CISA Indefinite Delivery Indefinite Quantity Contract
ID: 47QFRA25K0003Type: Sources Sought
Overview

Buyer

GENERAL SERVICES ADMINISTRATIONFEDERAL ACQUISITION SERVICEGSA FAS AAS REGION 8DENVER, CO, 80225, USA

NAICS

Computer Systems Design Services (541512)

Original Source

https://sam.gov/opp/5eaa3aac3c9e4b29a65ce9376f0c6131/view
Timeline
    Description

    The General Services Administration (GSA) is seeking industry partners for an Indefinite Delivery Indefinite Quantity (IDIQ) contract on behalf of the Cybersecurity and Infrastructure Security Agency (CISA) to enhance the nation's cybersecurity capabilities. The procurement aims to gather insights for a multiple award vehicle that will support various service areas, including project management, capability implementation, and operational support, with a total estimated requirement of $18-20 billion over ten years. This initiative is critical for improving cybersecurity measures across federal systems and includes a focus on developing a cloud-based Cybersecurity Virtual Learning Environment (CVLE) to address skill gaps through comprehensive training programs. Interested parties should submit their responses by March 7, 2025, and can contact David Shamburger at david.shamburger@gsa.gov or Aaron Maddox at aaron.maddox@gsa.gov for further information.

