DEFENSE INFORMATION SYSTEMS AGENCY DISA USA Tender

Sources Sought Notice 842571644 the Defense Information Systems Agency (disa) Is Seeking Sources For Dod Niprnet (impact Level (il) 5) And Siprnet (impact Level 6) Ediscovery Software As A Service (saas), A Web-based Platform That Is Fully Integrated Into The Department Of Defense Information Network (dodin) And Has Disa’s Authorization To Operate On Both Il5 And Il6. contracting Office Address: disa/ditco-scott/pl8413 2300 East Drive scott Afb Il 62225-5406 introduction: this Is A Sources Sought Notice To Determine The Availability And Technical Capability Of Small Or “other Than Small” Businesses (including The Following Subsets: Small Disadvantaged Businesses, Certified 8(a), Service-disabled Veteran-owned Small Businesses, Hubzone Small Businesses And Woman-owned Small Businesses) To Provide The Required Products And/or Services. the Department Of Defense (dod) Office Of General Counsel (ogc) Is Seeking Information From Potential Sources For A Cloud Based (gov/mil Cloud) Ediscovery Saas That Is Federal Risk And Authorization Management Program (fedramp) Approved At High Impact Levels 5 And 6 (il5 And Il6) And Has Or Has The Ability To Achieve Disa’s Authorization To Operate (ato) On Both Niprnet And Siprnet. this Il5/il6 Ediscovery Saas Must Meet The Requirements In This Document And Have The Required Security Controls And Data Protection Functions To Comply With All Federal And Dod Requirements. Ogc Requires Two Distinct Systems, (1) A System Certified At Il5 (unclassified) Level And Accessible On The Niprnet With A “.mil” Domain; And (2) A System Certified At Il6 (secret) Level And Accessible On The Siprnet With A “.scloud” Or “.smil.mil” Domain. Both The Il5 And The Il6 Systems Must Be Fully Operational At The Time Of Contract Award. the Anticipated Period Of Performance Is Base Year With Four, One Year Options. base Year: January 4, 2026, Through January 3, 2027 option Year 1: January 4, 2027, Through January 3, 2028 option Year 2: January 4, 2028, Through January 3, 2029 option Year 3: January 4, 2029, Through January 3, 2030 option Year 4: January 4, 2030, Through January 3, 2031 the Anticipated Place Of Performance Is Arlington, Virginia. disclaimer: this Sources Sought Notice Is For Informational Purposes Only. This Is Not A Request For Proposal. It Does Not Constitute A Solicitation And Shall Not Be Construed As A Commitment By The Government. Responses In Any Form Are Not Offers And The Government Is Under No Obligation To Award A Contract As A Result Of This Notice. No Funds Are Available To Pay For Preparation Of Responses To This Notice. Any Information Submitted By Respondents Is Strictly Voluntary. contract/program Background: contract Number: Hc108421c0002 contract Vehicle: Gsa incumbent And Their Size: Casepoint, Llc (small Business At The Time Of Contract Award) method Of Previous Acquisition: Full And Open Competition period Of Performance: Base Year With Four, One-year Options base Year: January 4, 2021, Through January 3, 2022 option Year One: January 4, 2022, Through January 3, 2023 option Year Two: January 4, 2023, Through January 3, 2024 option Year Three: January 4, 2024, Through January 3, 2025 option Year Four: January 4, 2025, Through January 3, 2026 required Capabilities: 1. Dod Ogc Requires An Ediscovery Saas That Has Disa Risk Management Executive (rme) Cybersecurity Accreditation And Authorization To Operate (ato) On Niprnet At Fedramp Il5, On An Authorized “.mil” Website, At The Time Of Contract Award. provide Your Company’s Current: ditpr Id For Your Nipr Ediscovery Saas: disa Rme Ato Authorization Date: whether This Ato Is A “type Authorization” (yes/no/in-progress): disa Rme Ato Authorization Termination Date: “.mil” Website Domain: or provide Your Company’s Anticipated Date Of Obtaining A Disa Rme Ato; Ditpr Id; And “.mil” Website Domain, For Your Nipr Ediscovery Saas. 2. Dod Ogc Requires An Ediscovery Saas That Has Disa Rme Cybersecurity Accreditation And Ato On Siprnet At Fedramp Il6, On An Authorized “.scloud” Or “.smil.mil” Website, At The Time Of Contract Award. provide Your Company’s Current: ditpr Id For Your Sipr Ediscovery Saas: disa Rme Ato Authorization Date: whether This Ato Is A “type Authorization” (yes/no/in-progress): disa Rme Ato Authorization Termination Date: “.scloud” Or “.smil.mil” Website Domain: or provide Your Company’s Anticipated Date Of Obtaining A Disa Rme Ato; Ditpr Id; And “.scloud” Or “.smil.mil” Website Domain, For Your Sipr Ediscovery Saas. 3. Dod Ogc Requires That The Ediscovery Saas Have Integrated (on Niprnet And/or Siprnet) Legal Hold Management Tools, With Capability To Manage Legal Holds And Data Preservation Efforts Using Correspondence Templates, Alerts, Email Notifications, Custodian Response Tracking, Reporting, And Audit Features. The Legal Hold Functionality Must Be Able To Connect Directly To Microsoft Office Dod365-j Email Accounts, To Send Email Notifications To Recipients From Dod Ogc Email Accounts (that Is, From “@mail.mil” Accounts). describe The Legal Hold Management Capabilities Of Your Company’s Ediscovery Saas, Including Whether Your Tools Are Capable Of Sending Email Notifications From Microsoft Office Dod365-j (“@mail.mil”) Email Accounts. 