The Department of the Navy, Naval Supply Systems Command, FLC Norfolk, may have a continuing requirement for Cyber Operational Test & Evaluation (OT&E) Support for Commander Operational Test and Evaluation Force (COMOPTEVFOR).

N/A

The contractor shall provide services to meet the following:

• Technical and management support services to the Commander Operational Test and Evaluation Force (COMOPTEVFOR). The scope of this PWS includes but is not limited to support documentation, template development, toolset development management, test execution, future capabilities research and development, cybersecurity infrastructure design, build and management, RMF support, and DoD Red Team certification documentation development.
• The CONTRACTOR shall provide support for Cyber OT&E mission by developing and editing complex technical documents to include, Test and Evaluation Masters Plans (TEMP), TEMP input letters, TEMP comment letters, Integrated Evaluation Frameworks (IEF), test plans, and final reports.
• The CONTRACTOR shall develop and review a variety of other test-related documents, such as forwarding letters, Letters Of Observation (LOO), modeling and simulation accreditation letters, letters of instruction (LOI), and any other documents supporting the Cyber OT&E mission.
• The CONTRACTOR shall conduct Cooperative Vulnerability Penetration Assessments (CVPA) and Adversarial Assessments (AA) under COMOPTEVFOR authorities and guidelines. The CONTRACTOR works with Operational Test Directors (OTD) and Cyber Test Engineers (CTE) to develop test objectives and to execute the tests. The nature of the work requires that the contractor work with subject matter experts that often involves advanced, state-of-the-art techniques and concepts.
• The CONTRACTOR shall design, install, and upgrade as necessary the COMOPTEVFOR Cyber Test Infrastructure to include the Cyber Attack Lab, Analysis Lab, Training Lab, toolset, and Flyaway kits to support COMOPTEVFOR Cyber OT&E mission as well as management and setup of the range node for exercise, training, and risk reduction events.
• The CONTRACTOR shall administer and maintain the Cyber Test Infrastructure, including network and system security, patch management, reviewing system logs, monitoring system activities, maintaining user access administration, generate backup and recovery planning, maintaining physical security, and disabling unnecessary services.
• The CONTRACTOR shall maintain and comply with all Department of Defense (DoD), Department of the Navy (DON) cybersecurity policies and guidance as applicable, such as Secure Technical Implementation Guides (STIG), and Tasking Order (TASKORD).
• The CONTRACTOR shall create and update Risk Management Framework (RMF)/Assessment and Authorization (A&A) artifacts, as well as assess cybersecurity compliance requirements to support Risk Management Framework and to obtain Authority to Operate (ATO) for COMOPTEVFOR Cyber Test Infrastructure and toolset.
• Additionally, the CONTRACTOR shall create and update red team certification and accreditation (C&A) artifacts to support the red team certification and accreditation.