Wireless Network Deployment at SOCNORTH

Revised Performance Work Statement (PWS) Wireless Network Deployment at SOCNORTH, Peterson Space Force Base 1. Purpose / Objective The purpose of this eƯort is to design, develop, implement, test, and validate a Commercial Solutions for Classified (CSfC) Wireless Local Area Network (WLAN) Capabilities Package (CP) architecture to extend both the Secure Internet Protocol Router Network (SIPRNet) and the Non-classified Internet Protocol Router Network (NIPRNet) over a government- controlled network at the SOCNORTH Headquarters building located at Peterson Space Force Base, Colorado. The contractor shall deliver a National Security Agency (NSA)-compliant wireless network solution nested within the USSOCOM Enterprise CSfC wireless architecture that meets the performance outcomes described in this PWS. This eƯort is a greenfield deployment for both CSfC and NIPR wireless capabilities. The deployed WLAN shall serve as the primary source of work for the facility, requiring continuous, high-density, high-capacity sustainment to support current staƯ plus an additional 50-75 new personnel. The physical deployment footprint is strictly limited to the Western portion of the facility (approximately 60% of the ground floor, and 40% of the second floor). Contractors will not be working within the SCIF or the Top Secret East side. The project shall be executed in phased increments governed by Contract Line-Item Numbers (CLINs) and associated Notices to Proceed (NTPs). 2. Scope of Work The contractor shall provide all labor, supervision, management, materials, tools, transportation, equipment, cabling, testing equipment, penetrations, mounting hardware, and incidental services necessary to complete the tasks identified in this PWS. All work shall comply with applicable NSA CSfC Capability Packages, USSOCOM Enterprise Wireless requirements, applicable DoD Security Technical Implementation Guides (STIGs), NSA Common Criteria requirements, and industry best practices. 2.1 Phased Execution CLIN 0001 – Study and Design (FFP) Upon issuance of Notice to Proceed (NTP), the contractor shall:  Conduct pre-onsite assessments (this is not mandatory).  Conduct wireless site surveys utilizing AP-on-a-stick methodology where practical.  Evaluate existing infrastructure and environmental readiness. -- 1 of 10 --  Assess cybersecurity considerations applicable to the CSfC WLAN deployment.  Develop and deliver High-Level Design (HLD) and Low-Level Design (LLD) documentation.  Develop predictive and measured wireless heat maps.  Develop a proposed milestone schedule, accounting for on-hand government furnished equipment (see appendix 1) that must be used for this project and a list of any additional equipment needed to execute this project along with procurement lead times.  Submit final deliverables for government review and approval. Government acceptance of CLIN 0001 deliverables is required prior to issuance of NTP for CLIN 0002. CLIN 0002 – Equipment Procurement and Installation (NTE FFP) Following Government approval of the HLD/LLD and issuance of NTP, the contractor shall:  Procure all required non-Government Furnished Equipment (GFE). Cost to government must be realistic, fair and reasonable.  Provide a 1-year equipment and workmanship warranty for all procured and installed components.  Perform all wall, floor, and ceiling penetrations required for cable routing and AP installation.  All new penetrations shall match existing with conduit sleeves, bushings, acoustical caulking, and 2hr fire rated caulking at all fire-rated walls.  Provide all mounting hardware, lift equipment, and installation tools.  Install, configure, integrate, and validate all WLAN components to include:  The installation of all required CAT6A shielded plenum-rated cabling.  Implementation and deployment of 802.1x Network Access Control (NAC) and RADIUS/NPS infrastructure.  Configuration of firewall policies to logically segment IoT, guest, user, and admin traƯic.  Implement dedicated Wireless Intrusion Detection System (WIDS) capability as required for NSA CSfC compliance when not satisfied by existing GFE. -- 2 of 10 --  Implement high availability (HA) and redundancy using industry best practices consistent with the operational constraints of SIPRNet and NIPRNet services.  Configure a dedicated, on-premises controller architecture for the CSfC WLAN environment.  Implement RF containment strategies (e.g., directional antennas, power reduction, optimal AP placement) to ensure unclassified WLAN coverage does not unintentionally penetrate SCIF boundaries. The Government shall provide connectivity between IDFs and the MDF through existing fiber penetrations. CLIN 0003 – Testing and Validation (NTE FFP) The contractor shall perform testing and validation activities upon completion of installation activities and prior to Government acceptance. Testing activities shall include:  End-to-end SIPRNet and NIPRNet connectivity validation to include but not limited to end user devices.  RF coverage validation.  Interference and redundancy validation.  Configuration validation.  STIG compliance validation.  Security compliance checklist verification.  Validation of CSfC WLAN implementation requirements.  Proper documentation of the WLAN implementation.  Post-installation wireless site survey and updated heat map generation. Testing shall not include penetration testing or red team assessment activities. Government personnel shall evaluate final operational standards for acceptance. CLIN 0004 – Final Documentation (NSP) The contractor shall provide final project documentation including:  Updated wireless heat maps.  As-built drawings and documentation.  Final equipment inventories.  Configuration backups and baseline configurations. -- 3 of 10 --  Final testing and validation reports.  Network integration diagrams.  Site Wireless Security Operating Plan (SOP).  Final project closeout package. All costs associated…