Payment Card Industry Data Security Standard (PCI DSS) Advisory Consultant
ID: PCI_DSS_Advisory_ConsultantType: Sources Sought
Overview

Buyer

DEPT OF DEFENSEDEPT OF THE AIR FORCEFA9000 AF NAF POJBSA LACKLAND, TX, 78236-9800, USA

NAICS

Other Management Consulting Services (541618)

PSC

SUPPORT- MANAGEMENT: FINANCIAL (R710)

Original Source

https://sam.gov/opp/1c4e4f3ccc9842fcaf36c8ffbd7e19f2/view
Timeline
    Description

    The Department of Defense, specifically the Air Force Services Center (AFSVC), is seeking an advisory consultant to assist in achieving compliance with the Payment Card Industry Data Security Standards (PCI DSS) across its merchant card processing operations. The primary objective is to enhance compliance across 104 installations and over 2,200 point-of-sale systems, focusing on identifying vulnerabilities, optimizing business processes, and ensuring robust security measures are in place. This initiative is critical for safeguarding sensitive financial information and mitigating risks associated with payment card transactions, reflecting the government's commitment to upholding high security standards. Interested parties can contact Valerie Baltimore at valerie.baltimore@us.af.mil or Fay Cameron at fay.cameron@us.af.mil for further information, with the anticipated completion for full compliance targeted by the end of FY26.

