Navigating Navy Cybersecurity Training Contracts
The solicitation is a Small Business Set-Aside with a Firm-Fixed-Price (FFP) contract award, which may be of interest to small businesses and those looking to u
FAR 52.219-6 Set-Aside Basics
To navigate Navy cybersecurity training contracts, small businesses must first understand the basics of set-asides, specifically those outlined in FAR 52.219-6, which pertains to small business set-asides. Compliance with this clause is crucial for small businesses aiming to participate in these contracts. The Small Business Administration (SBA) certification is a key component, as it determines the eligibility of businesses for these set-aside contracts. The SDVOSB (Service-Disabled Veteran-Owned Small Business) set-aside program is one of the several set-aside programs offered by the SBA, which includes the 8(a) Business Development program, HUBZone, WOSB (Women-Owned Small Business), and EDWOSB (Economically Disadvantaged Women-Owned Small Business) programs. Per FAR 52.219-6, this solicitation is restricted to small businesses, with a size standard of 500 employees or less for NAICS code 611430, which includes professional and management development training services.
The process involves:
- Registering in the System for Award Management (SAM) database.
- Obtaining the appropriate SBA certification, such as 8(a), HUBZone, SDVOSB, WOSB, or EDWOSB.
- Ensuring compliance with the size standards for the specific North American Industry Classification System (NAICS) code related to the contract.
- Understanding the requirements and benefits associated with each type of set-aside.
Cybersecurity Training Requirements
Cybersecurity training contracts with the Navy require strict adherence to cybersecurity standards, including compliance with DFARS 252.204-7012, which addresses the implementation of cybersecurity requirements. Additionally, contractors must adhere to NIST 800-171 standards for protecting controlled unclassified information (CUI). Best practices in cybersecurity, such as regular updates, patches, and employee training, are also essential. When bidding on Navy cybersecurity training contracts, contractors must comply with DFARS 252.204-7012, which requires the implementation of NIST 800-171 standards for protecting controlled unclassified information (CUI). This includes adhering to 110 security controls, such as access control, incident response, and system and information integrity, with a minimum of 80% compliance required for contract award.
Key cybersecurity requirements include:
- Implementing NIST 800-171 controls
- Ensuring DFARS 252.204-7012 compliance
- Conducting regular security assessments and risk analyses
- Maintaining incident response plans
- Providing cybersecurity awareness training to employees
Evaluation Criteria and Methods
The evaluation of proposals for Navy cybersecurity training contracts can be based on best value tradeoff or lowest price technically acceptable (LPTA) methods, as guided by FAR 15.101. The best value tradeoff method allows for a more subjective evaluation, considering factors beyond price, such as technical merit and past performance. In contrast, LPTA evaluations prioritize the lowest priced offer that meets the minimum technical requirements. Navy cybersecurity training contracts are often evaluated using a best value tradeoff approach, as outlined in FAR 15.101, which considers factors such as technical merit, past performance, and price. In some cases, the Navy may use a LPTA (Lowest Price Technically Acceptable) evaluation method, which prioritizes price as the primary evaluation factor, with a price threshold of $1 million or less.
Evaluation factors may include:
- Technical approach and understanding of requirements
- Past performance and relevance of experience
- Price and cost realism
- Small business participation and subcontracting plans
- Compliance with cybersecurity requirements
Contracting Opportunities and Size Standards
Contracting opportunities for Navy cybersecurity training are often listed under the NAICS code 611430, which pertains to professional and management development training. Small businesses must ensure they meet the size standard for this code, as defined by the SBA regulations (13 CFR Part 121). Size standard recertification may be required during the contract period if the business undergoes significant changes. Navy cybersecurity training contracts are often issued under NAICS code 611430, which has a size standard of $41.5 million in average annual receipts. Contractors must recertify their size status every 3 years, as required by SBA regulations (13 CFR Part 121), and must notify the contracting officer of any changes in size status within 30 days.
Key considerations for small businesses include:
- Verifying the NAICS code and size standard for the specific contract
- Ensuring compliance with SBA regulations regarding size and status
- Monitoring business size and recertifying as necessary
Proposal Strategies and Compliance
When preparing proposals for Navy cybersecurity training contracts, small businesses must ensure compliance with various regulations, including FAR 52.219-9 regarding subcontracting plans. Past performance documentation is also crucial, as it demonstrates a contractor's ability to perform similar work successfully. For contracts involving software, compliance with FedRAMP requirements may be necessary, ensuring the security of cloud services. When submitting proposals for Navy cybersecurity training contracts, contractors must comply with FAR 52.219-9, which requires them to provide a subcontracting plan if their proposal exceeds $700,000. This plan should outline their strategy for subcontracting with small businesses, including SDVOSB and WOSB concerns, with a minimum of 20% subcontracting goal required.
Proposal strategies include:
- Highlighting relevant past performance and experience
- Detailing a comprehensive approach to cybersecurity training
- Ensuring compliance with all regulatory requirements, including subcontracting plans and FedRAMP
- Providing a competitive pricing strategy
Frequently Asked Questions
Q: What is the significance of FAR 52.219-6 in Navy cybersecurity training contracts? A: FAR 52.219-6 pertains to small business set-asides, outlining the requirements for small businesses to participate in these contracts, including compliance and SBA certification.
Q: How do contractors ensure compliance with DFARS 252.204-7012? A: Contractors must implement the required cybersecurity controls, conduct regular security assessments, and maintain incident response plans to ensure compliance with DFARS 252.204-7012.
Q: What evaluation method does the Navy use for cybersecurity training contracts? A: The Navy may use either the best value tradeoff or LPTA evaluation method, as guided by FAR 15.101, depending on the contract requirements and the agency's discretion.
Q: What is the NAICS code for professional and management development training? A: The NAICS code for professional and management development training, which includes cybersecurity training, is 611430.
Q: Why is size standard recertification important for small businesses? A: Size standard recertification is crucial because it ensures that the business remains eligible for small business set-aside contracts, even if its size changes over time.
Key Takeaways
- Understand set-aside basics: Familiarize yourself with FAR 52.219-6 and SBA certification processes to participate in set-aside contracts.
- Comply with cybersecurity requirements: Ensure adherence to DFARS 252.204-7012 and NIST 800-171 standards for protecting CUI.
- Develop a strong proposal strategy: Highlight past performance, detail a comprehensive cybersecurity approach, and ensure regulatory compliance.
- Monitor size standards and recertify as necessary: Stay compliant with SBA regulations to maintain eligibility for small business contracts.
- Stay updated on FedRAMP requirements: Ensure that any software provided complies with FedRAMP standards for cloud security.
- Leverage best value tradeoff or LPTA evaluations: Understand the evaluation methods used by the Navy to tailor your proposal and pricing strategy effectively. RFxNerd helps small businesses navigate the complexities of set-aside programs, certification processes, and cybersecurity requirements, providing resources and guidance to increase their chances of winning Navy cybersecurity training contracts.
Find opportunities like this one
RFxNerd monitors federal procurement and surfaces the best-fit opportunities for your business — scored and ranked automatically.
Try RFxNerd free →