk Management 4837

Risk Management provides an organized means of identifying, measuring, and ranking risks and 4838

developing, selecting, and managing options for resolving or mitigating risks. The ES contractor 4839

shall: 4840

Attachment 1



181

a. Establish and execute a risk management program in accordance with the Risk 4841

Management Guide for DoD Acquisition, Sixth Edition (Version 1.0) dated August 2006 4842

and the NGEN Risk Management Plan (Attachment XXX). 4843

b. Designate a Risk Manager who reports directly to the ES Contractor Program Manager 4844

and serves as the primary point of contact for the Government on all matters relating to 4845

risk management. 4846

c. Conduct a risk analysis (i.e. risk identification and assessment) and brief results to the 4847

Government (CDRL AXXX). 4848

d. Support monthly NGEN Risk Management Board meetings. 4849

e. Prepare and present new program risks with proposed mitigation plans and strategies and 4850

report on the mitigation status of existing risks. 4851

4852

4.4 IT Service Management (ITSM) 4853

ITSM is a framework of specialized functions and processes that, in conjunction with IT 4854

infrastructure and personnel, provides value to managers, technicians and customers in the form 4855

of IT services. ITSM processes support conceptualization, planning, procurement, 4856

implementation, and operation of IT services. Well-defined process interfaces ensure the 4857

integration of acquisition, governance, and operational activities. USMC E-ITSM (E ITSM) 4858

processes and activities are based on the Information Technology Infrastructure Library (ITIL) 4859

v3® lifecycle and processes, but are tailored to the unique policies, culture, and organizational 4860

constructs of the USMC. In the future net-centric operational environment, the Marine Corps 4861

will become increasingly dependent on IT services and capabilities, so service management will 4862

become even more important. The ES contractor is responsible for participating in the USMC E 4863

ITSM framework by managing and reporting work activities according to defined processes, 4864

procedures, work instructions, and metrics. The ES contractor will align its teams with USMC 4865

NETOPS organizations and participate in the ITSM framework on the behalf of these different 4866

enterprise, regional, and local organizations under the guidance of local commanders and 4867

managers. The ES contractor shall ensure that its activities are recorded separately, allowing the 4868

government to examine the contractor's specific contribution to USMC IT services. A notional 4869

Attachment 1



182

tools list is provided in Appendix H. EITSM Guide to Reference list in Section 2. 4870

4871

4.5 Performance Requirements 4872

4.5.1 Performance Quality 4873

The enterprise services contractor shall be evaluated against the performance standards defined 4874

in the quality assurance surveillance plan (Appendix A). 4875

4876

4.5.1.1 Quality Control Plan 4877

Within thirty (30) calendar days after initial task order award, the ES Contractor shall establish 4878

and maintain a complete quality control plan (QCP) that shall ensure the requirements of the 4879

contract are provided as specified in Sections 4.3, 4.4, and 4.6 of this document. This will be a 4880

“living” document that covers the initial task order and allows changes including future task 4881

orders, (CDRL AXXX). All documents, artifacts, reports etc developed under this contract are 4882

government property. 4883

4884

4.5.1.2 Government Representatives 4885

The government will designate representatives to evaluate contractor personnel against these 4886

categories. Representatives generally hold positions as MITSC directors, Ops managers, 4887

MCNOSC site leads, MCNOSC department heads, and designated G6 leadership. Specific 4888

personnel will be identified within thirty (30) calendar days after task order award. 4889

4890

4.5.2 Phase In/Phase Out Period 4891

4.5.2.1 Phase In Period 4892

Phase in period encompasses the people, processes, tools, technologies, and sequenced activities 4893

required to transfer service operations from the incumbent. The phase in period of services will 4894

occur beginning December 2012. 4895

4896

Contractors shall support a smooth transition with processes, procedures, and tools currently 4897

utilized to provide these services. The ES Contractor shall: 4898

a. Participate in readiness reviews during the phase in period. 4899

Attachment 1



183

b. Propose a staffing plan to support task order requirements that encompass staffing and 4900

on-boarding activities for locations specified. Staffing plan shall include labor 4901

categories, describe associated skill sets, and level of support required to meet the service 4902

requirement in this PWS. (CDRL AXXX) 4903

4904

4.5.2.2 Phase Out Period 4905

Phase out period encompasses the people, processes, tools, technologies, and sequenced 4906

activities required to transfer service operations to the successor. Contractors shall support a 4907

smooth transition and familiarization with processes, procedures, and tools currently utilized 4908

under this contract to the successor. During the phase out period, the ES Contractor shall: 4909

a. Participate in readiness reviews 4910

b. Provide and execute a phase-out plan in accordance with the terms of the NGEN 4911

Enterprise Service Contract to ensure continuity of services, minimize any decreases in 4912

productivity, and prevent possible negative impacts on additional services during the 4913

phase out period. (CDRL AXXX) 4914

c. Provide knowledge transfer, support successor job shadowing, training, and other 4915

activities in order to transfer the full operation of services. (CDRL AXXX) 4916

4917

4.6 Services Provided 4918

The ES Contractor shall support a broad range of technical, operational, maintenance and 4919

management functions in support of delivery of enterprise services to the Marine Corps 4920

Management Domain (MD), and be expected to support the following elements: 4921

4922

Note: Unless a CDRL is cited, the format, font, and content of data deliverables should be at the 4923

contractor’s discretion subject to the PM’s final approval. Due date is as requested by the 4924

government. 4925

4926

4.6.1 Enterprise Engineering Design and Support Services (EEDSS) 4927

Enterprise engineering design and support services (EEDSS) provide the functions needed to 4928

design, model, test, pilot, and implement the interfaces and services required for underlying 4929

Attachment 1



184

enterprise functionality, provisioning of data and resources, and harmonization of 4930

business/operational functions with interfaces and services. 4931

4932

4.6.1.1 Specific Tasks 4933

For EEDSS, the support tasks the ES Contractor shall perform or provide include: 4934

a. Support the development of architectures for new or expansions of existing services. 4935

b. Provide input and support the Government in developing plans for new services or 4936

expansion of existing services including deployment plans. 4937

c. Provide input and support the Government in developing a deployment plan for any 4938

technology refresh of existing core services. 4939

d. Configure enterprise core services HW/SW to the current government-approved solution 4940

operating configuration. 4941

e. Install enterprise core HW/SW, at the appropriate location in accordance with 4942

government direction. 4943

f. Provide input and support the Government in updating/revising architecture designs to 4944

accommodate new or changing requirements, emerging technology, and results of 4945

vulnerability assessments to ensure compliance with government security mandates. 4946

g. Support software upgrade plans, including tools extensions and templates, as provided by 4947

the software developer(s) to meet security or specific functionality requirements 4948

indentified by the Government. 4949

h. Provide input and support the Government in developing technical documentation to 4950

support various technical reviews. 4951

i. Support the establishment of metrics to capture equipment performance trends. 4952

j. Implement specific item unique identification (IUID) marking as defined in MIL-STD-4953

130N, DoDI 5000.64 DoDD 8320.03 and DFARS clause 252.211-7003. 4954

k. Support the engineering of core builds for each operating system comprised of software 4955

provided by the government, a contractor or by a third party contractor. 4956

l. Support the development for each operating system on the network applicable Group 4957

Policy Objects (GPOs) based on the corresponding Government documentation such as: 4958

Attachment 1



185

i. Develop for each Operating System on the Network applicable Group Policy 4959

Objects (GPOs) based on the corresponding Defense Information Systems 4960

Agency (DISA) Security Technical Implementation Guides (STIG) and the 4961

Marine Corps Enterprise DAA guidance regarding the Federal Desktop Core 4962

Configuration (FDCC), as directed by the Office of Management and Budget 4963

(OMB) memorandum M‐07‐11, "Implementation of Commonly Accepted 4964

Security Configurations for Windows Operating Systems," March 22, 2007, 4965

guidelines and configurations (from National Institute of Standards and 4966

Technology; National Vulnerability Database for FDCC). 4967

m. Develop a core image for building or rebuilding of a data seat. 4968

n. Ensure the core build operates and meets all requirements as defined by the government. 4969

Identify potential compatibility issues with other core build software, information 4970

assurance settings, impact to network operations, virus protection and standard hardware 4971

configurations. 4972

o. Incorporate Government requirements identified at the semi-annual Core Build joint 4973

review meeting. 4974

p. Maintain a comprehensive list of the Core Build and Engineering Change Control Board 4975

(ECCB) approved software, as well as software patches, GPOs and upgrades provided by 4976

the Government for installation on the Network. Provide these lists to the government in 4977

accordance with (CDRL AXXX) (version control). 4978

q. Obtain Government approval for hardware and software specifications/BOM. 4979

r. Implement approved engineering solutions in the USMC domain. 4980

s. Review Requests for Change (RFC) and validate the classification of the change in 4981

accordance with MIL-HDBK-61. 4982

t. Support the maintenance of an electronic records management application (RMA) 4983

certified in accordance with the current DoD Standard 5015.2- STD and consistent with 4984

DON policy such as Total Records and Information Management (TRIM). 4985

u. Support the implementation of Electronic Records management in accordance with 4986

current DoD 5015.2-STD and DoDI 8500.2. 4987

Attachment 1



186

v. Provide authorized users the ability to: add new documents; “check-out” existing 4988

documents by locking edit access of other users; “check-in” documents by saving any 4989

changes and removing edit-lock; maintain control of a document’s master/original copy 4990

and all versions stored in the repository. 4991

w. Provide an audit log of all actions users take in the system; provide the following 4992

standard reports: records due transfer to National Archives and Records Administration 4993

(NARA) or a federal record center, records due for destruction / deletion, records on 4994

hold/freeze for litigation/inquiry, records without a disposition assigned, offline storage 4995

(data, workflows and documents on a medium that is removed from system access), audit 4996

report of events on content: Record Management Administration, and record “file plan. 4997

x. Provide a workflow capability to create, modify, and save custom (ad-hoc) document 4998

routing paths with multiple assignable due dates; allow for “rule-based triggers” in the 4999

workflow (Support decision base routing on time, approval/disapproval, user defined or 5000

set-values and user actions); provide the capability to send an email that a workflow will 5001

be arriving soon, has arrived, is overdue, and/or is in suspense; provide the capability to 5002

link electronic documents to emails; provide the capability to review and approve 5003

workflow documents; provide the capability to close a workflow; provide the capability 5004

to delete a workflow; provide an audit record of every reference to a workflow. 5005

y. Support geographically-separated storage sites for the records contained in the RMA 5006

utilizing a SAN architecture to provide logical separation of data, redundancy, and 5007

security. 5008

z. Allow all authorized users access to the RMA through the capability to manage 5009

permissions such that: (1) users can have access to all non-restricted records in the 5010

system, and (2) record access can be restricted when appropriate. 5011

aa. Support integration with records stored in the legacy RMA system. 5012

bb. Assist the Government with planning hardware and software upgrade roadmaps to 5013

support testing, Service Desk, and on-site support training. 5014

cc. Submit C&A packages to the Government for approval. 5015

dd. Maintain Core Build software. The NGEN Workstation Core Build is comprised of an 5016

Operating System (OS), core applications (i.e. Microsoft Office), and hardware specific 5017

Attachment 1



187

configuration items and the associated configuration characteristics of specific 5018

workstation platforms. Changes to the Core Build occur when 1) specific Core Build 5019

components are updated; 2) new components are added to the Core Build; 3) security 5020

patches are applied to the components in the Core Build; or, 4) existing Core Build 5021

components are retired and removed from the Core Build. Core Build software will 5022

include but is not limited to: 5023

i. Operating systems (OS) to include drivers associated with OS hardware 5024

compatibility list as provided by the original equipment manufacturer (OEM) 5025

ii. Office Productivity Suite 5026

iii. Desktop management software 5027

iv. Email services software 5028

v. Internet browsing software 5029

vi. Virus protection software 5030

vii. PDF viewer software 5031

viii. Remote access services (RAS) software 5032

ix. GIS Viewer to view geospatial material 5033

x. Terminal and Print Emulator – Host 5034

xi. Compression tool 5035

xii. Collaboration tool 5036

xiii. Multimedia capability to view video and listen to audio 5037

xiv. Electronic records management 5038

xv. Security software 5039

xvi. Software management 5040

xvii. Inventory and remote control software 5041

xviii. Smart Card software 5042

xix. Just-in-time Compiler 5043

xx. Virtual Private Network (VPN) Client 5044

xxi. Remote Software Installation Tool Set 5045

5046

4.6.2 Enterprise Operations Services 5047

Attachment 1



188

Enterprise operations services include the day-to-day activities required to provide monitoring, 5048

management, administration, and maintenance for all manned and unmanned NGEN operational 5049

facilities. 5050

5051


For Enterprise Operations Services, the specific support tasks the ES Contractor shall perform or 5053

provide include: 5054

a. Perform monitoring and management of enterprise core services, including email and file 5055

share, using government provided tool suites. The government shall have access to all 5056

logs without contractor participation. 5057

b. Participate in, and provide input to, meetings as required. Attendance at and support of 5058

meetings shall include, but not limited to: provide input and comments into all phases of 5059

requirements, discussions, designs, testing, evaluations, implementation, deployments, 5060

sustainment, risk management, and recommendations to the government. Draft minutes 5061

and provide to the government, as required. 5062

c. Recommend changes to the environment. 5063

d. Perform break fix actions. 5064

e. Perform maintenance actions. 5065

f. Respond to proactive environment alarms. 5066

g. Manage applications to minimize network traffic destined for the DoD PKI certificate 5067

validation infrastructure. 5068

h. Support the delivery of near real time (as defined in Joint Pub 1-02, as amended) full 5069

spectrum situational awareness of IT services and infrastructure to Marine Corps 5070

NETOPS control authorities via electronic network management systems (automated 5071

means) and command and control facilities/watchstanders on the USMC network. This 5072

service shall be capable of facilitating the government’s exercise of network operational 5073

control over critical services and infrastructure in support of DON statutory and 5074

warfighting responsibilities. 5075

i. Provide situational awareness to exercise network operational control including: 5076

Attachment 1



189

i. Provide near real time performance metrics for IT services to support the 5077

development of consistent operational pictures of the status of the network. 5078

ii. Provide near real time information on the configurations of components, systems, 5079

and services to support vulnerability analyses. 5080

iii. Provide near real time information on ongoing events, incidents, and problems. 5081

iv. Recommend the prioritization of remediation actions for events, incidents, and 5082

problems. 5083

v. Use government provided tools and processes to inform the government of the 5084

status of reportable incidents. 5085

j. Maintain and manage enterprise performance monitoring of government furnished 5086

systems and services. The minimum amount of monitoring must include, but is not 5087

limited to: 5088

i. Exchange 5089

ii. Mailbox servers: 5090

a) Front-end 5091

b) Exchange routing 5092

c) Exchange public folder 5093

d) BlackBerry or similar device 5094

iii. Directory: 5095

a) Name resolution 5096

b) Directory 5097

iv. Cryptographic Log on (CLO): 5098

a) Repeater 5099

b) Responder 5100

v. Web: 5101

a) Proxy 5102

b) Web 5103

c) Citrix 5104

vi. File and print: 5105

a. File 5106

Attachment 1



190

b. Print 5107

vii. Boundary: 5108

a. Firewall B1 5109

b. Firewall B2 5110

c. VPN 5111

viii. WAN: 5112

a. Wan accelerators 5113

b. Utilization data 5114

c. Network latency 5115

d. Packet-loss 5116

ix. IA Infrastructure: 5117

a. SCRI servers 5118

b. SCCVI servers 5119

c. SIM infrastructure 5120

d. HBSS infrastructure 5121

e. URL content filter infrastructure 5122

f. IPS infrastructure 5123

x. End user workstation: 5124

a. Power-up to login time, excluding BIOS 5125

b. Login response time (login to desktop loaded) 5126

c. Power-down command to power-off 5127

d. CPU utilization 5128

e. Memory utilization 5129

f. Disk utilization 5130

g. Network/Disk IO 5131

h. Services 5132

f. Maintain and manage storage devices, including analysis of capacity and execute 5133

generation of standard capacity reports for the designated government manager of that 5134

storage device, system, or component. 5135

Attachment 1



191

g. Maintain and manage a reporting database for collection of probe data, capable of 5136

generating customizable reports, near-real time dashboard information, and targeted 5137

comparative analysis of performance data. 5138

h. Manage installation processes, including troubleshooting issues after delivery and 5139

installation of HW/SW. 5140

i. Perform asset scanning and logging of assets that have been delivered in accordance with 5141

established government directives. 5142

j. Provide contractor personnel lists to the government for those who have been granted 5143

administrative and privileged access that are executing NETOPS actions. (CDRL 5144

AXXX) 5145

k. Provide status to the government of contractor personnel clearances. The DD254 5146

information is addressed in Section J attachment to the RFP. 5147

l. Designate an individual (and backup) with the responsibility and authority to execute 5148

required courses of action as directed by the government. 5149

m. Operate and maintain software supporting USMC services. 5150

n. Provide break/fix and maintenance services on enterprise core GFE hardware. 5151

o. Provide technology refresh services for equipment in accordance with a mutually agreed 5152

upon schedule. Such schedule will include, but is not limited to the refresh timeline 5153

along with the timing for events (e.g., ordering and delivery of equipment to the staging 5154

area) leading up to the actual implementation. 5155

p. Assist the Government in conducting transfer custody of all internal and removable hard 5156

drives and unclassified internal and removable hard drives at such time as the IT resource 5157

is being reassigned, replaced, upgraded, or decommissioned. 5158

q. Provide input to the network system maintenance plan, which shall include, but is not 5159

limited to maintenance history, trending analysis, and metrics. 5160

r. Update TMS tickets within time frames established by government procedures. 5161

s. Close ticket when approved by government representatives. 5162

t. Tickets that are not high priority will be updated, completed, and reassigned as per 5163

current government guidance. 5164

Attachment 1



192

u. If the event/incident generates a response to operational problem (RTOP), the RTOP 5165

reporting method will meet the severity/priority status update requirements. 5166

v. Provide ongoing monitoring and support services for each Data Seat. 5167

w. Provide Server Based Computing that provides Online terminal emulation of basic 5168

services excluding multimedia, video conferencing, and the Net Meeting application. 5169

x. Provide a Web based solution that provides basic services through a Citrix frontend. 5170

y. Assist in exercising operational control over critical services of the infrastructure in 5171

support of DOD policies, statutory and warfighting responsibilities. 5172

z. Support and prioritize responses to events, incidents and problems based on mission 5173

impact and situational urgency. 5174

aa. Close events and incidents after their resolution. The designated NetOps authority will 5175

approve closures of incidents upon reporting that the incident has been resolved. 5176

bb. Implement policies and direct changes to the overall posture of IT services and 5177


cc. Support the coordination of the physical location, termination of IT services, and 5179

augmentation or changes to existing services. 5180

dd. Assist in development of system status dashboards. 5181

i. CJCSI 6510.01E IA and CND 5182

ii. CJCSM 6510.01 Defense in Depth: IA and CND 5183

iii. CJCSM 6510.01A IA and CND Vol 1 (IH program) 5184

iv. CJCSM 6510.02 IA Vol II (Vulnerability Management) 5185

v. ASD Memo for CND Response Actions 5186

vi. DoDD O‐8530.1 CND 5187

vii. DoDI O‐8530.2 Support to CND 5188

viii. DoDD 8500.1 IA 5189

ix. DoDI 8500.2 IA Implementation 5190

x. DoD 8570.01‐M IA Workforce Improvement Program 5191

xi. Joint NetOPS CONOPS Aug 2006 5192

xii. SD 527‐1 INFOCON 5193

xiii. SECNAVINST 5239.3B DON IA Policy 5194

Attachment 1



193

xiv. SECNAVINST 5239.19 DON Computer Network Incident Response and 5195

Reporting Requirements 5196

xv. OPNAVINST 5239.1C Navy IA Program 5197

xvi. SECNAVINST 5239.2 Navy IA Workforce Management Manual 5198

xvii. Naval Telecommunications Procedures 4 Chap 11 5199

xviii. NNWCINST 5450.4A Mission, Function & Tasks for NCDOC‐Norfolk 5200

xix. Navy NETOPS CONOPS 5201

5202

4.6.3 Data Storage Services 5203

Data storage services provide storage solutions for Online, near-line and off-line storage. 5204

Storage includes but is not limited to applications, databases, shared file services, server 5205

virtualization, back-up, recovery and restore. 5206

5207


For Data Storage Services, the specific support tasks the ES Contractor shall perform or provide 5209

include: 5210

a. Manage log retention data storage for USCYBERCOM Information Operations 5211

Condition (INFOCON) requirements. 5212

b. Provide access to migrated data or external data storage devices after migration of data. 5213

c. Deliver DAR services using a commercial off-the-shelf solution approved by the DoD 5214

Data at Rest Tiger team per the DoD CIO memo dated 03 July 2007. 5215

d. Deliver DAR services that interoperate with all DoD PKI credentials in both the DAR 5216

pre-boot kernel and client operating system. 5217

e. Encrypt workstation media storage device using full disk encryption. 5218

f. Encrypt mobile devices using full disk encryption, content protection, or equivalent 5219

encryption system. 5220

g. Encrypt data written from workstations to removable storage media. 5221

h. Enable file and folder encryption on workstations. 5222

i. Allow a means to designate authorized access to end users for workstation data encrypted 5223

on removable storage or in files and folders. 5224

Attachment 1



194

j. Enable authentication to end users for authorized access to workstation data encrypted on 5225

removable storage media or in files and folders using DoD PKI credentials and/or 5226

password. 5227

k. Provide a means for end users to decrypt files and folders encrypted on removable 5228

storage for government and non-government workstations. 5229

l. Provide for encryption of data written from network computing devices to removable 5230

storage media. 5231

m. Decrypt hard drives, storage media, files, folders, or other data encrypted by DAR 5232

Services when directed by designated government operational interfaces. 5233

n. Remove one or more components of the DAR services from workstations if necessitated 5234

by operational requirements and directed by designated government operational 5235

interfaces. 5236

o. Provide a DAR system administrator credential (i.e., end username and password) and 5237

recovery tools for a DAR full disk encryption solution to the designated government 5238

operational interfaces. This will enable the government to decrypt DAR-encrypted hard 5239

drives in the network. 5240

p. Operate enterprise storage infrastructure (SFI) at server farm sites. 5241

q. Provide end users the ability to store and retrieve files on shared, controlled access 5242

storage media. 5243

r. Provide for the storage of and access to data files. 5244

s. Provide the ability to administer, identify, and grant individuals and/or groups general or 5245

specific operational capabilities that can be performed at file level. These capabilities 5246

shall include, but is not limited to the ability to open, list, read, modify, save, copy, 5247

delete, rename and print files. 5248

t. Provide and administer the capability to control the manipulation of shared folders at the 5249

individual and/or group level. 5250

u. Provide the ability to administer, identify, and grant individuals and/or groups general or 5251

specific operational capabilities that can be performed at folder level. These capabilities 5252

shall include, but is not limited to the ability to open, list, create, delete, copy, move, 5253

rename and map to folders. 5254

Attachment 1



195

v. Provide and administer the capability to set up file blocking on a folder and all sub-5255

folders, within a command share space. 5256

w. Provide the ability to specify what type or group of files are not allowed to be written to a 5257

folder structure (i.e. block ability of end users to save *.PST files to a folder and all 5258

subfolders). 5259

x. Provide and administer the capability to control the physical size limit quota, within a 5260

command share space, of a folder and all subordinate folders. 5261

y. Provide and administer Exchange Services for end user storage allocation and high 5262

availability storage services. 5263

z. Provide and administer personal data storage allocation, command storage allocation, 5264

exchange storage allocation, and public folder storage allocation. 5265

aa. Provide Orderable Data Seat Backup and Restore services in accordance with DON and 5266

DoD policy, standards, and architecture regarding data, data storage, and data retrieval, 5267

including use of COTS tools as provided by the government. 5268

bb. Provide a backup and restore solution for desktop and laptop clients, including the ability 5269

to manage and automate distributed backups to a centralized repository in a highly 5270

scalable architecture with tools provided by the government. 5271

cc. Provide complete backups and online recovery, regardless of location, when connected 5272

through a high-speed connection with tools provided by the government. 5273

dd. Provide recovery from accidental file deletion, system corruption, loss of system, or 5274

hardware failure, to the last backup file (or older available back up file as requested), 5275

with tools provided by the government. 5276

ee. Manage automated distributed backup to and recovery from a centralized repository in a 5277

scalable architecture. 5278

ff. Provide 24/7/365 access to backup and restore data, regardless of location, without direct 5279

assistance from the Enterprise Service Desk staff with tools provided by the government. 5280

gg. Provide email and telephonic customer support if required for Data Seat Backup and 5281

Restore services. 5282

hh. Maintain government servers and intelligent storage systems for scalability, high 5283

availability and redundancy. 5284

Attachment 1



196

ii. Ensure capability to recover backed-up files for at least a 30 day window after file loss. 5285

jj. Verify selection of files for backup to ensure full end user data protection and recovery 5286

capabilities. 5287

kk. Manage and maintain baseline tiered storage options for the enterprise that vary in 5288

performance as measured by disk latency/disk responsiveness, security and availability, 5289

as well as options to implement departmental or workgroup instances to meet 5290

technological, DoD, and legal requirements. 5291

ll. Maintain Active Tiered Storage Allocation Management tools. 5292

mm. Maintain Passive Tiered Storage Allocation Management options. 5293

nn. Manage storage options for prioritization of data based on government direction, 5294

including changes in mission priorities that can be adjusted in real time. 5295

oo. Manage High Availability storage options, which meet or exceed Recovery Time 5296

Objective and Recovery Point Objective values for data availability and address specific 5297

end user applications and types. 5298

pp. Provide engineering, implementation, and maintenance capabilities for additional Tiered 5299

Storage options as directed by the government. 5300

qq. Manage data storage mechanisms for long-term storage and/or archiving of data to meet 5301

regulatory and legal requirements for discovery and audit. 5302

rr. Provide information assurance and security to data based on content for all tiers. 5303

ss. Manage log retention data storage for USCYBERCOM Information Operations 5304

Condition (INFOCON) requirements. 5305

tt. Maintain statistical trending for capacity management of tiered storage services. 5306

uu. Manage and maintain the accessibility and capability to retrieve data from any 5307

maintenance data repository 24 hours per day, 7 days per week. 5308

vv. Provide engineering, implementation, and maintenance capabilities for storage options 5309

requested and funded by specific Commands or initiatives. 5310

ww. Provide trained and certified Storage and File Managers for the level of business 5311

ordering storage. 5312

xx. Maintain the Definitive Storage System Guide (DSSG) and make available via web site. 5313

Attachment 1



197

yy. Provide input to Active and Passive Tiered Storage Allocation Management direction, 5314

policies, and procedures. 5315

zz. Provide input to Data Prioritization direction, policies, and procedures. 5316

aaa. Support individual Command or Organization storage requirements outside of 5317

enterprise solutions. 5318

bbb. Direct data to storage tiers based on requirements and cost optimization factors. 5319

ccc. Deliver DAR services providing authentication of users with DoD PKI credentials prior 5320

to loading a workstation hard disk encryption key and booting the operating system. 5321

5322

4.6.4 Enterprise Messaging Services 5323

Enterprise Messaging Services are core messaging solutions. Messaging encompasses human-5324

readable messages delivered via computer software for person-to-person communication through 5325

SMTP based E-mail applications. Shared service messaging for NGEN Block 1 will be provided 5326

via existing messaging infrastructure with potential future integration with NCES, DKO, and 5327

other enterprise wide messaging services. Messaging provides one-to-one relationships, but also 5328

one-to-many relationships (multicasting), intelligent routing, and guaranteed delivery. 5329