4. Dod Ogc Requires That The Ediscovery Saas Have Integrated (on Niprnet And/or Siprnet) Freedom Of Information Act (foia) Case Management Tools, With Capability To Manage Foia Requests, Track Progress Of Foia Processing Tasks, And Generate Case Activity Reports. describe The Foia Case Management Capabilities Of Your Company’s Ediscovery Saas. 5. Dod Ogc Requires That The Company Be Able To Share Unclassified Data Generated From Its Il5 Ediscovery Saas On A Secure Website Or Portal That Exists Outside The Niprnet (e.g., Via A “.com” Domain Accessible By Non-dod Users). describe Your Company’s Ability To Receive Data Generated From Your Il5 Ediscovery Saas, And Store And Present Data Securely On A Website Or Portal External To The Dod Niprnet. 6. Dod Ogc Requires The Ability To Log Into The Ediscovery Saas, Over Both Niprnet And Siprnet, Via Single Sign-on Access Utilizing Dod Common Access Cards (cacs) Or Sipr Tokens (i.e, Using Dod Enterprise Identity, Credential, And Access Management (dod E-icam) And Microsoft Active Directory Federation Services (adfs) As An Identity Provider (idp) To Authenticate Users Through The Security Assertion Markup Language (saml) Standard (“dod E-icam Adfs Via Saml”). can Dod Users Access Your Ediscovery Saas On Both Niprnet And Siprnet By Using Their Dod Cacs Or Sipr Tokens For Single Sign-on Login? 7. Dod Ogc Requires That The Ediscovery Saas Have Capability To Extract Embedded And Attached Files From Compound Files (e.g., Pdf Portfolios, Email Attachments, .rar, .zip, Or .pst Files); Create A Separate Record For Each Extracted File; And De-duplicate Files By Multiple Methods And “denist” Files Using Current National Institute Of Standards And Technology (nist) Lists. describe The Capability Of Your Ediscovery Saas To Process Compound Files, Extract Individual Files, And De-duplicate Files. 8. Dod Ogc Requires An Ediscovery Saas With Integrated, Secure, Scalable, And Effective Cloud Data Management And Storage On Both Niprnet (at Il5) And Siprnet (at Il6). can Your Company’s Ediscovery Saas Provide Integrated, Secure, Scalable, And Effective Cloud Data Management And Storage On Both Niprnet (at Il5) And Siprnet (at Il6)? special Requirements: must Have Secret Facility Clearance. please Provide Your Company’s Current Facility Clearance Level, And The Current Number Of Your Employees With Active Secret-level Federal Government Security Clearance. sources Sought: the North American Industry Classification System Code (naics) For This Requirement Is 518210, With The Corresponding Size Standard Of $40,000,000. in Order To Make A Determination For A Small Business Set-aside, Two Or More Qualified And Capable Small Businesses Must Submit Responses That Demonstrate Their Qualifications. Responses Must Demonstrate The Company’s Ability To Perform In Accordance With Far Clause 52.219-14, Limitations On Subcontracting. to Assist Disa In Determining The Level Of Participation By Small Business In Any Subsequent Procurement That May Result From This Sources Sought Notice, Provide Information Regarding Any Plans To Use Joint Ventures (jvs) Or Partnering. Please Outline The Company's Areas Of Expertise And Those Of Any Proposed Jv/partner Who Combined Can Meet The Specific Requirements Contained In This Notice. submission Details: responses Should Include: business Name And Address; name Of Company Representative And Their Business Title; small Business Socio-economic Status (if Small); cage Code; prime Contract Vehicles; To Include Encore Iii, Seti, Nih Cio-sp3, Nasa Sewp V, General Service Administration (gsa): Oasis, Alliant Ii, Vets Ii, Stars Iii, Mas (including Applicable Sin(s), Groups Or Pools), Or Any Other Government Agency Contract Vehicle That Allows For Decentralized Ordering. (this Information Is For Market Research Only And Businesses With A Valid Cage That Lack Prime Contract Vehicles Are Still Encouraged To Respond To This Notice.) businesses Who Wish To Respond Must Send A Response Via Email Nlt 4:00 Pm Eastern Daylight Time (edt) On March 12, 2025 To: Joseph.m.nichols27.civ@mail.mil, Melyssa.d.lafontaine.civ@mail.mil, And Carmelynanne.bryan.civ@mail.mil. Interested Businesses Should Submit A Brief Capabilities Statement Package Addressing The Specific Questions Above (no More Than Eight Pages) Demonstrating The Ability To Perform The Services Listed Under Required Capabilities. proprietary Information And Trade Secrets, If Any, Must Be Clearly Marked On All Materials. All Information Received That Is Marked Proprietary Will Be Handled Accordingly. All Submissions Become Government Property And Will Not Be Returned. All Government And Contractor Personnel Reviewing Submitted Responses Will Have Signed Non-disclosure Agreements And Understand Their Responsibility For Proper Use And Protection From Unauthorized Disclosure Of Proprietary Information As Pursuant To 41 Usc 423. The Government Shall Not Be Held Liable For Any Damages Incurred If Proprietary Information Is Not Properly Identified.