Integrated Defensive Cyberspace System (IDCS) Secure Platform Architecture for Real-Time Threat Analysis and Network Defense (SPARTAN)

Other / Unclassified

This document is a memorandum from the Department of the Air Force, Air Force Life Cycle Management Center (AFLCMC), Cryptologic and Cyber Systems Division, to respondents of a Request for Information (RFI) regarding the Integrated Defensive Cyberspace System (IDCS) Secure Platform Architecture for Real-Time Threat Analysis and Network Defense (SPARTAN) RFI (SAM.gov #FA8307-25-R-B057).

This memorandum serves as a notice of conclusion for the aforementioned RFI. The U.S. Air Force thanks vendors for their responses. Due to the determination that a viable and competitive path exists through established General Services Administration (GSA) contract vehicles, and in alignment with procurement consolidation directives, the Government will leverage these existing vehicles. Consequently, this RFI is now considered closed, and no further follow-on activities, including meetings or a subsequent Request for Proposal, will result from it. The Department of the Air Force encourages vendors to monitor for future opportunities.

Questions & Answers / Clarifications

This document provides responses to vendor questions regarding the SPARTAN RFI 2, dated September 16, 2025. It clarifies various aspects of the anticipated solicitation and contract.

• Draft RFP and Timelines: The Government has not made final decisions on whether a draft RFP will be executed. Timelines for the final RFP are not yet determined.
• Number of Awards: The Government will inform potential offerors of the number of prime awards at a later date.
• Task Orders (TOs): Task Orders will be awardable upon award of the SPARTAN MAC IDIQ. The specific Capability Areas (CAs) addressed in initial TOs will be determined by the priority of IDCS execution.
• Oral Presentations: Oral presentations may be included in the solicitation and evaluation process to streamline it and validate offeror competency.
• Labor Categories (LCATs): The provided LCAT table is a notional inventory; inputs are sought for revisions to ensure comprehensive coverage. KPPs and LCATs will be determined by Task Order requirements.
• SPARTAN vs. IDCS: SPARTAN is the contract vehicle name, while IDCS is the System-of-Systems. They are not interchangeable.
• Interoperability Platforms (IOPs): IOPs are defined as Information Operations Platforms. Sustainment of IOPs will occur until absorbed by IDCS; transition to the SPARTAN vehicle is possible.
• CMMC Level 3: This RFI is for market research regarding CMMC Level 3. The strategy will be finalized at RFP. The Government is considering how to balance fair competition with appropriate compliance levels, especially for small businesses.
• Facility Clearance: A minimum SIPR facility clearance is required upon award of the IDIQ. Vendors without their own facilities may operate within a cleared facility. Subsequent task orders may require facility clearance.
• On-Site Work: Approximately 75% of Task Order execution is expected to be performed in San Antonio, TX. KPPs are required to be in San Antonio, TX for the duration of their awarded task.
• Small Business Set-Aside: The Government is considering small and large business pools, but market research will determine the final course of action.
• Data Rights: For items solely developed under the contract, the Government will acquire unlimited rights. Pre-existing IP, commercial licenses, and OSS will be handled according to DFAR clauses.
• Cybersecurity Requirements: SBOMs and source code delivery will be required. Utilization of DoD repositories and/or Iron Bank is expected. TS/SCI-eligible (SSBI fully adjudicated) is acceptable for KPPs.

This Q&A document provides significant clarification on various aspects of the upcoming solicitation, including award timelines, contract structure, technical requirements, security protocols, and vendor responsibilities. It is crucial for potential bidders to review these responses to understand the Government's expectations and to inform their proposal strategies.

Request for Information (RFI)

This RFI is for market research purposes only, not to award a contract. The government seeks information to identify potential businesses capable of providing services for the Integrated Defensive Cyberspace System (IDCS). Responses will help shape requirement prioritization, acquisition approach, and performance work statements. The government is considering a Multi-Award Contract (MAC) IDIQ for the Secure Platform Architecture for Real-Time Threat Analysis and Network Defense (SPARTAN) program, aiming to protect and defend the Department of the Air Force (DAF) cyberspace domain.

The RFI poses detailed questions across several capability areas, including:

• Cloud Services and Infrastructure Management: Experience with Cloud One and Platform One integration, diverse hardware platforms, Infrastructure as Code (IaC)/Configuration as Code (CaC), infrastructure monitoring, and hybrid cloud architectures.