5330


For Enterprise Messaging Services, the specific support tasks the ES Contractor shall perform or 5332

provided include: 5333

a. Manage and maintain digital signature and encryption capabilities for email services in 5334

accordance with NTD 07/06, NAVADMIN 248/08 and MARADMIN 336/08 digital 5335

signature policy. 5336

b. Provide unique identification to both the sender and the recipient of a message. 5337

c. Manage and maintain capability to send, store, process, and received email and 5338

associated attachments. 5339

d. Configure the unclassified email client with the ability to send and receive signed and 5340

encrypted email and attachments, by utilizing DoD PKI issued end user certificates in 5341

accordance with government direction. 5342

e. Maintain the capability for email to support cryptographic functions from a smart card. 5343

Attachment 1



198

f. Support email that conforms to industry standards (including native RPC, HTTP) for 5344

interoperability and remote access. 5345

g. Configure and manage Exchange Services including Single Mailbox Restore capability. 5346

h. Manage and maintain global access to email via a web-based application (e.g., OWA) 5347

using PKI-based end user authentication or both PKI and password-based authentication 5348

for government designated exceptions from a hardware/software entry point with a 5349

browser compatible with Transport Layer Security (TLS). 5350

i. Configure and manage Exchange Services for automatic archiving for up to 6GB storage 5351

per end user. 5352

j. Configure and manage Exchange Services for automatic archiving of single instance 5353

storage. 5354

k. Configure and manage SMTP connections to network bridgehead servers designated by 5355

the government. 5356

l. Configure and manage email redirection, forwarding, and re-implementation of full 5357

service email for accounts being deployed. 5358

m. Configure and manage email redirection to a “.mil” or “.gov” address only. 5359

n. Implement and maintain the email redirection capability to allow deployed end users to 5360

remotely and securely start/stop/modify their email redirection configuration. 5361

o. Modify E-Mail account storage limits. 5362

p. Transfer E-Mail Accounts between MITSCs. 5363

5364

4.6.5 Application Hosting Services 5365

Application Hosting Services provide a protected hosting environment, consisting of common 5366

hardware platforms and operating systems where applications reside. Application hosting 5367

includes, but is not limited to hosting legacy, enterprise and Community of Interest (COI) 5368

applications. 5369

5370


For Application Hosting Services, the specific support tasks the ES Contractor shall perform or 5372


Attachment 1



199

a. Prepare the hosting environment to allow the Government to install the hosted 5374

applications. 5375

b. The Contractor shall support the Government with preparation of Application Security 5376

Validation documentation as contained in the DOS. 5377

c. Provide server de-installation services from the hosting environment to discontinue 5378

application hosting service. 5379

5380

4.6.6 Enterprise Web Portal Services 5381

Enterprise Web Portal Services provide or utilize existing authentication services and control end 5382

user access based upon DoD security policies in support of controlled access to DoD-controlled 5383

information and applications. The Marine Corps provides all portal functionality through 5384

MCEITS, but may require contractor support. NGEN Web Portal efforts will transition current 5385

portals, operate, design, and implement Enterprise Web Portal Service. This includes integration 5386

of current portals into the DON Portal, establishment of content, discovery, and delivery 5387

services, and integration with existing identity synch solutions. Enterprise Web Portal Service 5388

Architecture/Design will provide web based portal content, discovery, and delivery services. 5389

The USMC will use the MITSCs and MCEITS to support all enterprise web portal content, 5390

discovery, and delivery not offered through Net Centric Enterprise Services (NCES). The 5391

USMC will host non-enterprise web portal content, discovery, and delivery services at the 5392

MITSCs and/or bases, posts, and stations. 5393

5394


For Enterprise Web Portal Services, the specific support tasks the ES Contractor shall perform or 5396


5398

a. Administer the capabilities and features that allow end users to access internal and 5399

external web content via HTTP and HTTPS protocols. 5400

b. Administer the capabilities for caching and proxy to enhance information access and 5401

performance. 5402

c. Provide control over the content that may be accessed through the proxy: 5403

Attachment 1



200

i. Filter by category 5404

ii. Allow policy application scheduling 5405

iii. Automated filter categories updates from a Government approved industry 5406

provider 5407

d. Provide filtering policy information regarding any web filtering performed at the proxy 5408

level. 5409

e. Provide access to web report from proxy and web filtering tools on the network. 5410

f. Administer and facilitate hosting of unclassified web pages or provisioning of a web 5411

address (URL). 5412

g. Create and maintain static web pages. 5413

h. Administer DNS services for hosted websites. 5414

i. Provide the ability to host HTTPS websites. 5415

j. Support both http and https hosting. 5416

k. Administer and facilitate DoD CAC/PKI Log on authentication for hosted websites. 5417

l. Administer security groups to manage access to internal web sites. 5418

m. Maintain web content. 5419

n. Post program, contract, and public affairs materials. 5420

o. Restrict access and usage to sub-sites or specific content areas. 5421

p. Administer and maintain search capabilities for Web Portal. 5422

q. Maintain Service Desk contact information on the public internet including contact 5423

information for the Service Desk with email and telephone number. 5424

r. Publish appropriate news, information, and event content on Web Portal. 5425

s. Operate and maintain portal services in existence at contract outset. 5426

t. Maintain portal services that support the capacity implemented at contract outset. 5427

u. Maintain portal services that support the capacity implemented at contract outset; 5428

estimated at 1,000,000 named end users. 5429

v. Maintain Portal services that support the capacity implemented at contract outset; 5430

estimated at 100,000 concurrent end users. 5431

w. Maintain DMZ services. 5432

Attachment 1



201

x. Maintain storage services necessary to support the end user size of the portal, meeting 5433

specified caching, transmission, and reliability metrics. 5434

y. Maintain continuity of operations services including fail over capacity to an alternate site. 5435

z. Provide and maintain end user content alert/notification services. 5436

aa. Integrate content discovery services. 5437

bb. Integrate Net Centric Enterprise Services (NCES) collaboration services. 5438

cc. Integrate Joint Enterprise Directory Service (JEDS). 5439

dd. Provide Incident and Service Desk support for portal end users. 5440

ee. Support planning and risk mitigation of a portal migration to the Enterprise Portal: 5441

i. Provide input for a detailed Project Plan and Timeline showing interim objectives 5442

and milestones leading to the Full Operational Capability of the migrated portal 5443

within the Enterprise Portal 5444

ii. Assess current portal environment and components 5445

iii. Provide input for a Migration Validation Strategy Document 5446

iv. Provide input for a detailed Migration Plan 5447

v. Prepare NEIS environment to receive the legacy portal 5448

vi. Provide input for any necessary migration tools 5449

ff. Support execution of a portal migration plan to the Enterprise Portal including 5450

transformation of end user accounts and content in the migration plan, optimization of 5451

migrated portal, and transition to steady state operations: 5452

i. Migrate end user accounts and content into the Enterprise Portal environment 5453

ii. Resolve any issues with migrated portal 5454

iii. Measure and analyze the daily performance of the migrated portal, resolving any 5455

issues uncovered 5456

gg. Provide analysis and design service for new Portal functionality (content crawlers, web 5457

services, community templates, etc.), which may be used for either new requirements or 5458

as part of a portal migration: 5459

i. Provide input for a detailed requirements document for the Portal functionality 5460

ii. Provide input for a validation document for the Portal functionality 5461

Attachment 1



202

iii. Provide input for a strategy for integrating this Portal functionality into the 5462

Enterprise Portal environment 5463

iv. Provide input to design documents of how the Portal functionality would function 5464

and interact with administrators and end users 5465

hh. Provide input to an implementation service for new Portal functionality (content crawlers, 5466

web services, community templates, etc.), which may be for either new requirements or 5467

as part of a portal migration: 5468

i. Develop the Portal functionality as designed 5469

ii. Validate the Portal functionality 5470

iii. Integrate the Portal functionality into the Enterprise Portal environment 5471

iv. Provide input and assist the government in updating project documentation to 5472

reflect any functionality and/or usage changes. 5473

ii. Provide portal engineering support to achieve 98.5 percent service availability exclusive 5474

of scheduled downtime. 5475

jj. Support the Portal architecture design process to support up to 100 TB of end user 5476

content. 5477

kk. Prepare legacy portal data for migration. 5478

ll. Enable searches using a simple web based access page with full text, phrase, and 5479

conceptual search options. 5480

mm. Provide data indexing. 5481

nn. Support Content Discovery capabilities. 5482

oo. Support automated user initiated process for content submission and indexing. 5483

pp. Maintain a web based search page to search enterprise data sources. 5484

qq. Maintain capability to search the address book and directory service. 5485

rr. Maintain a web services standardized XML interface that will allow interaction with 5486

other available web services. 5487

ss. Support content discovery server hosting and maintenance. 5488

tt. Maintain compliance with security controls, ports, and protocols as directed by the 5489

MCEN DAA. 5490

uu. Provide Content Discovery reports in accordance with (CDRL AXXX). 5491

Attachment 1



203

vv. Maintain authorized data sources that will be included in the search index. 5492

ww. Maintain content and data. 5493

xx. Provide SME support for legacy solutions. 5494

yy. Maintain contacts for data source. 5495

zz. Provide communication with web host servers on NIPRNet and Internet. 5496

aaa. Support hosting capabilities compatible with Windows operating systems 5497

bbb. Execute a migration plan to re-host the Homeport system. 5498

ccc. Maintain user’s self-service tools. 5499

ddd. Maintain the Government provided listing, accessible by all end users of the 5500

Network, of all Optional Capabilities that have been certified for use on the Network. 5501

eee. Produce the Data User Capacity Report in accordance with (CDRL AXXX). 5502

fff. Support content delivery services access to content. 5503

ggg. Support Business Process Management and Workflow services. 5504

hhh. Support Federation Services capabilities framework. 5505

iii. Use necessary governance, management, and administration of the portal. 5506

jjj. Coordinate licensing requirements for federation to other DoD and DON portals, 5507

systems, and applications. 5508

kkk. Maintain a self service capability to obtain the following analytic reports 5509

including: 5510

i. Traffic Reports 5511

ii. Total number of searches 5512

iii. Most popular Query Phrases (Top 100) 5513

iv. Most popular Query word (Top 100) 5514

v. No-Match queries 5515

vi. Query Reports: 5516

a. Documents indexed 5517

b. Data Sources indexed 5518

c. Time required for first run index 5519

d. Remaining storage available for the index 5520

Attachment 1



204

lll. Support the capability to search the contents of structured and unstructured data to 5521

include: 5522

i. Intranet web sites 5523

ii. Portal data 5524

iii. Local file shares 5525

iv. Exchange folders 5526

v. Legacy systems 5527

vi. Databases 5528

vii. Document management systems 5529

viii. Service Desk systems 5530

5531

4.6.7 Workflow and Collaboration Services 5532

Workflow and Collaboration Services enable synchronous and asynchronous communication 5533

using Web Portal infrastructure, instant messaging, low-bandwidth text chat, and Web 5534

conferencing. This capability is provisioned to the operational community predominantly 5535

through the Web Portal Services. Near Future provisioning of workflow and collaboration tools 5536

could include both mobile and secure mobile devices across the enterprise. Instant messaging 5537

and Web conferencing both includes, but is not limited to text-based communication, while Web 5538

conferencing adds shared whiteboards, desktop & application sharing, and the ability to invite 5539

non-DOD personnel into collaboration sessions. Workflow Design provides capabilities that 5540

include, but is not limited to: 5541

a. Improved efficiency 5542

b. Better process control 5543

c. Improved customer service 5544

d. Flexibility 5545

e. Business process improvement 5546

Workflow and Collaboration Tools design the tasks, procedural steps, organizations or people 5547

involved, required input and output information, and tools needed for each step in the business 5548

processes. 5549

5550

Attachment 1



205

4.6.7.1 Specific Tasks: 5551

For Enterprise Messaging Services, the specific support tasks the ES Contractor shall perform or 5552


a. Install Government provided CAC Readers that allow end users to send digitally signed 5554

and/or encrypted email, receive digitally encrypted email or use encrypted PIN-to-PIN 5555

Instant Messaging on Blackberry or similar device. 5556

b. Integrate Net Centric Enterprise Services (NCES) collaboration services. 5557

c. Provide support for integration of content discovery and collaboration components. 5558

d. Maintain information sharing/collaboration capability (i.e. portal) to include required 5559

engineering, architectural, and requirements documents; test documentation (test plans, 5560

test reports, test data/observations); and applicable test coordination, scheduling, and 5561

execution information. 5562

e. Sustain operational capability of Web Services (SharePoint Portal). 5563

f. Sustain operational capability of Portal Access. 5564

g. Provide Large Scale Collaboration for up to 500 personnel. 5565

h. Provide access to the following portal-driven capabilities: 5566

i. Team threaded discussion forum 5567

ii. Team contact list 5568

iii. Shared bookmark 5569

iv. Team tasks list 5570

v. Ability to conduct surveys, polls, questions and voting 5571

vi. Team notification and alerting capability 5572

i. Provide the ability for the end user to participate in a Wiki-based collaborative 5573

information repository. 5574

j. Provide a mechanism for an individual to customize and present personally relevant 5575

information in a consolidated area. 5576

k. Provide visibility into hosted email accounts (Microsoft Exchange-based or other similar 5577

product). 5578

l. Provide visibility into hosted calendars accounts (Exchange-based or other similar 5579

product). 5580

Attachment 1



206

m. Provide access to a portal-end user to portal-end user asynchronous, closed loop 5581

messaging capability (Internal to the portal). 5582

n. Provide ability to present content exposed through RSS/Atom feeds on external servers. 5583

o. Provide the ability to present the end user contact information contained within the 5584

Global Address Book and/or other LDAP-based end user identity repositories. 5585

p. Provide the ability to present end user contact information from the DISA- sponsored 5586

Joint Enterprise Directory Service Whitepages. 5587

q. Provide the ability for the end user to author and publish a blog through portal. 5588

r. Provide a mechanism for an organization to customize and present organizational 5589

information in a consolidated area. 5590

s. Provide synchronous collaboration by providing links to the DISA-sponsored Button 2 5591

collaboration suite. 5592

5593

4.6.8 Directory Services 5594

Directory Services provide global information services that deliver a distributed computing 5595

environment, support the management and use of file services, network resources, security 5596

services, messaging, web, e-commerce, white pages, and object-based services across NGEN. 5597

Directory Services provide authentication to enterprise applications and trusted relationships 5598

between people, devices, applications, services, and other resources throughout the network. 5599

5600


For Directory Services, the specific support tasks the ES Contractor shall perform or provide 5602

include: 5603

a. Use an automated process or self-service tool provided by the government for managing 5604

the association between a PKI certificate on an end user credential and an Active 5605

Directory Domain account. 5606

b. Maintain publishing of end user PKI certificates automatically to unclassified network 5607

directory services. 5608

c. Use only PKI-based authentication for network services, applications, resources, and 5609

components requiring Active Directory domain account authentication. 5610

Attachment 1



207

d. Maintain mappings between PKI certificates and network accounts to support two-factor 5611

authentication for all Active Directory domain account categories and eliminate the need 5612

for password-based authentication (i.e., 'exception accounts'). 5613

e. Receive request for and initiate end user account lifecycle events. 5614

f. Create new end user account with DON provided attributes data. 5615

g. Modify end user account attributes including move, add, change, disable or deactivate. 5616

h. Modify end user account type (upgrade/downgrade). 5617

i. Deactivate end user accounts. 5618

j. Change end user account status when directed by the government. 5619

k. Provide unique identifiers for all accounts using naming standards as specified by the 5620

government. 5621

l. Provide end user access to workstations based on end user account and workstation 5622

permissions as designated by the government or as specified by requested service. 5623

m. Delete or transfer all network end user data associated to account when directed by the 5624

government. 5625

n. Provide network end user data associated with an account, if requested by the 5626

government, during deactivation process. 5627

o. Maintain the web-based end user account management tool for government end users to 5628

perform account management functions. 5629

p. Change specific attributes of an account using the end user account management tool. 5630

q. Direct changes to account status using the end user account management tool. 5631

r. Track account changes including move, add, change, disable or deactivate using the end 5632

user account management tool. 5633

s. Provide current information about each account as documented in the Active Directory 5634

using the end user account management tool. 5635

t. Provide an account ledger with pre-defined reports (e.g. based on number, type, status) 5636

using the end user account management tool. 5637

u. Provide access based on end user role of designated government representatives using the 5638

end user account management tool. 5639

v. Maintain a list of authorized submitters for end user account activities. 5640

Attachment 1



208

w. Create new groups as directed by the government. 5641

x. Modify group attributes. 5642

y. Modify group type for network operations. 5643

z. Deactivate/delete groups. 5644

aa. Provide unique identifiers for all groups required using naming standards in accordance 5645

with government policy. 5646

bb. Provide groups required for new site setup and operations. 5647

cc. Provide installation of Admin Pack utility and Active X components to use Active 5648

Directory management tools, upon request from government. 5649

dd. Maintain a web-based custom active directory interface (CADI) tool to allow designated 5650

government end users to: 5651

i. Perform group management to add and/or delete groups in organizational units 5652

(OUs) allowed access; excluding certain restricted or sensitive groups. 5653

ii. Change specific attributes of groups, including security permissions. 5654

iii. Perform group management to rename groups as necessary. 5655

iv. Perform group management requirements to make changes to group status. 5656

v. Perform group management requirements to move groups between allowed sites 5657

and other Echelon II OU sites. 5658

vi. Assign permission-based functionality based on end user role of designated 5659

government representatives and delegation of roles to other end users. 5660

ee. Perform group management requirements to track specific group changes, including 5661

changes in permissions. 5662

ff. Operate and maintain group policy management in existing directory services in 5663


gg. Monitor replication speed of directory services. 5665

hh. Conduct maintenance of the .dit file for directory services. 5666

ii. Perform schema extensions for directory services. 5667

jj. Cleanup of orphaned objects and inactive end user and computer objects as directed by 5668

the government for directory services. 5669

kk. Perform end user provisioning for directory services. 5670

Attachment 1



209

ll. Apply security updates as directed by the government for directory services. 5671

mm. Maintain ability to browse the Global Address List (GAL) via Outlook or Outlook Web 5672

Access or other similar product. 5673

nn. Maintain DEERS ability to request reports on specific directory objects when designated 5674

by the government. 5675

oo. Maintain the capability for local, mobile and remote end users, devices, and applications 5676

to access directory services where connectivity is available. 5677

pp. Monitor administration and management of Active Directory network resources such as 5678

ADAM Suite, AD components and AD trusts. 5679

qq. Operate Active Directory services including authentication and authorization of data 5680

maintained in the directory. 5681

rr. Maintain directory synchronization to the Joint Enterprise Directory Service (JEDS) 5682

through the appropriate transport boundaries as directed by the government. 5683

ss. Maintain standard Active Directory services (plus the availability to use Windows 5684

Lightweight Directory Access Protocol (LDAP) services) for all physical and virtual 5685

application servers. 5686

tt. Remove any associated packaged solutions from the Electronic Software Distribution, 5687

(ESD) system and any associated objects from Active Directory for applications removed 5688

from the USMC Management domain. 5689

uu. Maintain LDAP end user access with the network exchange servers. 5690

vv. Assign system administrator rights to government IT personnel for deployed workstations 5691

as directed by the government. 5692

ww. Assign trained government IT personnel system administrator rights to perform all 5693

functions required to operate and maintain a deployed workstations in an embarked 5694

environment when directed by the government. 5695

xx. Provide user account data in accordance with (CDRL AXXX). 5696

yy. Perform lifecycle events on user accounts as requested by the government. 5697

zz. Delete or transfer all network user data associated to account not sooner than 30 calendar 5698

days after USMC requests account deactivation. 5699

aaa. Receive request for and initiate lifecycle events. 5700

Attachment 1



210

bbb. Provide current information about each group. 5701

5702

4.6.9 COOP/Disaster Recovery/Business Continuity Services 5703

COOP/disaster recovery/business continuity planning services consist of continuity of operations 5704

(COOP), disaster recovery, and business continuity planning (BCP). The COOP involves 5705

establishing and implementing plans for emergency response, storage and backup operations, 5706

off-site storage and post-disaster recovery of information systems. Disaster recovery is the 5707

processes, policies and procedures related to preparing for recovery or continuation of 5708

technology infrastructure critical to an organization after a natural or human-induced disaster. 5709

The BCP is an interdisciplinary concept used to create and validate a practiced logistical plan for 5710

how an organization will recover and restore partially or completely interrupted critical functions 5711

within a predetermined time after a disaster or extended disruption. 5712

5713


For COOP/ disaster recovery/business continuity planning services, the specific support tasks the 5715

ES Contractor shall perform or provide include: 5716

a. Support, operate, and maintain COOP capabilities 5717

b. For BCP, develop, maintain and update the disaster recovery plan (DRP) for restoration 5718

of operations in the event of an incident or disaster (major/minor) in accordance with 5719

government direction. 5720

c. Provide input and assist the Government in developing system and network designs that 5721

enable business and network operations capable of surviving individual component 5722

failure. 5723

d. Provide input to the government for making system degradation decisions in the event of 5724

a disaster or incident. 5725

e. Provide input to the government after action reports and lessons learned following 5726

exercises. 5727

f. Support execution of emergency failover/failback COOP requirements. 5728

g. Support annual exercise of the DRP. 5729

h. Support activation of the DRP in the case of an incident or disaster. 5730

Attachment 1



211

i. Assist in the implementation of continuity of operations activities. 5731

5732

4.6.10 File Removal Services 5733

File removal services (spillage) is defined as any incident where information of a higher 5734

classification is introduced on an IT System that is not authorized to hold or process such data. 5735

This service shall support the recovery of data and services following a spillage and includes, but 5736

is not limited to continuing the discovery as required, assessing the damage, cleaning up the 5737

spillage in accordance with the MC IA OPSD 010, Marine Corps Incident Handling Procedures, 5738

all associated reporting requirements, recovering the data, and restoring the services. 5739

5740


For File Removal Services, the specific support tasks the ES Contractor shall perform or provide 5742

include: 5743

a. Provide personnel, with appropriate security clearances, to execute file removal of 5744

electronic spillage. 5745

b. Lock access to known electronic spillage locations within one hour. This includes 5746

physically removing the device from the network or administratively disabling the port. 5747

c. Remove all instances of the electronic spillage data files from the network, backup 5748

systems, and media within 24 hours of notification by service level Designated 5749

Approving Authority (DAAs). 5750

d. Minimize access and further dissemination of electronic spillage. 5751

e. Start trace process to determine the extent of the electronic spillage proliferation across 5752

systems (desktop, laptop, servers, monitoring systems) in the enterprise within 30 5753

minutes of notification. 5754

f. Remove Online electronic spillage files off all affected systems (desktop, laptop, servers, 5755

monitoring systems, and BlackBerries). 5756

g. Remove electronic spillage files from the back-up systems and tapes. 5757

h. Provide input and assist the Government in developing a POA&M to execute removal of 5758

electronic spillage for actions that cannot be completed by government directed deadline. 5759

Attachment 1



212

i. Certify completion of electronic spillage cleanup and notify the government when 5760

complete. 5761

j. Report to service level network operations centers all locations of electronic spillage files 5762

that may have been further distributed, but cannot be traced such as email files that were 5763

opened and read or files that may have been copied. (CDRL AXXX) 5764

k. Reconnect the device to the network once the host is certified clean. 5765

l. Report unauthorized or inadvertent disclosures of NNPI. 5766

m. Physically remove spillage from end user devices. 5767

5768

4.6.11 Electronic Software Delivery Services 5769

Electronic software delivery (ESD) services, also known as digital distribution, refers to the 5770

practice of having software products delivered electronically as opposed to receiving physical 5771

media. Security, licensing, bandwidth, reporting and compliance represent a few of the major 5772

considerations associated with ESD. 5773

5774


For ESD Services, the specific support tasks the ES Contractor shall perform or provide include: 5776

a. Maintain software to perform remote software installation. 5777

b. Provide input and assist the Government in repairing software script, packaging it for 5778

distribution and testing, presenting to Enterprise Change Control Board (ECCB) for 5779

approval, and loading into the ESD system. 5780

c. Distribute government approved new and/or updated Packaged Application Solutions via 5781

automated support; using electronic distribution methods. 5782

d. Resolve failures in the event the software application fails to be electronically delivered 5783

and installed because of failures in the ESD system. 5784

e. Provide electronic software distribution services for applications that will be distributed 5785

within the USMC Management domain. 5786

f. At the completion of the initial distribution event, place the Packaged Instance Active 5787

Directory Object for the application into the "Core" Application Distribution Group. 5788

Attachment 1



213

g. Provide software deployment in either a single event or a series of multiple events, 5789

depending on the requirements of the application developer and/or the site(s) receiving 5790

the deployed application. 5791

h. Only install DADMS and ECCB approved software. All software must be DADMS 5792

approved before installing to the network. 5793

i. Complete distribution of software over a 30 calendar day duration unless the government 5794

directs more time. 5795

j. Distribute software that has been certified under the Testing and Evaluation Services. 5796

k. Use government provided seat to application mapping to deploy software to designate 5797

data seats. 5798

l. Provide application virtualization services to mitigate application incompatibility issues. 5799

m. Use Active Directory data to determine which seats have applications targeted for 5800

removal using ESD. 5801

n. Remove software, using ESD mechanisms if able, for applications that were manually 5802

installed. 5803

o. Remove any associated packaged solutions from the ESD system and any associated 5804

objects from Active Directory for applications removed from the USMC Management 5805

Domain. 5806

p. Provide a script to remove the last two versions of application (N-2) in the USMC 5807

Management Domain. 5808

q. Report status of deployed patch/upgrade every 24 hours until completion. Reported 5809

information should contain: 5810

i. Total devices needing push 5811

ii. Total successful pushes 5812

iii. Total unsuccessful pushes 5813

iv. Total number of machines not yet having the push applied 5814

r. Develop software distribution report in accordance with (CDRL AXXX). 5815

s. Support “initial” and “subsequent” distribution event services. 5816

t. Use standard deployed solution for any dependent applications (Oracle, Java, CITRIX or 5817

similar products) if it is available. 5818

Attachment 1



214

u. Add only Government approved applications or application components to the 5819

Environment. 5820

v. Validate that applications that will be deployed meet DAA Information Assurance (IA) 5821

requirements. 5822

w. Deploy applications Identified in Request to Deploy Document. 5823

x. Validate that the software application is appropriately licensed for distribution. 5824

y. Provide Subject Matter Experts (SME) for troubleshooting of applications to ensure 5825

proper application functionality. 5826

5827

4.6.12 Commercial Voice Services 5828

Commercial Voice Connectivity Services address unsecured cable plant commercial Public 5829

Switched Telecommunications Network (PSTN) availability and pier side connectivity, and 5830

PBX. This also supports interfaces to secure voice systems. The USMC has Programs of record 5831

(PoRs) (e.g., Base Telecommunications Infrastructure [BTI]) separate from NGEN that 5832

implement commercial voice connectivity. These PoRs provide commercial voice services to 5833

commercial entities, family housing, and unofficial end users located on USMC installations 5834

where ready connection to the Public Switched Telephone Network (PSTN) is available. 5835

5836


For Commercial Voice Services, the specific support tasks the ES Contractor shall perform or 5838


a. Provide voice connectivity between buildings on a base, facility or office campus 5840

delivered to a BAN Point of Presence within each building and to the Wide Area 5841

Network (WAN) Point of Presence at the base, facility or office campus. 5842

b. Provide voice connectivity between end user devices within a building and the BAN 5843

point of presence in the building. 5844

c. Configure, operate and maintain logical or physical interface to the Defense Switched 5845

Network (DSN) for basic voice transport services from premise switches that are either 5846

part of a campus or BAN. 5847

Attachment 1



215

d. Configure, operate and maintain network interface to Incumbent Local Exchanges 5848

Carriers (ILECs), Competitive Local Exchange Carriers (CLECs) and Inter-exchange 5849

