The Department of Homeland Security, Cybersecurity and Infrastructure Security Agency, Infrastructure Division, Infrastructure Security Compliance Division has a continuing requirement for exercise program support.

CISA’s mission is to lead the national effort to protect and enhance the resilience of the nation’s physical and cyberinfrastructure. CISA includes the CISA Management and Business Service Offices and four Divisions: the Cybersecurity Division (CSD), the Emergency Communications Division (ECD), the Integrated Operations Division (IOD), Infrastructure Security Division (ISD), the Stakeholder Engagement Division (SED), as well as, the National Risk Management Center (NRMC), which are headquartered with the National Capital Region (NCR).

This requirement will assist CISA in the planning, conduct, evaluation, and management of a broad spectrum of cyber and infrastructure security exercise efforts focused on improving the readiness of federal, state, local, tribal, and territorial (SLTT) government agencies as well as critical infrastructure sector partners.

• The contractor shall provide full-spectrum exercise support services to CISA in accordance with Homeland Security Exercise and Evaluation Program (HSEEP) guidelines. HSEEP defines two types of exercises: discussion-based and operations-based. Discussion-based exercises familiarize players with plans, policies, agreements, and procedures. Examples of these exercises are seminars, workshops, facilitated discussions, tabletop exercises (TTX) and games. Operations-based exercises validate the plans, policies, agreements, and procedures that were reviewed in the discussion-based exercises. Examples of operations-based exercises are drills, functional exercises (FE), and full-scale exercises (FSE).
• The contractor will be required to provide the availability of a wide spectrum of skills ranging from programmatic and administrative support (program management, front office support, meeting planning, and technical document development) to critical exercise specific skills (scenario and policy development, cyber subject matter expertise, and critical infrastructure knowledge). The contractor will need to have the capacity to support exercise surge requirements as exercise planning and conduct dictates.

Specific Tasks:

• Program Management and Analytical Support -The contractor shall provide administrative, analytical, and technical support to respond to CISA tasks, including researching and coordinating responses. Other tasks may include, but are not limited to:
  • Provide technical tools to support registration, tracking, and analysis of exercise participants.
  • Provide technical tools to support collection, analysis, and communication of exercise findings, recommendations, and lessons learned.
  • Support the preparation of correspondence, briefing materials, and other related documentation in support of the normal day-to-day operations of CISA.
  • Support intra- and interagency exercise coordination efforts.
  • Support the development, tracking, analysis, and reporting of program performance metrics.
  • Prepare responses to requests for information from higher headquarters, other federal departments and agencies, or other external stakeholders.
  • Maintain the program’s quantitative statistical data for reports and analysis.
  • Develop, maintain, and update CISA knowledge management tools and repositories, such as the CISA SharePoint site and activities database, or other knowledge management systems as designated by the government.
  • Conduct semi-annual and annual reviews and analysis of exercises and other program data collected through pre- and post-event assessments, questionnaires, and surveys.
  • Provide executive assistance support to include responsibilities such as document copying and filing; maintaining calendars and schedules; handling meeting logistics; composing correspondence; tracking deadlines on incoming requests; answering phone calls; handling all inquiries within their capacity; arranging callbacks to protect the principal’s time; providing backup materials for callbacks; scheduling appointments and meetings; preparing agendas; scheduling meeting facilities; preparing action minutes; scheduling travel; preparing itineraries, trip files and supplies; and preparing settlement vouchers after trips.
  • Provide Human Capital (HC) advice and assistance, including but not limited to, supporting the administration of HC processes and procedures for staffing, position descriptions, classification, performance management, awards, training, and all personnel actions.
  • Provide technical editing for all products developed by CISA Exercises and ensure that they meet all appropriate style guides and that they are free of grammatical errors.
  • Develop and maintain a CISA exercise calendar for CISA-wide awareness of all CISA exercise activity.
  • Support monthly, or as required, coordination meetings to discuss CISA’s overall participation in exercises, in either a planning or player capacity.
• Exercise Design and Development, Conduct, Evaluation.
  • The contractor shall provide all required support to design, develop, conduct, and evaluate stakeholder exercises in accordance with HSEEP guidance. These exercises will include both discussion- and operations-based events, as determined by stakeholder needs and CISA priorities. Exercise development, execution, and evaluation tasks typically include, but are not limited to: supporting key planning milestones such as the Concept and Objectives Meeting (C&O), Initial Planning Meeting (IPM), Midterm Planning Meeting (MPM), Master Scenario Events List (MSEL) development and coordination, and Final Planning Meeting (FPM); developing exercise material, as outlined below; facilitating or controlling the exercise; managing exercise logistics; managing exercise data collection and analysis to support evaluation; and developing After-Action or Summary Reports to capture exercise outcomes. The contractor shall provide HSEEP, cybersecurity, and/or infrastructure security subject matter expertise (SME) at all directed meetings.
  • Exercise Documentation
    • The contractor shall support the development and coordination of all relevant exercise documentation as required. Exercise documentation may include, but is not limited to:
    • Concept of Operations (CONOPS)
    • Exercise meeting presentations and notes
    • Exercise scenario and discussion questions
    • Meeting minutes
    • Scenario exercise artifacts (e.g., simulated incident reports, indicators of compromise, symptomology cards, etc.)
    • Master Scenario Events List
    • Situation Manual (SITMAN)
    • Exercise presentation
    • Exercise Plan (EXPLAN)
    • Controller/Observer Staff Instructions (COSIN)
    • Exercise Control (EXCON) design/diagrams/schematics
    • Participant feedback forms
    • Administrative documents (invitation letters, sign-in sheets, etc.)
    • Exercise fact sheets
    • Exercise evaluation plans
    • Exercise evaluation guides
    • Quick Look Reports
    • After-Action Reports
    • Summary reports
    • Video scripts and video production support
    • Corrective Action Plan
    • Other documentation as required by the government
  • Required Meetings
    • The contractor shall conduct, as appropriate, major planning meetings, which may include, but are not limited to, the following:
    • Concept and Objectives Meeting
    • Initial Planning Meeting (IPM)
    • Midterm Planning Meeting (MPM)
    • In Progress Reviews (IPR)
    • Master Scenario Events List Synch Meeting
    • Final Planning Meeting
    • Corrective Action Planning (CAP) Meeting
    • After-Action Meeting
    • Other meetings as required
  • Exercise Conduct
    • The contractor shall support the overall conduct of the exercises, to include but not limited to:
    • Design, equip, and staff the Exercise Control (EXCON)
    • Development of the Exercise Plan (EXPLAN) and all required components (safety, comms, logistics, etc.)
    • Support player/controller operations
    • Reservation of venue or meeting space (as required)
    • Setup/breakdown of exercise venue
    • Registration of all exercise participants and observers
    • Exercise facilitation
    • Data collection or notetaking to support evaluation
    • Coordination of actors and facilitating their use during the exercise
    • Development and adherence to required safety plans and weapons protocols
    • Providing personnel who are familiar with and have the ability to apply moulage (to include the creation of prosthetics and maintenance of required products)
    • If unmanned aerial systems (UAS) are used, providing Federal Aviation Administration qualified pilots and awareness of safety protocols
    • Deployment and retrieval of exercise equipment (‘blue guns’, radios, etc.)
