SAM #W909MY-26-R-A003

Army RFI: Software Sustainment Services for DPGDS Power Unit MEP-PU-810C/D

The Department of the Army is seeking information from qualified sources for software sustainment services supporting the Deployable Power Generation and Distribution System (DPGDS) Power Unit MEP-PU-810C/D. - Government Buyer: - Department of the Army, Army Contracting Command Aberdeen Proving Ground, Belvoir Division - Product Lead, Large Power Systems (PdL LPS) - Scope of Services: - Comprehensive software sustainment for DPGDS Power Unit MEP-PU-810C/D - Program management and systems security engineering - Secure software development and software assurance - Supply chain risk management - Continuous cybersecurity and vulnerability management - Software Components (OEMs/Products): - Dief - Easy Reg - Jal Test - Webasto - Basler - Beijer - Notable Requirements: - Addressing hardware and software obsolescence - Ensuring mission readiness and compliance with Army lifecycle sustainment policy - Demonstrated expertise in secure software development, vulnerability management, and supply chain risk management - Transition planning for long-term sustainment and data rights/documentation - Period of Performance: - Sustainment activities expected for 17-25 years from initial fielding, supporting lifecycle through obsolescence and cybersecurity challenges - Place of Performance: - Fort Belvoir, VA (primary) - Contracting activities at Aberdeen Proving Ground, Belvoir Division and Alexandria, VA

Description

1.0 PURPOSE.

1.1 This Request for Information (RFI) is issued by the Army Contracting Command-Aberdeen Proving Ground, Belvoir Division (ACC-APG, B) on behalf of the Product Lead, Large Power Systems (PdL LPS) to identify sources capable of providing comprehensive software sustainment services for the Deployable Power Generation and Distribution System (DPGDS) Power Unit, MEP-PU-810D. The result of this market research will assist the Government in the development of the Acquisition Strategy if the requirement materializes.

1.2 DISCLAIMER THIS IS NOT A NOTICE OF Request for Proposal (RFP) ISSUANCE. The Government is not seeking proposals and will not accept unsolicited proposals at this time. Telephone inquiries will not be accepted or acknowledged, and no feedback or evaluation will be provided. The Government will retain all responses, which will be protected as business sensitive and will not be released outside of the Government and the Government’s program support contractor(s). Respondents are advised that the Government will not pay for any information provided, or administrative costs incurred, in response to this RFI. All costs associated with responding to this RFI will be solely at the Respondent’s expense. Defense and commercial contractors, including small businesses, veteran-owned businesses, service-disabled veteran-owned businesses, HUB Zone small businesses, and woman-owned small businesses are encouraged to participate. Not responding to this RFI does not preclude participation in any future Request for Proposal(s) (RFP), if any is issued. It is the responsibility of the potential offerors to monitor for additional information pertaining to any future requirement. Information received will not be considered confidential/proprietary unless marked accordingly. Company proprietary data will be reviewed by Government employees and authorized representatives only. The Government shall not be liable for or suffer any consequential damages for any improperly identified proprietary information. This request is for informational purposes only to promote exchanges of information.

1.3 Requirement. The MEP-PU-810 Power Unit (the power generation part of the Deployable Power Generation & Distribution System) was first fielded in Fiscal Year (FY) 2021 and IAW Assistant Secretary of the Army (Acquisition, Logistics and Technology) (ASA(ALT)) economic useful life (EUL) policy has an estimated EUL of 17-25 years. This will lead to hardware and software obsolescence challenges in the future. These sustainment and cybersecurity challenges must be addressed to maintain mission readiness. The DPGDS PU Recapitalization, MEP-PU-810D effort, is nearing the end of its production contract. DPGDS software components are currently supported for the duration of this contract. At the end of the current contract, the MEP-PU-810C/D will transition to sustainment (T2S) and be transferred to the U.S. Army Communications-Electronics Command, Integrated Logistics Support Center (ILSC). Software sustainment, however, will remain with PdL LPS. IAW ASA(ALT) Policy, PdL LPS is required to sustain the software for the lifecycle of the system. There is a potential need to acquire contractor services to manage, maintain, and secure the software for the MEP-PU-810D fleet. This requirement encompasses program management, systems security engineering, secure software development, software assurance, Supply Chain Risk Management (SCRM), and continuous cybersecurity and vulnerability management for the DPGDS software (Dief, Easy Reg, Jal Test, Webasto, Basler and Beijer).

