FDIC Acquisition System Next Generation (AS NG)

Other / Unclassified

This document outlines the business requirements for migrating procurement data and documents to the Acquisition System – Next Generation (AS-NG). It details the scope of data to be migrated from existing systems (Automated Procurement System - APS, Consolidated Document Information System - CDIS) to the new AS-NG solution. The document specifies which data and documents related to active, active-expired, and in-progress awards and solicitations should be migrated, as well as data for closed awards and new requisitions. It also covers data related to provisions, clauses, contracting officer warrant levels, training logs, and solicitation lists.

For potential bidders, this document is crucial for understanding the underlying data infrastructure that supports the acquisition process. While not a solicitation itself, it informs bidders about the systems and data management practices that will be in place. This context can be helpful in understanding how procurement data is handled, which may indirectly influence how vendors interact with the system or prepare documentation in the future. It highlights the complexity of the current data landscape and the effort involved in transitioning to a new system, suggesting a focus on data integrity and migration planning within the agency.

Statement of Objectives (SOO)

The Federal Deposit Insurance Corporation (FDIC) is seeking contractor support, licenses, software, and tools to develop and deploy an enterprise-level acquisition lifecycle solution, referred to as the Acquisition System-Next Generation (AS-NG). This system aims to enhance efficiency, effectiveness, compliance, and transparency in contract writing (CW), contract filing (CF), and early acquisition planning (EAP).

The contractor will be responsible for delivering a secure, end-to-end acquisition lifecycle solution with three modules: Contract Writing (CW), Contract File (CF), and Early Acquisition Planning (EAP). This includes program/project management, discovery, configuration, development, data management, testing, security, deployment, training, operations, and maintenance. The solution must acquire GAMS software licenses, create interfaces with existing FDIC systems, and migrate data from legacy systems (APS and CDIS/CEFile). Development will be iterative using Agile methodologies.

• Modules: Contract Writing (18 months), Contract File (12 months), Early Acquisition Planning (6 months).

• Technology: Appian Government Acquisition Management Solution (GAMS).

• Methodology: Agile, user-centered design, DevSecOps.

• Security & Compliance: Adherence to FDIC security standards, NIST, FedRAMP requirements, Section 508 accessibility, and OWASP Top 10 vulnerability mitigation.

• Data Management: Disaster recovery, multi-factor authentication, Single Sign-On (SSO), data migration, and data management plans.

• Deliverables: Quality Control Plan, SLAs & KPIs, GAMS Licenses, Training Plan, Agile Methodology documentation, Backlogs, Deployment Scripts, Security Plans, FedRAMP documentation, VPAT, Data Migration Plans, System Documentation, Transition Plan, and various reports.

• The SOO outlines projected timelines for module development, with CW taking 18 months, CF 12 months, and EAP 6 months. Development may occur in parallel.

• Performance will be primarily virtual, with potential in-person support at FDIC offices in Arlington, Virginia, and/or Dallas, Texas.

• Staffing: Cross-functional, self-organized Agile teams. Key personnel include Program/Project Manager, Scrum Master, Solution Architect, Lead Developer, and Change Manager.

• Licensing: Contractor is responsible for acquiring and maintaining all required GAMS software licenses.

• Training: Approximately 1100 users will require training. Training plans and materials must be provided in various formats, including SCORM 1.2 packages.

• Data Migration: Contractor must provide a Data and Document Migration and Validation Plan.

• Organizational Change Management (OCM): Required for stakeholder analysis, communication, training, and support.

• The contractor's technical approach, including tasks, performance standards, and Quality Control Plan, will form the Performance Work Statement (PWS).

• The FDIC is a non-FAR agency following its own acquisition policies.

Other / Unclassified

This document, "Acquisition System – Next Generation (AS-NG) Contract Writing (CW) MVP – High-Level Business Process Models," outlines the various business process models within the AS-NG system for contract writing. It includes a table of contents detailing processes from Requisition to Award Closeout, an Acronyms and Abbreviations section, and a Legend for process model indicators.

While this document does not contain specific solicitation details, it provides a high-level overview of the government's internal processes for contract writing, including requisition, pre-solicitation, solicitation, award, award administration, and award closeout. Understanding these processes can offer insight into the lifecycle of government contracts and the systems used to manage them, which may indirectly inform bidders on how opportunities are managed and processed.

Form / Attachment / Pricing Sheet

This document, "Appendix E – Service Level Agreements," outlines the Key Performance Indicators (KPIs) and Operational Performance Indicators (OPIs) that will be used to measure contractor performance. It details the specific metrics, their descriptions, measurement methods, acceptable quality levels (AQLs), and the impact of performance failures.

Key Performance Indicators (KPIs):

• K1: Application Availability: Measures availability during business hours.
• K2: Service Requests Completed On Time: Measures timely completion of production and non-production service requests.
• K3: Security Defects (Projects): Measures security defects in projects.
• K4: Security Defects (Supported Applications): Measures security defects in supported applications.
• K5: User Acceptance Test Defects (Severity 1 & 2): Measures critical UAT defects.
• K6: Incident Resolution: Measures timely incident resolution.
• K7: Defect Resolution: Measures timely production defect resolution.