    • Operation and management of simulation tools or platforms
    • Distribution and retrieval of feedback forms
    • Identifying logistics requirements (e.g. Audio Visual, seating, room configuration, etc.)
    • Other actions as required by the government to facilitate successful exercise conduct
  • Post-Exercise Reports
    • The contactor shall produce post-exercise reports, which may consist of, but are not limited to the following:
    • AAR
    • CAP
    • Exercise Key Takeaways
    • Summary Reports
    • Quick Look Reports
  • CISA Tabletop Exercise Packages:
    • Targeting each sector and its unique issues and facilities, CISA Tabletop Exercise Packages (CTEP) provides a comprehensive set of resources designed to assist stakeholders in conducting their own exercises. Each package is customizable and includes template exercise objectives, scenarios, and discussion questions as well as a collection of references and resources. The contractor shall create and update the entire suite of CTEP planning materials, create new and dynamic scenarios based on emerging threats, and as required, utilize stock video injects to enhance the participants’ exercise experience, knowledge, and capabilities. Currently, there are over 90 different CTEPs. The contractor shall organize and maintain the CTEP’s on the CISA.gov website, the Homeland Security Information Network (HSIN) Critical Infrastructure Portal, or other platforms as directed. The contractor shall develop and/or update CTEP factsheets and instructions on how to use and access CTEPs as directed by the government.
  • Exercise Template Development and Maintenance:
    • The contactor shall support the development and maintenance of exercise templates and other requirements to include, but not limited to:
    • Documents
    • Spreadsheets
    • Presentations
    • Project management
    • Surveys
    • Emails
  • Media and Simulation Services:
    • The contractor shall design, create, and manage media and simulation services and products to support the design, development, conduct, and evaluation of exercises. Media and simulation services and products include, but are not limited to:
    • Videos
    • Digital images
    • Animation
    • Graphic design products
    • Simulated traditional print and video media and social media
    • Simulated computer and IT networks
    • Simulated websites
    • Internet simulations of the open and dark web
  • Strategic Planning and Communications
    • The contractor shall provide strategic planning and communications support for CISA to promote awareness of the exercise program and the benefits it provides. Tasks may include:
    • Develop strategic and annual plans and guidance with respect to CISA internal operations and agency-wide exercise implementation.
    • Develop concepts of operation for future exercise service delivery models and mechanisms.
    • Support development and implementation of CISA approaches to communications, outreach, and strategy development specifically in regard to exercises.
    • Develop and maintain strategic communication, outreach and engagement plan on behalf of CISA for national, regional, state, local, and private sector partners.
    • Prepare program and exercise fact sheets, briefing papers or other similar documents.
    • Develop analytical products (e.g., meta-analysis) and reports to communicate exercise data, findings, trends, and best practices to a variety of stakeholders, internal and external to the Government.
    • Assist in maintaining and organizing content on CISA.gov and other platforms, as directed.
  • Exercise-Related Training
    • Exercise Design and Facilitation Training
      • The contractor shall provide exercise-related training services to enhance CISA’s internal exercise capabilities. Tasks may include but are not limited to:
      • Conduct training needs analysis to define training requirements for CISA and stakeholder personnel.
      • Design and provide exercise design and facilitation training to maintain and develop the professional exercise design and facilitation capabilities of CISA exercise planners.
      • Develop training content and materials to support the successful conduct of exercise-related training.
    • Stakeholder Exercise Training Program
      • The contractor shall assist the Government in the design, development, and implementation of a stakeholder exercise training program intended to enhance the capabilities of CISA’s federal, state, local, private sector, and international partners to design, plan, develop, and conduct exercises of their own. Associated tasks may include but are not limited to:
      • Conduct of training needs analysis to define training requirements.
      • Design, development, and delivery of course curricula and content.
      • Management and maintenance of student training records.
      • Management of student registration data.
      • Development and management of learning content management and learning management systems (LCMS/LMS) and platforms.
• Task Order Management
• At the time of TO award, the Contracting Officer Representative (COR) will convene a post-award conference with the contractor to discuss and ensure understanding of the purpose, scope, terminal, and enabling objectives, deliverables, milestones, and scheduling. The contractor shall brief their technical approach, organizational resources, and management control tools to be employed to meet the cost, performance, and schedule requirements throughout the TO execution stated in their approved management plan.
• Project Management Plan
  • The contractor shall present a detailed project management plan with a schedule and milestones for CISA Exercises approval for each TO.
• Periodic Reports.
  • The contractor shall submit a recurring report to the COR. At a minimum, the report shall consist of:
  • Financial summary, including actual versus budgeted labor hours and the cost for each activity performed; to include each labor category utilized for both monthly hours/costs and cumulative hours/costs, to include travel, for the month and to date. Also, show total costs invoiced to date;
  • Activities begun/completed during the reporting period;
  • Status of deliverables;
  • Operations and readiness activities;
  • Technical countermeasures requirements development;
  • Schedule, cost, and technical risk assessments, note any slippages in the schedule;
  • Outline of all technical problems encountered and proposed solutions; and
  • Equipment received via government-urnished or contractor purchase.