2.0 INSTRUCTIONS Respondents are requested to provide clear and concise answers to the following questions (paragraphs 3 through 6). Please structure your response to align directly with the numbering utilized below in this questionnaire. Questions and responses related to this Government issued RFI are due 30 days from the posting of this document. Responses should not be greater than fifteen (15) pages (Arial Font 12, single spaced). You may submit your responses via email TBD. Questions regarding the requested material may also be sent via email prior to the due date. Upon receipt and review of the RFI responses the Government reserves the right to extend an invitation for in-person discussions at Fort Belvoir, VA, and/or conduct additional RFIs as required to support market research efforts. No Classified or sensitive information shall be included in your response. Interested parties are responsible for appropriately marking proprietary or competition-sensitive information contained in their response. All information marked as proprietary information will be safeguarded to prevent disclosures to non-Government personnel and entities. Your response to this RFI, including any capabilities statement and specification sheet, shall be electronically submitted to the Contract Specialist, Ms. Keane Sablon, in either Microsoft Word or Portable Document Format (PDF), via email at keane.s.sablon.civ@army.mil and Contracting Officer Rosetta Wisdom-Russell at e-mail rosetta.wisdom-russell.civ@army.mil no later than 3:00 p.m on 29 May 2026 and reference this RFI number in subject line of e-mail and on all enclosed documents. Information and materials submitted in response to this request WILL NOT be returned. DO NOT SUBMIT CLASSIFIED MATERIAL.

3.0 COMPANY INFORMATION. Respondents should include the following information at the beginning of their response. 3.1 Company Name: 3.2 Company Address: 3.3 Company Website: 3.4 CAGE Code and Unique Entity Identifier (UEI): 3.5 Point of Contact (Name, Title, Email, and Phone Number): 3.6 Business Size and Socio-economic Status: 3.7 Approved Accounting System: (Yes or No) 3.8 What is your company's Facility Clearance Level (FCL) and Cybersecurity Maturity Model Certification (CMMC)? What is your capability to provide personnel with active DoD security clearances (Secret, Top Secret) if required? 3.9 Please describe your company's experience with various contract types for efforts of similar scope (e.g., Firm-Fixed-Price, Cost-Plus-Fixed-Fee, Time & Materials). Which contract type(s) do you believe would be most appropriate for this long-term sustainment effort and why?

4.0 CAPABILITIES AND TECHNICAL EXPERIENCE. Respondents are requested to address each item listed below in Section 4: 4.1 System Security Engineering (SSE). 4.1.1 Describe your company's approach to integrating Systems Security Engineering (SSE) into the overall systems engineering process, in accordance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-160, Volume I and II. 4.1.2 What experience does your company have in creating and maintaining system artifacts (e.g., system architecture, data flow diagram, etc.) to support Risk Management Framework activities in accordance with NIST SP 800-37 and NIST SP 800-53? 4.2 Secure Software Development. 4.2.1 Describe your company's documented secure software development lifecycle. 4.2.2 What processes do you use to ensure all cybersecurity mitigations (e.g., updates, service packs) are applied to your development and test environments? 4.2.3 Explain how you enable and perform verification of software and firmware components to ensure their integrity? 4.2.4 Describe your experience in establishing and maintaining a government-owned or controlled software development/integration lab environment. What Continuous Integration/Continuous Delivery (CI/CD) pipeline tools (e.g., Jenkins, GitLab CI, CircleCI) have you implemented for automated builds, testing, and security scanning? 4.3 Software Assurance. 4.3.1 Describe any experience providing government clients with access to source code and software dependencies for vulnerability analysis. 4.3.2 What tools and practices does your company employ to minimize software weaknesses (e.g., static/dynamic code analysis, vulnerability scanning)? Please list specific tools. 4.3.3 Describe your company’s experience ensuring consistent software assurance practices for multiple third-party software applications in a single system boundary. 4.4 Cybersecurity Test & Evaluation (Cyber T&E) 4.4.1 Describe your experience participating in Government-led security assessments, such as Cooperative Vulnerability Identification (CVI), Cooperative Vulnerability and Penetration Assessments (CVPA), Adversarial Assessments, or similar events. 4.5 Cybersecurity Vulnerability Management and Testing. 4.5.1 Describe your company's approach to establishing and maintaining an Information Assurance Vulnerability Management (IAVM) program. 4.5.2 What is your process for conducting vulnerability scans using Defense Information Systems Agency (DISA)-approved Security Content Automation Protocol (SCAP) tools, analyzing the results, and developing mitigation plans for STIG findings categorized as CAT I, II, and III. 4.5.3 Describe your company’s incident response process for cyber incidents that affect a government information system. 4.6 Supply Chain Risk Management (SCRM). 4.6.1 Describe your experience developing and executing a SCRM Plan and Counterfeit Prevention Plan compliant with NIST SP 800-161. 4.6.2 What is your process for developing and maintaining a Supply Chain Risk Register? 4.6.3 Describe your company’s capability to generate, deliver, and maintain an Electronic Bill of Materials (eBOM) / Software Bill of Material (SBOM) for all software and Information and Communication Technology (ICT) hardware components with each release. What formats (e.g., SPDX, CycloneDX) are you capable of producing? 4.6.4 What experience do you have with developing a Critical Functionality Analysis (CFA)? 4.6.5 Beyond generating an eBOM/SBOM, describe your process for continuously monitoring the components listed within it for new vulnerabilities (e.g., using tools like Sonatype, Black Duck, or open-source equivalents). How do you assess the risk of a new vulnerability in a dependency and prioritize its remediation? 4.7 Documentation and Data Rights. 4.7.1 Describe your experience ensuring timely access to system administrator and user documentation produced and maintained by third party vendors and the processes used to ensure documentation remains available and current throughout the system lifecycle. 4.7.2 Please confirm your company’s understanding and ability to deliver all technical data, documentation, and management of commercial-off-the-shelf (COTS) software with Government Purpose Rights (GPR). 4.7.3 Please confirm your company’s understanding and ability to deliver all technical data, documentation, and management of software source code with Unlimited Rights. 4.8 Forecasting & Obsolescence Management. 4.8.1 Describe your approach to technology forecasting and obsolescence management for long-lifecycle systems. How would you proactively identify, plan for, and execute technology refresh or modernization activities to ensure the system remains sustainable and secure through FY38-FY47. 4.9 Program Management. 4.9.1 Describe your proposed program management approach for an effort of this size and duration. What metrics would you use to report on cost, schedule, performance, and risk to the Government?

