Contract Number: NRC-HQ-10-17-A-0008
Period of Performance: Base Period – June 5, 2017 – September 29, 2019
Contract Description:
The Nuclear Regulatory Commission (NRC) GLobal INfrastructure and Development Acquisition (GLINDA) program has a base period of performance from date of award through September 29, 2019 plus three one-year options, and a maximum potential value of $679 million if all options are exercised. GLINDA provides a wide variety of Information Technology (IT) support services to the NRC Headquarters located in Rockville, MD; four Regional Offices located in King of Prussia, PA; Atlanta, GA; Lisle, IL; and Arlington TX; as well as the NRC Technical Training Center located in Chattanooga, TN.
GLINDA uses a flexible Blanket Purchase Agreement (BPA) – Indefinite Delivery Indefinite Quantity (IDIQ) structure and offers an innovative approach to NRC’s enterprise-wide strategic IT planning and management. Under the contract, AESY and our partners support all NRC location sites in five core IT service areas:
- Seat Services
- Network Services
- Data Center/Cloud Services
- Operational Security Services
- Application Operations, Maintenance, and Modernization Services
TASK AREA 1 - DENIX Platform Modernization Research, Development, Test, and Engineering (RDT&E)
The contractor shall leverage DevSecOps transformation principles in alignment the DoD Enterprise DevSecOps Initiative Master Approach Document (v.1.6) and emerging DoD Enterprise cloud approaches and shall increase the use of automation across every aspect of operations. The contractor shall continuously seek to decouple the functionality of DENIX into discrete parts using continuous refactoring within a DevSecOps CI/CD pipeline in order transform DENIX from a monolithic N-Tier to a modern API driven, micro-services based, containerized, self-services application platform with validated security built in, automated, and documented. The contractor shall work with the government to develop a validated auditable process that enables DENIX to achieve continuous Authorization to Operate (ATO) under Risk Management Framework (RMF) while rapidly and continually evolving to incorporate new and advanced features at a rapid pace that are secure by design, fully tested and DoD compliant from the start.
- Design, develop, integrate, test, and recommend enhancements to the DENIX platform and associated modules
- Leverage modern technology to enhance platform operations
- Incorporate applications that promote machine learning / artificial intelligence to enhance the functionality, components, and user interface of the DENIX platform
- Incorporate machine learning capabilities to enhance Explosive Ordnance Disposal (EOD) and Recovered Chemical Warfare Material (RCWM) applications to streamline business processes
TASK AREA 2 - DENIX Platform Sustainment Objectives
- Maintain active content and ensure contents compatibility with any applicable DoD / Army security guidelines, which includes the DISA/NSA Security Technical Implementation Guides (STIG), Security Requirements Guides (SRGs), DoDI 8510.01, NIST 800-53 SA-4, DoDs Transition to Risk Management Framework (RMF), NIST SP 800-37, and DoDI 8500.01. (See Part 6, Section 6.1 of PWS)
- Maintain the Knowledge-Based Corporate Reporting System (KBCRS) module within the DENIX platform
- Maintain and update the KBCRS database
- Design, code, and maintain document-ready reports necessary for completing the Defense Environmental Program Annual Report to Congress (DEPARC)
- Maintain, implement, and oversee measures to enhance customer / end user support within the DENIX platform
- Maintain the architectural design of the DENIX platform and ensure compliance with DoD / Army networks/systems
- Develop, document, and maintain software and hardware that ensure the functionality of the DENIX platform
- Maintain 90% platform functionality to ensure transparency with public community
- Ability to relocate DENIX platform to another cloud hosting environment, in the event that the government requires relocation with a minimum impact (less than 10%) to the daily operations
- Manage content to ensure top grade customer support and website customization support
- Ensure 100% online operation of DENIX platform
- Ensure Service collaboration to promote seamless architecture support (Army Business Enterprise Architecture / DoD Architecture Framework/ Integrated Business Framework-Data Alignment Portal)
- Maintain search engine optimization to enhance customer support / platform user ability
- Transition DOD systems / applications / reporting tools into DENIX platform
- Ensure seamless transition/transfer of programs/application that support Service collaboration and transparency
- Ensure the current Amazon Web Service (AWS) cloud-hosting environment is maintained and operational and functional and capable of relocating to a new cloud hosting network at the direction of the Government
- Maintain functional, current, and user accessible data repositories (libraries and archives) that are easily navigated by end users
- Enable/ maintain application programming interfaces (API) / Cloud native tools for better end user functionality
- Ensure all help desk requests are actioned within 24 hours of submission
- Establish help desk
TASK AREA 3 - DENIX Platform Protection & Cyber Security Objectives
- Maintain security certifications necessary to operate on the Enterprise Mission Assurance Support System (eMASS) where the Government shall retain Authority to Operate (ATO) on DOD Networks, which are based on security and network compliance
- Maintain compliance with the DOD Risk Management Framework (RMF) Assessment and Authorization Process
- Develop and maintain cyber security documentation
- Validate platform security IAW current and future DOD policy
- Ensure procedures are in place to protect platform vulnerabilities, provide alerts, responses to cyber incidents and security threats, and a failsafe solution(s) to protect the integrity and documentation of the platform
- Implement business processes that streamline coordination with DISA to facilitate DISA Systems Network Approval Process (SNAP) and Ports, Protocols, and Services Management (PPSM) records support
- Maintain 100% compliance with DISA application security and development STIG requirement
- Maintain 100% compliance with Assured Compliance Assessment Solution (ACAS) and Host Based Security System (HBSS) management and monitoring
- Retain 100% accountability of all cyber and eMASS documentation for the DENIX platform
- Ensure procedures are in place to support cross region replication (disaster recovery/continuity of operations)
- Ensure Government is notified within 1 hour of any system issues, outages, or cyber incidents
TASK AREA 4 - DENIX Platform Application Management Objectives
- Obtain and retain 100% platform compliance with DOD IT policies
- Establish and implement a sound risk management system to operate the DENIX platform and that documentation is available to the Government
- Create a programmatic management plan consisting of schedules, reviews, platform performance, and monthly costs
- Reduce platform vulnerabilities and mitigates risks
- Develop a Quality Control System for the DENIX platform
Points of Contact |
---|
Sheila Andahazy Gregory Passes Jessica Huddle Toni Fisher Jacqui Soltero |
Quality Commitment |
---|
Quality Assurance Program |
Partners |
---|
DELTA Resources |