    Files
    Title
    Posted
    Attachment 1 Verizon Gap Analysis.pdf
    The document outlines a Request for Information (RFI) regarding the Payment Card Industry Data Security Standard (PCI DSS), specifically focusing on a gap analysis conducted by Verizon. The primary goal is to engage an advisory consultant for assessing compliance and identifying vulnerabilities within the PCI DSS framework. The RFI includes a Q&A section to address potential queries from interested bidders. Key points include the need for a prioritized approach to gap analysis, ensuring that the consultant places emphasis on critical areas impacting data security and compliance. The structure of the document facilitates a clear understanding of the consultant's objectives, expected deliverables, and the overall significance of adhering to PCI DSS standards within government operations. The purpose of this document aligns with federal and state/local RFPs aimed at improving data security measures and protecting sensitive financial information. Engaging an expert consultant emphasizes the government's commitment to upholding security standards and mitigating risks associated with payment card transactions.
    Q and A PCI DSS Consultant.pdf
    The government document addresses the Request for Information (RFI) regarding a Payment Card Industry Data Security Standard (PCI DSS) Advisory Consultant needed by the Air Force Services Center (AFSVC). The primary goal is to enhance compliance with PCI DSS across 104 installations and 2200+ point-of-sale (POS) systems. Key priorities include ensuring compliance, mitigating risks, and optimizing business processes, with a focus on flexible strategies rather than strict timelines. Specific requirements include vendor qualifications, evaluation based on technical solutions and past performances, and the possibility of partnering with subcontractors. Operationally, the AFSVC is conducting market research to assess compliance needs and is open to recommendations for best practices. Furthermore, the document outlines various aspects such as ongoing support expectations, potential tools for compliance, and anticipated metrics for measuring success. Training, accountability, and adherence to compliance guidelines are emphasized as critical components of this initiative, with a targeted completion for full compliance by the end of FY26. This RFI serves as a foundational step toward engaging industry expertise for developing a robust PCI compliance framework, thereby ensuring the security of cardholder data and streamlining processes across AFSVC operations.
    SOO - PCI Advisory Consultant 7 Feb 2025.docx
    The Air Force Services Center (AFSVC) is soliciting an advisory consultant to assist in achieving compliance with the Payment Card Industry Data Security Standards (PCI DSS) for its merchant card processing operations. The objective is to identify and rectify the current non-compliance across over 104 worldwide locations, which process more than 13 million credit card transactions annually. The consultant will provide expert analysis and recommendations in two key areas: PCI DSS compliance advisory and business process improvement for merchant processing. The project encompasses evaluating existing payment systems, identifying vulnerabilities, ensuring security measures are in place, and setting strategies for compliance and risk management. Deliverables include assessments of current processes, training strategies, ongoing monitoring mechanisms, and a detailed plan for implementation. The contractor must present actionable steps and a reliable timeline for achieving PCI DSS compliance and improving overall payment security measures. With a contract period of up to three years, the AFSVC seeks individuals or firms with extensive experience in PCI DSS, particularly with organizations facing complex infrastructure and varied operational demands, exemplifying the military's emphasis on security and operational integrity.
    SOO - PCI Advisory Consultant 7 Feb 2025.pdf
    The Air Force Services Center (AFSVC) is soliciting an advisory consultant to assist in achieving compliance with the Payment Card Industry Data Security Standards (PCI DSS) for its merchant card processing operations. The objective is to identify and rectify the current non-compliance across over 104 worldwide locations, which process more than 13 million credit card transactions annually. The consultant will provide expert analysis and recommendations in two key areas: PCI DSS compliance advisory and business process improvement for merchant processing. The project encompasses evaluating existing payment systems, identifying vulnerabilities, ensuring security measures are in place, and setting strategies for compliance and risk management. Deliverables include assessments of current processes, training strategies, ongoing monitoring mechanisms, and a detailed plan for implementation. The contractor must present actionable steps and a reliable timeline for achieving PCI DSS compliance and improving overall payment security measures. With a contract period of up to three years, the AFSVC seeks individuals or firms with extensive experience in PCI DSS, particularly with organizations facing complex infrastructure and varied operational demands, exemplifying the military's emphasis on security and operational integrity.
    Lifecycle
    Title
    Type
    Payment Card Industry Data Security Standard (PCI DSS) Advisory Consultant
    Currently viewing
    Sources Sought
    Similar Opportunities
    FA830725RB033 MicroFocus Fortify FY25 RFI
    Buyer not available
    The Department of Defense, specifically the Department of the Air Force, is seeking information from vendors regarding alternative licensing models for the MicroFocus Fortify application security platform through a Sources Sought notice. The procurement aims to enhance the security posture of software development processes by soliciting proposals that include Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), with a focus on compliance with industry standards such as NIST, CWE, and OWASP. Vendors are required to provide detailed comparisons of licensing options, pricing structures for transitions and training, and demonstrate how their solutions can integrate with existing security tools while ensuring compliance and facilitating a reduction in application vulnerabilities. Interested parties should contact Ms. M Elizabeth Pittman at martha.pittman@us.af.mil or Jay Walker at jamail.walker.1@us.af.mil for further information.
    PCI-E CARRIER RTM A
    Buyer not available
    The Department of Defense, specifically the Department of the Navy through NAVSUP Weapon Systems Support, is soliciting proposals for the procurement of PCI-E Carrier RTM A components. This opportunity focuses on acquiring specialized parts within the NAICS industry of Other Aircraft Parts and Auxiliary Equipment Manufacturing, which are critical for maintaining and enhancing naval aviation capabilities. The goods sought are essential for the operational readiness and support of various aircraft systems, ensuring the Navy's fleet remains effective and reliable. Interested vendors can reach out to Devon M. McNamee at 215-697-2782 or via email at DEVON.M.MCNAMEE.CIV@US.NAVY.MIL for further details regarding the solicitation process.