Carriers (IECs) via T1 interfaces that support ISDN Primary Rate Interface. 5850

5851

4.6.13 VoIP Options and Services 5852

VOIP Options and Services utilize Internet Protocol for the transmission of voice. This service 5853

provides the requisite hardware and software to permit the use of VOIP. IP phones provide end 5854

users with all the standard telephony features, including full voice mail capabilities and the 5855

option to customize ring tones and color display features. The VOIP system also supports fax 5856

machines and legacy analog conference speakerphones. 5857

5858


For VoIP Options and Services, the specific support tasks the ES Contractor shall perform or 5860


a. Support engineering and design of VoIP services to include unlimited local connection 5862

minutes for basic telephone functionality. 5863

b. Support system hardware and software de-installation, move, re-installation, and 5864

change. 5865

c. Support engineering and design to provide access to toll free numbers. 5866

d. Support engineering and design to provide VoIP telephone system that interfaces 5867

between data services and the network on a fully converged voice and data LAN meeting 5868

DISA Unified Capabilities Requirements. 5869

e. Support end user training and education on the various devices provided by the 5870

Government for voice services on the network including computer-based training, web-5871

based training, and instructor-led training as required. 5872

f. Manage, maintain, operate, existing VoIP servers, switches, routers and other equipment 5873

supporting VoIP networks. 5874

g. Maintain configuration of auxiliary voice VLANS. 5875

h. Maintain configuration, management, and operations of network devices, PSTN 5876

interfaces, and fax modules supporting the voice system. 5877

Attachment 1



216

i. Support tiered Service Desk support for Voice Seats. 5878

j. Support VoIP MACs and complete other associated Service Desk network request. 5879

k. Program, configure, and maintain the network devices. 5880

l. Support VoIP services that provide Layer 3 switching capability as well as updated 5881

TACLANE configurations in support of future transition to DISA VoSIP. 5882

m. Provide engineering and design support for a VoIP service with capability to support 5883

Extension Mobility, Unified Messaging, and Emergency Responder. 5884

n. Provide engineering and design support for a VoIP service that supports Call Center 5885

operations in a Service Desk environment. 5886

5887

4.6.14 Unclassified Mobile Phone Services 5888

Unclassified mobile phone services are a comprehensive set of wireless cellular capabilities, 5889

available through multiple carriers with the service plans to meet end users' needs, where 5890

available, which includes cellular phones, PDA devices, paging services, and cellular data 5891

network access devices. 5892

5893


For Unclassified Mobile Phone Services, the specific support tasks the ES Contractor shall 5895

perform or provide include: 5896

a. Develop and maintain mobile solutions that incorporate cellular phones, cellular 5897

modems/air cards, PDA devices (e.g. Blackberries or other approved devices), tethering, 5898

paging, etc into the Enterprise Network. 5899

b. Support testing and certifying of mobile solutions including new capabilities as well as 5900

patches, updates, and technology refresh of existing solutions. 5901

c. Develop and implement procedures for technology refresh and deployment of significant 5902

mobile service solution updates and patches. 5903

d. Draft and support implementation of procedures for service transfer between end users as 5904

well as transfers of service between carriers. 5905

e. Maintain data services that include cellular cards, tethering, and associated service plans 5906

for connectivity to the network including a cellular card and service from approved 5907

Attachment 1



217

carriers, transfer of service from a government furnished device and service plan to this 5908

contract, upgrade cellular card service will replace the older technology with a new 5909

cellular card, and associate it with the existing service plan. 5910

f. Install government provided CAC readers that allow end users to send digitally signed 5911

and/or encrypted email, receive digitally encrypted email, or use encrypted PIN-to-PIN 5912

instant messaging on BlackBerry or similar device. 5913

g. Provide remote connectivity to unclassified email, calendar and contacts, as well as 5914

optional data services and peripherals, including a supporting enterprise server capable of 5915

support DoD PKI or approved hard token encryption. 5916

h. Maintain a mobile solution interoperable with USMC approved BlackBerry or similar 5917

devices combining mobile voice and data access to USMC email services. 5918

i. Maintain a mobile solution able to interface with the PKI certificates stored on a end 5919

user’s DoD CAC through a MCEN DAA approved device and/or connection - either a 5920

physical connection or a secured Bluetooth communications link configured in 5921

accordance with DoD, DON, and USMC wireless security standards. 5922

5923

4.6.15 Classified Mobile Phone Services 5924

Classified Mobile Phone Services provide classified voice services that meet the National 5925

Security Agency (NSA) certification and are compliant with DOD 8100.2. Secure Wireless 5926

Cellular Service consists of cellular data network access services. 5927

5928


For Classified Mobile Phone Services, the specific support tasks the ES Contractor shall perform 5930

or provide include: 5931

a. Maintain data services that includes cellular cards, tethering, and associated service plans 5932

for connectivity to the network including a cellular card and service from approved 5933

carriers, transfer of service from a government furnished device and service plan, 5934

upgrading cellular card service to replace the older technology with a new cellular card, 5935

and associate it with the existing service plan. 5936

Attachment 1



218

b. Install Government provided CAC Readers that allow end users to send digitally signed 5937

and/or encrypted email, receive digitally encrypted email or use encrypted PIN-to-PIN 5938

Instant Messaging on Blackberry or similar device. 5939

c. Provide remote connectivity to classified email, calendar and contacts as well as optional 5940

data services and peripherals including supporting Enterprise Server capable of support 5941

DoD PKI or approved hard token encryption. 5942

d. Maintain the Government mobile solution interoperable with USMC approved 5943

Blackberry or similar devices combining mobile voice and data access to USMC email 5944

services. 5945

e. Maintain the Government mobile solution able to interface with the PKI certificates 5946

stored on a end user’s DoD CAC through a NAVY ODAA/MCEN DAA approved device 5947

and/or connection - either a physical connection or a secured Bluetooth communications 5948

link configured in accordance with DoD, DON, and USMC wireless security standards. 5949

5950

4.6.16 VTC Services 5951

Video Teleconferencing (VTC) Services offer cameras, coder-decoder (CODECs), monitors, 5952

onscreen menus, dynamic speaker technology, far-end camera control, collaborative tools, VTC 5953

scheduling set-up and operations, IP infrastructure, multi-session Multi-point Control Unit 5954

(MCU)/bridging service, and remote diagnostics to enable VTC connectivity throughout NGEN 5955

and with external participants via high bandwidth communications, point-to-point and point-to-5956

multi-point switching. 5957

5958


For VTC Services, the specific support tasks the ES Contractor shall perform or provide include: 5960

a. Maintain hardware, software, network, and scheduling required for end users to conduct 5961

videoconferences with other parties on the network or on other DON, DoD, federal, or 5962

commercial networks. 5963

b. Support videoconference services including: 5964

i. Fixed Video Seats: Support VTC services in existing facilities where end users 5965

can initiate and participate in live VTC’s with in-network and external 5966

Attachment 1



219

connectivity. Support fixed rooms only, room cameras with full area coverage, 5967

large monitors, on-screen menus, dynamic speaker technology, and video 5968

player/recorder capability. 5969

ii. Moveable Video Seats: Provide support for end users to access VTC services 5970

offering mobility and easy relocation. End users can initiate and participate in 5971

live VTC’s with in-network and external connectivity. Support connection of 5972

room cameras, large monitors, speakers, T.120 compliant collaborative tools, 5973

VTC scheduling, setup, and operations, and multi session bridging. 5974

iii. Desktop: Support capability for end users to participate in live video 5975

teleconferences from any location with other VTC systems using H.320 and 5976

H.323 standards. 5977

c. Support videoconference MAC services. 5978

d. Support upgrades to high-end, mission-critical, and/or classified functionality. 5979

e. Provide operator services for operator-assisted videoconference setup and operation 5980

which are processed on normal business days (M-F). Combined normal VTC support 5981

coverage: 0230-1500 PST, unless scheduled in advance. 5982

f. Support video service delivered via government provided Integrated Services Digital 5983

Network (ISDN) or other digital transmission service. 5984

g. Support efficient off-net routing of video calls. 5985

h. Support routing of calls over the government provided DISN Video Services Global 5986

(DVS-G) or FTS only when specified by the end user on a per call basis. 5987

i. Provide end user training on videoconferencing including the operation of any associated 5988

hardware and software. 5989

j. Conduct testing for videoconferencing services. 5990

k. Provide remote diagnostics for videoconferencing. 5991

l. Support software distribution and upgrades to videoconference software and firmware. 5992

m. Support multi-point bridging. 5993

n. Support service for movable VTC seats over standard infrastructure and temporary 5994

connections such as the Deployable Site Transport Boundary (DSTB). 5995

Attachment 1



220

o. Support compliance with DISA Uniform Capabilities Requirements and DVS-G 5996

standards for IP VTC configurations for LANs and WANs. 5997

5998

4.6.17 Cross Domain Security Services 5999

Cross domain security services provide the required degree of cross domain access to enable the 6000

exchange of information across COI and management domain boundaries. 6001

6002


For Cross Domain Security Services, the specific support tasks the ES Contractor shall perform 6004


a. Operate and maintain Cross Domain Infrastructure. 6006

b. Locate information and data stores across network domains and provide network domain 6007

source of information and data store location transactions. 6008

c. Enable cross-domain functional capabilities for end users that include the following: 6009

i. Post data to repositories 6010

ii. Deliver (push, or export) data to specified recipients 6011

iii. Exchange email with attachments 6012

iv. Conduct Instant Messaging (IM) and text chat 6013

d. Filter cross-domain information and data store location results based on the (government 6014

approved) trust agreements among the domains. 6015

e. Maintain CDS architecture as a configuration record for cross domain implementation. 6016

f. Provide content and allowable action restrictions, in addition to the standard mechanisms 6017

of the network, based on the trust agreement for each type of data exchange. 6018

g. Enable metadata tagging of network resources with the data necessary for determination 6019

and enforcement of policy compliance. 6020

h. Enforce cross-domain trust agreement and policy changes in timeframes agreed upon by 6021

the contractor and the government. 6022

i. Coordinate Cross-Domain Solution efforts through the Navy Cross Domain Solution 6023

Office (NCDSO). 6024

Attachment 1



221

j. Comply with current policies, guidelines, and requirements for the trust agreements and 6025

metadata tagging for data exchanges across COIs. 6026

k. Enforce reliable human review when required. 6027

l. Operate and maintain Cross Domain Infrastructure. 6028

m. Import (pull) data from repositories in other domains. 6029

n. Enforce content release policy. 6030

o. Permit users to request information from a network domain, in addition to, the one he or 6031

she is using. 6032

6033


Security configuration and management (SCAM) services provides an enterprise-wide security 6035

compliance capability that scans and remediates NGEN network devices, workstations, laptops, 6036

and wireless PDAs for out-of compliance conditions such as changed settings, outdated patches, 6037

and illicit software. 6038

6039


For Security Configuration and Management Services, the specific support tasks the ES 6041

Contractor shall perform or provide include: 6042

a. Analyze information systems and networks to identify potential security weaknesses and 6043


b. Provide performance monitoring and management of Information Assurance measures 6045

including providing security services for protection of the network. Resultant measures 6046

shall be included in reports readily accessible by the government for monitoring and 6047

validation purposes in accordance with (CDRLs AXXX, AXXX, and AXXX). 6048

c. Conduct Information Assurance Vulnerability Management (IAVM) in accordance with 6049

DoDI 8500.2, DoDD 8500.01E, CJCSI 6510.01E and DON policy. 6050

d. Conduct vulnerability scans twice monthly using the DoD standard tool(s). 6051

e. Provide a service single point of contact, position or billet, in accordance with CJCSM 6052

6510.01, DoDI O-8530.2, , to receive all IAVM alerts: a. Designate in writing a single 6053

Attachment 1



222

point of contact position or billet that shall be available 24 hours a day and is 6054

knowledgeable on all actions that must be taken upon notification of an IAVM alert. 6055

i. Implement a process for emergency IAVM alerts that require shortened deadlines. 6056

ii. Report status of implementation through the designated government reporting 6057

portal. 6058

f. Complete corrective actions within the designated Vulnerability Alert timeline, including 6059

the following: 6060

i. Complete corrective actions within five calendar days of discovery if it is 6061

discovered that a previously designated Vulnerability Alert deadline has passed. 6062

ii. Provide input and assist the Government in developing a POA&M if the system 6063

cannot be brought into compliance within five calendar days of discovery if 6064

deadline has expired. 6065

iii. Includes, but is not limited to the MAC address, host name, location, device 6066

function, vulnerability and temporary mitigation to the POA&M. 6067

g. Provide review, analysis, evaluation, risk assessment, and recommendations to the 6068

respective CNDSP(s) for required government vulnerability management and analysis. 6069

h. Provide input and assist the Government in developing a POA&M every 90 calendar 6070

days that shows the status of each vulnerability and actions taken, if there are any 6071

outstanding enterprise-wide vulnerabilities existing. 6072

i. Maintain a current network and system configuration baseline of all devices. 6073

j. Ensure network and system devices supporting CND functions operate within two 6074

versions of the latest commercially available release unless otherwise directed by the 6075

government. Upon notification by the government of change to current regulation, policy 6076

and/or guidance, the ES Contractor shall notify the government, within 30 days if there is 6077

a material change. 6078

k. Install “plug and play” network and system monitoring device into the system when 6079

supplied by the government. 6080

l. Provide routine vulnerability scans analysis report in accordance with (CDRL AXXX). 6081

m. Report on IAVM compliance in accordance with (CDRL AXXX). 6082

Attachment 1



223

n. Implement physical and system mechanisms for safeguarding Character User Interface 6083

(CUI) including encryption, access control, end user identification and authentication, 6084

malicious content detection, audit, and physical and environmental control. 6085

o. Adjust and implement security changes following a Security Review including: 6086

i. Provide a standard process for designing, implementing, and changing CUI 6087

security requirements and efforts. 6088

ii. Provide an emergency process for designing, implementing, and changing CUI 6089

security requirements and efforts in operations. 6090

p. Provide support for controlled unclassified safeguard tasks in accordance with applicable 6091

directives. 6092

q. Monitor status of DAR services on DAR enabled computing devices across the network 6093

enterprise. 6094

r. Engineer core builds for each operating system comprising software provided by the 6095

government, the contractor or by a third party contractor. Engineering the core build will 6096

provide the core build to the government at a government testing facility so that it can be 6097

scanned for security vulnerabilities. 6098

s. Develop group policy objects (GPOs) based on the corresponding Defense Information 6099

Systems Agency (DISA) Security Technical Implementation Guides (STIG) for each 6100

operating system on the network and the Marine Corps Enterprise DAA (DAA) guidance 6101

regarding the United States Government Configuration Baseline (USGCB), as directed 6102

by the Office of Management and Budget (OMB) memorandum M-07-11, 6103

"Implementation of Commonly Accepted Security Configurations for Windows 6104

Operating Systems," March 22, 2007, guidelines and configurations (from National 6105

Institute of Standards and Technology; National Vulnerability Database for FDCC). 6106

t. Provide input and assist the Government in developing IAVA/IAVB packages to servers. 6107

u. Maintain data seat configurations based on current DoD and DON policy and guidance 6108

including the Defense Information Systems Agency (DISA) Security Technical 6109

Implementation Guidelines (STIGs) as specifically agreed upon and approved by the 6110

MCEN DAA for the network. 6111

Attachment 1



224

v. Provide touch labor to maintain deployable seats that meet the requirements for a 6112

portable data seat including performing preventive and/or corrective maintenance upon 6113

return of the embarked units and prior to reconnection with the shore infrastructure 6114

including (but not limited to) reconfiguration or upgrades of software and hardware as 6115

necessary to verify IAVA compliance at the time of return. 6116

w. Provide input and assist the Government in reporting status of deployed patch/upgrade 6117

within 24 hours of deployment direction. 6118

x. Maintain CND mechanisms, including anti-spam tools, Network Access Control, Host 6119

Based Security Systems (HBSS), and HBSS Device Control Modules at enterprise 6120

locations in accordance with government direction based on NIST SP 800-53, 6121

DoDI8500.2, DoDD 8500.1. 6122

y. Operate and defend the network in accordance with DoDI O-8530.2, STRATCOM 6123

Directive (SD) 527-1, and CYBERCOM cyber condition operational tasking orders. 6124

z. Develop plan and implement actions on the enterprise as required by each of the Cyber 6125

Readiness Conditions. 6126

aa. Provide input to Cyber Readiness Implementation Plans. 6127

bb. Execute the Cyber Readiness Implementation Plan as directed by the government. 6128

Report completion of all steps. Report any actions that could not be completed, along 6129

with an estimated time of completion. (CDRL AXXX) 6130

cc. Defend Systems by recognizing, reacting to, and responding to threats (as directed by 6131

NCDOC, Marine Corps Network Operations and Security Center (MCNOSC) or higher 6132

authority), vulnerabilities, and deficiencies, such that no access is uncontrolled and all 6133

systems and networks are capable of self-defense with all reporting and responses to 6134

Computer Network Defense Service Provider (CNDSP). 6135

dd. Support and comply with government directed CND Response Actions (RAs), which 6136

may develop CND-RAs based on intelligence reporting, active network incidents or 6137

trends. Provide a written assessment of any adverse impact to end user services. In the 6138

case of an adverse impact, provide alternative actions to achieve the original intent of the 6139

CND-RA. (CDRL AXXX) 6140

Attachment 1



225

ee. Conduct weekly monitoring and analyze logs to identify unauthorized, illicit, or other 6141

unwanted activity. 6142

ff. Capture transactional information, during the auditing process." 6143

gg. Conduct routine vulnerability scans. 6144

hh. Analyze vulnerability scan results to determine potential network or system 6145

vulnerabilities in accordance with DoDI O-8530.2 and CJCSI 6510.01E. 6146

ii. Provide an analysis of vulnerable machines to MCNOSC including the following 6147

information: hostname, IP, MAC address, site, device function, and vulnerability 6148

associated with that asset. (CDRL AXXX) 6149

jj. Remediate software vulnerabilities and system misconfigurations identified in routine 6150

scans in accordance with DoDD O-8530.1, CJCSM 6510.01 and DoDI 8500.2, except for 6151

instances approved by the appropriate approving Service authorities. Vulnerability 6152

remediation will be conducted using the approved DoD solution (SCRI) or other 6153

approved methodologies. 6154

kk. Remediate vulnerabilities and misconfigurations identified by an external network 6155

assessment conducted by the government entity, except for instances approved by the 6156

appropriate approving Service authorities. 6157

ll. Provide input and development of a Plan of Actions and Milestones (POA&M) if the 6158

remediation actions cannot be accomplished by the assigned completion date. 6159

mm. Provide input and development of monthly vulnerability reports. 6160

nn. Provide, in accordance with performance measures, logs and information feeds including 6161

HBSS, Intrusion Prevention System (IPS) and IDS to the MCNOSC to support 6162

government oversight. Maintain government accessible historical data (30 days) that can 6163

be retrieved/mined by automated means using standard protocols (i.e. XML, SOAP, etc.). 6164

oo. Provide input and assist the Government in updating/revising architecture designs to 6165

accommodate changing requirements, emerging technology, and results of vulnerability 6166

assessments, for government review and approval to ensure compliance with DoDI 6167

8500.2 IA Controls. 6168

Attachment 1



226

pp. Support the restoration of network and system devices to a known valid baseline. 6169

Provide post-event scans and verification of mitigation actions as required by the 6170

CNDSP(s). 6171

qq. Carry out a program of inspection and audit to safeguard against threats and hazards to 6172

the confidentiality, integrity, and availability of CUI. 6173

rr. Afford access to the facilities, technical capabilities, operations, and personnel. 6174

ss. Use only products that are FIPS 140-2 certified to protect Controlled Unclassified 6175

Information. 6176

tt. Support Government security policies, guidelines, and directives for identification and 6177

handling of CUI. 6178

uu. Provide IA CND personnel in accordance with DoD 8570.01-M, SECNAVINST 6179

5510.36, SECNAVINST 5239.3B, and SECNAV M-5239.1. Ensure personnel qualify 6180

on the equipment they have access to and have and will maintain required security 6181

clearances. 6182

vv. Provide a report of the IA CND workforce status in accordance with (CDRL AXXX). 6183

ww. Vulnerability scans shall utilize the latest Government provided configuration and 6184

definition files as applicable to the DoD mandated solution. 6185

xx. Provide analysis results to MCNOSC. 6186

6187

4.6.19 Boundary, DMZ, and Communities of Interest (COI) Services 6188

Boundary, Demilitarized Zone (DMZ), and Community of Interest (COI) Services protect the 6189

NGEN Enterprise including the management and operation of the boundaries. 6190

6191


For Boundary, DMZ, and COI Services, the specific support tasks the ES Contractor shall 6193


a. Provide input to Cyber Readiness Implementation Plans for the government. 6195

b. Comply with guidelines established by Department of Defense Instruction (DoDI) 6196

8551.1, "Ports, Protocols, and Services Management (PPSM)", the Navy Unclassified 6197

Trusted Network Protection Policy, and the Navy Classified Network Protection Policy. 6198

Attachment 1



227

c. Conduct weekly monitoring and analyze logs to identify unauthorized, illicit, or other 6199


d. Capture transactional information, during the auditing process. 6201

e. Remediate vulnerabilities and misconfigurations identified by an external network 6202

assessment conducted by the government entity, except for instances approved by the 6203

appropriate approving Service authorities. 6204

f. Report any actions that could not be completed, along with an estimated time of 6205

completion via the Government provided Ticket Management System (TMS). 6206

g. Provide, in accordance with performance measures, logs and information feeds including 6207


government oversight. 6209

h. Implement the Enterprise Services portion of the Sensor Grid within the security 6210

infrastructure that collects intrusion/incident/audit data from a collection of sources 6211

including but not limited to Content Monitoring products, Content Filtering products, 6212

HBSS for servers and hosts with the capability for packet capture, deep inspection, and 6213

customized signature capability. Implement automated tools to collect this data and to 6214

send it to the MCNOSC. 6215

i. Conduct system based intrusion detection monitoring and prevention on managed 6216

systems: 6217

i. Implement standard vendor provided appliance signatures within 24 hours of 6218

approval. 6219

ii. Implement government directed signatures no later than 24 hours after direction 6220

and files are provided. 6221

iii. Provide operational status of all sensors, managers and associated database 6222

systems to the government within 15 minutes of government request. 6223

iv. Monitor intrusion detection systems 24/7. 6224

j. Conduct host based intrusion detection monitoring and prevention on all devices that 6225

support HBSS: 6226

i. Provide administrator access to the HBSS management application to designated 6227

government POC. 6228

Attachment 1



228

ii. Implement only government approved policies/configuration/signatures on the 6229

host based sensors and management servers. 6230

iii. Provide near real-time data feeds from all intrusion detection/prevention system 6231

for incorporation into the government Security Incident Management system. 6232

iv. Maintain government-provided components of HBSS at the most current baseline, 6233

in accordance with USCYBERCOM and DON policy. 6234

v. Provide operational status of the managers and related software repository servers 6235

to the government within 15 minutes. 6236

k. Provide for ongoing support of improvements to the DMZ Facility to accommodate 6237

hosting of a single server. 6238

l. Provide input and development of an operational status report. 6239

m. Provide sensor or appliance log data to the government within 24 hours of a government 6240

request. 6241

n. Provide input and development of a status report of the managers and related software 6242

repository servers. 6243

o. Support Anti-Virus Scans of servers. 6244

p. Support Anti-Virus updates to servers. 6245

q. Host Government specified anti-virus definition files for use on a single server. 6246

r. Maintain an IP address to the connected unclassified or classified device. 6247

s. Maintain the USMC COI as a separate enclave. 6248

t. Maintain a standard level of connectivity, network loading, and maintenance 6249

responsiveness for a single server located in the DMZ Facility. 6250

u. Perform the per instance tasks required to maintain the redundant enterprise access. 6251

v. Maintain the deployed Citrix Access Gateway units at B1 sites. 6252

w. Support front end service for government managed and maintained servers connected to 6253

NGEN supporting standard low bandwidth Citrix based server/applications. 6254

x. Support server-load balancing, server SSL overhead offload (SSL termination), HTTP 6255

web caching, HTTP compression, and authentication framework services, parallel 6256

browser request processing, express document processing, smart technology, and layer 7 6257

virtualization capability as uplift. 6258

Attachment 1



229

y. Support capability for asymmetric application acceleration to load balance servers in 6259

public facing zones. 6260

z. Support capability to interface with additional external networks. 6261

aa. Implement hardware sensors into the USMC architecture for on-call/future use of CND 6262

tools. 6263

bb. Implement Defense-in-Depth strategies in accordance with Chapter 3 of the DON Chief 6264

Information Officer (CIO) Information Technology Steering Group (ITSG) and 6265

Appendix E of the DON CIO IT Infrastructure Architecture (ITI). 6266

6267

4.6.20 Malware Detection and Protection Services 6268

Malware Detection and Prevention (MDP) Services provide network-based and host-based 6269

malware (malicious code) prevention capabilities with centralized management and reporting. 6270

MDP uses a range of DoD approved software and hardware appliances throughout NGEN to 6271

enhance defense-in-depth posture. 6272

6273


For Malware Detection and Protection Services, the specific support tasks the ES Contractor 6275

shall perform or provide include: 6276

a. Operate anti-malware software, as designated by the government, on all system devices 6277

in accordance with CJCSM 6510.01, DoDI 8500.2, DoD 5220, SECNAVINST 5239.3B, 6278

and SECNAV M-5239.1. 6279

b. Monitor and conduct incident response to alerts generated by the government anti-6280

malware software in accordance with CJCSM 6510.01, DoDI 8500.2, DoD 5220, 6281

SECNAVINST 5239.3B, and SECNAV M-5239.1. 6282

c. Maintain anti-malware alert feeds to the government automatically in a method and 6283

format compatible with government CND systems in accordance with CJCSM 6510.01, 6284

DoDI 8500.2, DoD 5220, SECNAVINST 5239.3B, and SECNAV M-5239.1. 6285

d. Conduct a one-time full system scan within 45 calendar days of contract start. 6286

e. Conduct a full system scan of specific workstations and servers in accordance with 6287

government directed actions. 6288

Attachment 1



230

f. Actively investigate newly discovered or emerging malware that affects system devices. 6289

g. Report and submit to the CNDSP(s) all newly discovered or unknown malware. (CDRL 6290

AXXX) 6291

h. Monitor anti-malware organization advisories and websites. 6292

i. Implement physical and system mechanisms for safeguarding CUI including encryption, 6293

access control, end user identification and authentication, malicious content detection, 6294

audit, and physical and environmental control. 6295

j. Conduct anti-virus scans on all physical and virtual application servers. 6296

k. Download anti-virus updates for all physical and virtual application servers. 6297

l. Maintain specified anti-virus definition files for use on a single server. 6298

m. Operate and maintain boundary anti-malware capabilities to protect servers, services, and 6299

end points by integrating and correlating the following: 6300

i. URL filtering 6301

ii. Anti-malware inspection 6302

iii. Intrusion prevention 6303

iv. Application and network-layer firewall 6304

v. HTTP and HTTPS inspections 6305

6306

4.6.21 Security Event Management Services 6307

Security Event Management (SEM) Services provide the ability to monitor and correlate security 6308

events that are generated from identified networked devices such as firewalls, IPS, and server 6309

logs within NGEN COIs using government approved filtering strategies and implementations. 6310

6311


For Security Event Management Services, the specific support tasks the ES Contractor shall 6313


a. Conduct weekly monitoring and analyze logs to identify unauthorized, illicit, or other 6315


b. Provide cyber threat/issue recommendations to mitigate or respond to threats and 6317

vulnerabilities, to the government for validation and acceptance based on established 6318

Attachment 1



231

policies. The urgency or phasing of any actions will consider the level of threat or 6319

vulnerability to the network. (CDRL AXXX) 6320

c. Obtain access to security logs, including centralized storage of data. 6321

d. Maintain CND mechanisms, including anti-spam tools, Network Access Control, Host 6322



DoDI8500.2, DoDD 8500.1. Operate and defend the network in accordance with DoDI 6325