• Agile Software Engineering and DevSecOps: Expertise in DevSecOps frameworks, CI/CD pipelines, software component integration, Agile methodologies, containerization, orchestration, and software testing/configuration management.

• Cybersecurity Operations and Compliance: Implementing Zero Trust architectures, achieving Authority to Operate (ATO), continuous security monitoring, intrusion detection, incident response, and supply chain risk management.

• Data Management, Analytics, and Intelligent Automation: Designing data pipelines, managing big data platforms for Defensive Cyber Operations (DCO), advanced analytics (AI/ML), and data security.

• System and Enterprise Integration Services: Experience with System-of-Systems integration, DoD enterprise services integration, interface definition, and DoD networking standards.

• Command, Control, Communications, Computer, and Cyber Intelligence (C5I) Support: Integrating C2 applications and cyber intelligence platforms.

• Enterprise Architecture and Requirements Management: Developing and managing enterprise architecture, DoD/DAF alignment, and technology assessment.

• Test, Evaluation, and Validation Services: Developing Test and Evaluation Master Plans (TEMP) and automated testing.

• Service Management, Training, and Sustainment Operations: Establishing service desks and developing user training programs.

• Program Management, Governance, and Innovation: Program management approach, enterprise architecture sustainment, subcontractor management, and innovation.

• General Implementation Approach: Innovative technologies, implementation strategy, scalability, interoperability, inter-CA integration, project management, multi-vendor environment management, and risk assessment.

• Responses are due by 29 September 2025, 2:00 pm CST.

• Responses must be submitted electronically via email or DoD SAFE.

• Proprietary information should be minimal and clearly marked.

• The government may conduct industry discussions for further clarification.

• Small businesses are encouraged to participate.

• Joint ventures or teaming arrangements are encouraged.

• This RFI is subject to change and is not binding on the Government.

• The government plans to leverage generative AI in the IDCS effort.

• Vendors should refer to Attachment 3, SPARTAN Whitepaper Template, for response structure.

Form / Attachment / Pricing Sheet

This document is a template for vendors to submit a whitepaper response to the Request for Information (RFI) 2 for the SPARTAN MAC IDIQ IDCS program (RFI FA8307-25-R-B057). It provides a standardized format to ensure submissions are complete and easily evaluated.

• Administrative Information: Includes instructions on content structure, answering questions, cohesive narratives, focused responses on relevant capability areas, use of specific examples, alignment with the Statement of Objectives (SOO), handling of proprietary and CUI information, submission format (Word and PDF), language, formatting, and file naming conventions.
• Vendor Information: Fields to capture company name, address, UEI/CAGE code, point of contact, and web URL.
• Business Status Certification: Questions regarding business size, ownership, existing contract vehicles, and partnerships.
• Technical & Security Capabilities: Inquiries about facility security clearance, accounting systems, on-site work ability, CMMC compliance, network access, cleared facilities, employment of foreign nationals, and affiliation with foreign governments.
• Cost and Software Data Report (CSDR) Experience: Questions regarding experience with specific DFARS clauses and Data Item Descriptions.
• Contract Type: Inquiry about appropriate contract types for the effort.
• Technical Response - Capability Area-Specific Questions: Instructions to respond to questions from the RFI Letter, Section 2, by constructing cohesive narratives for specific capability areas (e.g., Cloud Services, Cybersecurity, Data Management, etc.), with defined page limits for each.
• Proprietary Information Section: Guidance on marking and segregating proprietary information.

This template is critical for vendors intending to respond to the SPARTAN RFI 2. It outlines the required structure, content, formatting, and submission details for the whitepaper. Adherence to these instructions, including page limits and specific content requirements for each capability area, is essential for a compliant and competitive response. Vendors must carefully review and complete all sections relevant to their capabilities and the RFI's objectives.