5.0 TRANSITION APPROACH 5.1 Describe your company’s notional approach and methodology for transitioning a complex software system from an outgoing production contractor to your team for long-term sustainment. Please include key transition activities, risk-mitigation strategies, and how you would ensure no degradation of support. 5.2 What specific data, artifacts, and access (e.g., source code repositories, build scripts, current vulnerability scans, architectural diagrams, incumbent engineer support) would you require from the outgoing contractor and the Government to ensure a successful transition?

6.0 BUSINESS QUESTIONS. 6.1 Does your company consider the requirement as described in this RFI to be commercial as defined by the Federal Acquisition Regulation (FAR) 2.101? If yes, why? 6.2 Provide type of business large/small. 6.3 If previously provided similar support on a Government contract, please provide the following: a. Contract Number b. Contract Type c. Client Department of Agency d. Percentage of services subcontracted e. Total contract Value at Award f. Contract Type

Questions and requests for clarification Questions and requests for clarification of information must be submitted to: keane.s.sablon.civ@army.mil and rosetta.wisdom-russell.civ@army.mil no later than 15 calendar days following RFI posting. Questions with CUI shall be submitted via DOD SAFE. If you require a drop link, please contact rosetta.wisdom-russell.civ@army.mil and keane.s.sablon.civ@army.mil. Questions and requests will only be accepted in writing; phone calls will not be accepted. Requests shall be submitted only to the email address specified above. Any other forms of request for additional information will not be honored. Questions Due Date: 14 May 2026

This announcement is issued solely for information and planning purposes and does not constitute a solicitation. Proprietary information and trade secrets, if there are any, must be clearly marked on all materials. All information received that is marked Proprietary will be handled accordingly. Responses will not be returned, nor will the Government confirm receipt. In accordance with FAR 15.201(e), responses are not offers and cannot be accepted by the Government to form a binding contract. All Government and Contractor personnel reviewing responses will have signed non-disclosure agreements and understand their responsibility for proper use and protection from unauthorized disclosure of proprietary information as described in 41 USC §2101-2107. The Government shall not be liable for or suffer any consequential damages for any proprietary information not properly identified. Proprietary information will be safeguarded in accordance with the applicable Government regulations.

All data received in response to this RFI that is marked or designated as corporate or proprietary will be fully protected from any release outside the Government.

View original listing