    Point(s) of Contact
    David Shamburger
    david.shamburger@gsa.gov
    Aaron Maddox
    aaron.maddox@gsa.gov
    Files
    Title
    Posted
    Attachment 1 - CISA IDIQ - PWS as of 2-13-2025.pdf
    The document outlines an Indefinite Quantity Indefinite Delivery (IDIQ) Contract meant to bolster the cybersecurity capabilities of the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS). Key efforts include the Continuous Diagnostics and Mitigation (CDM) Program, which enhances the security posture of federal civilian executive branch agencies. The IDIQ contract aims to provide flexible, iterative deployment of cybersecurity solutions, ensuring compliance with federal mandates while addressing evolving cybersecurity risks. The scope encompasses a range of services including project management, requirements management, capability implementation, and maintenance of cybersecurity tools and standards. Emphasis is placed on leveraging commercial off-the-shelf products, fostering inter-agency cooperation, and supporting continuous improvement of security systems in response to emerging threats. A structured approach to tasks ensures alignment with CISA’s strategic goals, providing ancillary support, training, and critical incident response capabilities. The IDIQ also extends services to state, local, tribal, and territorial governments through a cooperative purchasing program, thus enhancing national cybersecurity resilience. Overall, the document serves as a comprehensive framework for prospective contractors to understand the government’s needs in terms of cybersecurity enhancement and related services, thus driving effective procurement and service delivery aligned with national security objectives.
    Attachment 2 - RFI for Cyber Training Program 02-13-2025.pdf
    The General Services Administration (GSA) is issuing a Request for Information (RFI) on behalf of the Cybersecurity and Infrastructure Security Agency (CISA) to identify industry partners capable of developing and managing a cloud-based Cybersecurity Virtual Learning Environment (CVLE) and creating cybersecurity training materials. The objective is to enhance the skills of various stakeholders across federal, state, and private sectors, addressing critical cybersecurity skill gaps through diverse training methods. The RFI outlines a dual focus on Cybersecurity Training and Cyber Range training capabilities. The training program aims to provide entry-level to advanced cybersecurity training, employing interactive labs and adapting to different delivery methods. Additionally, the CVLE will support remote, realistic training scenarios for participants in a controlled environment. Stakeholders are encouraged to submit responses detailing their corporate experience, existing government contracts, and recommendations for structuring the acquisition approach. The document calls for input on the expertise needed for managing and optimizing cloud-based systems, developing educational curricula, and enhancing the federal cyber workforce through targeted training programs. Overall, the RFI seeks to bolster national cybersecurity readiness via comprehensive education and hands-on training solutions.
    Attachment 3 - Capacity Building Training Program Capabilities and Requirements.pdf
    The Cybersecurity and Infrastructure Security Agency (CISA) is establishing a comprehensive training program aimed at enhancing the nation's cybersecurity capacity among federal, state, local, tribal, territorial, and private sector stakeholders. This initiative includes a diverse range of training offerings focused on both proactive measures, termed "Securing Systems," and reactive approaches, defined as "Incident Response." Key components of the program involve developing and delivering asynchronous and synchronous courses across various topics such as network security, ransomware defense, incident triage, and digital forensics. The training ensures adherence to the NICE Framework, reinforcing skill development for entry-level to advanced practitioners. A significant part of the program is the Cybersecurity Virtual Learning Environment (CVLE), which provides dynamic, simulated training labs. It emphasizes real-world application through hands-on activities, reinforcing training effectiveness. Additionally, the Skilling Academy will target federal employees, delivering tailored curricula to address workforce gaps and ensure alignment with evolving cybersecurity challenges. This strategic approach reflects CISA’s commitment to fortifying the nation's resilience against cyber threats through effective training and skill development initiatives.
    RFI - CISA IDIQ_47QFRA25K0003_02-13-2025 .pdf
    The General Services Administration (GSA) is issuing a Request for Information (RFI) on behalf of the Cybersecurity and Infrastructure Security Agency (CISA) to gather market research and insights from industry stakeholders regarding an upcoming acquisition strategy. This RFI focuses on the potential deployment of a multiple award vehicle and the Cyber Training requirement as part of capacity building initiatives. It emphasizes the government's goal to enhance organizational capabilities, reduce redundancies, and improve cybersecurity measures across federal systems. The proposed structure will include service areas related to project management, requirements management, capability implementation, and operational support, alongside procurement of cybersecurity products. The total estimated requirement for this initiative is between $18-20 billion over ten years, reflecting the need for scalable and adaptable solutions. The document invites industry feedback on various aspects, including potential NAICS codes, procurement challenges, and the integration of small businesses. Participants are required to submit responses by March 7, 2025, adhering to specified guidelines for content and structure. Overall, the RFI aims to enhance collaboration with industry partners to meet CISA's critical objectives in strengthening the nation’s cybersecurity infrastructure.
    Lifecycle
    Title
    Type
    CISA Indefinite Delivery Indefinite Quantity Contract
    Currently viewing
    Sources Sought
    Similar Opportunities
    Cybersecurity & Infrastructure Security Agency (CISA) Future Forward Series
    Buyer not available
    The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) is hosting the Future Forward Series, a set of virtual industry engagement events aimed at fostering innovation in cybersecurity and infrastructure. The series will consist of five events throughout fiscal year 2025, with the first event scheduled for February 25, 2025, focusing on the challenges related to enterprise data. These events are designed to engage vendors in discussions about CISA's technologies of interest, although they will not cover specific procurement actions or solicitations. Interested participants must register via Microsoft Teams, and inquiries can be directed to CISA Industry Engagement at cisaindustryengagement@cisa.dhs.gov. Please note that participation does not incur costs to the government, and the events are exclusive to vendors.
    CISA Chief of Contracting Office (COCO) Biannual FY25 Industry Day
    Buyer not available
    The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) is hosting a virtual Industry Day on November 20, 2024, to discuss projected procurements for Fiscal Year 2025 (FY25). The event aims to provide industry updates on CISA's contractual requirements, including key tasks related to emergency communications, stakeholder engagement, and IT services, with anticipated contract values ranging from $2 million to $500 million. This initiative is crucial for enhancing the nation's infrastructure and cybersecurity capabilities, fostering collaboration among federal, state, and local resources. Interested parties can register for the event via the link provided in the announcement, and for further inquiries, they may contact CISA COCO APFS at cisaapfsvendorinquiries@mail.cisa.dhs.gov.