Amendment / Modification

This amendment provides the Government's answers to contractor questions received for RFI 2 regarding the SPARTAN project. Key revisions include:

• RFI 2 Letter:
  • Section 3.3 title changed from "Documentation Marking/Proprietary Information" to "Use of Non-Government Advisors."
  • Response date extended from September 19, 2025, to September 29, 2025, at 2:00 pm CST.
• Attachment 1 SPARTAN SOO:
  • Section 2 (Scope) revised from "Interoperability" to "Information Operations."
  • Section 4.5.8.2 revised from "Test and Evaluation Master Plan (TEMP)" to "Test and Evaluation Strategy (TES)."
  • Section 7.1 revised to clarify that all personnel accessing classified information must possess appropriate individual clearances, regardless of facility. It also removed a previous requirement for 20% of staff to have active clearances upon award and revised the requirement for a Facility Clearance (FCL) at the TS/SCI level upon award, allowing for established partnerships to satisfy this if approved.
  • Appendix A, Section 4.1 revised to spell out "Enterprise Logging X-tra and Big Data Platform" instead of "ELX and BDP."
• Attachment 3 SPARTAN Whitepaper Template:
  • Section D.x. added a question: "What contract type/s is/are appropriate for this effort?"

• RFI 2 Letter (Sections 3.3, 6.1)

• Attachment 1 SPARTAN SOO (Sections 2, 4.5.8.2, 7.1, Appendix A Section 4.1)

• Attachment 3 SPARTAN Whitepaper Template (Section D.x.)

• The deadline for RFI responses has been extended to September 29, 2025, at 2:00 pm CST.

• Bidders should ensure they are using the revised documents for their RFI response.

• A new question regarding appropriate contract types has been added to the Whitepaper Template.

Amendment / Modification

This document is Amendment 1 to Attachment 1 of the SPARTAN SOO (Statement of Objectives). The revision date is noted as 16 September 2025, with the original date being 28 August 2025.

This amendment revises the document titled "INTEGRATED DEFENSIVE CYBERSPACE SYSTEM (IDCS) SECURE PLATFORM ARCHITECTURE FOR REAL-TIME THREAT ANALYSIS AND NETWORK DEFENSE (SPARTAN) STATEMENT OF OBJECTIVES (SOO)". Specific sections and their content are updated as detailed within the full document, including revisions to the Table of Contents, Background, Scope, Strategic Objectives, Performance Requirements (across various Capability Areas), General Requirements, Contractor Responsibilities, Security Requirements, Certifications and Agreements, Data Rights & Intellectual Property, Services Summary, Contract Administration, and Deliverables.

This amendment updates the SOO document itself. Potential bidders should review the entire revised SOO to understand any changes to requirements, objectives, or deliverables that may impact their proposals. Specific impacts on proposal deadlines or submission rules are not explicitly detailed in this summary but should be reviewed within the full amendment.

Form / Attachment / Pricing Sheet

This document, "Attachment 2_SPARTAN LCATs Table_28 August 2025.xlsx", provides a detailed table of Labor Categories (LCATs) relevant to the SPARTAN program. It outlines various cybersecurity-related roles, their associated skill levels, functional responsibilities, required skills and experience, security clearance requirements, degree expectations, and location considerations.

• Labor Categories (LCATs): Includes roles such as Cloud Security Engineer, DevSecOps Engineer, Cybersecurity Analyst, Threat Intelligence Analyst, Incident Responder, Data Scientist (Cybersecurity Focus), Platform Engineer, Enterprise Architect (Cybersecurity Focus), Test and Evaluation Engineer (Cybersecurity Focus), Cybersecurity Trainer, Program Manager (Cybersecurity Focus), Cybersecurity Compliance Specialist, AI Ethics and Governance Specialist, Zero Trust Architect, Quantum Security Specialist, Cybersecurity Research Scientist, OT/ICS Security Specialist, Vulnerability Researcher, Field Service Engineer (Cyber Systems), Logistics Specialist, Configuration Management Specialist, Red Team Operator, Technical Program Manager, Technical Writer, Software Developer (Applications), and Training and Development Specialist.
• Skill Levels: Defines levels from Junior (0-3 years experience) to Subject Matter Expert (SME) (10+ years experience), with descriptions for Mid-Level (3-7 years) and Senior (7-10 years).
• Requirements: Specifies functional responsibilities, required skills/experience, security clearances (Secret, TS/SCI), and educational expectations (degrees).
• Location Considerations: Notes specific location requirements (e.g., San Antonio, TX) or if the role is optional for a particular location.

This table is crucial for bidders to understand the specific labor categories, skill sets, and experience levels required for personnel proposed on this opportunity. It directly informs staffing plans, resource allocation, and the qualifications needed to meet contract requirements. Bidders should use this as a guide to ensure their proposed team members meet the defined LCAT and skill level expectations.