O-8530.2, STRATCOM Directive (SD) 527-1, and CYBERCOM cyber condition 6326

operational tasking orders. 6327

e. Design, plan and implement actions on the enterprise as required by each of the Cyber 6328


f. Provide input to Cyber Readiness Implementation Plans for the government. 6330

g. Execute the Cyber Readiness Implementation Plan as directed by the government. 6331

h. Notify appropriate Government representative upon completion of all steps in the Cyber 6332

Readiness Implementation Plan. 6333

i. Defend Systems by recognizing, reacting to, and responding to threats (as directed by 6334




Computer Network Defense Service Provider (CNDSP). 6338

j. Support and comply with government directed CND Response Actions (RAs), which 6339

may develop CND-RAs based on intelligence reporting, active network incidents or 6340

trends: Provide a written assessment of any adverse impact to end user services. In the 6341

case of an adverse impact, provide alternative actions to achieve the original intent of the 6342

CND-RAs. (CDRL AXXX) 6343

k. Capture transactional information, as directed by the government, during the auditing 6344

process utilizing tools in place as of the COSC Start Date. 6345

l. Analyze vulnerability scan results to determine potential network or system 6346

vulnerabilities in accordance with DoDI O-8530.2 and CJCSI 6510.01E. 6347

Attachment 1



232

m. Provide an analysis of vulnerable machines to MCNOSC including the following 6348

information: hostname, IP, MAC address, site, device function, and vulnerability 6349

associated with that asset. (CDRL AXXX) 6350

n. Provide analysis results to MCNOSC. 6351

o. Provide, in accordance with performance measures, logs and information feeds including 6352


government oversight. 6354

p. Maintain government accessible historical data (30 days) that can be retrieved/mined by 6355

automated means using standard protocols (i.e. XML, SOAP, etc.). 6356

q. Take and report prescribed actions either pre-designated or government directed actions 6357

in response to an identified attack on or intrusion into an information system or network. 6358

(CDRL AXXX) 6359

r. Provide any actions recommended by the CND team to MARCERT for possible 6360

inclusion into the overall DON security posture as part of the threat sharing initiative. 6361

s. Provide Incident/Event reporting utilizing the government provided Ticket Management 6362

System. 6363

t. Provide input and development of incident logs. 6364

u. Provide input and development of Operation Support Services data. 6365

v. Maintain near real-time data feeds from designated systems into the government Security 6366

Incident Management (SIM) system. Test software required for real-time data feed for 6367

compatibility on designated devices. Provide completed test reports. (CDRL AXXX) 6368

w. Operate the government-provided software agent within 30 calendar days of the 6369

government’s acceptance of the performance or capability issues identified in the test 6370

report. 6371

x. Provide incident response by isolating a network or system device: At a minimum, 6372

logically isolate a network device within 30 minutes of government direction for servers 6373

and 60 minutes of government direction for Data Seats (government may direct physical 6374

removal after logical isolation). 6375

Attachment 1



233

y. Collect incident handling evidence. Execute a preselected volatile data capture tool 6376

within 1 hour of government direction for such data and provide the tool output in the 6377

CNDSP(s) approved format/output. 6378

z. Take possession of any magnetic and optical media related to a network incident utilizing 6379

government chain of custody procedures. 6380

aa. Ship incident handling evidence, via registered mail, or as specified by DoD 5000.2-R if 6381

classified, the media (or entire device, if required) within 48 hours to the government 6382

POC. 6383

bb. Operate a decryption capability for DAR enabled media. 6384

cc. Restore network and system devices to a known valid baseline. 6385

dd. Reimage workstations and servers as required by either incident response procedures or 6386

current INFOCON/Cyber-Readiness Condition requirements. 6387

ee. Support the restoration of network and system devices to a known valid baseline. 6388

Provide post-event scans and verification of mitigation actions as required by the 6389

CNDSP(s). 6390

ff. Monitor and conduct incident response to alerts generated by the government anti-6391

malware software in accordance with CJCSM 6510.01, DoDI 8500.2, DoD 5220, 6392

SECNAVINST 5239.3B, and SECNAV M-5239.1. 6393

gg. Monitor the IA/CND operational situation on network system status consoles, perform 6394

initial investigation on any suspicious activity reported, and escalate potential events via 6395

the incident ticket/event tracking system to the appropriate-level NOSC security 6396

Operations Duty manager in accordance with government directed actions. 6397

hh. Coordinate operational reporting of CDRL and Incident/Events reporting. 6398

ii. Generate, provide, and archive activity and event component logs as directed by the 6399

CNDSP(s): a. Operate an automated logging aggregation system that will compress, 6400

correlate, and provide (30 days of data) for analysis of logged data from all required 6401

logging sources (host audits, networks and host-based IDS, etc.) and audit those logs. 6402

This system shall be open to external connections as specified by the CNDSP to enable 6403

CNDSP Data mining for event correlations specific to the DON GIG. 6404

Attachment 1



234

jj. Monitor logging aggregation system (weekly) and analyze logs to identify unauthorized, 6405

illicit, or other unwanted activity. 6406

kk. Operate Security Event Correlation Tools to enable the government to determine if 6407

ongoing system activities are in accordance with security policies. 6408

ll. Operate Computer Forensic Tools to identify, extract, preserve, and document computer-6409

based evidence. 6410

mm. Capture in scope transactional information directed by the government during the 6411

auditing process, the scope of information requested is limited to the capabilities of the 6412

solutions in the forensics area. 6413

nn. Operate physical and system mechanisms for safeguarding CUI including encryption, 6414

access control, end user identification and authentication, malicious content detection, 6415

audit, and physical and environmental control. 6416

oo. Support the Security Operations Center by generating, providing, and archiving activity 6417

and event component logs as directed by the CNDSP(s). 6418

pp. Any data storage requirements in excess of 30 days will be addressed via an Engineering 6419

Services CLIN. 6420

qq. Provide audit and monitor controls to allow system administrators to perform testing for 6421

implementation of new services, changes to services, and investigations. 6422

rr. Provide audit and monitoring technologies for IA and Computer Network Defense to 6423

CNDSP(s) as directed. 6424

6425

4.6.22 Security and IT Certification and Accreditation Services 6426

Security and IT Certification and Accreditation (C&A) Services supports the Department of 6427

Defense Information Assurance Certification and Accreditation Process (DIACAP). This 6428

includes management of the certification process, the performance of a complete certification or 6429

preparation and assessment of individual documents in the final DIACAP package. 6430

6431


For Security and IT Certification and Accreditation Services, the specific support tasks the ES 6433


Attachment 1



235

a. Provide input and assist the Government in developing and preparing certification and 6435

accreditation packages that will allow each discrete site to be certified and accredited in 6436

accordance with DON DIACAP Handbook, 15 July, 2008, DoDI 8510.01, “DoD 6437

Information Assurance Certification and Accreditation Process (DIACAP),” November 6438

28, 2007 and/or Director of Central Intelligence Community Directive Number 503 6439

effective 15 September 2008. 6440

b. Conduct C&A testing and analysis of system security and data safeguards in accordance 6441

with the DIACAP Implementation Plan (DIP) to provide correct and thorough 6442

implementation of relevant Information Assurance controls as defined within DoDI 6443

8500.2 (Information Assurance Implementation) in accordance with the system’s Mission 6444

Assurance Category and Classification level of information processed. 6445

c. Participate and provide points-of-contact to the government for discussions, design 6446

solutions, identify risks, make recommendations, and develop schedules for approval in 6447

Configuration Control Board (CCB), Information Assurance (IA) Verification and 6448

Validation (V&V) activities, Working Integrated Project Team (WIPT), and other 6449

Engineering and Security-focused Working Groups related to the Clinger-Cohen Act 6450

such as S/TEAG and C&A Subgroup), as directed by government POC (APM for the 6451

IA/C&A). 6452

d. Participate in and provide points-of-contact to the government for technical reviews, 6453

analysis of capability, processes and systems such as the Certification Solution Review 6454

(CSR), Enterprise Change Control Board (ECCB), and Enterprise Residual Risk Panel 6455

(ERRP) providing design solutions, identification of risks and recommendations. 6456

e. Implement accreditation boundary change requests following the established 6457

U4010/C4010 processes. 6458

f. Comply with the requirements DoDI 8500.2, DoD 5200.2-R, DoD Instruction 8510.01, 6459

DON DIACAP Handbook dated 15 July 2008, SECNAVINST 5239.3 and OPNAVINST 6460

5239.1C, Marine Corps Enterprise IA Directive (EIAD) 018 Certification and 6461

Accreditation Manual DAA Guidance Memorandum 01/0909 6462

g. Validate that automated systems comply with security requirements and are accredited by 6463

the Designated Approving Authority (DAA), Headquarters United States Marine Corps 6464

Attachment 1



236

(HQMC), Command, Control, Communications and Computers (C4) prior to processing 6465

sensitive unclassified data. 6466

h. Provide input and assist the Government in preparing DIACAP Packages consisting of 6467

the DIACAP Implementation Plan (DIP), System Identification Profile (SIP), IT Security 6468

Plan of Action and Milestones (POA&M) identifying the non-complaint IA Controls or 6469

vulnerabilities, and scorecard populated with security testing results. 6470

i. Assign and tailor IA system/site controls and security requirements for the government. 6471

j. Track status of packages coming up for recertification. 6472

k. Implement and validate assigned IACs: 6473

i. Execute the DIACAP implementation plan (DIP) and conduct system testing. 6474

ii. Compile system/site testing results. 6475

iii. Provide input for development of an IT security POA&M. 6476

iv. Provide input and assist the Government in preparing C&A Packages. 6477

l. Support Echelon II/MSC Concurrence of C&A Package. 6478

m. Complete required testing and provide input to the required C&A documentation to assist 6479

the CA/CAR and DAA in making certification determination and accreditation decisions. 6480

i. Provide any additional information required by government PM and designated 6481

representatives to substantiate packages submitted for decisions from the 6482

CA/CAR DAA. 6483

ii. Respond to inquiries during this activity. 6484

n. Provide input and assist the Government in maintaining Authority to Operate and conduct 6485

system/site reviews. 6486

i. Maintain system/site situational awareness and maintain IA security posture. 6487

ii. Remediate vulnerabilities that have been identified by the government, or identify 6488

any scheduled timeline deviation required, according to the timeline identified by 6489

the government representatives. 6490

iii. Assist the Government in conducting annual system/site reviews. 6491

iv. Assist the Government in conducting system/site re-accreditations. 6492

o. Decommission system/site when directed by the government. 6493

p. Notify MCNOSC when system/site is de-commissioned 6494

Attachment 1



237

q. Assist the Government in preparing C&A Documentation for sites in accordance with 6495

DON DIACAP Handbook, dated 15 July 2008, not less than 70 calendar days before 6496

expiration, Authority to Operate (ATO). 6497

r. Perform Security Test and Evaluation (ST&E) in accordance with the government 6498

preapproved test plan for each site and identify security discrepancies found during 6499

testing in the approved DIACAP documentation, Federal Information Security 6500

Management Act (FISMA) POA&M, and DIACAP Scorecard. 6501

s. Maintain and update the Enterprise DIACAP Plan (EDP) when implemented. 6502

t. Assist the Government in preparing proposed updates to the enterprise ATO (eATO) 6503

approval cycle for stakeholder (DAA, CA, PM, USMC) review. All Sections of the EDP 6504

must be updated prior to the expiration of the eATO. 6505

u. Participate and provide recommendations in discussions, design solutions, identify risks, 6506

and develop schedules for approval in technical interchange meetings, conferences, and 6507

workshops including in certification solution review (CSR) for architecture & 6508

engineering (A&E) solutions - security engineering review (ER) for new solutions. 6509

v. Participate and provide recommendations in discussions, design solutions, identify risks, 6510

and develop schedules for approval in technical interchange meetings, conferences, and 6511

workshops including in enterprise residual risk panels (ERRP). 6512

w. Participate and provide recommendations in discussions, design solutions, identify risks, 6513

and develop schedules for approval in Technical Interchange Meetings, Conferences, and 6514

Workshops including in Security and Technical Enterprise Action Group and subgroups. 6515

x. Participate and provide recommendations in discussions, design solutions, identify risks, 6516

and develop schedules for approval in Technical Interchange Meetings, Conferences, and 6517

Workshops including in DAA and Other Status Briefings. 6518

y. Support independent test and audit teams conducting evaluations on systems or networks 6519

to verify and determine the extent a particular design and implementation meets a set of 6520

specified security requirements. 6521

z. Participate in weekly production call with the government in order to identify status of 6522

C&A packages in process and the identification of issues impacting those packages. 6523

Attachment 1



238

aa. Assist the Government in preparing C&A related information, including detailed site 6524

topology drawings and other documentation required by DISA for Approval to Connect 6525

(ATC) to the Global Information Grid (GIG). 6526

bb. Support the government in the role of certification agent by conducting site visits, IAM 6527

Interviews, Security Test and Evaluations using government provided Test Plans 6528

including building walkthroughs and physical security inspections for room certifications 6529

and build and support the government in delivering C&A packages that are able to be 6530

Certified and Accredited Authority to Operate (ATO) and DISA Authority to Connect 6531

(ATC) to the GIG. 6532

cc. Evaluate proposed new IT products and protocols for impacts to C&A. 6533

dd. Assist the Government in preparing sufficient architecture documentation, risk 6534

assessments, risk mitigation plans, and other supporting documents required to support 6535

DIACAP accreditation. 6536

ee. Migrate from manual C&A processing to automated processing using the specified DON 6537

DIACAP Tool for populating data using specified templates. 6538

ff. Provide input and assist the Government in developing C&A packages. 6539

gg. Achieve ATO for all sites granted IATO within 180 calendar days from the date IATO 6540

was granted. 6541

hh. Review U.S. Cyber Command Coordinated Alert Messages and verify that no sites on 6542

these messages, with the exception of IATB sites, are within 30 calendar days of 6543

expiration. 6544

ii. Populate templates per DIACAP requirements in accordance with DON DIACAP 6545

Handbook dated--15 July 2008. 6546

jj. Provide input and development of C&A status reports. 6547

kk. Provide input and development of annual forecast of packages to be delivered to the 6548

government for C&A decisions. 6549

ll. Provide input and development of Enterprise documentation. 6550

mm. Attend the Integration Certification Solution Review Board as the Engineering and 6551

Program Manager (PM) representative. 6552

nn. Provide C&A Program Management. 6553

Attachment 1



239

oo. Notify all site echelons of upcoming C&A visits. 6554

pp. Fulfill C&A responsibilities with respect to applicable laws, policies and directives. 6555

qq. Review business best practices (BBP) and review semi-annually to validate that BBPs are 6556

evaluated and where appropriate implemented in a Lean Six SIGMA effort to 6557

continuously improve performance of the network and security posture supporting the 6558

network. 6559

rr. Provide input and assist the Government in developing C&A package for the Core Build. 6560

ss. Complete and submit the DIACAP Implementation Plan (DIP). 6561

tt. Validate assessments of system's compliance with stated requirements, assess the risks 6562

associated with operating the system, and coordinate the certification activities. 6563

uu. Support the Government as the NGEN Validator and Certification Agent. 6564

vv. Participate and provide recommendations in discussions, design solutions, identify risks 6565

and develop schedules for approval in NMCI Technical Interchange Meetings, 6566

Conferences and Workshops, including: 6567

i. First attempt: 90% must obtain accreditation approval 6568

ii. Second attempt: 100% must obtain accreditation approval 6569

ww. Provide problem escalation and resolutions for Government issues relating to 6570

C&A site package preparation. 6571

xx. Report on Information Assurance requirements compliance with respect to C&A. 6572

yy. Perform test and audit to include verification and validation of contractor performance by 6573

conducting on site and remote scan assessments of selected sites classified and 6574

unclassified networks, servers and workstations and security infrastructure. 6575

zz. Promulgate C&A guidance, policy consistent with DoD tasking. 6576

aaa. Coordinate with the responsible Government designated representative, to 6577

validate 100% compliance and compatibility with DIACAP C&A data standards. 6578

bbb. Provide documentation of established performance metrics. 6579

ccc. Follow Government direction for use of the specified DON DIACAP Tool for 6580

C&A processing. 6581

6582

4.6.23 Authentication and Authorization Services 6583

Attachment 1



240

Authentication and authorization services comply with the applicable policies of DoDD 8500.1 6584

by enforcing procedures to ensure that end users possess appropriate identity credentials and that 6585

end users are authorized only the minimum rights and privileges required to perform their 6586

assigned duties and tasks. The network enforces end user authentication through the use of 6587

strong (two factor) authentication using the DoD public key infrastructure (PKI), which allows 6588

for the implementation of a comprehensive accountability model and holds end users responsible 6589

for their actions. The authorization management piece allows for the definition of authorization 6590

policy and for the enforcement of this policy. 6591

6592


For Authentication and Authorization Services, the specific support tasks the ES Contractor shall 6594


a. Support identity and access management in accordance with Information Sharing 6596

Environment Guidance (ISE-G-108 v1.0). 6597

b. Comply with DoD and DON Policy to support cryptographic log-On (CLO) for network 6598

authentication. 6599

c. Comply with government guidance/direction to support DON login mechanism using an 6600

end username and password combination for any enterprise assets that do not support 6601

CLO. 6602

d. Operate an identity management system for the authorization and access model directed 6603

by DON. 6604

e. Support limitation of the number of consecutive unsuccessful access attempts in 6605

accordance with DoDI 8500.2 and JTF-CTO 07-15. 6606

f. Monitor and maintain the use of a government approved system use notification message 6607

before granting system access for the information system. 6608

g. Maintain a session lock as defined by policy due to inactivity to prevent further access to 6609

the system. 6610

h. Comply with current government regulations, policy, and guidance in effect at time of 6611

implementation of the IdAM schema and access control mechanism. Upon notification 6612

Attachment 1



241

by the government of change to current regulation, policy and/or guidance, notify the 6613

government, within 30 days if there is a material change. 6614

i. Maintain the trust relationship structure among resources, assets, networks, and security 6615

domains. 6616

j. Maintain CND mechanisms, including anti-spam tools, Network Access Control, Host 6617


locations based on NIST SP 800-53, DoDI8500.2, DoDD 8500.1. Operate and defend 6619

the network in accordance with DoDI O-8530.2, STRATCOM Directive (SD) 527-1, and 6620

CYBERCOM cyber condition operational tasking orders. 6621

k. Support actions on the enterprise as required by each of the Cyber Readiness Conditions. 6622

l. Defend Systems by recognizing, reacting to, and responding to threats (identified by, 6623

Marine Corps Network Operations and Security Center (MCNOSC) or higher authority), 6624

vulnerabilities, and deficiencies, such that no access is uncontrolled and all systems and 6625

networks are capable of self-defense with all reporting and responses to Computer 6626

Network Defense Service Provider (CNDSP). 6627

m. Comply with formal security classification and Operational Security (OPSEC) guidance 6628

in accordance with DoDI O-3600.2, CJCSI 6510.01E and DoDI O-8530.1 related to 6629

generation, transmission, storage and destruction of CND related incidents, 6630

countermeasures, vulnerabilities or CND systems status or, as specified by DoD 5000.2-6631

R, if classified. 6632

n. Support the implementation of physical and system mechanisms for safeguarding CUI 6633

including encryption, access control, end user identification and authentication, malicious 6634

content detection, audit, and physical and environmental control. 6635

o. Support the operation of PKI services in compliance with Public Key Infrastructure 6636

Software Certificate Minimization Effort for DON Unclassified Environments (DTG 6637

122213Z MAY 08) policies, guidelines, and configurations in accordance with MCEN 6638

DAA. 6639

p. Support the maintenance of smart card (or credential) reader, middleware, and all 6640

necessary software to support the use of PKI certificates on each data seat, portable 6641

Attachment 1



242

electronic device, and network component which require Active Directory domain 6642

account authentication. 6643

q. Support the authentication of end users, both locally and remotely, using only PKI-based 6644

authentication on each data seat, portable electronic device, and network component 6645

which require Active Directory domain account authentication. 6646

r. Use medium assurance PKI based X.509 Version 3 certificates (PK Standard). 6647

s. Support the medium assurance PKI implementation of the Common Access Card (CAC) 6648

and Alternate Log on Token (ALT) on all unclassified networks. 6649

t. Use ALT for System Administrator when necessary to comply with requirement for 6650

CLO. 6651

u. Participate in DoD testing and evaluation of end user credential platforms. 6652

v. Use only those MS Windows-based servers that are DoD PKI-enabled. 6653

w. Use only PKI-based authentication for network services, applications, resources, and 6654

components requiring Active Directory Domain account authentication. 6655

x. Support the management and maintenance of digital signature and encryption capabilities 6656

for email services in accordance with government policy (e.g. NTD 07-06, NAVADMIN 6657

248/08 and MARADMIN 336/08 digital signature policy.). 6658

y. Register and install DoD PKI certificates for network PK-enabled servers, infrastructure, 6659

non-person entities, and applications. 6660

z. Perform Local Registration Authority (LRA) functions to augment Service LRA 6661

capabilities for machine certificate issuance. 6662

aa. Maintain current certificate trusts for all DoD certification authorities on data seats and 6663

network components. 6664

bb. Support the management of applications to minimize network traffic destined for the 6665

DoD PKI certificate validation infrastructure. 6666

cc. Maintain internal certificate validation infrastructure (i.e., OCSP and certificate 6667

revocation list (CRL) caching). 6668

dd. Operate certificate validation services for each data seat, portable electronic device, and 6669

network component utilizing PKI certificates. 6670

Attachment 1



243

ee. Validate PKI certificates processed at each data seat, portable electronic device, and 6671

network components. 6672

ff. Operate a certification authority infrastructure to support PKI requirements, that is 6673

compliant with Public Key Infrastructure Software Certificate Minimization Effort for 6674

DON Unclassified Environments (DTG 122213Z MAY 08) in accordance with MCEN 6675

DAA. 6676

gg. Maintain mappings between PKI certificates and network accounts in order to both 6677

support two-factor authentication for all Active Directory Domain account categories and 6678

eliminate the need for password-based authentication (i.e., 'exception accounts'). 6679

hh. Provide unique identification to both the sender and the recipient of a message. 6680

ii. Receive request for and initiate end user account lifecycle events. 6681

jj. Create new end user account with DON provided attributes data. Perform lifecycle 6682

events on end user accounts as requested by DON, including the following: 6683

i. Modify end user account attributes including Move, Add, Change, Disable or 6684

Deactivate. 6685

ii. Modify end user account type (upgrade/downgrade). 6686

iii. Deactivate end user accounts. 6687

iv. Change end user account status when directed by the government. 6688

v. Provide unique identifiers for all accounts using naming standards in accordance 6689

with government policy (e.g. MARADMIN 328/08 DTG: 031012Z JUN 08). 6690

kk. Provide end user access to workstations based on end user account and workstation 6691

permissions as designated by the government or as specified by requested service. 6692

ee. Associate the DoD PKI user credential with a provisioned Active Directory Domain 6693

account. 6694

ff. Issue user credentials, to include the CAC, ALT, and SIPR user credential, for the 6695

purposes of user authentication, digital signature, and email encryption. 6696

gg. Perform Certification Authority (CA) functions. 6697

hh. Perform Registration Authority (RA) functions. 6698

ii. Perform LRA functions. 6699

jj. Publish certificate revocation lists for certificates issued by the DoD PKI. 6700

Attachment 1



244

kk. Provide certificate validation services. 6701

ll. Publish DoD and Service certificate policies and certificate practice statements. 6702

mm. Implement the trust relationship structure to be used among resources, assets, networks 6703

and security domains. 6704

6705

4.6.24 Network Access Control Services 6706

Network access control (NAC) Services provide device discovery and rogue device prevention 6707

by identity based compliance evaluation/verification for network connected devices and end 6708

users. The NAC Service checks host machines before allowing access to the network. Non-6709

compliant hosts can be remediated before an NGEN IP address is issued (dynamic host 6710

configuration protocol (DHCP)) and an NGEN network connection is made. 6711

6712


For NAC Services, the specific support tasks the ES Contractor shall perform or provide include: 6714

a. Maintain CND mechanisms, including anti-spam tools, Network Access Control, Host 6715



DoDI8500.2, DoDD 8500.1. Operate and defend the network in accordance with DoDI 6718

O-8530.2, STRATCOM Directive (SD) 527-1, and CYBERCOM cyber condition 6719

operational tasking orders. 6720

b. Develop, plan and implement actions on the enterprise as required by each of the Cyber 6721


c. Execute the Cyber Readiness Implementation Plan as directed by the government. 6723

Inform Government upon completion of all steps. Report any actions that could not be 6724

completed, along with an estimated time of completion via the Government provided 6725

Ticket Management System (TMS). 6726

d. Defend Systems by recognizing, reacting to, and responding to threats (as directed by 6727




Attachment 1



245

computer network defense service provider (CNDSP). 6731

6732

4.6.25 Fixed and Portable Computing Services 6733

Fixed computing services provide a fixed workstation with the following capabilities: hardware 6734

and software (core build), local storage capability, standard and enhanced graphics with 6735

processing capabilities, and standard office automation software; which includes, but is not 6736

limited to word processing, spreadsheet work, email, calendar, multimedia presentation, and an 6737

internet browser. Each workstation shall be capable of facilitating the following services: 6738

network file sharing, shared network printing, network and web access services, training, 6739

relocation, customer support, messaging, maintenance, refreshment, administration, and operate 6740

over a non-optimized, high-latency link via cable or wireless connection. 6741

6742

Portable computing services deliver all services available from a fixed workstation to a portable 6743

workstation. Also, if required the portable workstation can be upgraded to accommodate special 6744

requirements. 6745

6746


For Fixed and Portable Computing Services, the specific support tasks the ES Contractor shall 6748


a. Receive and track hardware and software (including GFE), and stage and ship equipment 6750

based on jointly developed implementation plan. 6751

b. Configure end user HW/SW with "core build" and "DON Applications and Database 6752

Management System (DADMS)" approved software to the place and at the time 6753

identified in the individual orders. 6754

c. Install end user HW/SW at the end user location including connecting approved 6755

peripherals. 6756

d. Register end users for full disk encryption authentication on workstations they are 6757

authorized to use. 6758

Attachment 1



246

e. Maintain smart card (or credential) reader, middleware, and all necessary software to 6759

support the use of PKI certificates on each data seat, portable electronic device, and 6760

network component which require Active Directory domain account authentication. 6761

f. Authenticate end users, both locally and remotely, using only PKI-based authentication 6762

on each data seat, portable electronic device, and network component which require 6763

Active Directory domain account authentication. 6764

g. Maintain operating systems (OS) including drivers associated with OS hardware 6765

compatibility list as provided by the original equipment manufacturer (OEM). 6766

h. Maintain core build software including but not limited to: 6767

i. Just-in-time Compilers 6768

ii. The office productivity Suite 6769

iii. Desktop management software 6770

iv. Email services software 6771

v. Internet browsing software 6772

vi. Virus protection software 6773

vii. PDF viewer software 6774

viii. GIS viewer to view geospatial material 6775

ix. Terminal and print emulator – host software 6776

x. Compression tool software 6777

xi. Collaboration tool software 6778

xii. Multimedia capability to view video and listen to audio 6779

xiii. Electronic records management software 6780

xiv. Security software 6781

xv. Software management software 6782

xvi. Inventory and remote control software 6783

xvii. Smart card middleware software 6784

i. Apply software upgrades, tool extensions and templates, as provided by the software 6785

developer(s) to meet security or specific functional requirements identified by the 6786

government. 6787

Attachment 1



247

j. Support the capability to send, store, process, and received email and associated 6788

attachments. 6789

k. Configure email client with the ability to send and receive signed and encrypted email 6790

and attachments, by utilizing DoD PKI issued end user certificates. 6791

l. Maintain the ability for email to support cryptographic functions from a smart card. 6792

m. Support the management and maintenance of remote access to email via a web-based 6793

application (e.g., OWA) using PKI-based end user authentication or both PKI and 6794

password-based authentication for government designated exceptions from a 6795

hardware/software entry point with a browser compatible with transport layer security 6796

