Yes. See Section H.9 on Page 1 of this Amendment.

(1)

(2)

1. Will the vendor selected for the award of the OAM15049S contract be excluded from competing for the follow-on, IAM implementation contract?

2. Would the selected vendor for this solicitation be prohibited from actual implementation services?

See answer to Question 1.

3. As this is a three-month effort geared toward the architecture of a future capability, will the Government confirm if the successful bidder will still be capable of bidding on any future competition in the development of IdAM at the U.S. House of Representatives?

4. Can you please confirm with me that this is a valid requirement? I have had several folks suggest to me that this RFQ is not valid, and the work is already being performed by an incumbent.

This is a valid and new requirement.

5. Will the winning contractor be allowed to work on the following IAM phased implementation, in any capacity, after the planning project is completed?

6. In regards to Page 21, Factor 1, A. Technical Approach 3, is a firm that responds to this RFQ at risk of being excluded from future product solicitations related to this effort. Are there OCI considerations?

7. It is noted that “use of IAM technology is new to CAO.” Regardless, is there an incumbent that has or is providing Identity and Access Management Planning or other strategic services related to Federal Identity, Credential, and Access Management (FICAM)?

This is a new requirement.

8. Are any vendors currently providing services to the US House of Representatives barred from pursuing this work due to an Organizational Conflict of Interest?

(3)

9. Would the vendor chosen to provide these services be prevented from pursuing other future work at the US House of Representatives (such as the System Implementation Activities) due to an Organizational Conflict of Interest?

See answer to Question 1. Organization Conflict of Interest considerations for this solicitation specifically only apply to the Identity Access Management solution. 10. Will the government comment on the expected size (Full Time Equivalents) of the work to be

performed?

The government will rely on the vendor to provide the resources (FTEs) necessary to meet the contract deliverable and duration requirements as outlined in the RFQ. 11. Will the government confirm this project is expected to take 2-3 months?

Confirmed. However, proposals that do not adhere to the expected timeline will still be accepted and considered on their merits.

12. Will the government list what architecture, technologies, and existing tools are currently used for “account management” and elsewhere in the business and technical environment?

AD-managed authentication/Oracle SSO – limited deployment/Application-managed authorization/Windows/Solaris/PeopleSoft Financials/Micro Strategies Data

Warehouse/Lawson Payroll/Hyperion Budget Development/Social Media/Various Constituent Management packages/Various Content Management Web Solutions incl. Drupal. The government will fully disclose architecture information upon award and project commencement.

13. Section I.5, page 14: Does the House intend to have the Contractor sign the Certification of Compliance? If so, please provide a copy for review. If not, please remove this section.

The House does not anticipate requiring the execution of a Certification of Compliance. 14. Section K.4, page 19 and Section L.2, page 21 (under File I - Price Proposal): Please advise if the

House intends to award a delivery order under a GSA Contract. If so, to ensure a state of fair competition (ie, to evaluate like-same categories), please identify the GSA MAS Schedule or GWAC program (eg, IT70) the order will be awarded under (and consequently what each Contractor should be basing its pricing off of), otherwise if the House does not intend to award under a GSA Contract, the contractor is instructed to develop pricing independently and is encouraged to apply competitive discounts.

The House may award at its discretion on an open-market or a GWAC/GSA basis, and regularly realizes significant discounts from GWAC/GSA pricing.

(4)

15. Section C, Potential integration with “other existing House tools” is mentioned. What tools are those?

16. Section C, What Identity management technologies and directories are currently deployed in the existing environment, and with which of these will the ultimate solution be expected to

integrate?

17. Section C, In general, what technology stack(s) are in use from a client and server, n-tier perspective?

18. Section C, Are there any details that can be provided on existing or planned non-IdM

technologies with which the solution should integrate (databases, applications, servers, etc.)? See answer to Question 12.

19. What does the page count need to be for the response?

There is no specific minimum page count for the response, but proposals should be thorough and effective in addressing the requirements of the solicitation. There is a maximum page limit of 25 pages for the Technical Proposal as referenced in Section L.2 of the solicitation.

20. What does the current CAO IAM environment look like today and are there any diagrams/designs you can share with the vendor community?

21. The following statement is on FedBizOps - "Note that the U.S. House of Representatives is not subject to the FAR and does not participate in set-asides or preference programs." Does this mean the $27.5M size standard associated with NAICS 541512 is not in effect?

Correct. This is a full and open solicitation.

22. Is the winning contractor for this solicitation precluded from bidding on the follow-on implementation effort? Are potential follow-on solution software vendors precluded from bidding as prime/sub on the planning project due to OCI considerations?

