J&A NO. 2020-46 is amended as follows:
3. Description of the supplies or services required to meet the needs of the SEC and the estimated value:
The modification to extend the contract period of performance for 12 months will enable MITRE to continue to support the SEC’s modernization initiatives in data rationalization and management, cybersecurity, and ICT cyber supply chain risk management.
When completed, this rationalization process will provide SEC leadership with an understanding of:
• How to manage cyber-related risks emanating from current and future vendors to enable a secure supply chain;
• How to integrate cybersecurity holistic best practices and lessons learned throughout the enterprise.
MITRE has been working this task with the SEC for the past year.
Work under this contract contains sensitive data and information not widely distributed; therefore, deliverables MITRE has produced were strictly distributed to the Senior Advisor to the Chairman for Cybersecurity Policy. Senior Advisor to the Chairman for Cybersecurity Policy concurred that all deliverables were provided by MITRE in monthly MITRE status reports.
MITRE has provided several deliverables, including the following:
• SEC Strategy for Data, Technology & Cybersecurity to the Senior Advisor to
the Chairman for Cybersecurity Policy
• Report for CAT Use Cases – Draft & Final
• Three -Year Operating Plan – 1st Draft, 2nd Draft & Final
• Workforce Capability Assessment and Rationalization Report – Draft & Final
A change in vendor at this critical juncture would require the SEC to devote significant time to ensure knowledge transfer and accelerated ramp-up to SEC specific policies and procedures. Any gap could leave SEC with cybersecurity and secure supply chain vulnerabilities in the middle of worldwide cyber threats and data breaches.
The Estimated Value of the Requirement is increased by $400K from $2.6 Million to $3 Million.
7. Determination by the Contracting Officer that the anticipated cost to the Government will be fair and reasonable.
The Contracting Officer, by signature on this document, hereby determines that the anticipated cost to the government will be fair and reasonable.
Before awarding a contract, the Contracting Officer will perform cost and price analysis in accordance with the FAR to determine the price is fair and reasonable.
8. Description of market research conducted and results or statement of the reasons market research was not conducted.
Only limited market research was done originally due to the specialized nature of the research required. The research and analysis required to meet the objectives of this requirement will require access to the SEC that goes beyond normal contractual relationships. As an FFRDC, the MITRE Corp will operate in the public interest with objectivity and independence, and will be free from organizational conflicts of interest. A notice of intent was posted on the Contracting Opportunities at beta.sam.gov page. No interested parties responded to the requirement.
Recently, the SEC reviewed GSA Schedule contracts for Highly Adaptive Cybersecurity Services (HACS). These contracts include a wide range of fields such as, the sevenstep Risk Management Framework services, information assurance, virus detection, network management, situational awareness and incident response, secure web hosting, and backup, security services and, Security Operations Center (SOC) services. However, the SEC still must provide sensitive data to the Contractor that goes beyond normal contractual relationships. Therefore, the SEC has determined that as the incumbent FFRDC, Mitre will continue operate in the public interest with objectivity and independence, and will be free from organizational conflicts of interest.
11. A statement of actions, if any, the SEC may take to remove or overcome any barriers to competition before any subsequent acquisition for the supplies or services required.
The Commission’s need for this type of research is limited and the need is not anticipated to be a requirement beyond 24 months.
Posted June 3, 2020
Contract Award Number: TIRNO99D0005
Task/Delivery Order Number: 50310220F0125
“This Justification authorizes use of other than full and open competition to contract for expert consulting services from MITRE Corporation, a non-profit firm specializing in research for government agencies. MITRE Corporation is a Federally Funded Research and Development Center (FFRDC) sponsored by the IRS.”
“MITRE will provide technical expertise, assessment and guidance to assist the SEC’s performance by enhancing our IT support infrastructure, analytical capabilities and human capital development. MITRE will gain a comprehensive understanding of the current network of solution vendors and active procurement vehicles and map this network to the requirements identified in the APP Rationalization and Data Rationalization efforts. These integrated requirements will be used to inform an end-to-end acquisition strategy, including SEC actions to manage near-term and in-flight contract renewals. The Vendor shall work with the SEC to enable them to develop and deploy a new, responsive target architecture while reducing the operating risks of implementing a new architecture an ensuring operational continuity. The estimated value of the requirement is $2.6M.”
“The Commission’s need for this type of research is limited and the need is not anticipated to be a requirement beyond 12 months.”