(TLS). 6797

n. Maintain a desktop or laptop embarkable seat to be used in an expeditionary or field 6798

environment. 6799

o. Maintain deployable seats that are capable of interfacing with and being reconfigured for 6800

compatibility with DON and DoD networks. 6801

p. Perform installation and configuration of received end user hardware and software and 6802

deliver to end user. 6803

q. Configure default email client settings to include a digital signature utilizing DoD PKI 6804

certificates in accordance with Service direction (e.g., NAVADMIN 248-08 and 6805

MARADMIN 336-08. 6806

r. Provide the ability to Create, modify, and delete all personal, command, echelon, and 6807

organizational messaging distribution lists existing at the start of the service and those 6808

created at later dates. 6809

s. Use a method/tool for a Unit IT to display Deployable equipment Information Assurance 6810

Vulnerability Assessment (IAVA) status to the hosting network’s Information Assurance 6811

Manager (IAM). 6812

t. Use an automated web based deployable tool solution to allow the Unit IT to remotely 6813

choose, schedule, and execute the deployment of equipment and users. 6814

u. Receive end user hardware and software as GFE and perform installation, configuration 6815

and deliver to end user. 6816

6817

Attachment 1



248

4.6.26 Thin Client Computing Services 6818

Thin Client Computing Services provide a server-centric computing model in which the 6819

application software, data, and CPU power resides on a network server rather than on the client 6820

computer. Thin Client workstations do not have a local hard drive and consist of a set of IT 6821

characteristics (e.g. hardware and firmware, file share services, maintenance, refreshment, 6822

administration, network access, customer support, relocation, and training). Each Client 6823

configuration must be able to meet a core set of performance tests when fully loaded, with all 6824

security configurations set and operational over a non-optimized, high-latency link. Using 6825

terminal services software, end users share the applications in the server with all other end users 6826

at thin client stations. Although presented with their own desktop, end users are limited to 6827

running prescribed shared operating system, applications in a server with other end users and 6828

performing simple tasks such as creating folders and shortcuts. There are options for Classified 6829

Thin Client seats and S&T Terminal seat services. These seats shall be refreshed every 48 6830

months. 6831

6832


For Thin Client Computing Services, the specific support tasks the ES Contractor shall perform 6834


a. Provide touch labor to maintain thin client, fixed workstations available on supported 6836

networks. 6837

b. Support thin client capabilities including file share services, maintenance, refreshment, 6838

administration, network access, customer support, re-location, and training. 6839

6840

4.6.27 Optional Hardware and Software Services 6841

Optional hardware and software services offer enhanced, optional software and hardware 6842

peripherals by providing Commercial-off-the-Shelf (COTS) software and hardware peripherals 6843

associated with data, voice, and video. End users may choose from a wide selection of items 6844

utilizing the latest technology that will best meet the requirements beyond the basic services. 6845

6846


Attachment 1



249

For Optional Hardware and Software Services, the specific support tasks the ES Contractor shall 6848


a. Receive and track hardware and software (including GFE). Stage and ship equipment 6850

based on jointly developed implementation plan. 6851

b. Configure end user HW/SW with core build software and functional area manager 6852

(FAM) approved and certified software to the place identified in the individual task 6853

orders. 6854

c. Install end user HW/SW at the end user location including connecting approved 6855

peripherals. 6856

d. Perform delivery and installation for non-catalog/ specially-negotiated services per 6857

individual task order. 6858

e. Apply software upgrades, tool extensions and templates, as provided by the software 6859

developer(s) to meet security or specific functionality requirements. 6860

f. Maintain the ability for designated workstations to run the time and attendance 6861

applications. 6862

i. The seat shall permit a functional account to remain logged in, with no Log on 6863

password required, and accommodate the barcode scanners. 6864

ii. End user authentication shall occur within the application and not in the NGEN 6865

Active Directory infrastructure. 6866

iii. The seat shall consist of one functional end user account for each seat and a 6867

barcode scanner shall be ordered in conjunction with the seat order. 6868

iv. CAC authentication will not be required, a functional account Log on ID and 6869

password will be utilized for Active Directory authentication. 6870

v. Provide automatic Active Directory Log on to the functional account at power-up 6871

and re-boot. 6872

vi. Disable screensaver password requirement. 6873

vii. Maintain group policy object-enabled restrictions to Microsoft Internet Explorer, 6874

Microsoft Office, WinZip, RealPlayer, and WRQ Reflections. 6875

viii. Maintain auto load of the time and attendance application at power-up or re-boot. 6876

Attachment 1



250

ix. Operate and maintain peripheral devices on NGEN including software updates 6877

and patches. 6878

x. Operate and maintain software on NGEN including software updates and patches. 6879

g. Test and certify DoD approved versions of assistive technology software and hardware 6880

for use in the enterprise upon request of the computer electronic assistance program 6881

(CAP) office. 6882

h. Coordinate with the CAP office and the applicable customer technical representative for 6883

procurement (by CAP at no cost to end user or contractor), delivery and installation of 6884

CAP – procured assistive technology to qualifying end users (as defined by the CAP 6885

office). 6886

i. Perform installation and configuration of received end user hardware and software GFE 6887

and deliver to end user, in accordance with government established timelines. 6888

j. Maintain the process and procedures to Network end users for obtaining and deploying 6889

assistive technology. 6890

6891

4.6.28 Remote Access Services 6892

Remote access services support implementation, operation and maintenance for access by remote 6893

end users to unclassified resources on the network from laptops, desktops, or PDAs, via 6894

broadband or other authorized access medium (e.g. cellular). 6895

6896


For Remote Access Services, the specific support tasks the ES Contractor shall perform or 6898


a. Configure end user devices such as laptops, tablets, and desktops with remote access 6900

software. 6901

b. Support maintenance of virtual private network (VPN) client software. 6902

c. Support maintenance of remote access services (RAS) software. 6903

6904

4.6.29 Printing Services 6905

Attachment 1



251

Printing services includes, but is not limited to hardware and software to provide black and white 6906

and/or color, local or network printing. Network printing enables jobs sent by end users to go to 6907

the appropriate printer. 6908

6909


For Printing Services, the specific support tasks the ES Contractor shall perform or provide 6911

include: 6912

a. Map network printers to the new end user computer, in cases where the end user 6913

computer is being replaced. 6914

b. Test end user network printer to ensure the end user can print. 6915

c. Implement the capability and features to produce black-and-white and color hard copies, 6916

and transparencies of electronic documents. 6917

d. Operate and maintain network printer infrastructure. 6918

e. Implement the ability for end users to connect to any networked printer via the service 6919

desk. 6920

f. Provide access to printers without exposing an end user to a safety hazard or creating a 6921

security compromise. 6922

g. Monitor location of networked printers to ensure they located within 50 feet of end users 6923

being serviced. 6924

h. Monitor end user to printer ratio to ensure a ratio of twenty-five to one (25:1) is 6925

maintained. 6926

i. Monitor printer locations to ensure they are within the same physical plane of supported 6927

end users and not separated by ceilings, floors, and true walls. 6928

j. Monitor original equipment manufacturer (OEM) specified consumables (including 6929

paper, fuser and maintenance kits) where available for replacement. 6930

k. Administer print queues. 6931

l. Implement the ability for end users to connect authorized local printers to their desktop or 6932

laptop computer and provide service desk support if needed. 6933

m. Provide hardware specifications in accordance with (CDRL AXXX). 6934

6935

Attachment 1



252

4.6.30 Service Desk Services 6936

Service desk services manage and coordinate the handling of incidents, problems, and requests 6937

from end users and organizations, using established processes. The Service desk will provide an 6938

end user with a single point of contact accessible via toll-free number, web interface, voice mail 6939

or email, for incident resolution management, and request fulfillment. 6940

6941


For Service Desk Services, the specific support tasks the ES Contractor shall perform or provide 6943

include: 6944

a. Support the operation of a service desk that provides a single point of contact for end user 6945

problems and service requests. 6946

b. Coordinate with desk side support services to provide assistance in resolution of tickets 6947

as necessary. 6948

c. Provide for dedicated VIP support capability for specified NGEN uses in key leadership 6949

and management positions with enhanced service desk support. All general officers and 6950

SES civilians will automatically receive this VIP support. 6951

d. Additional VIP end users can be identified by authorized government representatives. 6952

e. Close tickets in the ticket management system (TMS) after the incident or event has been 6953

resolved. 6954

f. Direct resolution of incidents at the lowest possible management level. 6955

g. Perform service desk services as an initial point of contact for trouble-calls. 6956

h. Support the maintenance of self-service tools for end users to access current status of 6957

NGEN services. 6958

i. Support the maintenance of self-service tools for end users to access planned status of 6959

NGEN services. 6960

j. Support the maintenance of self-service tools for end users to access service desk point of 6961

contact information. 6962

k. Support the maintenance of the government provided listing, accessible by all end users 6963

of the network, of all optional capabilities that have been certified for use on the network. 6964

Attachment 1



253

l. Provide end user’s electronic notification of service requests and ticket closures using 6965

government provided service desk tools. 6966

m. Use government approved escalation and problem resolution processes. 6967

n. Accept service requests from government ordering tool. 6968

o. Maintain government provided web enabled tools for tracking status of service request 6969

tickets. 6970

p. Prioritize all tickets as directed by the government. 6971

q. Use government approved processes for opening, processing, and closing tickets. 6972

r. Update change tickets to document the processing of the request until resolved. 6973

s. Close change tickets only when authorized by the initiator or other approved government 6974

representative. 6975

t. Accept service requests from end users and authorized submitters, and process in 6976

accordance with service request fulfillment process guide. 6977

u. Provide end user technical assistance for solving issues. 6978

v. Operate a service desk that enables direct interaction between the end user and the 6979

technical support organizations for questions and problem resolution. 6980

w. Coordinate incident diagnosis and resolution with the technical support organizations for 6981

questions and problem resolution. 6982

x. Create an incident ticket for all trouble calls or a service request ticket for all pre-6983

approved standard change requests. 6984

y. Update incident tickets and service request tickets to document the processing of the 6985

ticket until resolved 6986

z. Operate service desk 24 hours a day and 7 days a week. 6987

aa. Provide service desk services in response to requests received via toll-free number, web 6988

interface, voice mail or email. If request is new, ensure a new ticket is created in TMS. 6989

If request is for status of an existing ticket, ensure response is documented in the ticket. 6990

bb. Support the maintenance of government provided tools for tracking ticket status. 6991

cc. Notify only those affected end users of scheduled and unscheduled system maintenance 6992

or degradation of service. 6993

dd. Collect service desk metrics and post on government specified web site. 6994

Attachment 1



254

ee. Use government provided asset management system in approval process for service 6995

requests. Update government provided asset management system with results of 6996

action(s) taken WRT a Service request. 6997

ff. Provide dedicated and elevated support (above normal service desk services) for rapid 6998

remediation of incidents when directed by the government. 6999

gg. Support the maintenance of password reset service. 7000

hh. Maintain government provided tools to allow an end user to review and provide 7001

information to the service desk. 7002

ii. Assist end users in obtaining and deploying CAP-procured assistive technology in 7003

accordance with Section 508 of the Rehabilitation Act of 1973 (29 U.S.C. 794d). 7004

jj. Update ticket management system (TMS) tickets within time frames established by 7005

government procedures. 7006

kk. Close ticket when approved by government representatives. 7007

ll. Maintain vendor technical references for all hardware and software supporting or 7008

associated with supporting the network. 7009

mm. Maintain custody of received equipment until turned over to a government 7010

representative. 7011

nn. Maintain government records for warranty and maintenance repair. 7012

oo. Ensure labor services update tickets such that an analyst can track progress of equipment 7013

upgrade/repair. 7014

pp. Ensure a ticket created for equipment repair contains the government approved/required 7015

information. 7016

qq. Track all IT assets in accordance with DoD Instruction(s) 5000.64, 4165.14, DoD 7017

4140.1‐R, and DoD 4000.25‐2‐M, Federal Acquisition Regulation (FAR) Part 45.000, 7018

and SECNAVINST 7320 7019

rr. Use government provided configuration management system (CMS). 7020

ss. Coordinate with desk side support services to provide assistance in resolution of tickets 7021

as necessary. 7022

tt. Provide input and development of status reports to measure service desk service 7023

performance to the appropriate government service desk manager. 7024

Attachment 1



255

uu. Provide input and development of an end of month Service Request backlog exception 7025

report. 7026

vv. Provide input and development of an end of month (EOM) problem resolution backlog 7027

exception report. 7028

ww. Provide input and development of an end of month (EOM) access to government 7029

application problem resolution backlog exception report. 7030

xx. Perform Service Desk assistance for deployed users. 7031

7032

4.6.31 Desk Side Support Services 7033

Desk side support services consist of providing Tier-2 assistance with computer hardware, 7034

software, or other electronic or mechanical devices. Desk side support, which is located at the 7035

Base/Post/Station level, is usually in support of a trouble ticket that has been transferred from the 7036

service desk. An extension of the service desk to the field, desk side support is comprised of any 7037

labor activities, physical or virtual, required to address incident management, problem 7038

management, event management, access management, asset management, request fulfillment 7039

(including Move, Add, and Change activities), and release and deployment management to on-7040

site, remote, and/or very small site design (VSSD) sites. Desk side support includes a VIP 7041

support capability that provides specified NGEN end users in key leadership and management 7042

positions with enhanced help desk service support. 7043

7044


For Desk Side Support Services, the specific support tasks the ES Contractor shall perform or 7046


a. Conduct data migration from previous HW to new HW. 7048

b. Provide access to migrated data or external data storage devices to ensure end user data 7049

sources are valid and available following data migration from previous HW to new HW 7050

for implementation of enterprise core services HW/SW operations. 7051

c. Support the maintenance of onsite resources to manage end user HW installation 7052

processes, including troubleshooting issues after delivery and installation of end user 7053

HW. 7054

Attachment 1



256

d. Notify the government custodian that equipment has been delivered, data migrated and 7055

installed applications are functioning properly. 7056

e. Perform asset scanning and logging of assets that have been delivered. 7057

f. Conduct data migration from previous HW to new HW, including any external devices 7058

enabled with data at rest (DAR) solutions. 7059

g. Provide access to migrated data or external data storage devices to ensure end user data 7060

sources are valid and available following data migration from previous HW to new HW 7061

for implementation of end user HW/SW. 7062

h. Utilize government procedures and implementation plans to ensure that IT resources 7063

leaving the control of the assigned end user such as being reassigned, removed for repair, 7064

replaced, or upgraded is cleared of all DON data, including CUI and sensitive application 7065

software by a technique approved by the government. 7066

i. Provide end user support of DAR services, including hard disk data recovery if full disk 7067

encryption DAR services cause a failure. 7068

j. Manually install a software application on a data seat connected to the network in 7069


k. Manually remove a software application on a data seat connected to the network in 7071


l. Support the maintenance of all end user devices. 7073

m. Support the maintenance of time and attendance application for end users. 7074

n. Provide labor for deployable seats that meet the requirements for a portable data seat with 7075

limited regular services when deployed. 7076

o. Provide labor for deployable seats that meet the requirements for a portable data seat to 7077

maintain deployment support services and logistics services in support of operational 7078

forces in a deployed environment. 7079

p. Provide worldwide logistics support for deployed equipment and software, which will 7080

include replacement units, forward points of service, and Online troubleshooting. 7081

q. Incorporate spares as part of the pack up kit (PUK) to facilitate operation at forward 7082

deployed locations in accordance with government direction. 7083

Attachment 1



257

r. Provide to government logistics team alerts of equipment failures while deployed, in 7084

accordance with the logistics process and procedures guide (LPPG). 7085

s. Provide labor to maintain deployable seats that meet the requirements for a portable data 7086

seat, to reconfigure, perform preventive and/or corrective maintenance upon return of the 7087

embarked units and prior to reconnection with the shore infrastructure. 7088

t. Maintain deployable seats that are capable of interfacing with and being reconfigured for 7089

compatibility with DON and DoD networks. 7090

u. Provide deployable services for both scheduled movements that are known in advance, or 7091

contingency operations and other unplanned movements. 7092

v. Scan the returning deployed seat to validate compatibility with network. 7093

w. Maintain a copy of the core build media and authorized application software loaded on 7094

the deployable equipment to rebuild seats. 7095

x. Conduct local desktop support requiring access to the device or end user only during 7096

normal local working hours and only on normal government workdays. 7097

y. Provide labor support to physically move or transfer assets or software. 7098

z. Perform requested service requests and incident ticket resolution as provided by the 7099

enterprise service desk. 7100

aa. Provide local troubleshooting of issues identified through service desk to ensure the ticket 7101

is updated with all troubleshooting actions accomplished in the TMS. 7102

bb. Resolve issues and notify service desk and government of cause and corrective action to 7103

ensure the ticket is updated with what action(s) actually resolved the issue in the TMS 7104

cc. Maintain any loaner equipment that is in place in a ready-to-issue condition to support 7105

break-fix scenarios. 7106

dd. Submit an individual incident ticket for each piece of broken equipment 7107

ee. Operate and maintain authorized software in use including software updates and patches. 7108

ff. Coordinate with the computer electronic assistance program (CAP) office and the 7109

applicable customer technical representative for procurement (by CAP at no cost to end 7110

user or contractor), delivery and installation of CAP – procured assistive technology to 7111

qualified end users (as defined by the CAP Office). 7112

gg. Document changes to assets in the government furnished asset management tool. 7113

Attachment 1



258

hh. Provide break/fix and maintenance services on end user hardware that is in warranty or 7114

planned for technology refresh. 7115

ii. Document custody transfer of internal and removable hard drives at such time as the IT 7116

resource is being reassigned, replaced, upgraded, or decommissioned. 7117

jj. Ship equipment to customer locations as directed by the government. 7118

kk. Maintain custody of received equipment until turned over to a government representative. 7119

ll. Identify and track equipment and components being repaired. 7120

mm. Document the RMA and the serial number of the component being repaired in 7121

ticket management system (TMS) ticket. 7122

nn. Manually install the software application on a Data Seat connected to the network in the 7123

event the software application cannot be packaged for installation via an electronic 7124

distribution method. 7125

oo. Use other techniques to remove software (e.g. remote administration or manual removal 7126

at the Data Seat) if unable to remove via ESD mechanisms as needed. 7127

pp. Respond to Request to Deploy forms, prior to the initial movement of a Deployable seat. 7128

qq. Remove non-standard and/or unauthorized applications from the seat before it is rejoined 7129

to the NGEN environment. 7130

rr. Perform requested MAC services within performance parameters identified in Appendix 7131

B. 7132

7133

4.6.32 End User Training Services 7134

End user training services develop and deliver training in accordance with current DON, USN, 7135

USMC, Training and Education Command (TECOM) guidance, curriculum development 7136

manuals, and style guides. The purpose is to train the end user on the tools and applications 7137

required to operate, maintain, administer, and secure the network aligned to mission essential 7138

task lists and job task analysis. 7139

7140

Support end-user training and education on the various NGEN Services including computer-7141

based training, web-based training, and instructor-led training as required 7142

7143

Attachment 1



259


For End User Training Services, the specific support tasks the ES Contractor shall perform or 7145


a. Provide input to and publish end user communications and training material for DAR. 7147

b. Provide end user training on the use of DoD PKI certificates for network Log on, email 7148

message signing/encryption, and authentication to public key-enabled services. 7149

c. Maintain needed curricula to train end users in the use of computer equipment in 7150

deployable environments. 7151

d. Curricula shall be available electronically. 7152

e. Provide input to update curricula to incorporate relevant changes in the deployment 7153

tools/processes and the network. 7154

f. Support the maintenance of a searchable resource library for end users to reference in 7155

order to solve common issues or find training materials. 7156

g. Provide end user training services that include access to training content addressing 7157

primary end user needs, including operating system functions and capabilities, core build 7158

applications, and common end user applications, drawing on available resources and 7159

existing DoD, DON, or commercial practices. 7160

h. Maintain end user training services that include training materials based on analysis of 7161

end user need or interest. 7162

i. Provide input for instructional learning content. 7163

j. Provide input for instructional content in courseware material. 7164

k. Provide input for instructional content in instructional material. 7165

l. Maintain access, access controls/lists and privileges of file share. 7166

m. Generate a report for allocation, usage and ad-hoc reports of file share. 7167

n. Provide input for end user training to order services. 7168

o. Provide input for end user training on the process required by the end user to implement a 7169

new service or capability. 7170

p. Provide input for end user training for changes in services, tools and processes. 7171

q. Report on user training execution for both security and standard hardware and software 7172

training hosted by a computer-based learning system. 7173

Attachment 1



260

r. Work with government (PM office, Customer Technical Representatives, and USMC) to 7174

determine training requirements supporting end users. 7175

s. Provide technical subject matter expertise in documenting training requirements and 7176

assist government subject matter experts (SME) in development of training. 7177

t. Participate in the Training and Communications Review Board (TCRB) and other 7178

stakeholder reviews of current and emerging End User Training, and training 7179

requirements for new capabilities. 7180

u. Support the operation of an automated means for users to request training and track their 7181

completion. 7182

v. Operate a centralized repository for training materials and documentation. 7183

7184

4.6.33 Network Operations (NETOPS) and Cyber Security Training Services 7185

NETOPS and cyber security training services provide transformational, operationally-focused 7186

training to accomplish the USN, USMC, and joint mission requirements for NETOPS and IA 7187

training and certification. 7188

7189


For Network Operations and Cyber Security Training Services, the specific support tasks the ES 7191


a. Provide input for instructional content learning content. 7193

b. Provide input for instructional content in instructional material. 7194

c. Provide input for instructional content in courseware material. 7195

d. Maintain access controls/lists and privileges of file share. 7196

e. Initiate generation of a report for allocation, usage and ad-hoc reports of file share. 7197

f. Provide input for end user training for changes in services, tools and processes. 7198

g. Post government-provided training materials to support deployed personnel. 7199

h. Report on end user training execution for both security and standard hardware and 7200

software training hosted by a computer-based learning system. 7201

i. Provide technical subject matter expertise in documenting training requirements and 7202

support government subject matter experts (SME) in development of training. 7203

Attachment 1



261

j. Provide IT certifications for NETOPS and Cyber Security personnel in accordance with 7204

the DoD 8570.01M. 7205

7206

4.6.34 Testing and Evaluation (T&E) Services 7207

Enterprise testing services encompass the broad aspects of testing scope, objectives, and 7208

schedules, and bring together the specialists to manage and conduct the enterprise testing 7209

requirements. Entities include the enterprise test and evaluation manager/director, the NGEN 7210

service provider, DON major commands and claimants, DON operational T&E, and systems 7211

support centers / activities, as well as the various other test groups and sites that will be involved. 7212

Testing and certification services consist of hardware, software, information assurance, core 7213

build, integration, interoperability production pilot, and Community of Interest (COI) testing. 7214

7215

USMC unique test requirements include USMC applications and regionalized B/P/S Command 7216

and Control (C2). Of particular interest for regionalized testing is a replicated MITSC test 7217

capability, as this would be the focal point for demonstrating mission effectiveness, reliability, 7218

and responsive, dynamic network management for Marines in garrison. 7219

7220

Specific testing services identified below shall be provided for fulfillment of Developmental 7221

Testing (DT) and in support of government testing including Operational Testing (OT). 7222

7223

Every test shall include a test plan (CDRL AXXX). Every test shall include a test procedure(s) 7224

(CDRL AXXX). Every test shall include and a test report (CDRL AXXX). These artifacts, 7225

along with test cases and other supporting data, shall be maintained in the configuration 7226

management database (CMDB). 7227

7228


For Testing and Evaluation Services, the specific support tasks the ES Contractor shall perform 7230


a. Establish, maintain, accredit, and manage a test and evaluation facility which provides 7232

capability for certification and accreditation of services and applications for the 7233

Attachment 1



262

enterprise, developmental testing and engineering of new products and services and is 7234

operationally representative of the network. Lab shall integrate and provide testing 7235

support to other government labs where necessary. 7236

b. Coordinate with USN test services (Section 3.3.16) to consolidate common test 7237

objectives and results. 7238

c. Provide laboratory design and equipment bill of materials documentation for the 7239

environment (CDRL AXXX) 7240

d. Ensure the core build operates and meets all requirements as defined by the government. 7241

Identify potential compatibility issues with other core build software, cyber security 7242

settings, and or impact to network operations, malware protection and standard hardware 7243


e. Test user / enterprise core services software modification / upgrade to validate software 7245

operability. 7246

f. Test applications that have received configuration authority approval for use on the 7247

network. 7248

g. Provide a packaged solution for all tested applications and services, which includes any 7249

required media/supporting documentation. All material shall be stored in the definitive 7250

software library (DSL). 7251

h. For applications that fail, a test summary report (TSR) (CDRL AXXX) shall be provided 7252

to the government stating the reasons for failure. The government will propose solutions 7253

or mitigations of test defects. 7254

i. Provide a test summary report, a copy of the packaged solution, and any supporting 7255

documentation on CDs. All material shall be stored in the configuration management 7256

database (CMDB). 7257

j. The packaged solution shall account for all associated applications, simulations, scripts, 7258

tools, or configuration changes required for the test. These shall be provided in 7259

supplemental packaged solutions. 7260

k. Prepare packaged solution for distribution and deployment, and submit to Change 7261

Advisory Board (CAB) for approval. 7262

l. Recommend to the CAB release of successfully tested configuration items. 7263

Attachment 1



263

m. Provide notification of any stoppages or failures during testing. 7264

n. Send a failed notice to the application developer/owner and AMT. 7265

o. Test and evaluate new or upgraded solutions, services, and/or capabilities at 7266

Base/Post/Station, including travel to remote locations, or across the Wide Area Network 7267

(WAN) prior to and subsequent to final deployment. 7268

p. Contractor shall use approved test plans (CDRL AXXX) for the planning and execution 7269

of final certification tests. 7270

q. Submit test plans 30 calendar days prior to a testing event for government approval. 7271

r. Provide access and review of applicable documentation including at a minimum, 7272

requirements documents, architecture and engineering/deployment plans. 7273

s. Perform Verification and Validation (V&V) of requirements and service implementations 7274

and provide V&V traceability matrices (CDRL AXXX). 7275

t. Receive government signature approval of the applicable production test plan (CDRL 7276

AXXX) prior to commencement of testing. 7277

u. Test and certify DoD approved versions of assistive technology software and hardware 7278

for use in the enterprise upon request of the computer electronic assistance program 7279

(CAP) office. 7280

v. Provide a formal test requirements traceability matrix (CDRL AXXX), which maps all 7281

documented requirements to applicable production test cases in the respective test plan 7282

(CDRL AXXX). 7283

w. Ensure the Core Build operates and meets all requirements as defined by the government. 7284

Identify potential compatibility issues with other Core Build software, Information 7285

Assurance settings, impact to Network operations, virus protection and standard hardware 7286


x. The deliverable for this service is a Test Summary Report (CDRL AXXX) detailing the 7288

procedures used, issues and problems encountered, proposed resolutions and mitigations, 7289

and the results of the test. If the results of the test are that the applications pass. 7290

y. This service shall provide up to three attempts to test the subject software application(s). 7291

(CDRL AXXX) After each failure provide the Test Summary Report. Execution of the 7292

proposed resolution or mitigation of the failure is not included in this service. 7293

Attachment 1



264

z. When Packaged Solutions are updated by the Contractor as a result of a Remedy fix due 7294

to a packaging error, the updated new Packaged Solution shall be deployed to all network 7295

environments where the old solution exists. 7296

aa. Test and certification of simple and complex hardware. 7297

bb. Provide Test Summary Report (TSR). 7298

cc. Release the solution after ECCB approval is granted or if test results are that the 7299

hardware device did not pass certification requirements, the Test Summary Report 7300

described above will provide in reasonable detail the reasons for failure. 7301

dd. Store a copy of the certified solution and any supporting documentation in the 7302