23. RFQ, Page 21, Section L.2 - instructions state that resumes are not part of page count. Factor 2 A.3 asks for a brief synopsis of key staff credentials, however, nowhere does it state resumes are required or for whom? Please clarify.

(5)

Please provide resumes for key project staff.

24. RFQ, Page 21, Section L.2, File I (Price Proposal) - does HoR want signed Attachment J.3s for our proposed personnel? If not, what does HoR want as part of the Price Proposal?

Yes, please provide signed Attachment J.3s for key staff and proposed personnel in order to advance the start of performance.

25. RFQ, Page 22, Section L.2, Factor 3.1 - Can HoR provide further guidance on WBS development instructions? Level of detail? Can more than one SOO deliverable be aggregated into a single WBS element?

Vendor may aggregate deliverables. Where deliverables are aggregated, the Vendor should identify the component elements.

26. RFQ, Page 23, Section M.1 - are evaluation Factors 1-4 equally weighted? If not, can HoR provide the weighting for each?

Factors are equally weighted.

27. We wanted to request a two week extension on RFP OAM15042S and extend the submission date to April 27th.

The submission date has been extended until April 20th_.

28. Will the project team be provided with Government Furnished Equipment (GFE) for the duration of this project, or will need to provide our own?

Yes, given the sensitive nature of the information the House will be providing the vendor, the project team will be provided House-issued equipment.

29. Will the House of Representatives provide a dedicated Project Manager or Primary Point of Contact on the planning project for our team to interface with other than the Contracting Officer?

Yes, a House Project Manager will be assigned to work with the vendor.

30. Is any travel within the Washington DC area necessary in order to engage with stakeholders who are outside of the House Office Buildings?

All work will be conducted within the House Office Building Complex.

31. Is it required that any and all work be performed at the House Office Buildings or will part of the team be able to perform some of the work at our location?

(6)

Given the sensitive nature of the information the House will be providing the vendor, the vendor is expected to perform all work within the House Building Complex. No remote work will be allowed.

32. What level of security clearance or background checks are needed for our resources?

Given the sensitive nature of the information the House will be providing to the vendor, all vendor resources must pass a standard background check and sign non-disclosure agreements. Clearances are not required.

33. Will winning the planning bid disqualify us from bidding on the implementation work? See answer to Question 1.

34. During the planning project, our team will need access to current and future-state IAM documentation. Have the following artifacts been developed and will they be shared with the team:

General Reponse: the purpose of this planning project is to assist the CAO in planning future-state IAM needs and developing future-state IAM documentation (as outlined in the RFP)

a. Application, network, systems platform inventory Information is in place and will be shared.

b. User composition (counts per internal, external, PxM designation)

User composition counts are available. Privileged access is managed in varying ways. Part of this effort would include looking at the value of bringing PXM under a unified single approach for management.

c. Inventory of current IAM processes Information not in place.

d. Current metrics (# pw reset calls, time and effort to fulfill joiner, mover, leaver functions). This will be essential to build the business case and value metrics.

#password reset call information available. We do not have metrics regarding the level of effort for fulfilling joiner, mover, and leaver functions.

e. Inventory of key IAM use cases or requirements

See general response. The purpose of this project is to develop requirements. It is presumed that the vendor has clear (PRIOR) knowledge of IAM use case information.

(7)

f. Roadmap for related information security initiatives

Initiative Roadmaps are in place (however, no assessment has been done to relate roadmap initiatives to this effort) and will be provided.

35. Has the House of Representatives dedicated SME resources to assist during this Planning project?

Generally, SME resources will be made available as requested and needed to ensure smooth project progression.

36. Has the House of Representatives established solution criterion standards used to qualify or disqualify IAM solution vendors from consideration (pricing, technical standards, performance metrics)?

No.

37. What will be the process for engaging SME’s for information gathering?

Vendor and House Project Manager will work together to identify required resources. The House PM will be responsible for ensuring access to SMEs as needed.

38. How will we be expected to communicate with SMEs? In person meetings, conference calls, email?

The vendor, in coordination with the House Project Manager, is free to utilize any of the above-identified communication modalities. The House Project Manager will be

responsible for providing guidance, on an as-needed basis, regarding what communication modalities may work best.

39. Is this a Full and Open Solicitation? Yes.

40. If the final Planning Project deliverable is used, will the vendor who was awarded the planning project effort be excluded from bidding on the subsequent core IAM business and technology-based requirements of any follow-on Request for Proposal (RFP) for phased implementation of IAM technology within the CAO (OCI)?

41. Will the awardees of this solicitation be excluded from bidding on the subsequent IAM Implementation RFP? (OCI?)

42. Will bids submitted by vendors who have already existing security products in use at the House be considered?

(8)

Yes.

43. Will bids submitted by vendors already on existing contracts at the House be considered? Yes.