Online Cyber Security Training Courses
This is a combined synopsis/solicitation for commercial items prepared in accordance with format in FAR subpart 12.6, as supplemented with additional information included in this notice. This announce... This is a combined synopsis/solicitation for commercial items prepared in accordance with format in FAR subpart 12.6, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; proposals are being requested and a written solicitation will not be issued. Solicitation Number W912K319Q6006 is hereby issued as a Request for Quote (RFQ). The Incorporated provisions and clauses are those in effect through Federal Acquisition Circular 2019-03, 12 July 2019 and the Defense Federal Acquisition Regulation Supplement (DFARS) change date 28 June 2019. It is the contractor's responsibility to become familiar with applicable clauses and provisions. This acquisition is under North American Industry Classification Standards (NAICS) code 611310 with annual revenue not to exceed $27.5M. The government intends to award a Firm Fixed Price (FFP) contract through UNRESTRICTED competition in accordance with Federal Acquisition Regulation (FAR) Part 13. Quotes must conform to all requirements outlined in this Request for Quote (RFQ) and will be evaluated and awarded on a Lowest Price Technically Acceptable (LPTA) basis. Delivery of requirements will be FOB destination. This office will consider any late quotes or any late revisions of quotes as non-responsive. In no event shall any understanding or agreement between the Contractor and any Government employee other than the Contracting Officer on any contract, modification, change order, letter or verbal direction to the contractor be effective or binding upon the Government. All such actions must be formalized by a proper contractual document executed by an appointed Contracting Officer. The Contractor is hereby notified that in the event a Government employee other than the Contracting Officer directs a change in the work to be performed or increases the scope of the work to be performed, it is the Contractor's responsibility to make inquiry of the Contracting Officer before making the deviation from the written terms of the contract. Payments or Partial payments will not be made without being authorized by an appointed Contracting Officer with the legal authority to bind the Government. Description of Requirement: CLIN 0001: The 143 COS at Camp Murray, WA has a requirement for various online cyber security training courses. See below for complete details on the requirements. General Course delivery and vendor requirements: -Vendor must deliver courses through a web based application that track student progress, provide lab exercises, quizzes, SME support and allow 24/7 access. Online course delivery must include instructor speaking to corresponding presentation material. -Vendor must provide a forum to answer student questions by certified technical assistance. -Vendor must provide hard-copy course material that includes slides and full descriptive paragraphs on slide content. -Content depth must be appropriate for approx. six eight-hour days of instruction. -Vendor must demonstrate a documented peer review process for course development and feedback. -Vendor must have a pre-built training environment that is packaged with all necessary tools for course requirements. -Vendor must demonstrate successfully delivered and refined course(s) for at least 6 months prior to quote submission, through advertisement of course on internet or commercial available means. -Vendor must demonstrate or provide at least five reviews from previous government contracts and/or students that are publicly accessible online. -Vendor must demonstrate with provided material to the government with quote that their course can meet 100% of the required course training points specifically outlined below. -Vendor must provide official certification and testing to demonstrate student comprehension and knowledge. -Proctored exams must be available in multiple locations within the United States throughout various dates and times based on student's needs. Course Specific Training Requirements: Network Penetration, Testing and Ethical Hacking Quantity: 02 Each •· Develop tailored scoping and rules of engagement for penetration testing projects and how to build a penetration testing infrastructure that includes all the hardware, software, and networking. •· Conduct detailed reconnaissance to document metadata analysis to pull sensitive information about a target environment to conduct penetration tests. •· Conduct comprehensive network sweeps, port scans, Operating System fingerprinting, and version scanning to map the target environment's attack surface by creating an inventory of machines, accounts, and potential vulnerabilities. •· Techniques to eliminate false-positives from detailed information on target systems to focus on meaningful results while conducting scans safely and efficiently. •· Discover vulnerabilities of client-side exploits, service-side exploits, and local privilege escalation using Metasploit and the Meterpreter to identify compromised target environments. Analysis of anti-virus evasion and methods for pivoting to bypass the target organization's security measures. •· Pillage target systems for vital information that can further overall penetration test progress, establish pivots for deeper compromise using Windows command line