    Solicitation for the Defense Commissary Agency (DeCA) Syndicated Data Core Services Capabilities to Continental United States (CONUS) and Overseas Continental United States (OCONUS) Support
    Buyer not available
    The Department of Defense, through the Defense Information Systems Agency (DISA), is soliciting proposals for the Defense Commissary Agency (DeCA) Syndicated Data Core Services, aimed at providing comprehensive grocery retail metrics for both the Continental United States (CONUS) and Outside Continental United States (OCONUS). The procurement seeks qualified contractors to deliver various data services, including point-of-sale (POS) scan information and access to retail grocery panel databases, with a focus on technical compliance and cost-effectiveness. This initiative is critical for enhancing the operational capabilities of DeCA in managing grocery retail data, which supports military personnel and their families. Proposals are due by March 27, 2025, and interested parties should direct inquiries to Holly Sanders at holly.e.sanders.civ@mail.mil or R. DeAnn Mooney at rebecca.d.mooney.civ@mail.mil for further information.
    Industry/Demonstration Day: AFDW Publicly Available Information (PAI) Alerting Service
    Buyer not available
    The Department of Defense, specifically the Air Force District of Washington, is seeking a subscription-based Publicly Available Information (PAI) Alerting Service to enhance situational awareness and force protection. The service must leverage diverse publicly accessible information sources to provide real-time alerts based on user-defined criteria, ensuring compliance with data sources’ terms of service and robust user privacy protections. This initiative is critical for the DoD's operational framework, emphasizing accessibility and scalability to meet enterprise requirements, with the project expected to commence in June 2026 and extend over a base period plus four optional years. Interested parties can contact Capt Richard Snyder at richard.snyder.12@us.af.mil or Kevin Harrington at kevin.harrington.3@us.af.mil for further details.
    USSC Cisco Requirement
    Buyer not available
    The Department of Defense, through the Department of the Air Force, is seeking input from qualified small businesses regarding the USSC Cisco Requirement, as outlined in a Sources Sought notice issued by the 21st Contracting Squadron at Peterson Space Force Base. This initiative aims to gather market research on computer and peripheral equipment, specifically focusing on Cisco products such as routers, switches, and associated licenses, which are critical for enhancing network infrastructure capabilities. The procurement is intended to ensure compliance and reliability in public sector IT infrastructure, with responses requested by March 13, 2025, to facilitate future acquisition processes. Interested parties should direct their inquiries to Aaron Smith at aaron.smith.103@spaceforce.mil or call 719-556-9087 for further information.
    FA830725RB032 SD Elements FY25 RFI
    Buyer not available
    The Department of Defense, specifically the Department of the Air Force, is seeking information from vendors regarding the provision of threat modeling software, SD Elements, through a Sources Sought notice titled "FA830725RB032 SD Elements FY25 RFI." The procurement aims to identify solutions that can customize threat models, enforce NIST security standards, and integrate with DevSecOps processes, all while operating within a Kubernetes environment and utilizing single sign-on protocols. This software is crucial for enhancing software security compliance and efficiency throughout the development lifecycle, particularly for defense applications. Interested vendors should reach out to Ms. M Elizabeth Pittman at martha.pittman@us.af.mil or Maj. Jamail Walker at jamail.walker.1@us.af.mil for further details on the requirements and submission process.
    VPX accessory components to include network cards, network expander cards and power supplies.
    Buyer not available
    The Department of Defense, specifically the Naval Sea Systems Command, is seeking proposals for the procurement of VPX accessory components, including network cards, network expander cards, and power supplies, to support the Machinery Control Systems (MCS) Tech Refresh for multiple ships. This procurement involves a Firm-Fixed-Price Indefinite-Delivery-Indefinite-Quantity (IDIQ) contract valued at approximately $12,071,630, aimed at modernizing aging systems and ensuring operational capability. The components are critical for maintaining compatibility with existing systems and enhancing the Navy's technological infrastructure. Interested vendors should contact William Devito at william.j.devito8.civ@us.navy.mil or by phone at 215-498-0039 for further details regarding the solicitation process.
    FMxC2/G081 field maintenance data information system.
    Buyer not available
    The Department of Defense, through the Defense Information Systems Agency (DISA), is seeking small businesses capable of providing sustainment support services for the FMxC2/G081 field maintenance data information system. The procurement focuses on full lifecycle development and system sustainment, including software design, system architecture, administration, and incident response, utilizing agile methodologies. This opportunity is critical for maintaining operational efficiency within the Air Force, with contract performance anticipated from January 2026 to January 2031, primarily based in Oklahoma City. Interested businesses must possess a Secret Facility Clearance and respond with their capabilities by March 20, 2025, to Chasity Revisky at chasity.l.revisky.civ@mail.mil or Christopher Enriquez at christopher.m.enriquez.civ@mail.mil.
    TPS Classroom Network Consoles for Building B2750
    Buyer not available
    The Department of Defense, specifically the U.S. Air Force Test Pilot School (TPS), is seeking proposals for the design and installation of classroom network consoles in Building B2750 at Edwards Air Force Base, California. The project aims to create customizable consoles for 36 users, integrating various technology equipment while adhering to SCIF security standards, including TAA and TEMPEST compliance. This initiative is crucial for enhancing the technological capabilities of training environments while ensuring operational security. Interested vendors must submit their proposals by March 10, 2025, and can direct inquiries to Justin T. Fobel at justin.fobel@us.af.mil or Brianna Vicsotka at brianna.vicsotka.1@us.af.mil.
    65th SOS MGCS Security System Installation
    Buyer not available
    The Department of Defense, specifically the Air Force, is seeking qualified small businesses to install and service a security system for the 65th Special Operations Squadron at Hurlburt Field, Florida. The project involves the installation of an alarm system for GCS Bay 7, including the integration of a new fiber line and a Protected Distribution System (PDS) alarmed conduit, with a total contract value of $25 million. This initiative underscores the importance of enhancing military operational security through updated technological infrastructure, while also promoting opportunities for Women-Owned Small Businesses (WOSB) in federal contracting. Interested contractors must submit their proposals electronically by March 21, 2025, and can direct inquiries to Rowan Thom at rowan.thom.1@us.af.mil or Melissa Perez Hughes at melissa.perez-hughes@us.af.mil.