CSO Call 003 TRANSCOM "Medical" Regulating and Command & Control Evacuation System (TRAC2ES)

This document is a Nondisclosure Agreement (NDA) for contractors involved with United States Transportation Command (USTRANSCOM) contracts, specifically for the "Medical" Regulating and Command & Control Evacuation System (TRAC2ES) Request for Quote. The agreement aims to protect Controlled Unclassified Information (CUI) from unauthorized disclosure, prevent conflicts of interest, and ensure compliance with federal statutes. Contractors agree not to disclose CUI to unauthorized parties, use it only for the specified government purpose, and protect it from inadvertent disclosure. They are obligated to report breaches, understand that the agreement's terms apply indefinitely unless explicitly released, and acknowledge potential civil or criminal penalties for violations. The NDA is personal to the signatory, binding their employing entity, and remains in effect regardless of changes in employment.

Attachment 2 of the TRAC2ES Technical Data Package (TDP) lists essential documents for offerors, including system descriptions, interface control documents, and security plans. Key documents cover system/subsystem design, access control, administration, database design, and various interface control documents for systems like DEERS, ADVANA, MEDCOP, MEIS, OMDS, and TMDS. Additionally, the package includes security-focused plans, a Red Criticality Controls Plan, a Requirements Traceability Matrix, and a Security System Plan with a Vulnerability Management Plan. These documents, which are subject to updates and provided in the most current version upon request, are crucial for understanding the TRAC2ES system's technical specifications, security protocols, and operational interfaces within the context of government RFPs.

TRAC2ES Attachment 1 outlines the extensive governing guidance and directives for federal government operations, particularly within defense and information technology sectors. This comprehensive list includes various Code of Federal Regulations (CFRs), DoD Instructions and Manuals, DFARS, USTRANSCOM Instructions, and NIST Special Publications. Key areas covered encompass national industrial security, controlled unclassified information (CUI), information and communication technology standards, earned value management, information assurance, cybersecurity, privacy, records management, antiterrorism support, and workforce management. The document also details specific guidance on information security programs, physical security, data sharing, interoperability of IT systems, risk management frameworks, identity authentication, cyber incident response, and health information security. Additionally, it references standards for cryptographic modules, security categorization of federal information systems, and guidelines for developing security plans and conducting risk assessments. The directives emphasize compliance with various federal and departmental regulations to ensure secure, efficient, and compliant operations across diverse government functions.

U.S. Transportation Command (USTRANSCOM) is seeking innovative commercial solutions to enhance, sustain, and modernize its Transportation Command "Medical" Regulating and Command & Control Evacuation System (TRAC2ES). This Commercial Solutions Opening (CSO) Call 003, under TRANSCOM25CSO001, aims to address challenges in scalability, performance, cybersecurity, interoperability, and operational efficiency. The proposed solutions must align with Department of War (DoW) standards, including Zero Trust principles, and support multi-cloud platforms in both unclassified and secret environments. Key attributes include agile methodology, cloud migration, CI/CD pipelines, AI integration, Zero Trust Architecture, automated security compliance, advanced encryption, HIPAA compliance, CMMC Level 2, AI/ML for optimization, API-first architecture, BI tools, scalability for 8,000 concurrent users, secure mobile applications, modern training, and 24/7 global Tier II/III Service Desk. USTRANSCOM intends to award a single FAR-based contract in FY26, with an anticipated budget of $27M-$37M for a performance period from June 1, 2026, to May 31, 2031. Solution Briefs are due by 10:00 AM (CT) on March 26, 2026.

The TRANSCOM25CSO001 document outlines questions and answers regarding the USTRANSCOM Transportation Command "Medical" Re-architecture of the Command & Control Evacuation System (TRAC2ES) IT Enterprise Modernization (ITEM) Solutions. The government clarified that formal ARTs with ceremonies and team-level Scrum are required, with GitLab for CI/CD. The solution requires a single mobile application for iOS and Android, focusing on mission-critical capabilities for medical flight crews and other users in both unclassified and classified environments. Tier II/III support handles all initial calls, with average ticket volumes provided. ServiceNow and Jira are used for ticketing. The government extended the submission date to April 1, 2026. The architecture must be cloud-agnostic, support SECRET deployment, and operate worldwide. The current TRAC2ES is 75% modernized, hosted in AWS GovCloud, and will undergo progressive modernization to a DevSecOps environment. The MVP will be defined during a 60-day transition period, focusing on sustainment and agreed-upon features. The estimated budget range is $27M–$37M, and a firm-fixed-price ROM for the full performance period is required in the white paper. CMMC Level 2 self-assessment applies to both prime and subcontractors.

The USTRANSCOM Inform Transportation Command “Medical” Reg Call 0 document outlines questions from offerors and government responses regarding the TRAC2ES modernization effort. Key areas of clarification include the requirement for SAFe implementation, current agile maturity, CI/CD tools, training frequency, and the enhancement of existing TRAC2ES web and mobile applications for iOS and Android. The government clarified that formal ARTs are required, team-level Scrum is currently used, and GitLab is their CI/CD tool. The mobile application will be a single application with different functions, initially for Medical Flight Crews, Aeromedical Evacuation Liaison Teams, and Aeromedical Staging Facilities. The government also confirmed that Tier II/III support is handled by the contractor, with average ticket volumes of 263 for Tier II and 4.5 for Tier III. The Rough Order of Magnitude (ROM) estimate should be included in the White Paper, and CUI submissions should use secure methods like DOD SAFE. The main challenge is transitioning to a DevSecOps environment while addressing scalability, performance, cybersecurity, and interoperability. The deadline for Phase I submissions has been extended to April 1, 2026, and the font for technical responses must be Times New Roman 10-12pt. A 60-day transition period is anticipated, during which the Minimum Viable Product (MVP) will be defined, focusing on sustaining current TRAC2ES code and agreed-upon features. The overall program budget range is $27M–$37M.