THIS IS A SOURCES SOUGHT – FOR PLANNING PURPOSES ONLY
The purpose of this Sources Sought notice is to determine availability and capability of qualified businesses. Responses to this notice will be used for informational and planning purposes only and shall not be construed as a solicitation or as an obligation or commitment by the Government. This notice is intended strictly for market research only.
The Government does not intend to award a contract based on responses and the Government is not obligated to and will not pay for information received as a result of this announcement. We are seeking qualified sources for the potential to be added to our vendors list. Below is a brief synopsis of the services to be performed.
Air Force Services Center (AFSVC) is seeking a consulting company to provide AFSVC assistance in creating and developing robust business processes for merchant processing affecting PCI DSS compliance. Additionally, AFSVC is pursuing advisory support to implement an effective enterprise PCI compliance program for an estimated 104 geographically separated locations operating multiple lines of business (i.e., hospitality, food and beverage, entertainment, etc.). The consulting company must have Commercial PCI DSS expertise and a track record of successfully guiding companies in achieving PCI DSS Compliance utilizing industry best practices. They will have worked within the hospitality and entertainment industry, driving compliance success for businesses with a dispersed business model and multiple Point fo Station (POS) systems, lacking a central network infrastructure. Federal government or Department of Defense (DoD) experience is valued. Please see the Statement of Objectives for (SOO) for additional qualification requirements.
Also, AFSVC seeks to secure expert guidance and insights on industry best practices to support AFSVC in achieving and maintaining compliance with the Payment PCI DSS. This initiative will focus on a strategic, business process, and sustainment approach across disparate POS, hardware and software, network infrastructures, and business processes and procedures related to merchant card servicing activities. The goal is to enhance security, mitigate risks, and ensure a robust and comprehensive approach toward compliance while optimizing business processes.
The consultant will deliver strategies, tools, and frameworks to help AFSVC in developing an effective and robust enterprise PCI compliance program to achieve and maintain PCI DSS compliance, mitigate risks associated with payment card processing, and enhance overall business system processes affecting cybersecurity. The consultant will provide ongoing support throughout the implementation phase and ensure readiness for subsequent assessments.
The deliverable will also include a comprehensive suite of integrated tools and strategies that ensure full PCI DSS compliance while improving the overall security and efficiency of payment processing across business operations and geographically separated locations, protecting payment card data and streamlining related processes.
A SOO is attached. We are requesting the specified industry provide questions & recommendations to the SOO to make our final solicitation requirements package better. We would appreciate if you could provide Labor Categories & estimated Labor Cost by category to assist us in budgeting and to understand the pricing strategy for this type of requirement.
Interested Sources shall respond with questions/comments related to this Sources Sought to valerie.baltimore@us.af.mil and fay.cameron@us.af.mil no later than 4:00 pm CST on Thursday, February 13, 2025. Answers to questions will be posted at 4:00 pm CST February 21, 2025. This RFI closes at 4:00 pm CST March, 6 2025.
Update: Answers will not be posted on 21 Feb 2025 due to pending responses from subject matter experts for questions received. We will provide an update on Tuesday, 25 Feb 2025, on when answers will be available. Thank you.
