DISA, GSA managers lay down the law to winners of FCSA small business contracts

Before the four awardees under the new $900 million Future COMSATCOM Services Acquisition (FCSA) Custom SATCOM Solutions Small Business (CS2-SB) contracts compete for task orders, they will receive information assurance training to ensure that their end-to-end satellite services are secure.

“We have very stringent requirements in the area of information assurance,” Jim Russo, General Services Administration SATCOM program manager, said Feb. 23 during a Defense Information Systems Agency/GSA media roundtable on the program.

“We have invited all of the companies to get some training from DOD and DISA so they can be poised for success and be able to hit the ground running when these task orders are competed," he said.

DISA will hold information assurance training the week of Feb. 27 for the four CS2-SB awardees, he said.

Charles Edwards, deputy chief of DISA’s Commercial SATCOM Center, said that the information assurance requirements for CS2-SB derive from DOD Instruction 8500.2 Information Assurance Implementation and CNSSP-12, the National Information Assurance Policy for Space Systems Used to Support National Security Missions.

DISA and GSA reserve the right to independently evaluate the service provider’s information assurance compliance for any proposed or awarded services. The agencies insist their intent is not to disqualify vendors but to ensure they understand how to comply with policy when competing for task orders.

“With every task order that the Department of Defense will award under [CS2-SB], we will do an information assurance assessment based on the solution,” Edwards said. “We’ll look at things like the command and control encryption for that link. We’ll also look at infrastructure and their vulnerabilities.”

“It’s an ongoing process throughout the contract,” he said. “That’s one of the primary reasons we are having the information assurance training. We are going to go through our total information assurance documentation that each of the vendors has to submit with every proposal, so it will be clear in their minds the depths that we will be examining with each task order.”

Four small businesses – AIS Engineering, By Light Professional IT Services, Knight Sky Consulting and Associates and UltiSat – earlier this month received CS2-SB indefinite-delivery, indefinite-quantity (IDIQ) contracts to provide federal agencies with customized end-to-end satellite solutions.

“Security remains a moving target with the security posture of the network and the type of threats that are out there changing daily,” said Andy Beegan, senior vice president and chief technology officer at Inmarsat Government. “Especially in the CS2 realm, those industry contractors that are able to prove to the government that they have a handle on the security component will be very successful on CS2. Security is going to be a major factor in the awarding of CS2 task orders.”

Small vs. Large

Announced Feb. 17 by DISA and GSA, CS2-SB is the first of two IDIQ contracts planned as part of the jointly managed FCSA program. The companion CS2 full and open contracts for large scale end-to-end solutions will be awarded by the end of March.

“We’re going to look first, when we have requirements for end-to-end solutions, to use small business contracts wherever possible,” said Edwards.“ The CS2 full and open we envision using for the very large scale end-to-end solutions that involve a lot bandwidth, a lot of locations, and multiple satellites and multiple regions.”

The CS2-SB awardees will compete for task orders for smaller, less complex end-to-end solutions and in addition have a small business set-aside segment for professional satellite support services such as requirements definition, analysis and testing.

“For each customer that comes to DISA, there is going to have to be a decision point as to whether that requirement best fits as a subscription service or as a custom SATCOM solution,” said Beegan. “I think DISA is still developing exactly how that decision is made, and I think it really gets made on a case-by-case basis.”

The existing transponded capacity and subscription services portions of FCSA are GSA Schedule70 procurement vehicles. But Edwards said that Schedule 70 did not make sense for the CS2 acquisition.

“There was great opportunity to use the GSA Schedules for things that we could pre-define and pre-price, for example a fixed amount of bandwidth in a specific region,” he said. “By their very nature, end-to-end solutions involve a combination of multiple things which would be almost impossible to try to populate in terms of a price list.”