Configuration Management Database (CMDB. 7303

ee. Update the listing in the event a previously-certified item no longer properly integrates 7304

with the NMCI or fails to meet updated security/IA requirements so the Government can 7305

promptly remove the item. 7306

ff. Test all applications in response to a Request for Service (RFS) in ISF Tools. If the 7307

application is actually a suite, only the parent/primary application requires an RFS in ISF 7308

Tools. If there already is a valid RFS for an application with the ex. 7309

gg. Record all testing results and store the Test Summary Report (Certification/Failure 7310

Letter) in ISF Tools. 7311

hh. Provide Problem Application Wrapping (PAW) report in accordance with (CDRL 7312

AXXX). 7313

ii. Maintain test lab facility that has network connectivity and can represent the applicable 7314

test environment in the field and real world operations. 7315

jj. Test newly developed and discovered Information assurance/security vulnerabilities, new 7316

products, compatibility issues, and Legacy support. 7317

kk. Allow designated government personnel and/or direct support contractors access to the 7318

test lab facility and observe lab operations and testing. 7319

ll. Formally record test data and observations. Test data and observations are to be made 7320

available to the government on request. 7321

mm. Formally document the results of certification testing in a separate formal written 7322

report to the government. 7323

Attachment 1



265

nn. Provide a formal requirements traceability matrix to the government which maps all 7324

documented requirements to applicable production test cases in the respective test plan. 7325

oo. Record all test data and observation, unless otherwise directed by the government. 7326

pp. Provide all test data and observations to the Government when requested. 7327

qq. In the event of a “failed test” event or “no test” event related to testing in the field, 7328

develop and submit a Plan of Action and Milestones (POA&M) to the government for 7329

approval that outlines the required corrective action, projected completion. 7330

rr. Provide a Test Plan in accordance with (CDRL AXXX). 7331

ss. Provide format and content guidance on test plans and reports to meet Government 7332

requirements and guidelines. 7333

tt. Review, evaluate and approve test reports on lab certification testing. 7334

uu. Review and formally sign/approve all test plans submitted by the Contractor for testing 7335

outside the Contractor lab facility. 7336

vv. Conduct test coordination and planning meetings. 7337

ww. Conduct Test Readiness Reviews (TRR). 7338

xx. Assist in test data collection and final reporting responsibilities. 7339

yy. In the case of a failed test event or “no test” event, assist in review and approval of plan 7340

of action and milestones for corrective action and re-test as required. 7341

7342

4.7 Place of Performance 7343

This section provides the contractor with geographical information for enterprise service support. 7344

This can include server farms, micro server farms, service desk locations, small end user 7345

locations major bases, remote sites, small, and very small sites. More detail will be provided in 7346

Appendix XXXXX. 7347

7348

4.7.1 Server Farms 7349 Installation City State/Country

MCB Quantico Quantico VA

MCB Camp Foster Okinawa JP

HQMC Server Farm Pentagon, Arlington VA

MCB Camp Lejeune Jacksonville NC

Attachment 1



266

MCB Camp Pendleton Oceanside CA

MCB Kaneohe Bay Kaneohe Bay HI

7350

4.7.2 Micro Server Farm 7351 Installation City State/Country

Marine Corps Logistics Base (MCLB) Albany GA

MCAS Cherry Point Havelock NC

Marine Corps Recruit Depot (MCRD) Beaufort SC

Marine Forces Reserve (MFR) Headquarters New Orleans LA

MCAS San Diego CA

MCAS Yuma AZ

Marine Corps Air Ground Combat Center (MCAGCC) 29 Palms CA

MCLB Barstow CA

Marine Corps Mountain Warfare Training Center Bridgeport CA

MCAS Iwakuni Japan

7352

4.8 Special Requirements 7353

The ES Contractor shall satisfy the following requirements. 7354

7355

4.8.1 Ordering and Invoicing Tools and Services 7356

a. Participate in requirements review meetings, as well as develop price and technical 7357

proposals. 7358

b. Create orders and exchange data with government ordering tools. 7359

c. Support internal review and approval of orders by the government ordering approval 7360

authority and provision of financial information. 7361

d. Track order approval, invoicing, and delivery status. 7362

e. Maintain the ability to input direct manual entry of orders for exceptions for data 7363

exchange format (e.g. certain end of year orders). 7364

f. Electronically submit invoices to the Defense Finance and Accounting Services (DFAS) 7365

according to the instructions contained in each order. 7366

g. Accept service delivery details for services electronically. 7367

Attachment 1



267

h. Include the ability to de-obligate funds at least quarterly at the Task Order level and 7368

provide the order modifications to the customer via reports and screens. Interfaces with 7369

the Government contracting information system permitting download of database. 7370

i. Support continuous access to the full set of ordering information through ad-hoc reports. 7371

j. Support retention of ordering data to comply with FAR Record Retention requirements. 7372

k. Support bilateral and unilateral orders and modifications. Include secure transactions in 7373

conformance with DoD Public Key Infrastructure (PKI) searchable database containing 7374

all orders (open and closed). 7375

l. Track individual service status by service ID for invoicing. 7376

m. Develop automated order close-out capability with provision for web-based contract 7377

closeout statistics and exception reports to be ordered via a RAP request. 7378

n. Provides the ability to process multiple lines of accounting on a single task order to 7379

support obligation/deobligation/invoicing transactions down to the CLIN/SLIN level. 7380

o. Interface with USMC SABRES to ensure processing of invoice (exists today). 7381

p. Create and maintain physical location identifiers in the ordering tool. 7382

q. Keep ordering tool user account data current. 7383

r. Provide a web‐based tool for submitting invoices, acceptance of services, and 7384

certification for payment: 7385

i. Develop tool capability that ensures that any changes made to the invoice post 7386

ACTR review are clearly identified and reviewable by the Government in the 7387

tool. 7388

ii. Provide Government with Receipt Validation data at CLIN level data for 7389

reporting and through ad‐hoc reporting downloads updated daily. 7390

iii. Develop tool capability to provide Government with Invoice data at CLIN level 7391

data for reporting and through ad‐hoc reporting downloads updated daily. 7392

iv. Retain and allow Government access to Invoices, Receiving Reports and 7393

underlying reporting data for at least 6 years after the end of the Contract. 7394

v. Provide updated and accurate payment status including date and amount. 7395

vi. Develop tool capability that provides accurate payment status to include the 7396

interest. 7397

Attachment 1



268

s. Provide Receipt Validation services: 7398

i. Maintain a web‐based tool that provides for government receipt validation and 7399

tracks status of all deliverables received by the government 7400

ii. Maintain Receiving Report (previously known as “Pre‐invoice screens”) to the 7401

Government for validation prior to invoicing: 7402

a) Records designated government representatives’ electronic receipt of 7403

delivered services 7404

b) Allow government to validate dates and quantities as presented or change 7405

the dates and quantities 7406

c) Provides accurate asset data information reflecting services being invoiced 7407

t. Electronically transfer the following data to the Government ordering tool: 7408

i. Physical Site Identifier (PSI) data 7409

ii. Legacy server information 7410

iii. New application data as created by Government-owned DADMS and after 7411

applications have been placed on the Command Applications List 7412

iv. User account data, by type 7413

v. Daily Move, Add, Change (MAC) ledgers (annual and purchased) and MAC 7414

execution details 7415

vi. Asset data to service ID level for confirmation of delivery and subsequent service 7416

modification 7417

vii. Schedule of service deliveries 7418

viii. Manufactured date for all data seats services eligible for Technology Refresh 7419

7420

4.8.2 Asset Management 7421

The Asset Management Tools, which are part of the larger Configuration Management System 7422

(CMS), is a set of tools and databases that will be used for collecting, storing, managing, 7423

updating and presenting data for all configuration items, and includes assets and their 7424

relationships. 7425

7426

Attachment 1



269

The vendor shall maintain USMC Asset Management systems set forth in Appendix (XXX), 7427

which includes Asset Management Systems and Configuration Management Databases owned or 7428

operated by the government and monitor: 7429

a. All hardware assets, moveable and non-moveable. 7430

b. Software and all other assets directly or indirectly supporting the network. 7431

7432

4.8.2.1 Asset Acquisition and Accountability 7433

Asset acquisition and accountability procures and accounts for assets, to include receipt of assets 7434

from a supplier, and repurposing or redeploying existing assets. This activity also provides 7435

status, as well as the assignment of transportation and coordination of assets to new locations, 7436

when applicable. 7437

7438

For Asset Acquisition and Accountability, the specific support tasks the ES Contractor shall 7439


a. Support the importation of existing data (i.e. inventory and usage information, purchase 7441

order, and contracting data) from other data sources into a centralized asset repository. 7442

b. Procure HW and SW assets in support of Enterprise Services. 7443

c. Perform receipt, inventory, integrate, and perform kitting and shipment of HW and SW to 7444

designated government locations. 7445

d. Perform Asset Discovery scans and Usage Monitoring to ensure the asset repository is 7446

always current with the latest information. 7447

e. Maintain accountability of SW and storing significant information about each SW 7448

license, such as: 7449

i. Software information including name, version, release 7450

ii. Purchase orders including approving authority 7451

iii. Vendor information 7452

iv. License type 7453

v. License allocation 7454

vi. Financial information 7455

vii. Any related contracts or documentation 7456

Attachment 1



270

viii. Custom fields 7457

f. Maintain accountability of HW and storing significant information about each asset, such 7458

as: 7459

i. Manufacturer, make, model, serial number 7460

ii. Purchase orders including approving authority 7461

iii. Vendor information 7462

iv. Financial information 7463

v. Any related contracts or documentation 7464

vi. Custom fields 7465

g. Provide government ordering tool updates daily with service delivery data for assets. 7466

h. Manage and maintain accurate and timely warranty data information on all assets. 7467

i. Support development of spares requirements and fielding to achieve material availability. 7468

7469

4.8.2.2 Asset Record Control 7470

Asset record control involves maintaining asset records (i.e., creating, updating, or deleting asset 7471

data) as required. Incident management, problem management and ITSM operational 7472

configuration management can also trigger modifications to asset data information. This activity 7473

also administers the asset database and performs asset reconciliation. The database includes all 7474

assets with status designation (i.e., ordered, in storage, assigned, retired or disposed). 7475

7476

For Asset Record Control, the specific support tasks the ES Contractor shall perform or provide 7477

include: 7478

a. Support the management of inventory records for HW and SW. 7479

b. Create, update and maintain CI information on HW and SW assets in support of the 7480

enterprise. 7481

c. Support periodic reporting of the number of installed copies of software, the total number 7482

of licenses allocated, and the number actually being used to support accounting and 7483

reconciliation processes, as well as validating compliance with license agreements. 7484

d. Verify asset deployment, changes, and removal to ensure that actual configurations match 7485

inventory, license agreements, and finance records. 7486

Attachment 1



271

e. Monitor the status of all assets within the enterprise to ensure government CM tools are 7487

maintained and updated with the most current information. 7488

f. Verify software is being used only by the assets to which it is allocated. 7489

g. Identify asset management data errors and mitigate errors with government concurrence. 7490

7491

4.8.2.3 Operations Management 7492

Operations management performs NGEN IT asset monitoring. The NGEN IT status, with regard 7493

to compliance for licensing and information security requirements, is also monitored. Formal 7494

inventory audits of all physical assets occur during operations management. Also performed are 7495

audits and reconciliation of the ITAM data. Audits of logical CIs include installed software on 7496

workstations and IT configurations. 7497

7498

For Operations Management, the specific support tasks the ES Contractor shall perform or 7499


a. Maintain and link contracts to related assets, licenses, vendors, and purchases in 7501

government tools. 7502

b. Alert users based on events determined by user-defined business rules (e.g. when 7503

maintenance renewals are due). 7504

c. Perform ad-hoc reporting. 7505

d. Configure tools to allow scheduling and data reporting to meet specific needs over a 7506

period of time. 7507

e. Provide recommendations and inputs for the budgeting process (e.g. the number of 7508

licenses that will be required, the number of desktop computers that need to be 7509

upgraded). 7510

f. Link maintenance licenses with the underlying original full license. 7511

g. Link HW warranties to each asset and perform maintenance activities in accordance with 7512

warranty provisions. 7513

h. Link a software license directly with the hardware it is installed on, to include any 7514

hardware that may not be directly connected to the network. 7515

Attachment 1



272

i. Define the structure of the organization (e.g. group computers/assets by department, 7516

location, unit, cost center) to facilitate license allocation, compliance, and reporting. 7517

j. Maintain and update the supply chain management concept and approach to support 7518

Enterprise Services. 7519

k. Support warranty mail-in service. 7520

l. Support next-day mail to return the repaired item to the user. 7521

m. Support the retention of master copies of all software (purchased or internally produced) 7522

to include any SW license and warranty information for purposes of regulatory 7523

compliance and warranty administration. 7524

7525

4.8.2.4 Life Cycle Management and Disposal of Assets 7526

Life cycle management and disposal of assets ensures that NGEN assets are maintained and 7527

updated until criteria for retirement are met and the assets are returned to storage in preparation 7528

for disposal. Assets that have reached end-of-life will be disposed of as required. NGEN asset 7529

records and databases must be updated with new information and a change in asset status. 7530

7531

For Life Cycle Management and Disposal of Assets, the specific support tasks the ES Contractor 7532

shall perform or provide include: 7533

a. Track all assets from purchase to disposal/retirement. 7534

b. Track all changes that are made to a system (e.g., what changes have been made, when 7535

changes were made, who made the change). 7536

c. Provide usage data to determine if any unused license can be reallocated or if software 7537

can be retired. 7538

d. Prepare documentation for asset disposal. 7539

e. Update government CM and ITAM tools. 7540

f. Perform Return Material Authorization (RMA) activities. 7541

g. Provide input to a network system maintenance and sustainment strategy. 7542

h. Support the development of sustainment related specifications and collection of metrics. 7543

7544

4.8.3 Configuration Management (CM) 7545

Attachment 1



273

Configuration Management (CM) is a shared process. The ES Contractor is designated as the 7546

primary service provider for the Navy and a supporting service provider for the USMC, and the 7547

TXS Contractor is designated as the supporting service provider for NGEN services. 7548

7549

The Marine Corps Information Enterprise (MCIENT) Configuration Management Plan (CMP), 7550

Enterprise IT Service Management (E-ITSM) process guides, and other supporting documents 7551

are the primary CM documents for the USMC and define the program CM approach, policies, 7552

processes, roles, and responsibilities and interactions with other processes such as CM. The 7553

MCIENT CMP addresses the major CM activities: 1) Configuration identification; 2) 7554

Configuration control, 3) Configuration Status Accounting (CSA); and, 4) Configuration 7555

verification and audit. The CMP is provided for reference purposes in Attachment XXX. 7556

7557

For Configuration Management, the specific support tasks the ES Contractor shall perform or 7558


a. Participate in the USMC CM process in accordance with the MCIENT CMP and E-ITSM 7560

process guides. 7561

b. Develop and deliver the ES Contractor’s Configuration Management Implementation 7562

Plan (CMIP) to the government for approval (CDRL AXXX). Provide CM of assigned 7563

CIs to include all systems, subsystems, components, and associated technical 7564

documentation: 7565

i. Propose additional CIs for government approval (CDRL AXXX) 7566

ii. Execute functional requirements traceability in the establishment of CIs in 7567

accordance with the MCIENT CMP 7568

iii. Manage assigned baseline documentation including validation of the allocated 7569

and ES product baselines. The baseline descriptions include the HW, 7570

firmware, and SW (CDRL AXXX) 7571

c. Utilize the USMC provided CMDB: 7572

i. Assist with system administration for the CMDB 7573

ii. Maintain ES CIs within the CMDB and ensure regular updates of configuration 7574

records applicable to this contract, including proper archiving 7575

Attachment 1



274

iii. Maintain all change records for ES CIs in the CMDB and communicate the 7576

status of all changes to the government or authorized designee 7577

iv. Provide tailored data and reports on CIs and changes to all equipment (CDRL 7578

AXXX) 7579

v. Provide other service providers (e.g., TXS contractor) access to the CMDB as 7580

required with USMC approval 7581

d. Audit configuration management activities: 7582

i. Execute monthly operational self-audits and provide reports in accordance with 7583

the contractor’s ES CMIP, MCIENT CMP and E-ITSM process guides (CDRL 7584

AXXX) 7585

ii. Perform annual Physical Configuration Audits (PCAs) to validate the system is 7586

accurately represented in the design documentation. (CDRL AXXX) 7587

iii. Perform annual Functional Configuration Audits (FCAs) to validate system test 7588

results meet the performance specification requirements (CDRL AXXX) 7589

e. Provide input to a Configuration Management Report in accordance with (CDRL 7590

AXXX). 7591

7592

4.8.4 Law Enforcement and Investigative Support 7593

The ES Contractor shall comply with CALEA (Communications Assistance for Law 7594

Enforcement Act) 47 USC 1001-1010 upon direction of NCIS or other federal law enforcement 7595

entities as required. Provide support services when required by the government and as directed 7596

in writing by DON credentialed, badged, or appointed investigators within 72 hours from the 7597

time of the investigator’s request unless another timeline is indicated. 7598

7599

4.8.4.1 DON Investigator or Designee LE/CI Support Services 7600

For DON Investigator or Designee LE/CI Support Services, the specific support tasks the ES 7601


a. Notice to the appropriate government POC, upon discovery of an intrusion. 7603

nn. Forensic analysis of identified data or mobile/peripheral user devices. The ES Contractor 7604

shall not conduct forensic analysis until authorized to do so by the government. 7605

Attachment 1



275

oo. Notice to the appropriate government POC of any suspected criminal activity detected. 7606

pp. Notice of any unauthorized access or use detected to the appropriate government POC. 7607

qq. Access to any security logs, domain topology and remote access connection logs for the 7608

purpose of obtaining information relevant to the investigation, including exculpatory 7609

evidence. 7610

rr. Access to operating system loads that are provided to the user device and mobile devices 7611

for identified users. 7612

ss. Assistance on implementing specialized investigative technologies that may be required 7613

in furtherance of specific government investigative or operational support requirements. 7614

tt. PKI assistance, including assistance on PKI key control and decryption of PKI encrypted 7615

EIF. 7616

uu. Information assurance plans, network management plans and other information related to 7617

logging methodologies, locations or logs, backups, disaster recovery plans, and similar 7618

information in furtherance of government criminal investigation requirement. 7619

vv. Historical email records (for up to 30 calendar days) for an identified user. 7620

ww. Provide to the DON investigator or to another individual as designated and as 7621

directed in writing by DON credentialed, badged, or appointed investigators within 72 7622

hours from the time of the investigator’s request unless another timeline is indicated, 7623

historical electronic information file (EIF) retention, recovery, and archiving services, 7624

which may apply to a single point in time and/or periodic timeframes or updates, for the 7625

following: 7626

i. Identified user email account(s). The ES Contractor shall also, when directed 7627

by the government, retain all or selected EIF associated with an identified 7628

account. 7629

ii. Network EIF for all of the network drives to which an identified user had 7630

access during an identified time period. The contactor shall, as required, 7631

authorize or conduct local forensic/administrative copying via an 7632

administrator’s set of identified user network drives. 7633

iii. User device EIF of local drives to which an identified user has or had local 7634

access during an identified time period. The ES Contractor shall, when 7635

Attachment 1



276

directed, physically deliver local drives, with administrative privileges, to the 7636

DON investigator or designee. 7637

xx. Comply with DON policies specifying the roles and responsibilities of the Naval 7638

Criminal Investigative Service: 7639

i. SECNAVINST 5430.107, Mission and Functions of the Naval Criminal 7640

Investigative Service 7641

ii. SECNAVINST 3052.2, Cyberspace Policy and Administration Within the 7642

DON 7643

iii. SECNAVINST 5239.19, DON Department of the Navy Computer Network 7644

Incident Response and Reporting Requirements 7645

iv. OPNAVINST 2201.2, Navy and Marine Corps Computer Network Incident 7646

Response 7647

v. If the records involved include records on individuals, the ES Contractor shall 7648

also comply with the Privacy Act of 1974 and agency rules and regulations 7649

issued under the act as required by the Privacy Act clauses, FAR 52.224-1 and 7650

52.224-2 (April 1984). 7651

vi. Unclassified information about the services provided under this section, and 7652

the government records involved, may be privileged and shall be treated as for 7653

official use only (FOUO), or personal identifiable information (PII) until 7654

otherwise directed by the government. 7655

vii. Information about the services provided or records involved shall not be 7656

released without prior authorization by the contracting officer (CO), the 7657

contracting officer’s representative (COR), or the representative of the office 7658

which placed the litigation hold, or, in the case of actual litigation, an attorney 7659

representing the government in the matter. 7660

yy. Provide to the DON investigator, or to another individual designated in writing by the 7661

DON investigator, historical electronic information file (EIF) retention, recovery and 7662

archiving services, which may apply to a single point in time and/or periodic timeframes 7663

or updates, for the following: user device, EIF of local drives to which an identified user 7664

has or had local access during an identified time period. The ES Contractor shall, when 7665

Attachment 1



277

directed, physically deliver local drives, with administrative privileges, to the DON 7666

investigator or designee: 7667

i. Internet and intranet activity monitoring services: Provide internet and/or 7668

intranet activity monitoring services for identified user(s), including 7669

monitoring of proxy server logs, email server logs, firewall activity reports, 7670

ACT and/or security logs of any network device accessed by the identified 7671

user(s). These services may apply to a single point in time and/or include 7672

periodic timeframes or updates. The ES Contractor shall assist DON law 7673

enforcement and counter intelligence (LE/CI) in executing electronic 7674

surveillance pursuant to the requirements of a telecommunications carrier 7675

under Communications Assistance for Law Enforcement Act of 1994 as stated 7676

in Title 47, U.S. Code, Section 1002. 7677

ii. Single point of contact (POC) for LE/CI support services: Provide the 7678

government with a single POC and an alternate who is responsible for 7679

coordinating the ES Contractor’s performance of required LE/CI support 7680

services. The single POC for LE/CI support services shall be competent to 7681

provide forensically sound support services and to abide by chain-of-custody 7682

procedures, and will be expected to provide testimony in court regarding their 7683

services provided when required. The single POC for LE/CI support services 7684

shall have authority to retain, recover and archive all EIF necessary to respond 7685

to government requests for such effort. The ES Contractor shall follow USMC 7686

processes to receive, process, track, and maintain at a classified level all LE/CI 7687

requests for support. This process shall be restricted to a specific and limited 7688

number of contractor personnel and shall be the sole process for all LE/CI 7689

requests for EIF collection. The ES Contractor shall only process LE/CI 7690

requests from DON credentialed, badged, or appointed investigators. The 7691

single POC for LE/CI support services and an alternate shall be available to 7692

respond to government requests for information at all times. 7693

iii. Securing user EIF: The ES Contractor shall ensure that the user EIF identified 7694

by the government is replicated to a secured data storage environment to 7695

Attachment 1



278

eliminate the potential that a user could destroy data associated with an 7696

investigation. In securing the user EIF, the ES Contractor must preserve the 7697

data in an “as found” state so that it is not altered by the contractor’s opening 7698

of files, folders, or adding notes. The ES Contractor shall preserve the data as 7699

soon as practical, consistent with its regular business practices. Such data 7700

preservation shall be initiated within 24 hours and forwarded to the 7701

government upon completion of the preservation. 7702

iv. Documentation of services provided: Provide the DON investigator or 7703

designee with written certification of services performed. Written certification 7704

shall identify the specific means in which such services were performed and 7705

records preserved. For internet or intranet monitoring, the ES Contractor shall, 7706

where possible, provide electronic copies of monitoring information. 7707

v. Delivery formats and delivery locations: The government may also direct the 7708

ES Contractor to utilize physical media, such as hard disks, CD-ROMs and 7709

DVD-ROMs. Reports, spreadsheets, databases and other written information 7710

shall be delivered in contractor format and be compatible with the latest core 7711

build release of Microsoft Office or similar product. The ES Contractor shall 7712

maintain the integrity of the original data, including any metadata, until 7713

confirmation is received from the government that the data has been received, 7714

verified and validated. When requested, provide a copy of all the existing 7715

electronic information related to a specific investigative subject or suspect to 7716

specified investigative personnel within one week of request, without regard to 7717

where that electronic information may be located. 7718

vi. Confidentiality: The ES Contractor shall not disclose or reproduce EIF, data or 7719

information without prior written authorization of the contracting officer, 7720

unless compelled by a subpoena or court order, in which case the ES 7721

Contractor must first notify the general counsel of the DON and await direction 7722

from the Office of the DON General Counsel. 7723

vii. Privacy: Each user signs a system authorization access request and agrees to 7724

the DoD notice and consent banner in order to access the U.S. government 7725

Attachment 1



279

information system. Therefore, users do not have a reasonable expectation of 7726

privacy in government provided EIF and the contractor must not delay 7727

providing EIF on the basis of purported privacy rights. 7728

viii. Under exigent circumstances and in response to threats to national security, 7729

allow duly authorized government personnel to seize data, software, and 7730

hardware and associated peripheral devices found to be of evidentiary value to 7731

an investigation. 7732

zz. Assist government personnel in obtaining an image of a user device or mobile device 7733

(e.g., removing and providing local hard drive to government personnel). 7734

aaa. Assist government personnel in accessing to any intrusion detection system (IDS) 7735

or network sniffer. 7736

bbb. Assist government personnel in identifying and monitoring of VOIP and wireless 7737

technologies associated with the identified users. 7738

7739

4.8.4.2 Litigation Support 7740

For Litigation Support, the specific support tasks the ES Contractor shall perform or provide 7741

include: 7742

7743

4.8.4.2.1 General Litigation Support 7744

a. Assist DON attorneys according to the parameters set by the lead DON attorney to 7745

respond to subpoenas, discovery requests, court orders and other matters related to 7746

litigation that require the discovery, production, archiving, retention or rotation of user 7747

electronic information and Internet/Intranet activity information. Such assistance will 7748

not include any subjective decision making by contractor. 7749

b. Respond within ten calendar days (or twenty calendar days in the case of retrieving 7750

information from network backup tapes) from the date of the lead DON attorney’s 7751

written request unless otherwise agreed by the lead DON attorney. 7752

c. Designate a lead attorney who will set the parameters of the information required, 7753

including the identified user account name and time period. DON attorneys will perform 7754

all privilege reviews and legal services. 7755

Attachment 1



280

7756

4.8.4.2.2 Litigation Support Services 7757

a. Accurate, timely and complete information as requested for DON responses served on 7758

the government. The DON lead attorney will direct the contractor by describing the 7759

type of information sought. The contractor will not make any determination as whether 7760

such information requested is “responsive” or not. 7761

d. Accurate information and documentation concerning infrastructure configuration and 7762

information describes management of any network, including encryption, protocols for 7763

network back-up procedures, legacy systems, preservation protocols, and data 7764

applications used, etc (if not classified). 7765

e. Information concerning discovery and data issues as these topics apply to networks and 7766

systems (e.g. information required for the government to evaluate the scope of potential 7767

electronic discovery agreements and electronic data preservation orders). 7768

f. Information on electronic discovery issues. 7769

g. Data to authenticate electronic information. 7770

h. Recovery of network backups, for up to 30 attorneys request or a litigation hold, 7771

including signed and dated affidavits by a contractor information custodian stating that 7772

data is accurate to the best of his/her knowledge , as well as where, how and when the 7773

electronic information on the backups was collected and recovered. 7774

i. Preservation of relevant network backup information, including taking network media out 7775

of the network backup rotation and storing as required to respond to government 7776

litigation needs. 7777

j. Accurate data from user devices or mobile devices, including sector-by-sector imaging 7778

that preserves the integrity of the original data and metadata. 7779

k. Periodic audit planning for electronic records, including conducting audits as directed by 7780

the government and providing reports of compliance on a periodic basis. 7781

7782

4.8.4.2.3 Litigation Holds Services 7783

a. When notified by the government to place a litigation hold on a category of records, the 7784

ES Contractor shall locate, secure and preserve, within reason those records found in 7785

