The DISA DoD PKI Program Office is seeking support to provide a modernization solution, transition to the modernized solution, along with continued engineering support and continued program management and sustainment support of the PKI program. This will include operational monitoring and reporting support, multi-tiered support, training support, system integration/deployment support and risk management framework (RMF) support of DISA’s architecture. The technical requirements to be executed under this acquisition are captured in the attached PWS excerpt.
- The DoD PKI/E team supports an extremely broad yet technically detailed focus area. Our mission is to support DoD customers in using existing and emerging PKI capabilities. Occasionally, DoD PKI/E must evaluate hardware or software product integration within the PKI infrastructure in compliance with DoD PKI policies. Describe your experience deploying, configuring, testing, and/or using PKI infrastructure products (e.g., certificate authority software, database software, hardware security modules), stating specific products when possible.
- DoD PKE exists to support our customers; therefore, customer support and outreach are our top priorities. Describe your experience supporting others in deploying systems to use an enterprise PKI, with a focus on techniques used during support (e.g., help desk, technical guides, on-site visits).
- DoD PKE provides engineering support through direct consultation to end users, system owners, system developers and help desk personnel for all issues concerning the use of PKI. The range of support is broad and could be a basic support question, such as “how to send an encrypted email”, or more complex, such as a request for on-site support to assist in the design of a security architecture to accept PKI credentials. Describe your experience configuring or testing the capabilities of Commercial Off the Shelf products (e.g., network devices, servers, desktops, mobile devices, etc.) to use the services of an enterprise PKI.
- The DoD PKE team develops custom tools to support requirements relying parties have when using PKI. Describe your experience implementing new capabilities through development activities, such as developing new support for other data source providers, developing new support for smartcards, implementing support for new cryptographic algorithms or PKI standards and/or developing new support for emerging web technologies.
- Describe your experience developing and maintaining DoD PKI and other Federal agency PKI tools and capabilities in support of enterprise requirements. These requirements include certificate authorities (CAs), online certificate status protocol, global directory services, hardware security modules and other PKI capabilities. Describe the operating systems used to build the CAs.
- Describe your experience in providing cloud consulting, cloud broker, cloud integration, IaaS, other Cloud Service Provider services, and security engineering expertise necessary to build, integrate, transition, and secure the customer’s portfolio in a modernized solution that utilizes cloud, a hybrid cloud environment, or other solution. Also, describe your experiences in integrating and transitioning from a customer’s legacy environment to a new modernized cloud environment.
- ISO/IEC 27000 series provides models and standards to follow to keep information assets secure. The Capability Maturity Model Integration (CMMI) guide process improvements through a program’s initial level through the optimizing level. Describe your organization’s current posture as it relates to this certification that ensures all information security system standards have been followed and that all projects have been vetted through the maturity level.