and PowerShell. •· Scan, exploit, and then leverage malicious services and WMIC toolset to access and pivot through a target organization. •· Conduct comprehensive password attacks against an environment to plunder password hashes from target machines using Mimikatz Kiwi tool and use a custom-compiled John the Ripper to optimize its performance in cracking passwords. Utilize "pass-the-hash" attacks, leveraging Metasploit, and Meterpreter to bypass password authentication. •· Launch web application vulnerability scanners to determine business risks by finding and exploiting cross-site scripting (XSS), cross-site request forgery (XSRF), command injection, and SQL injection flaws •· Customize discovered findings to represent business risks. (Advanced) Penetration Testing, Exploit Writing and Ethical Hacking Quantity: 01 Each •· Utilize network attacks for penetration testing via bypassing network access/admission control and impersonating devices with admission control policy exceptions. Exploit EAP-MD5 authentication, overcome SSL transport encryption security to gain an attack position for eavesdropping and attacks, and for exploiting network devices. •· Crypto and Post Exploitation of the administrator's use of PowerShell and PowerShell attack tools, Metasploit, and Metasploit alternatives to escalate privileges, pivot, and deliver additional payloads. •· Leverage Python and Scapy (python packet crafting) for custom network targeting, protocol manipulation, and penetration. Develop Fuzzing techniques to create custom protocol fuzzing grammars to discover bugs in popular software like Microsoft Word macros for.docx files and block-based code. •· Exploiting Linux for Penetration Testing, x86 assembler/disassembler with linking and loading, and Linux OS and privilege escalation. Search for SUID programs and other likely points of vulnerabilities and misconfigurations. •· Use of stack overflows to gain privilege escalation and code execution, redirection of program and code execution, and buffer and address space layout randomization. •· Exploiting Windows for Penetration Testing, process environment block, structured exception handling, thread information block, and Windows application programming interfaces. Stack-based techniques (disabling data execution prevention) and Metasploit Framework to discover bad characters in shellcode. Advanced Digital Forensics, Incident Response, and Threat Hunting Quantity: 01 Each •· Advanced incident response and threat hunting with forensic examination methodology, endpoint detection and response, coverage of F- Response Enterprise Edition, and utilization of SIFT to connect and script actions on systems. •· Intrusion analysis tools to examine application execution artifacts, account auditing, detecting evidence of execution with Shimcache, Prefetch carving and extraction from memory, and hunting malicious use of WMIC and PowerShell. •· Stealing/utilizing legitimate credentials with: Pass the Hash, Single Sign On, Token Stealing, Cached Credentials, LSA Secrets, Kerberos Attacks, and NTDS.DIT theft. •· Log analysis for tracking and hunting lateral movement, suspicious services, finding malware execution, PowerShell script obfuscation, and WMI activity logging as well as anti-forensics with event log clearing. •· Memory forensics to find evidence of worms, rootkits, PowerShell scripting, and advanced malware used in advanced persistent threats with the use of Volatility and Rekall. Analysis of memory infected systems with: rootkits, rundll32, bots, and beaconing C2 malware to compare against a baselined system. •· Use of Timeline analysis to examine file system modified/access/creation/change times, log files, network data, registry data, and Internet history files time data. Use of Timeline to track malware footprinting, lateral movement, and persistence to establish timelines created during advanced incident response/threat hunting and forensic cases. •· Techniques to identify malware or forensic artifacts that are dormant and active, malware traces, indicators of compromise, NTFS file systems, resident/non-resident files, Timestomp detection, Master File Table critical areas, and hidden data in alternate data streams. •· Covered in cyber warfare IQT course Intrusion Detection Quantity: 05 Each •· Bottom-up coverage of the TCP/IP protocol stack to collect the actual packets involved in attacks, used for low-level packet analysis (encapsulation/de-encapsulation) and the meaning and expected behavior of every field in the IP header. •· Study of the link layer, the IP layer, both IPv4 and IPv6, and packet fragmentation in both. Analysis of packets using both Wireshark and tcpdump to follow the data stream reassembly to identify ARP spoofing and fragmentation attacks. •· Analysis of transport layer protocols used in the TCP/IP model covering TCP, UDP, and ICMP with the meaning and expected function of every header field in relation to modern network monitoring. Filtering large scale data down to traffic of interest using Wireshark display filters and tcpdump Berkeley Packet Filters. •· Utilization of Scapy, a powerful Python-based tool that allows for the manipulation, creation, reading, and writing packets used to test the detection capability of an IDS/IPS. Probe crucial application protocols: DNS, HTTP(S), SMTP, SMB, MSRPC for intrusion detection. •· Network monitoring tool coverage using Snort/Firepower and Zeek (Bro) with their deployment