Attachment 1



281

Online and off-line storage. A single litigation hold notice may cover one, few or many 7786

different categories of records. In addition, the ES Contractor shall search user-7787

controlled Online storage areas of specified users. If the government does not specify 7788

the manner or method of performance for the litigation hold, the contractor may use any 7789

means generally accepted in the industry for preserving evidence in anticipation of 7790

litigation. A generally accepted preservation method would be to make a read-only copy 7791

of the pertinent native files on a hard drive or portable media with back-up copies stored 7792

at a different site. The ES Contractor shall discontinue routine destruction of those 7793

records. The ES Contractor shall continue to locate, secure and preserve that category of 7794

records or user-controlled Online storage areas of specified users until notified by the 7795

government that the litigation hold has ended. After the litigation hold has ended, the 7796

contractor may resume normal records management practices including the routine 7797

destruction of records. 7798

b. Provide the government copies of the records held for each litigation hold request. 7799

c. Specified by the government, the contractor may produce the records as preserved by 7800

providing a read-only copy on hard drive or portable media. The ES Contractor shall also 7801

provide documents identifying the records, their file type, the corresponding litigation 7802

hold, and category. 7803

d. Maintain a record of its actions on each litigation hold request and report the status of 7804

litigation holds to the government upon request. Upon request, the ES Contractor shall 7805

report, for each litigation hold request, a description of the records preserved, including 7806

their quantity, category, file type, and location. 7807

7808

4.8.4.2.4 Records Searches and Production Services 7809

a. When the lead DON attorney requests a search for a category of records, the ES 7810

Contractor shall search Online and off-line storage for the requested records. A single 7811

search request may request one, few or many different categories of records. In 7812

addition, the ES Contractor shall search user-controlled Online storage areas of specified 7813

users. The ES Contractor shall secure and preserve all responsive records found. If the 7814

government does not specify the manner or method of performance, the Contractor may 7815

Attachment 1



282

use any means generally accepted in the industry for preserving evidence in anticipation 7816

of litigation. A generally accepted preservation method would be to make a read-only 7817

copy of the pertinent native files on a hard drive or portable media with back-up copies 7818

stored at a different site. The ES Contractor shall discontinue routine destruction of 7819

those records. The ES Contractor shall continue to locate, secure and preserve that 7820

category of records until notified by the government otherwise. 7821

b. Produce all responsive records found as soon as practical, and give to the government as 7822

soon as practical. Unless otherwise specified by the government, the Contractor may 7823

produce the records as preserved by providing a read-only copy of all responsive records 7824

on hard drive or portable media. With each production, the ES Contractor shall provide a 7825

document identifying the records, their file type, corresponding request and the category. 7826

c. Maintain a record of actions on each search request and report the status of the searches 7827

to the government upon request. Upon request, the ES Contractor shall report for each 7828

search request a description of the records found and preserved, including their quantity, 7829

category, file type, and location. 7830

d. Respond to written requests for information retrieval from end user hardware and all 7831

other equipment on the network including Contractor controlled online and offline 7832

storage and end user controlled offline storage. The Contractor(s) shall locate, secure, 7833

preserve, and provide records responsive to identified document records or record 7834

categories. Unless otherwise specified, the Contractor(s) may use any means generally 7835

accepted in the industry to preserve retrieved documents. Upon request, the Contractor(s) 7836

shall produce responsive records found as soon as practical, unless a response period is 7837

otherwise specified. 7838

7839

4.8.4.2.5 Testimony Services 7840

a. Upon timely request by the government, the ES Contractor shall provide credible, 7841

qualified knowledgeable individuals to testify as “Keeper of the Records” in litigation 7842

and investigations before various courts, boards, agencies and other forums. This often 7843

requires travel to various locations within the United States, review and analysis 7844

necessary to form conclusions and opinions, interviews by various attorneys, and 7845

Attachment 1



283

preparation for testimony and cross-examination. It may also involve assisting attorneys 7846

representing the government in preparing disclosures of the substance of facts and 7847

opinions of the witness’s expected testimony. The testimony may consist of both factual 7848

and expert testimony and may among other subjects address: authenticity of evidentiary 7849

copies of electronic records, search efforts related to document requests, preservation 7850

efforts related to litigation hold requests, missing and destroyed electronic records, and 7851

the contractor’s routine business practices including policy and procedures regarding the 7852

routine destruction of records. In testifying about government records and information 7853

the contractor and witnesses shall follow all reasonable instructions of the attorneys 7854

representing the government, e.g., the assertion of privileges and instructions limiting 7855

testimony. Testimony may take three forms and in all forms must be accurate. 7856

b. Upon timely request by the government, the ES Contractor shall provide credible, 7857















testimony. Testimony may take three forms and in all forms must be accurate a. 7872

Testimony may be presented through an affidavit or declaration under penalty of perjury 7873

rather than live testimony, such as in support of a summary judgment motion. 7874

Attachment 1



284

c. Upon timely request by the government, the ES Contractor shall provide credible, 7875















testimony. Testimony may take three forms and in all forms must be accurate. 7890

d. Testimony may be presented under oath in response to oral or written questions for a 7891

deposition. Although a judge may not attend the deposition, the deposition is still in 7892

effect before a judge or other presiding official. Testimony is recorded by a court 7893

reporter that prepares a written transcript and may prepare a video recording. The 7894

testifying witnesses shall review, correct, and sign video and written deposition 7895

transcripts in accordance with the procedures of the respective forum. Contractor 7896

reserves the right to have its counsel present for such proceedings. 7897

7898

4.8.4.2.6 Technical Advice and Assistance to Government Attorneys 7899

a. Provide technical advice and assistance regarding USMC networks and the information 7900

contained therein to attorneys representing the government upon request. 7901

b. Provide technical assistance in preparing the government’s case. This includes preparing 7902

for cross-examination of opposing witnesses. 7903

Attachment 1



285

c. Assist the government in preparing for discovery of opposing experts’ opinions, 7904

including preparation for and attendance at opposing experts’ depositions. 7905

d. Provide technical assistance in presenting the government’s case at trials and hearings. 7906

e. Assist the government in preparing for and in conducting cross-examination of opposing 7907

experts, including attendance at trials and hearings during testimony by opposing experts. 7908

f. Provide technical assistance in drafting motions and briefs. This includes, among other 7909

things, reviewing and analyzing portions of opposing briefs and motions, as well as 7910

reviewing government drafts. 7911

g. Adhere to the following confidentiality and release of government information 7912

provisions: Classified and “No Foreign” information procedures are not relaxed for 7913

litigation or because information might be relevant to litigation. 7914

7915

5. MARINE CORPS TRANSPORT SERVICES REQUIREMENTS 7916

5.1 Service Management 7917

ITSM is a framework of specialized functions and processes that, in conjunction with IT 7918

infrastructure and personnel, provides value to end users and customers in the form of IT 7919

services. ITSM processes support conceptualization, planning, procurement, implementation, 7920

and operation of IT services. Well-defined process interfaces ensure the integration of 7921

acquisition, governance, and operational activities. USMC Enterprise ITSM (EITSM) processes 7922

and activities are based on the ITIL v3 lifecycle and processes, but are tailored to the unique 7923

policies, culture, and organizational constructs of the USMC. In the future net-centric 7924

operational environment, the Marine Corps will become increasingly dependent on IT services 7925

and capabilities, so service management will become even more important. The TXS Contractor 7926

is responsible for participating the USMC EITSM framework by managing and reporting work 7927

activities according to defined processes, procedures, work instructions, and metrics. The TXS 7928

Contractor will align its teams with USMC NetOps organizations and participate in the ITSM 7929

framework on the behalf of these different enterprise, regional, and local organizations under the 7930

guidance of local commanders and managers. The TXS Contractor shall ensure that its activities 7931

are recorded separately, allowing the Government to examine the Contractor's specific 7932

Attachment 1



286

contribution to USMC IT services. A notional tools list is provided in Appendix I. USMC 7933

EITSM process guides are attached to this RFP. 7934

7935

5.2 Scope of Work 7936

The scope of this effort is to provide technical support, network sustainment, and network 7937

transition support to the Marine Corps Systems Command (MCSC), Information Systems and 7938

Infrastructure Product Group 10 (PG-10/ISI), Marine Corps Network and Infrastructure Services 7939

(PM MCNIS) program office, MCNOSC, and USMC garrison network operations at USMC 7940

sites. 7941

7942

For the Marine Corps Management Domain, Transport and Facilities Management Services will 7943

be managed by Government personnel, with additional support provided by the TXS Contractor. 7944

Notional technical support categories are listed in the Rate Card attachment to the contract and 7945

map to corresponding tasks. Tasks include assisting in operating, troubleshooting, and 7946

monitoring WAN, BAN, and LAN network HW, infrastructure, and SW and may include 24/7 7947

operations, systems and network engineering, cyber security, information technology 7948

management, data and migration services, and various support functions. 7949

7950

Throughout the contract period, the Contractor will be required to coordinate schedules, assist 7951

with data collection for assets, provide engineering and technical support, assist in network 7952

management and operations, user requirements management, application and HW inventory, 7953

transition activities, technical refresh schedules and activities, and lifecycle sustainment in the 7954

USMC IT environment (e.g., SRM data collection, asset reconciliation and tracking). The scope 7955

of task orders shall be structured to reflect support for MCNOSC and Major Commands across 7956

the USMC sites. 7957

7958

5.3 Summary of Services 7959

Contractors under USMC Transport Services task orders, will support the USMC in operating, 7960

maintaining, and sustaining the Transport infrastructure, perform associated services, provide 7961

transport HW and SW procurement, and provide associated training. Task orders will include 7962

Attachment 1



287

support of technology refresh for the Cable Plant, some lease hold improvements, and movable 7963

infrastructure associated with LAN/BAN operations. The Cable Plant includes LAN/BAN fiber 7964

and wire that connects the office wall plug to the DISN point of presence. Within the NOCs, the 7965

Transport vendor will assist the Government in operation of the Transport infrastructure. 7966

Transport hardware and software will consist of routers, switches, and boundary suites including 7967

LAN/BAN components down to the wall plug in each office. The Contractor will also install, 7968

configure, and test GFP. The draft Responsible, Accountable, Supportive, Consulted, Informed 7969

(RAsCI) matrix at appendix K of this PWS depicts a notional model of USMC requirements with 7970

a manpower breakout of how much of the work will be performed by the government (G 7971

columns) and how much of the work will be performed by the contractor (C columns). 7972

7973

TXS includes lifecycle support and operations of the following infrastructure: 7974

5.3.1 BAN/LAN 7975

a. Network CP is the LAN and BAN media (fiber, copper and wireless) that links office 7976

wall plugs to the DISN SDPs. 7977

b. Switching Infrastructure is all of the SW, HW, electronic infrastructure required to 7978

deliver BAN/LAN services. TXS infrastructure extends from the wall plug (wired 7979

network access point interface to the workstation/laptop NIC), to the distribution routers, 7980

core switches, inner routers, and out to the DISN SDPs. 7981

7982

5.3.2 WAN and Boundary Protection 7983

a. B1 Security Boundaries (between NGEN and the DISN POP) with associated 7984

Demilitarized Zones (DMZs). 7985

b. B2 Boundaries (between NGEN Enterprise and other Legacy networks). 7986

c. Transport Boundaries (connects all NGEN sites except Very Small Sites (VSSs) that use 7987

a commercial ISP). 7988

d. Deployable Site Transport Boundaries (DSTBs). 7989

e. The types of equipment used in the B1, B2, and Transport Boundaries include: 7990

i. Firewalls and all associated functionality 7991

ii. Network Load Balancers 7992

Attachment 1



288

iii. Intrusion Detection/Intrusion Prevention Systems (IDS/IPS) network appliances 7993

a. Anti-Malware appliances 7994

iv. Network-based Encryption Devices 7995

v. Network elements of the NAC system 7996

vi. VPN Appliances 7997

vii. WAN Accelerators 7998

viii. Network and Security management HW and SW 7999

ix. Other Network-based Cyber Security Devices 8000

8001

5.3.3 Facilities Capacity Management 8002

Transport Services shall also include Facilities Capacity Management Services which include 8003

assessment, planning, design, and coordination of improvements or modifications to Government 8004

buildings. Locations for improvements include building communications rooms, wiring closets, 8005

NOCs, server-farms, micro-server farms, administrative spaces, and warehouses. These 8006

modifications include capacity of: 8007

a. Heating, Ventilation, Air Conditioning (HVAC). 8008

b. Electrical Systems, including Power Distribution Units, Uninterruptible Power Supply 8009

(UPS), Backup Generators, Transformers, and Lighting. 8010

c. Fire and Smoke Detection and Suppression Systems. 8011

d. Floors, Walls, and Ceilings. 8012

e. Hazardous Material Abatement. 8013

f. Physical Security (e.g. locks and surveillance). 8014

g. Other improvements such as office spaces and storage. 8015

8016

5.4 PERFORMANCE REQUIREMENTS 8017

5.4.1 Performance Quality 8018

The TXS Contractor shall be evaluated against the Performance Standards defined in the Quality 8019

Assurance Surveillance Plan. 8020

8021

5.4.1.1 Quality Control Plan 8022

Attachment 1



289

Within thirty (30) calendar days after initial task order award, the Contractor shall establish and 8023

maintain a complete Quality Control Plan that shall ensure the requirements of the contract are 8024

provided as specified in Sections 7.0, 8.0, and 9.0 of this document. This will be a “living” 8025

document that covers the initial task order and allows for changes to include future task orders 8026

(CDRL A117). 8027

8028

5.4.1.2 Government Representatives 8029

The Government will designate representatives who will evaluate Contractor personnel against 8030

these categories. Representatives will generally hold positions as MITSC Directors, Ops 8031

Managers, MCNOSC Site Leads, MCNOSC Department Heads, and Base G6 leadership. 8032

Specific personnel will be identified within thirty (30) calendar days after task order award. 8033

8034

5.4.2 Phase In/Phase Out Period 8035

5.4.2.1 Phase In Period 8036

Phase in period encompasses the people, processes, tools, technologies, and sequenced activities 8037

required to transfer service operations from the Incumbent. The phase in services will begin 1 8038

October, 2011 (FY 2012). A Notional USMC Transition Timeline is attached. 8039

8040

The Contractor shall support a smooth transition and familiarization with processes, procedures, 8041

and tools currently utilized to provide these services. 8042

The Contractor shall perform these specific tasks: 8043

a. Propose a staffing and training plan to support task order requirements that encompass 8044

staffing and on-boarding activities for the location(s) specified. The staffing plan shall 8045

include labor categories, describe associated skill sets, and level of support required to 8046

meet the service requirements in this PWS (CDRL A118). 8047

b. Participate in transition readiness reviews to ensure successful transfer of service 8048

operations. 8049

8050

5.4.2.2 Phase Out Period: 8051

Attachment 1



290

a. During the phase-out period, the contractor shall provide and execute a phase-out plan in 8052

accordance with the terms of the NGEN Transport Contract to ensure continuity of 8053

services, minimize any decreases in productivity, and prevent possible negative impacts 8054

on additional services during the phase out period (CDRL A119) 8055

b. Provide knowledge transfer, support successor job-shadowing, training, and other 8056

activities in order to transfer full operation of services. 8057

8058

5.5 Services Provided 8059

The Contractor shall support a broad range of technical, operational, maintenance and 8060

management functions in support of delivery of Transport Services to the Marine Corps 8061

Management Domain, and be expected to support the following elements: 8062

8063

5.5.1 Transport Engineering Design and Support Services (TEDSS) 8064

TEDSS is the engineering and technical services required to support implementation of transport 8065

systems and infrastructure in accordance with Government-provided architecture and design. 8066

This will support the delivery of data services including all functionality of the underlying 8067

enterprise, provisioning of data and resources, and synchronization of business operational 8068

functions with available systems and services. The general tasks include centralized Internet 8069

Protocol (IP) network management, legacy network support, Management Domain expansion 8070

and extension, and dynamic bandwidth management. The USMC is the design and technical 8071

authority for the transport system. 8072

8073


For TEDSS, the specific tasks the Contractor shall perform or provide include: 8075

a. Design and engineering activities for expansions and transformations to the existing 8076

Transport architecture. 8077

b. Inputs to deployment plans for any new or expansion to the existing Transport 8078

architecture, including recommendations for hardware/software. 8079

c. Deployment plans as required by changes in hardware, software or resource availability 8080

or other reasons 8081

Attachment 1



291

d. Inputs to the tech refresh deployment plan and schedules. 8082

e. Test the newly installed Transport assets design functionality and interoperability with 8083

existing Network Transport infrastructure. 8084

f. Report the procedures used for the test, issues encountered, proposed resolutions to the 8085

issues and the results of the design and interoperability test. 8086

g. Move the software from a development / test environment to the live environment. 8087

8088

5.5.2 Transport Operations Services 8089

Transport Operations Services include the day-to-day activities required to provide end-to-end 8090

monitoring, management, administration, and maintenance for the USMC. 8091

8092


For Transport Operations Services, the specific tasks the Contractor shall perform or provide 8094

include: 8095

a. Monitor and manage Transport Services, including the infrastructure, hardware, and 8096

software for the Marine Corps management domain. 8097

b. Installation and maintenance of Government-provided performance monitoring and 8098

management systems for Network Transport infrastructure. 8099

c. Input to reporting of performance monitoring and management measures for Network 8100

Transport infrastructure. 8101

d. Notify, per Government procedures, of cyber threats and activities as well as information 8102

from sensors within the transport services network. 8103

e. Recommend prioritization of events, incidents, and problems. 8104

f. Monitor the Cyber Security/CND operational situation on network system status 8105

consoles. 8106

g. Initial investigation on any suspicious activity reported. 8107

h. Escalate potential security events via the incident ticket/event tracking system to the 8108

appropriate Operations Duty manager. 8109

i. Execute the Cyber Readiness Implementation Plan. 8110

Attachment 1



292

j. Implementation of CND Response Actions (RAs), which may be based on intelligence 8111

reporting, active network incidents or trends. 8112

k. Evaluate the impact of Government directed configuration changes from CND-RAs. 8113

l. Audit and Accountability that can include monitoring (weekly) and analyzing logs to 8114

identify unauthorized, illicit, or other unwanted activity. 8115

m. Maintain near real-time data feeds from designated systems into the Government SIM 8116

system. 8117

n. Install the Government-provided software agent(s). 8118

o. Execute a preselected volatile data capture tool and provide the output in the Government 8119

approved format/output. 8120

p. Take possession of any equipment related to a Government designated network incident 8121

utilizing Government chain of custody procedures. 8122

q. Restoration of network and system devices to a known valid baseline. 8123

r. Post-event scans and verification of mitigation actions. 8124

s. Maintain the network and system configuration baseline of all devices in accordance with 8125

current Government directives. 8126

t. Install network and system monitoring devices into the Transport Services system. 8127

u. Implement automated tools to collect Intrusion Management data. 8128

v. Prepare collected Intrusion Management data IAW USMC format. 8129

w. Implement standard vendor provided appliance signatures. 8130

x. Update and maintain detailed network diagrams in support of conducting network based 8131

intrusion detection monitoring and prevention. 8132

y. Operational status of all sensors, manager systems, and associated database systems to 8133

the Government. 8134

z. Monitor intrusion detection systems. 8135

aa. Collect and copy sensor log data to the Government. 8136

bb. Collect and copy appliance log data to the Government. 8137

cc. Electronic notification upon receipt of request, resolution (work completion) of request 8138

and ticket closure. 8139

dd. Approved Move, Add, Change MAC Services. 8140

Attachment 1



293

ee. Create, log, close a change ticket to document the processing of requests until resolved 8141

per Government established ITSM documentation (attached to this contract). 8142

ff. Negative impacts to systems, operational risk, or potential performance risks associated 8143

with any Government initiative, design elements, or plans and recommend options to 8144

reduce or eliminate these risks. 8145

gg. Status of Government directed actions to the Government POC to include; when action is 8146

initiated, progress, and confirmation of completed action. 8147

8148

5.5.2.2 IT Collateral Equipment Management Specific Tasks 8149

With IT Collateral Equipment Services Management, the specific tasks the Contractor shall 8150


a. Assessment, design, implementation, and optimization of Government IT facilities. 8152

b. Planning and design of new facilities requiring network connections. 8153

c. Overall condition and status of facility support systems, including maintenance and repair 8154

activities, equipment condition, and environmental conditions. 8155

d. Assess environmental requirements for space, air conditioning, electric power, plumbing 8156

and lighting systems, fire suppression, and security capabilities. 8157

e. Overseeing the safe, secure, and environmentally-sound operations and maintenance of 8158

assets. 8159

f. Life-cycle management of facility equipment and consumables. 8160

g. Communicate plans and activities with others. 8161

h. Fixture ordering, supply ordering, and generating work requests. 8162

i. Maintain storage and staging areas. 8163

j. Update facilities programs such as spreadsheets, cad drawings, facilities management 8164

tools, and line drawings as required. 8165

8166

5.5.3 Base Area Network/Local Area Network (BAN/LAN) Services 8167

A BAN service resides on Marine Corps bases, connecting LANs and organizations to the 8168

Intranet and Internet. The LAN resides in buildings/offices/sites and connects to the BAN 8169

infrastructure (or the BAN/LAN/SDP) and ES. The BAN extends to the external edge (inner 8170

Attachment 1



294

routers) of bases served by BAN services and provides the IP transport capabilities for integrated 8171

services supporting data. 8172

8173


For BAN/LAN, the specific tasks the Contractor shall perform or provide include: 8175

a. Operate and maintain the existing BAN infrastructure, which includes all necessary cable 8176

plant (inside and outside) and equipment required to provide information transport 8177

functionality between LANs located at end user locations at given 8178

bases/posts/camps/stations connecting them to the BAN/LAN/SDP. BAN infrastructure 8179

provides an IP based network that supports a dual stack IPv4/IPv6 environment and 8180

necessary Cyber Security services. 8181

b. Operate and maintain the existing LAN infrastructure, which includes cable plant (inside 8182

and outside) and equipment, required to provide information transport functionality 8183

between end nodes that is confined within end user locations. LAN infrastructure 8184

consists of premise cabling and equipment located at the customer sites. The LAN 8185

connects to a BAN or WAN. 8186

8187

5.5.3.2 For both BAN and LAN 8188

a. Plan, engineer, design, and install BAN and LAN infrastructure. 8189

b. Install, configure, and remove routers, switches, and other BAN/LAN devices in 8190

accordance with enterprise change management processes. 8191

c. Use, safeguard, operate, and maintain cryptographic material in accordance with 8192

appropriate Government policy and processes. 8193

d. Plan, implement, operate, and maintain regional and local wireless capabilities. 8194

e. Install cable trunks and fiber runs in accordance with enterprise change management 8195

processes. 8196

f. Maintain and update SW and firmware required for BAN/LAN components. 8197

g. Requirements analysis for future BAN and LAN services in support of NGEN 8198

modernization. 8199

Attachment 1



295

h. Conduct annual service continuity BAN/LAN site assessments, identify deficiencies, and 8200

provide future design/operations recommendations. 8201

i. Coordinate with Service Desk regarding tracking of issues with BAN and LAN in 8202

accordance with Government-provided incident management processes. 8203

j. Install Transport HW/SW, at the appropriate locations. This may include electronic 8204

distribution or manual installation of SW. 8205

k. Configure Transport HW/SW to the current operating configuration in accordance with 8206

configuration management processes. 8207

l. Manage troubleshooting support after installation of HW/SW for Network Transport 8208


m. Data migration activities for supported end user devices, storage devices and application 8210

hosting devices. 8211

n. Plan, configure and operate data migration tools. 8212

i. Maintain IP Addressing Plan. 8213

o. Maintain Routing Plan. 8214

i. Maintain IPv6/IPv4 Coexistence and Interworking Practices. 8215

ii. DIACAP processes prior to connecting any new device into the NGEN 8216

environment. 8217

iii. Install ducts and conduits, pull cables, and terminate, test, splice, and repair 8218

copper, coaxial, and fiber optic cabling. 8219

iv. Install outside and interior copper and fiber cabling, fiber optic modems, fiber 8220

multiplex equipment, fiber patch panels, analog and digital copper patch panels, 8221

main and intermediate distribution frames, lightning protection, and supporting 8222

ground and power connections. 8223

v. Install cabinets, cable ladder and rack systems, and equipment components in the 8224

cabinets. 8225

vi. Develop and update policy and procedures to ensure consistent standards and 8226

requirements, for inside and outside plant installations. 8227

vii. Make recommendations for Government approval for replacement/upgrade of 8228

support equipment (e.g., test equipment), and copper/fiber optic cable 8229

Attachment 1



296

transmission technologies to increase reliability and optimize systems 8230

performance. 8231

viii. Advise the Government on inside and outside plant cable installation issues. 8232

ix. Update cable plant programs such as spreadsheets, Computer-Aided Design 8233

(CAD) drawings, management tools, and line drawings as required. 8234

x. Identify any possible risks to the project schedule and provide any needed 8235

mitigation for those risks. 8236

xi. Ensure all cable locating has been done and marked prior to any maintenance. 8237

8238

5.5.4 Wide Area Network (WAN) Services 8239

WAN services provide separate connections to external networks and the Internet. WAN 8240

services provide transport of data from Government base, facility and office locations, across 8241

non-Government property, to other Government base, facility and office locations. WAN 8242

requires connectivity to the B1/B2 gateway. 8243

8244


For WAN Services, the specific tasks the Contractor shall perform or provide include: 8246

a. Technical information required to place a DISN circuit order IAW Site-WAN circuit 8247

mapping. 8248

b. Input to design, installation, and documentation of site modifications to connect BAN 8249

and/or LAN to local DISN SDP IAW Site-WAN circuit mapping. 8250

c. Maintain WAN Routing Plan, including interior routing of IP addresses up to the site 8251

interior router and other infrastructure that uses IP addresses. 8252

d. Install and test circuit extensions and base extensions, including coordination with the 8253

Telecommunications Office (TELO), DISA and Government Program Manager for end-8254

to-end testing and activation of DISN circuits. 8255

e. Document WAN interface HW and SW to support DIACAP. 8256

f. Input to Capacity Planning based on LAN/WLAN/BAN/WAN network data. 8257

g. Maintain as-is modeling capabilities to support the planning of changes to the network 8258

infrastructure, specifically to estimate future volume, usage, and application 8259

Attachment 1



297

characteristics, as well as integration of emerging technology and utilization of DISN 8260

provided as GFP. 8261

h. Analysis of the network capacity and recommendations for future engineering changes. 8262

i. Configure external network connections to allow for interoperability with other DoD 8263

networks such as the Marine Corps Tactical Data Network (TDN) and IT-21, and to 8264

major commercial partners of Navy and Marine Corps stakeholders. 8265

j. Install ducts and conduits, pull cables, and terminate, test, splice, and repair copper, 8266

coaxial, and fiber optic cabling. 8267

k. Install outside and interior copper and fiber cabling, fiber optic modems, fiber multiplex 8268

equipment, fiber patch panels, analog and digital copper patch panels, main and 8269

intermediate distribution frames, lightning protection, and supporting ground and power 8270

connections. 8271

l. Install cabinets, cable ladder and rack systems, and equipment components in the 8272

cabinets. 8273

m. Develop and update policy and procedures to ensure consistent standards and 8274

requirements, for inside and outside plant installations. 8275

n. Make recommendations for Government approval for replacement/upgrade of support 8276

equipment (e.g., test equipment), and copper/fiber optic cable transmission technologies 8277

to increase reliability and optimize systems performance. 8278

o. Advise the Government on inside and outside plant cable installation issues. 8279

p. Update spreadsheets, CAD drawings, management tools, and line drawings for WAN 8280


q. Ensure all cable locating has been done and marked prior to any maintenance. 8282