Operational Performance Indicators (OPIs):

• O1-O9: Cover areas such as UAT defects (Severity 3 & 4), rollout defects, price and schedule variance, work assessment, quality and test plan compliance, project velocity, and root cause analysis completion.

Each metric includes a description, measurement notes, data sources, frequency, acceptable quality levels (e.g., GREEN, YELLOW, RED thresholds), and the calculation method. Performance failures for KPIs can trigger Service Level Credits.

This appendix is crucial for bidders as it defines the performance standards and metrics by which the contractor's work will be evaluated. Understanding these KPIs and OPIs will help potential bidders assess the performance expectations, potential risks, and the level of quality and timeliness required for successful contract execution. It directly impacts how performance will be measured and potentially compensated or penalized.

Form / Attachment / Pricing Sheet

This document outlines the System Security Assessment and Authorization (SSA) Requirements for contractors working with the FDIC. It details the process and documentation necessary to obtain and maintain an Authority to Operate (ATO) for any Contractor IT system that will input, store, process, output, and/or transmit FDIC data.

• Authority to Operate (ATO): Contractors must obtain an ATO signed by the FDIC Authorizing Official (AO) before using any IT system for FDIC data.
• Process: The SSA process follows NIST SP 800-37 Risk Management Framework.
• Documentation: Contractors must use FDIC-provided templates to develop required SSA documentation, including:
  • Security Categorization Worksheet
  • System Security Plan
  • Contingency Plan
  • Contingency Plan Test Results
  • Configuration Management Plan
  • Security Assessment Plan
  • Security Assessment Report
  • Authorization to Operate Letter
  • Potentially: Plan(s) of Action & Milestones (POA&Ms), Interconnection Security Agreement(s).
• Independent Assessment: A third party must assess FDIC-prescribed security and privacy controls (NIST SP 800-53). Deficiencies must be addressed via POA&Ms.
• Privacy Compliance: Contractors may need to support the FDIC in completing a Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), and Privacy Act System of Records Notice (SORN) if Personally Identifiable Information (PII) is involved.
• Submission: The complete SSA package must be submitted at least thirty (30) days prior to system use.
• Continuous Monitoring: Ongoing assessment of security and privacy controls is required after initial authorization, including Security Impact Assessments (SIAs) for any system changes.

This document is critical for bidders to understand the stringent security and privacy requirements for any IT systems they will use or develop for the FDIC. It outlines the compliance processes, documentation obligations, and timelines that will be incorporated into the contract. Failure to comply can be treated as an event of default. Bidders must factor these requirements into their technical approach, project planning, and cost proposals.

Form / Attachment / Pricing Sheet

This document, "APPENDIX A - User Stories AS-NG.pdf", contains a detailed list of high-level user stories for the Acquisition System - Next Generation (AS-NG). These user stories outline various functionalities and requirements for different user roles within the system, categorized by their stage in the acquisition process (e.g., Pre-Solicitation, Solicitation, Award, Contract Administration, Contract Closeout, Audit, Business Rule Management, Case Management, Dashboard, Data Analytics, Data Management, Document Management, Life Cycle Management, Notification, Reporting, Role-Based Access, System Integration, Usability, User Profile Management, Vendor Profile Management, Workflows, and Early Acquisition Planning).

• The document is structured as a table with columns for '#', 'User Story Category', 'User Story Description', and 'Category'.
• Each entry describes a specific user need or functionality within the AS-NG system.
• The 'Category' column consistently indicates 'Contract Writing' or 'Contract File', suggesting these user stories are foundational for developing and managing contracts within the system.

While this document primarily details system requirements for internal users (COs, BSAs, etc.), it indirectly informs potential bidders about the capabilities and processes of the AS-NG system. Understanding these user stories can provide insight into how the government will manage procurements, communicate requirements, and handle contract administration. This can help bidders anticipate system-driven interactions and requirements during the acquisition lifecycle.

Request for Information (RFI)

This RFI from the Federal Deposit Insurance Corporation (FDIC) seeks information on firms that can provide the Appian GAMS contract writing solution. The FDIC is specifically interested in a FedRAMP authorized, low-code PaaS-based, cloud solution that is currently operational with one or more government agencies. This RFI is for information gathering and planning purposes and does not constitute a Request for Proposal (RFP) or a commitment to issue one.

Respondents are asked to provide:

• Marketing literature detailing the contract writing system's features.

• Confirmation that the system is low-code, PaaS-based, FedRAMP authorized, and cloud-based.

• Information on the system's flexibility for agencies not following the FAR.

• Licensing information and relevant websites.

• The names of government agencies where the system is operational, points of contact, and duration of operation.

• Approximate number of users at each agency and annual contract/modification processing volume.

• Questions are due by March 17, 2026, 3:00 PM EST, emailed to mikwood@fdic.gov.

• Responses are due by March 26, 2026, 3:00 PM EST, emailed to mikwood@fdic.gov.

• Do NOT submit pricing information, other than publicly available data.

• Responses should be clearly marked if they contain business confidential or proprietary information.

• This RFI does not obligate the FDIC to issue a solicitation or RFP.

• The FDIC is not liable for any costs incurred in preparing responses.

• The FDIC may use all submitted information to create a competitive solicitation.

• Attention to detail and ability to follow instructions will be considered.

• The FDIC encourages participation from minority-owned and women-owned businesses.