strategies to identify any potential phishing activity with signature-based detection in a defended network. •· Practical application of network forensics and an exploration of data-driven monitoring vs. alert-driven monitoring. Use of large-scale analysis and collection using NetFlow (SiLK) and IPFIX data to identify lateral movement, find events of interest, and examine command and control traffic. Implementing and Auditing the Critical Security Controls Quantity: 2 Each * Importance of an inventory of authorized/unauthorized devices/software that risk exposing the network to unknown vulnerabilities or hampering its operation especially subnets associated with DMZs. Checking tools that implement whitelists (allow) and blacklists (deny) of programs in end-point security suites. •· Instruction on secure configurations for hardware/software installed on workstations, laptops, and servers utilizing configuration management tools. Tools that look for deviations from the standard image conformation that generate an alert or e-mail notice regarding the changes. •· Vulnerability assessment/remediation tools that compare the results of the current scan with previous scans to determine how vulnerabilities in the environment change over time. •· Controlling administrative privileges to prevent the attackers from having full access to the system including temporary, disabled, limited privilege accounts with password management and separation of accounts. Monitoring of user accounts that are locked out, disabled, passwords exceed maximum age, and accounts with passwords that never expire. •· Continuous maintenance, monitoring, and analysis of audit logs that meets network standards. •· Email/web browser protection and Malware defenses to prevent common points of entry and attack from spoofed users that tamper with a system's contents, capture sensitive data, and may spread to other systems. •· Limitation/control of network ports, protocols, and services that are vulnerable to exploitation and use of scanning tools to prevent exploitation. Secure configurations for network devices (firewalls, routers, and switches) to prevent access to target networks, redirect traffic on that network with tools, firewall rules, and router ACLs. •· Data protection and recovery (scheduling and testing) alongside a comprehensive data loss prevention plan. Plan should include protecting data in use, data in motion, and data at rest through deep content inspection and with a centralized management framework. •· Boundary defense to separate the network and control the flow of traffic in between them using IDS systems and automated scripting. Includes management/access of wireless devices. •· Penetration testing along with incident response and management to scope the rules of engagement and follow proper procedures to contain damage, eradicate the attacker's presence, and recover in a secure fashion. Securing Linux/Unix Quantity: 4 Each •· Hardening Linux systems against memory attacks & overflows (stack, heap, format strings, protection), vulnerability minimization (patching strategies and OS minimization), boot-time configuration (reduce services, email config, systemd, init), encrypted access (session hijacking, encryption, ssh config), and host-based firewalls (iptables and managing rules). •· Further hardening Linux file integrity assessment (AIDE, config and usage), physical attacks & defenses (mode security and boot loader passwords), user/root access controls (threats/defenses, settings, issues, and work-arounds), warning banners (content and implementation), kernel tuning (resource limits, core files), and the prevention of rootkits and malicious software (backdoors, chkrootkit and rkhunter). •· Monitoring Linux systems for automating tasks (public key auth, ssh agent and forwarding), AIDE via SSH (ssh config and tools/scripts), logging overview (config, system/process accounting, kernel level auditing), SSH tunneling (X11/TCP forwarding and reverse tunneling), and logging with Syslog-NG (config, tunneling log data, log analysis/tools/strategies). •· Linux application security involving chroot (what & how, security issues), SCP-Only shell (what & how, config directory, automounter hacks), SELinux basics (functionality, navigation & command, troubleshooting), and SELinux & the reference policy (tools, creating/testing/refining/deploying policy). •· More Linux application security focusing on internet servers with BIND (issues, split-horizon, config, chroot()ed), DNSSEC (issues, keys & signing zones, key rollover, automation tools), Apache (config/install choices, user auth, SSL setup), and web application firewalls with mod security (config, dependencies/prerequisites, rules, install/debugging). •· Digital forensics for Linux including tools (sleuth kit, Foremost, chrootkit, lsof & other critical OS cmds), forensic prep/practices (principles, importance of policy, forensic infrastructure), incident response and evidence acquisition (process, investigation tools, live snapshots, bit images), media analysis (file system basics, MAC times and timeline analysis, file recover, unallocated space, string searches), and incident reporting (critical elements, lessons learned, calculating costs). Quote Information: Quotes must be submitted and received no later than 5:00 PM Pacific Time 13 August 2019. Electronic offers preferred, telephone quotes will not be accepted. Quotes may be e-mailed to the attention