8283


Security Configuration and Management Services provides an enterprise wide security 8285

compliance capability that scans and remediates NGEN network devices for out-of compliance 8286

conditions such as changed settings, outdated patches, and illicit SW. 8287

8288


Attachment 1



298

For Security Configuration and Management Services, the specific tasks the Contractor shall 8290


a. Use Government cryptographic keys, algorithms and IPsec Security Associations to 8292

encrypt and decrypt data. 8293

b. Use Government provided Type 1 cryptographic devices when interfacing with coalition 8294

networks. 8295

c. Safeguard Government provided encryption products and keying materials in accordance 8296

with EKMS 1A. 8297

d. Operate and maintain bulk encryption on transmission channels in accordance with 8298

current Government directives. 8299

e. Operate and maintain HW and SW with key distribution using current X.509 PKI 8300

certificates. 8301

i. Operate and maintain HW and SW with PKI tokens in accordance with 8302

Government direction. 8303

ii. Operate and maintain HW and SW with key-destruction in accordance with 8304


iii. Operate and maintain HW and SW with data encryption in accordance with 8306


iv. Operate and maintain HW and SW with Protocol-Internet Engineering Task Force 8308

IPsec RFC 4301 and 4303, ESP tunnel mode only. 8309

v. Operate and maintain HW and SW with data hashing functions in accordance 8310

with Government direction. 8311

f. Operate, maintain, and troubleshoot VPN HW and SW. 8312

g. Analyze VPN Concentrator capacity planning. 8313

h. Operate, maintain, and troubleshoot encryption tunneling HW and SW associated with 8314

remote access services VPN concentrators. 8315

i. Conduct IAVM. 8316

j. Conduct vulnerability scans that utilize the latest Government provided configuration and 8317

definition files as applicable to the DoD mandated solution. 8318

k. Implement Government directed signatures. 8319

Attachment 1



299

l. Analyze vulnerability scan results to determine potential network or system 8320

vulnerabilities in accordance with current Government directives. 8321

m. Status IAVM actions implementation through the designated Government portal. 8322

n. Develop a POA&M that shows the status of each vulnerability and actions taken, if there 8323

are any outstanding vulnerability. 8324

o. Complete corrective actions for Vulnerability Alerts. 8325

p. Provide reviews, analyses, evaluations, risk assessments, and recommendations to the 8326

Government for required vulnerability management and analysis. 8327

8328

5.5.6 Boundary, DMZ, and Communities of Interest (COI) Services 8329

Boundary, DMZ, and COI Services protect the NGEN Enterprise including the management and 8330

operation of the boundaries. 8331

8332


For Boundary, DMZ, and COI Services, the specific tasks the Contractor shall perform or 8334


a. Administer and maintain external interface solutions supporting remote management, 8336

monitoring, and administration through a VPN to and from Marine Corps NOCs and 8337

SOCs. 8338

b. Administer and maintain interfaces that allow all USMC networks to interface with the 8339

network boundary routers. 8340

c. Administer and maintain a physical interface between the migrated Legacy systems 8341

(server) via the network interface card in the server, in accordance with Network 8342

Transport infrastructure DAA security requirements and policy. 8343

d. Administer and maintain logical or physical interface to the DSN for basic voice 8344

transport services from premise switches that are part of a BAN. 8345

e. Administer and maintain network interface to Local Exchanges Carriers (LECs) via T1 8346

interfaces that support ISDN Primary Rate Interface and Basic Rate Interface. 8347

f. Administer and maintain network interface to IECs via T1 interfaces that support ISDN 8348

Primary Rate Interface. 8349

Attachment 1



300

8350

5.5.7 Security and IT Certification and Accreditation Services 8351

Security and IT C&A Services supports the DIACAP to include tracking, testing and delivery in 8352

support of C&A. 8353

8354


For Security and IT C&A Services, the specific tasks the Contractor shall perform or provide 8356

include: 8357

a. Evaluate proposed new products and protocol for impacts to C&A. 8358

i. Analyze network security requirements based on Government guidance 8359

b. Ongoing assessment of the infrastructure. 8360

c. Ongoing Government DIACAP testing and processes in support of C&A. 8361

d. C&A recommendations to network engineers and other technical staff. 8362

e. Create DIACAP packages in support of C&A. 8363

f. Collect documents, finding artifacts and evaluating system security posture as it relates to 8364

the stated standards. 8365

8366

5.5.8 Network Operations (NETOPS) and Cyber Security Training Services 8367

The Contractor shall develop training materials and procedures and train personnel on Transport 8368

hardware and software. 8369

8370

5.5.9 Testing & Evaluation (T&E) Services 8371

The Contractor shall provide Test and Evaluation support to four principal areas of T&E: 8372

a. C&A. 8373

b. Application Compatibility & Technology Integration (AC&TI). 8374

c. Solution Testing. 8375

d. Performance Measurement and Analysis using established GFE measurement system (ie. 8376

EPMD as provided by the Government). 8377

8378

Attachment 1



301

The TXS testing shall verify compliance with technical and operational thresholds. The TXS 8379

Contractor will be required to closely collaborate with the ES Contractor, Service Management 8380

Coordinator and designated Government engineers to support all required testing. The NGEN 8381

overarching Test and Evaluation Strategy (TES) is documented in the NGEN Test and 8382

Evaluation Master Plan (TEMP). No testing will be performed until it has been approved by the 8383

Government. 8384

8385


For Testing and Evaluation Services, the specific tasks the Contractor shall perform or provide 8387

include: 8388

a. Test upgrades or additions to the Transport architecture prior to deployment in 8389

accordance with approved test plans. 8390

b. Test upgrades or additions to the Transport architecture after deployment in accordance 8391

with approved test plans. 8392

c. Development of test plans for the certification of upgrades or additions to the Transport 8393

architecture. 8394

d. Collect test data that includes test results and observations from test events. 8395

e. Develop test reports that include test results and observations from test events. 8396

f. Develop a requirements traceability matrix that maps documented requirements to 8397

production test cases. 8398

Develop a POAM to the Government that outlines corrective actions and a schedule for any 8399

failed test. 8400

Attachment 1



A‐1

APPENDIX A: ACRONYMS AND DEFINITIONS 8401

8402 ACRONYM DEFINITION

A&E Architecture and Engineering

AAR After Action Report

AC&TI Application Compatibility & Technology Integration

ACL Access Control List

AD Active Directory

ADAM Active Directory Application Mode

ADN Area Distribution Nodes

AES Advanced Encryption Standard

AFOR Assume Full Operational Responsibility

AH Authentication Header

ALT Alternative Log on Token

AMDB Asset Management Database

AMIP Asset Management Implementation Plan

AMP Asset Management Plan

ANSI American National Standards Institute

ANSI/EIA American National Standard Institute/Electrical Industries Association

AOR Area of Responsibility

API Application Programming Interface

AS Assured Services

ATA Analog Telephone Adapter

ATO Authority to Operate

B/P/S Bases, Posts, and Stations

B1 Boundary 1

B2 Boundary 2

B3 Boundary 3

B4 Boundary 4

BAN Base Area Networks

BB Blackberry

BCP Business Continuity Planning

BES Blackberry Enterprise Servers

BOM Bill of Material

B/P/S Bases, Posts, and Stations

BREM Bremerton (Naval Station)

Attachment 1



A‐2

ACRONYM DEFINITION

BUMED Bureau of Medicine and Surgery

BURAS Broadband Unclassified Remote Access Services

C&A Certification and Accreditation

C2 Command and Control

C2ISR Command, and Control, Intelligence Surveillance, and Reconnaissance

C3 Command, Control, and Communication

C4 Command, Control, Communications, and Computers

CA Certificate Authority

CAC Common Access Card

CAD Computer-Aided Design

CAL Category Assignment List

CALEA Communications Assistance for Law Enforcement Act

CANES Consolidated Afloat Network Enterprise Services

CBT Computer-Based Training

CCB Configuration Control Board

CCDR Contractor Cost Data Reporting

CDR Central Data Repository

CDR Critical Design Review

CDRL Contract Data Requirements List

CDS Cross-Domain Security

CFSR Contract Funds Status Report

CHLK China Lake (Naval Air Weapons Station)

CHRL NWS Charleston

CI Configuration Item

CIO Chief Information Officer

CJCSI Chairman of the Joint Chiefs of Staff Instruction

CJCSM Chairman of the Joint Chief of Staff Manual

CLEC Competitive Local Exchange Carrier

CLIN Contract Line Item Number

CLO Cryptographic Log‐On

CM Configuration Management

CMDB Configuration Management Database

CMIP Configuration Management Implementation Plan

CMP Configuration Management Plan

CND Computer Network Defense

Attachment 1



A‐3

ACRONYM DEFINITION

CNDSP Computer Network Defense Security Provider

COA Course of Actions

COI Communities of Interest

CONOPS Concept of Operations

CONUS Continental United States

COOP Continuity of Operations

COP Common Operating Picture

COR Contracting Officer’s Representative

CoSC Continuity of Services Contract

COTS Commercial Off the Shelf

CPD Capability Production Document

CPMD Client Performance Management Database

CRAN NSWC Crane

CSA Configuration Status Accounting

CSDR Cost and Software Data Reporting

CSI Continual Service Improvement

CSR Certification Solution Review

CTNPP Classified Transportation Network Protection Policy

CTO Computer Tasking Orders

CTR Claimant Technical Representatives

CYBERCON Cyber Command

CyberNetOps Cyber Network Operations

DAA Designated Approving Authority

DADMS DON Application and Database Management System

DAR Data at Rest

DAU Defense Acquisition University

DCE DISN Core Extension

DCO Dial Central Office

DEERS Defense Enrollment and Eligibility Reporting System

DES Data Encryption Standard

DFAR Defense Federal Acquisition Regulation Supplement

DGO DoD GIG Operations

DHCP Dynamic Host Configuration Protocol

DIA Defense Intelligence Agency

DIACAP DoD Information Assurance Certification and Accreditation Process

Attachment 1



A‐4

ACRONYM DEFINITION

DIP DIACAP Implementation Plan

DISA Defense Information Systems Agency

DISN Defense Information Systems Network

DMS Data Management Strategy

DMSMS Diminishing Manufacturing Sources and Material Shortages

DMZ Demilitarized Zone

DNSSEC Domain Name System Security

DO Delivery Order

DoD Department of Defense

DODAF DoD Architecture Framework

DoDD Department of Defense Directives

DoDI DoD Instruction

DON Department of the Navy

DOORS Dynamic Object Oriented Requirements System

DON CIO Department of the Navy Chief Information Officer

DPAS Defense Property Accounting System

DR Disaster Recovery

DREN Defense Research Engineering Network

DRP Disaster Recovery Plan

DSN Defense Switched Network

DSTB Deployable Site Transport Boundary

ECCB Enterprise Configuration Control Board

ECP Engineering Change Proposal

e-DMZ Extended DMZ

EDP Enterprise DIACAP Plan

EDS Electronic Data Systems

EDSS Engineering Design and Support Services

EF Entrance Facilities

EIAD Marine Corps Enterprise IA Directive

EITSM Enterprise Information Technology Service Management

EKMS Electronic Key Management System

ENMS Enterprise Network Management System

EPCA Enterprise Pier Connectivity Architecture

EPMD Enterprise Performance Management Database

ERRP Enterprise Residual Risk Panel

Attachment 1



A‐5

ACRONYM DEFINITION

ES Enterprise Services

ESDS Electronic Software Delivery Services

ESP Encapsulated Security Protocol

eSSAA Enterprise System Security Authorization Agreement

FALN NAS Fallon

FAR Federal Acquisition Regulation

FIPS Federal Information Processing Standard

FLTCYBERCOM Fleet Cyber Command

FLTNOC Fleet Network Operations Center

FSP Field Service Provider

FYDP Future Year Defense Program

GAL Global Address List

Gbps Gigabit-per-second

GDA Government Directed Action

GFE Government-Furnished Equipment

GFF Government-Furnished Facilities

GFP Government-Furnished Property

GFY Government Fiscal Years

GIAC Global Information Assurance Certification

GIG Global Information Grid

GNOC Global Network Operations Center

GNOSC Global Network Operations and Security Center

GO/CO Government Owned, Contractor(s) Operated network

GOTS Government Off-The-Shelf

GPO Group Policy Objects

GSP Global Services Provider

GTSE Generic TXS Extension

HBSS Host-Based Security System

HQMC Headquarters Marine Corps

HSI Human Systems Integration

HVAC Heating, Ventilation, and Air Conditioning

HW Hardware

IA Information Assurance

IA/CND Information Assurance/Computer Network Defense

IAM IA Manager

Attachment 1



A‐6

ACRONYM DEFINITION

IAPB Information Assurance Policy Board

IATC Interim Authority to Connect

IAVM Information Assurance Vulnerability Management

IAWF Information Assurance Workforce Improvement

ICC Intermediate Cross Connect

ICW Interactive Courseware

IdAM Implement Identity and Access Management

IDE Integrated Digital Environment

IEC Inter-exchange Carriers

IEEE Institute of Electrical and Electronics Engineer

IETF Internet Engineering Task Force

ILE Integrated Learning Environment

ILEC Incumbent Provider Local Exchanges

ILT Instructor-Led Training

IMS Integrated Master Schedule

INFOCON Information Operations Condition

IOCM ITSM Operational CM

IP Internet Protocol

IPR In Process Review

IPsec IP Security

IPT Integrated Product Team

IPv4/IPv6 Internet Protocol version 4 and version 6

IS Information Security

ISD Instructional System Design

ISDN Integrated Services Digital Network

ISP Information Security Program

IT Information Technology

IT-21 Information Technology for the 21st Century (US Navy IT program to improve

shipboard communications and computing capability)

ITIL IT Infrastructure Library

ITSCM IT Service Continuity Management

ITSM Information Technology Service Management

IUID Item Unique Identification

IV&V Independent Verification and Validation

JAXS Jacksonville (Naval Air Station)

Attachment 1



A‐7

ACRONYM DEFINITION

JEDS Joint Enterprise Directory Service

JS Joint Chiefs of Staff

JTF-GNO Joint Task Force -Global Network Operations

KM Knowledge Management

KPI Key Performance Indicator

LAN Local Area Network

LCSP Life Cycle Sustainment Plan

LEC Local Exchanges Carriers

LMS Learning Management System

LOE Level-Of-Effort

LRA Local Registration Authority

MAC Move, Add, Change

MAGTF Marine Air-Ground Task Force

MARCORSYSCOM Marine Corps Systems Command

MARFOR Marine Forces

MCB Marine Corps Base

MCC Main Cross Connect

MCIENT Marine Corps Information Enterprise

MCEN Marine Corps Enterprise Network

MCSC Marine Corps Systems Command

MCTN Marine Corps Tactical Network

MDP Malware Detection and Prevention

MECH Mechanicsburg (Navy Support Activity)

MEF Marine Expeditionary Force

MILDEP Military Department

MIL-HDBK Military Handbook

MILL Millington, Mid South (Navy Support Activity)

MITSC Marine Air - Ground Task Force IT Service Center

MOC Maritime Operation Center

MPLS Multiprotocol Label Switching

MSC Major Subordinate Command

MUGU NBVC Point Mugu

NAC Network Access Control

NAT Network Address Translation

NAVGIG Navy’s Global Information Grid

Attachment 1



A‐8

ACRONYM DEFINITION

NAVSEA Naval Sea Systems Command

NCDOC Navy Cyber Defense Operations Command

NCES Net-Centric Enterprise Services

NCQ NIPRNet Connection Questionnaire

NCR National Capital Region

NCTAMS Naval Computer and Telecommunications Area Master Stations

NCTS Naval Computer and Telecommunications Stations

NEP Naval Enterprise Portal

NetOps Network Operations

NETWARCOM Network Warfare Command

NGEN Next Generation Enterprise Network

NIC Network Interface Card

NIPRNet Non-secure Internet Protocol Router Network

NIST National Institute of Standards & Technology

NMCI Navy-Marine Corps Intranet

NNPI Naval Nuclear Propulsion Information

NNWC Naval Network Warfare Command

NOC Network Operations Center

NPPS Navy Ports, Protocols and Services

NRFK Norfolk (Naval Station)

NSA National Security Agency

NWOR NSA New Orleans East Bank

O&M Operation and Maintenance

OCEN Oceana (Naval Air Station)

OCONUS Outside the Continental United States

OCRS Online Compliancy Reporting System

ODAA Operational Designated Approving Authority

OEM Original Equipment Manufacturer

OJT On-the-Job Training

OLA Operational Level Agreement

OLR Operational Level Requirements

OOTW Operations Other Than War

OPCON Operational Control

OPNAVINST Chief of Naval Operations Instruction

OOB Out-of-band

Attachment 1



A‐9

ACRONYM DEFINITION

OPSEC Operational Security

OS Operating System

OU Organizational Units

OTB Over Target Baseline

OWA Outlook Web Access

PAXR Patuxent River (Naval Air Station)

PCA Pier Connectivity Architecture

PCO Procuring Contracting Officer

PCP Pier Consolidation Point

PDA Personal Digital Assistant

PDR Preliminary Design Review

PDS Protected Distribution System

PHIL Philadelphia (Naval Support Activity)

PHS&T Packaging, Handling, Storage, and Transportation

PII Personally Identifiable Information

PIV Personal Identity Verification

PKI Public Key Infrastructure

PMB Performance Measurement Baseline

PMO Program Management Office

PMR Program Management Review

POA&M Plan of Action and Milestones

POC Point of Contact

POP Point of Presence

PRLH Pearl Harbor (Naval Complex)

PSI Physical Site Indicator

PSTN Public Switched Telephone Network

PBWS Program Work Breakdown Structure

PTNH Portsmouth (Naval Shipyard)

PWS Performance Work Statement

QA Quality Assurance

QASP Quality Assurance Survelliance Plan

QC Quality Control

QCP Quality Control Plan

QMS Quality Management Systems

RAS Remote Access Services

Attachment 1



A‐10

ACRONYM DEFINITION

RCVS Robust Certificate Validation Services

RDM Release and Deployment Mangement

REC Relocate, Establish or Convert

RFC Request for Change

RFP Request for Proposal

RNOC Regional Network Operation Center

RNOSC Regional Network Operations and Security Center

RPO Recovery Time Objectives

RQMP Requirements Management Plan

RSA Rivest, Shamir, & Adelman

RTM Requirements Traceability Matrix

RTO Recovery Time Objectives

RTR Readiness to Transition Reviews

S&T Science and Technology

S&TE Support and Test Equipment

SA Situational Awarerness

SATCOM Satellite Communication

SCAM Security Configuration and Management

SCCVI Secure Configuration Compliance Validation Initiative

SCM Security Configuration Management

SCRI Secure Configuration Remediation Initiative

SDNI San Diego North Island (Naval Air Station)

SDNS San Diego (Naval Station)

SDP Service Delivery Point

SDS System Design Specification

SDSP Service Desk Service Provider

SECNAVINST Secretary of the Navy Instructions

SEM Security Event Management

SEMP Systems Engineering Management Plan

SEP System Engineering Plan

SETR Systems Engineering Technical Review

SFR System Functional Review

SIM Security Incident Management

SIPH SPAWAR Shore Installation Process Handbook

SIPRNet Secret Internet Protocol Router Network

Attachment 1



A‐11

ACRONYM DEFINITION

SLA Service Level Agreement

SLM Service Level Management

SLR Service Level Requirement

SLR PC Service Level Requirement Performance Category

SME Subject Matter Expertise

SMTP Simple Mail Transfer Protocol

SNMP Simple Network Management Protocol

SOAP Simple Object Access Protocol (XML protocol)

SOC Security Operation Center

SOP Standard Operating Procedure

SOVT System Operational Verification Test

SPAWAR Space and Naval Warfare Systems Command

SPAWARINST Space and Naval Warfare Systems Command Instructions

SPSC Point Loma (Naval Base)

SRM Service Request Management

SRR Systems Requirements Review

SSL Secure Socket Layer

SSLVPN Secure Sockets Layer Virtual Private Network

ST&E Security Test and Evaluation

STEP Standardized Tactical Entry Point

STIG Security Technical Implementation Guide

STRATCOM Strategic Command

SW Software

T&E Test and Evaluation

T-1 Transmission carrier 1

TA Technical Authority

TACON Tactical Control

TBD To be determined

TCS Thin Client Services

TDA Technical Design Authority

TDLC Technical Design Life Cycle

TDN Tactical Data Network

TDPP Technical Data, , and Procedures

TECOM Training and Education Command

TEDSS Transport Engineering Design and Support Service

Attachment 1



A‐12

ACRONYM DEFINITION

TELO Telecommunications Office

TEMP Test and Evaluation Master Plan

TENTHFLT Tenth Fleet

TES Test and Evaluation Strategy

TIM Technical Interchange Meeting

TMP Transition Management Plan

TMS Transition Management Strategy

TR Telecommunications Room

TRP Technology Refresh Plan

TRR Conduct Test Readiness Reviews

TRRB Training Readiness Review Board

TSA Transport Services Architecture

TSPMD Transport Services Performance Monitoring Database

TXS Transport Services

UCA Umbilical Cable Assembly

uCMDB Universal CMDB

UD Unauthorized Disclosure

UII Unique Item Identifier

UPS Uninterruptible Power Supply

uRAS Unclassified Remote Access Service

URL Uniform Resource Locator

USCYBERCOM U.S. Cyber Command

USMC United States Marine Corps

USN United States Navy

USPACOM United States Pacific Command

USSTRATCOM Commander United States Strategic Command

VLAN Virtual LAN

VMS Vulnerability Managemnt System

VoIP Voice Over IP

VPN Virtual Private Network

VSS Very Small Site

VSSD Very Small Site Design

VTC Video Teleconferencing

WAN Wide Area Networks

WBS Work Breakdown Structure

Attachment 1



A‐13

ACRONYM DEFINITION

WIP Work-In-Progress

WLAN Wireless LAN

WNYD Washington Navy Yard

WPA2 Wi-Fi Protected Access 2

XML Extensible Markup Language

Attachment 1



B‐1

APPENDIX B: USMC Rate Card Transport Applications 8403

8404

Application Function Purpose / Use Admin Console for Load Balancers (F5)

Operations Mgt Individually manage Load balancers, typically to troubleshoot

CiscoWorks (LMS) LAN Management System

Operations Mgt Monitor for SLA collection. LMS consists of the RME, DFM, IPM and CM components.

CiscoWorks ACS (TACACS+) Access Mgt Provides password control for network devices.

HP NA (Opsware) Config MgtRelease & Deploy

Network Device Configuration Management

IntruShield IPS Security Manager

Event Mgt Report Console for IntruShield IPS.

McAfee Command Center Operations Mgt Manages Security Policy for Firewalls McAfee Sidewinder Administrator

Operations Mgt Individually manages firewalls, from workstations

Remedy Change MgtConfig MtgIncident Mtg

Ticket and change management tool. Used for service desk tickets, service requests, and change management for enterprise change.

Symantec Network Security Console

Event Mgt Manages Cisco Intrusion Detection System

Tivoli Netview Network Node Event MgtOperations Mgt

Discovers TCP/IP networks, displays network topologies, correlates and manages events and SNMP traps, monitors network health, and gathers performance data.

Tivoli Netview Web Console Event MgtOperations Mgt

Network Device Monitoring

Attachment 1


Not to be disclosed outside the Government except in accordance with the referenced non‐disclosure agreement

C‐1

APPENDIX C: USMC Rate Card Transport Equipment 8405

8406

Equipment Type Function DescriptionEnterprise & Application Servers (Small)

Enterprise Services Server Classes include: Dell Poweredge Series 1550 through 1950 series (Poweredge 1950 – Dual Core XEON Processor, 2.66GHZ, 4 GB RAM)

Enterprise & Application Servers (Medium)

Enterprise Services Server Classes include: Dell Poweredge Series 2000 through 2850 series (Poweredge 2850 – XEON Processor, 2.8GHZ, 512K Cache, 4 GB RAM, 2U)

Enterprise & Application Servers (Large)

Enterprise Services Server Classes include: Dell Poweredge Series 6000 series and higher (Poweredge 6650 – XEON Processor, 3.0GHZ, 2.0MB Cache, 8 GB RAM, 4U)

Other Enterprise Servers

IA Services, etc. Server Classes include: • Sun Microsystems Enterprise Series 200 • Sun Microsystems Enterprise Series 400 • Sun Microsystems Enterprise Series 2000 • Sun Microsystems Enterprise Series 4000 • Sun Microsystems Enterprise Series 6000 • Sun Microsystems Sunfire Series T2000 • Sun Microsystems Sunfire Series V200 • Sun Microsystems Sunfire Series V400 • Sun Microsystems Sunfire Series V800 • Sun Microsystems Sunfire Series V1000 • Sun Microsystems Sunfire Series V2000 • Sun Microsystems Ultra 10 • Sun Microsystems Ultra 60 • Sun Microsystems Ultra 80 • Sun Microsystems Solaris • Cyclades TS 3000 • Hewlett Packard RP5000 Series • Hewlett Packard RP7000 Series

Attachment 1



C‐2

IA & Boundary Zone Hardware Boundary Zone • Alcatel VPN Gateway 7137 • Netscreen Series 5200 ES Firewall • Netscreen Series 500 ES Firewall • Netscreen Series 200 ES Firewall • Netscreen ISG 1000 FW/VPN/IDP • Cisco Intrusion Detection Sensor 4250 • Cisco Intrusion Detection Sensor 4240 • Cisco Intrusion Detection Sensor 4235 • Cisco Intrusion Detection Sensor 4230 • Foundry Network Load Balancer FCSLB16-Bundle • Foundry Network Load Balancer TS8F-RPS2-Bundle • Trusted Systems Cabinet NMCI-IPS27D-1.5 KVA • Leibert Cabinet NMCI-IPS14P-1KVA • Fortinet Firewall Bundle • Sidewinder G2 Firewall • Quick Eagle DL 3100 Access Multiplexer • Riverbed Interceptor 9200 • Riverbed Steelhead Appliance • Juniper Secure Access 6000 • McAfee IntruShield Appliance • WebWasher Malicious Code Detection and Protection

Routers Network Services • Cisco 10/100/1000 Ethernet • Cisco 2600 Series • Cisco 2900 Series • Cisco 3600 Series • Cisco 3700 Series • Cisco 4000 Series • Cisco 800 Series • Cisco 6015 DSL Concentrator • Cisco 2800 Series • Cisco 3800 Series • Cisco 7500 Series • Cisco 7200 VRX Series • Cisco 4400 WLAN Controller Series • Cisco LWAPP Access Point

Attachment 1



C‐3

Switches Network Services • Cisco 2 Port 10/100 Ethernet • Cisco 3 Port 10/100 Ethernet • Cisco 4 Port 10/100 Ethernet • Cisco 5 Port 10/100 Ethernet • Cisco 8 Port 10/100 Ethernet • Cisco 12 Port 10/100 Ethernet • Cisco 16 Port 10/100 Ethernet • Cisco 18 Port 10/100 Ethernet • Cisco 22 Port 10/100/1000 Ethernet • Cisco 24 Port 10/100/1000 Ethernet • Cisco 48 Port 10/100/1000 Ethernet • Cisco 2 GBIC Port 10 10/100/1000 Ethernet • Cisco 2 GBIC Port 24 10/100/1000 Ethernet • Cisco 2 GBIC Port 48 10/100/1000 Ethernet • Cisco Catalyst Blade 24 Port • Cisco Catalyst 45 • Cisco Catalyst 130 • Cisco Catalyst 450 • Cisco Catalyst 2000 Series • Cisco Catalyst 3000 Series • Cisco Catalyst 4000 Series • Cisco Catalyst 6000 Series • Cisco Chassis 4000 Series • Cisco Chassis 6000 Series • Foundry 16 Port ServerIron X • Cisco Catalyst 2948G • Cisco Catalyst 2980G • Cisco Catalyst 2900 XL • Cisco Catalyst 3500 XL • Cisco Catalyst 3550 • Cisco Catalyst 3560 • Cisco Catalyst 3750 • Cisco Catalyst 4500 Series • Cisco Catalyst 6500 Series • Cisco Catalyst 7600 Series • Enterasys Smartswitch 6000 • Nortel Baystack 450 • Cisco 585 LRE CPE • Cisco Fiber Amplifier 15216

8407

Attachment 1