    CBRN Commercial Items IDIQ
    Buyer not available
    The General Services Administration (GSA) is soliciting proposals for a multiple award Indefinite Delivery, Indefinite Quantity (IDIQ) contract titled "CBRN Commercial Items IDIQ," aimed at acquiring essential equipment and supplies for the Joint Program Executive Office for Chemical, Biological, Radiological, and Nuclear Defense (CBRND). This procurement is exclusively set aside for small businesses and seeks brand name commercial items, including personal protective equipment and CBRN detection devices, to enhance the U.S. military's defense capabilities against CBRN threats. The total ceiling value for this contract is $500 million, with a performance period of up to 5 years and 6 months, and proposals are due by March 24, 2025. Interested contractors can reach out to Abbey Gallivan at abbey.gallivan@gsa.gov or Jen Sutherland at jennifer.sutherland@gsa.gov for further information.
    CISA COCO Industry Day: CISA Enterprise Engineering and Operations Support Services (CEEOSS)
    Buyer not available
    Sources Sought HOMELAND SECURITY, DEPARTMENT OF CISA COCO Industry Day: CISA Enterprise Engineering and Operations Support Services (CEEOSS) is a notice seeking information from potential vendors for the procurement of Enterprise Engineering and Operations Support Services for the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). This service is typically used to provide support and assistance in the areas of enterprise engineering and operations for CISA. The Industry Day event will provide an overview of the requirement and allow for industry feedback and recommendations. The event will be held virtually via Microsoft Teams on Friday, January 12, 2024, from 10:00AM to 11:00AM EST. The event will include a briefing on the draft Statement of Work (SOW) and a question-and-answer period. The current Task Order 70RCSJ23FR0000001 will be recompeted, with an increase in scope due to congressional acts and strategic priorities. Registration for the event will be provided at a later date. Please note that this Industry Day Notice is not a Request for Proposal (RFP) or an invitation for bid, and the Government does not intend to make an award based on this event.
    Alliant 3 GWAC, Request for Proposal (RFP)
    Buyer not available
    The General Services Administration (GSA) is soliciting proposals for the Alliant 3 Governmentwide Acquisition Contract (GWAC), aimed at providing a wide range of information technology (IT) services to federal agencies. This procurement seeks to establish a Multiple Award, Indefinite-Delivery, Indefinite-Quantity (IDIQ) contract that allows for flexible task order issuance without a maximum ceiling, while ensuring a minimum contract guarantee of $2,500. The Alliant 3 GWAC is crucial for streamlining IT service acquisitions across government entities, emphasizing performance-based contracting and standardized labor categories to enhance pricing consistency and service delivery. Interested contractors must submit their proposals by February 3, 2025, and can direct inquiries to Roman Rodriguez at Alliant3QA@gsa.gov.
    The CISA Future Forward Series: Discussion on CISA's AI Roadmap and AI Security Initiative
    Buyer not available
    Special Notice: HOMELAND SECURITY, DEPARTMENT OF - CISA CONTRACTING ACTIVITY The Cybersecurity and Infrastructure Security Agency (CISA) is hosting an industry engagement event to discuss CISA's Artificial Intelligence (AI) Roadmap and Security Initiative. The event will focus on understanding the benefits and risks of AI and ensuring the preparedness of critical infrastructure owners and operators. CISA has developed an AI Roadmap aligned with the national AI strategy to enhance cybersecurity capabilities, protect AI systems from cyber-based threats, and deter malicious use of AI capabilities. The event will be virtual and held on Tuesday, March 26, 2024, from 1:30 to 2:30 pm ET. Please note that this event does not involve specific procurement actions or details. For more information, contact CISAIndustryEngagement@cisa.dhs.gov.
    Multiple-Award Indefinite Delivery/Indefinite Quantity (IDIQ) Term Contract\ for Full Service Architectural and Engineering Services
    Buyer not available
    The General Services Administration (GSA) is seeking interested parties for a Multiple-Award Indefinite Delivery/Indefinite Quantity (IDIQ) contract for Full Service Architectural and Engineering Services within its Mid-Atlantic Region. The contract will cover services related to repairs, renovations, and modernizations of federal facilities, particularly in occupied buildings that may have historical significance, with projects typically valued up to $5 million. Firms responding to this Sources Sought Notice must demonstrate their experience in relevant projects and outline their capacity to manage multiple concurrent task orders, as the information gathered will inform the government's acquisition decisions with a focus on maximizing opportunities for small businesses. Responses are due by February 28, 2025, and interested parties should contact Janet Coker at janet.coker@gsa.gov or Daniel Langan at Daniel.Langan@gsa.gov for further inquiries.
    R--Federal Geographic Data Committee (FGDC) Support for Geospatial Shared Services
    Buyer not available
    The Department of the Interior, specifically the U.S. Geological Survey (USGS), is seeking information from potential providers to support the Federal Geographic Data Committee (FGDC) in developing Geospatial Shared Services. This initiative aims to implement the National Spatial Data Infrastructure (NSDI) as mandated by the Geospatial Data Act of 2018, requiring contractors to deliver programmatic support, data management, technical implementation, and user training in cloud-based environments. Interested organizations, including businesses and nonprofits, are invited to submit their qualifications and feedback on the draft Statement of Work by February 26, 2025, as part of a market research effort leading to a multiple award Indefinite-Delivery Indefinite-Quantity (IDIQ) contract effective from August 16, 2025, to August 15, 2030. For further inquiries, interested parties can contact Ty Dehart at tdehart@usgs.gov.
    Request for Information: New Modern Software Delivery Multiple Award IDIQ
    Buyer not available
    The Department of Defense, specifically the Department of the Army, is seeking responses for a Request for Information regarding the Modern Software Delivery Multiple Award Indefinite Delivery Indefinite Quantity (MAIDIQ) contract, valued at $50 billion. This initiative aims to enhance the Army's software development capabilities through rapid design, deployment, and maintenance of critical software systems, utilizing Agile methodologies and ensuring compliance with cybersecurity standards. The contract emphasizes the importance of modern software practices in supporting the Army's operational efficiency and digital transformation efforts. Interested parties can reach out to the DC3OE MSD IDIQ Team at usarmy.apg.acc.mbx.dc3oe-msd-idiq-mailbox@army.mil for further details and guidance on participation.
    CISA Chief of Contracting Office (COCO) Biannual FY24 Industry Day
    Buyer not available
    Special Notice: HOMELAND SECURITY, DEPARTMENT OF is hosting the CISA Chief of Contracting Office (COCO) Biannual FY24 Industry Day. This virtual event aims to provide updates on known FY24 CISA procurements and projected FY25 procurements. It also offers an opportunity for question and answers with CISA COCO Contracting Officers. The event will take place on Wednesday, May 1, 2023, from 10:00AM to 12:00PM EST via Microsoft Teams. Registration details will be provided at a later date. Please note that this Industry Day Notice is not a Request for Proposal (RFP) or an invitation for bid, and the Government does not intend to make an award or pay for the information received.