of the points of contact listed below. Buyer: Matthew Berube Alternate Buyer: Robert Burke Email: usaf.wa.194-wg.list.fal-msc-contracting@mail.mil Award will only be made to contractors who have registered with System for Award Management (SAM). Vendors may register at: http://www.sam.gov Submission of Invoices: In accordance with FAR clause 52.212-4(g) the contractor shall submit all invoices electronically utilizing Wide Area Workflow (WAWF). Procedures for using WAWF are found in DFARS clause 252.232-7003 Electronic Submission of Payment Requests. Provisions and Clauses: Clauses may be accessed electronically in full text through http://farsite.hill.af.mil. FAC 2019-03, 12 July 2019. P = Provisions C = Clauses * = Provision or Clause required to be Full Text in contract P-FAR 52.203-18, Prohibition on Contracting with Entities that Require Certain Internal Confidentiality Agreements or Statements - Representation C-FAR 52.203-19, Prohibition on Contracting with Entities that Require Certain Internal Confidentiality Agreements or Statements P-FAR 52.204-7, System for Award Management Registration C-FAR 52.204-9, Personal Identity Verification of Contractor Personnel P-FAR 52.204-16, Commercial and Government Entity Code Maintenance C-FAR 52.204-18, Commercial and Government Entity Code Maintenance C-FAR 52.204-21, Basic Safeguarding of Covered Contractor Information Systems P-FAR 52.204-22, Alternative Line Proposal C-FAR 52.209-10, Prohibition on Contracting with Inverted Domestic Corporations P-FAR 52.212-1, Instructions to Offerors-Commercial Items P-FAR 52.212-2, Evaluation-Commercial Items Evaluation. The Government will award a contract resulting from this solicitation to the responsible offeror whose offer conforming to the solicitation will be most advantageous to the government; Quotes must conform to all requirements outlined in this Request for Quote (RFQ) and will be evaluated and awarded on a Lowest Price Technically Acceptable (LPTA) basis. Delivery of requirements will be FOB destination. This office will consider any late quotes or any late revisions of quotes as non-responsive. P-FAR 52.212-3 ALT I, Offerors Representation and Certifications Commercial Item or complete electronic annual representations and certifications at sam.gov C-FAR 52.212-4, Contract Terms and Condition-Commercial Items C-FAR 52.212-5, Contract Terms and Conditions Required to Implement Statutes or Executive Orders-Commercial Item are incorporated by reference, however, for paragraphs (b) and (c) the following clauses apply C-FAR 52.222-3, Convict Labor C-FAR 52.222-19, Child Labor - Cooperation with Authorities and Remedies C-FAR 52.222-21, Prohibition of Segregated Facilities C-FAR 52.222-26, Equal Opportunity C-FAR 52.222-50, Combating Trafficking in Persons C-FAR 52.223-18, Encouraging Contractor Policy to Ban Text Messaging While Driving C-FAR 52.225-13, Restrictions on Certain Foreign Purchases C-FAR 52.225-13, Restrictions on Certain Foreign Purchases C-FAR 52.232-33, Payment by Electronic Funds Transfer-System for Award Management C-FAR 52.232-39, Unenforceability of Unauthorized Obligations C-FAR 52.232-40, Providing Accelerated Payments to Small Business Subcontractors C-FAR 52.233-3, Protest After Award C-FAR 52.233-4, Applicable Law for Breach of Contract Claim C*-FAR 52.252-2, Clauses Incorporated by Reference - SEE http://farsite.hill.af.mil C*-FAR 52.252-6, Authorized Deviations in Clauses C-DFARS 252.203-7000, Requirements Relating to Compensation of Former DoD Officials C- DFARS 252.203-7002, Requirement to Inform Employees of Whistleblower Rights C- DFARS 252.203-7005, Representation Relating to Compensation of Former DoD Officials P-FAR 252.204-7008, Compliance with Safeguarding Covered Defense Information Controls C-DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting C-DFARS 252.204-7015, Disclosure of Information to Litigation Support Contractors C-DFARS 252.211-7008, Use of Government-Assigned Serial Number P-DFARS 252.213-7000, Notice to Prospective Suppliers on the use of Past Performance Information Retrieval System-Statistical Reporting in Past Performance Evaluations C-DFARS 252.223-7006, Prohibition on Storage and Disposal of Toxic and Hazardous Materials C-DFARS 252.223-7008, Prohibition of Hexavalent Chromium P*-DFARS 252.225-7000, Buy American Act-Balance of Payments Program Certificate C-DFARS 252.225-7001, Buy American Act and Balance of Payments Program C-DFARS 252-7031, Secondary Arab Boycott of Israel C-DFARS 252.225-7048, Export-Controlled Items. C-DFARS 252.232-7003, Electronic Submission of Payment Requests (WAWF instructions provided at time of award) C*-DFARS 252.232-7006 Wide Area Work-Flow Payment Instructions C-DFARS 252.232-7010, Levies on Contract Payments C-DFARS 252.244-7000, Subcontracts for Commercial Items P-DFARS 252.247-7023 ALT III, Transportation of Supplies by Sea-Alt III C*-FAR 52.222-36, Equal Opportunity for Workers with Disabilities C-FAR 52.201-10, Reporting Executive Compensation and First-Tier Subcontract Awards P*-DFARS 252.225-7035, Buy American-Free Trade Agreements-Balance of Payments Program Certificate C-DFARS 252.225-7036, Buy American-Free Trade Agreements-Balance of Payments Program Certificate C-FAR 52.209-6, Protecting the Governments Interest when Subcontracting with Contractors Debarred, Suspended, or Proposed for Debarment
Links ()
Attachments ()
Data sourced from SAM.gov.
View Official Posting »