GB CAS - Cloud Assessment, Cloud Migration, Cloud Continuous Development, and Cybersecurity

Request for Information (RFI)

This RFI is issued by the Air Force Materiel Command (AFMC) for market research regarding vendor interest in cloud migration and cybersecurity services. It is for information and planning purposes only and does not constitute a solicitation or commitment to issue an RFP. The Department of the Air Force (DAF) is seeking input on IT services related to cloud assessment, cloud migration, continuous cloud development, cybersecurity, and integration of emerging technologies to modernize and secure its IT infrastructure.

The DAF is seeking information on:

• Cloud assessments to evaluate readiness and identify migration candidates.

• Secure and efficient cloud migration of legacy applications and data.

• Continuous cloud development practices (DevSecOps, CI/CD, automation).

• Integration of new technologies (AI/ML, edge computing, advanced analytics).

• Enhanced cybersecurity posture across cloud and hybrid environments.

• Anticipated Contract Type: Firm-fixed-price, accounting for Agile methodologies.

• Anticipated Period of Performance (PoP): Up to three (3) years.

• Interested parties should submit responses electronically to eric.amissah.1@us.af.mil and warren.hodges@us.af.mil.

• Deadline: Close of Business (COB) 29 Jan 2026.

• Submission Limit: 10 pages.

• The DAF requests recommendations for evaluation criteria for a future RFP.

If a solicitation is released, it is anticipated to be a FAR 19.8 small business competition.

• Respondents are advised that the AF will not pay for any information or administrative costs incurred in response to this RFI.
• All costs associated with responding are at the interested party's expense.
• The government reserves the right to contact submitting parties for further clarification.
• An attachment includes a Draft Performance Work Statement.

Statement of Work (SOW) / Performance Work Statement (PWS)

This Performance Work Statement (PWS) outlines the requirements for an Indefinite Delivery, Indefinite Quantity (IDIQ) contract to provide comprehensive cloud and cybersecurity services for the U.S. Air Force (USAF) Business Enterprise Systems (BES) Directorate. The goal is to modernize, standardize, secure, and enhance the USAF's IT infrastructure, platforms, and mission applications.

The contractor shall support evolving BES Programs/Systems and organizational structures. Key service areas include:

• Cloud Assessment: Assessing applications for cloud migration suitability, analyzing current infrastructure, identifying dependencies and risks, developing migration roadmaps, and providing cost-benefit analyses.

• Cloud Migration: Developing and executing migration plans, migrating applications and data, and configuring cloud resources.

• Cloud Continuous Development: Implementing Agile and DevSecOps practices for continuous integration and delivery (CI/CD), designing and maintaining cloud-native solutions, and automating delivery and deployment processes.

• Cybersecurity: Fulfilling roles such as Information System Security Officer (ISSO), Information System Security Manager (ISSM), Information Systems Security Engineer (ISSE), and Security Control Assessor's Representative (SCAR). This includes providing Program Management Office (PMO)/Capability Delivery Team (CDT) cybersecurity support, guidance on Risk Management Framework (RMF) controls, applying federal cybersecurity guidance, maintaining documentation, serving as technical advisors, and ensuring personnel certification compliance.

• Period of Performance: One (1) year base period with two (2) one-year option periods.

• Place of Performance: Remote and/or approved government locations.

• Government Furnished Information (GFI): The government will provide access to relevant systems, documentation, and personnel.

• Security Requirements: All work is subject to applicable USAF and DoD security regulations. Personnel must possess and maintain appropriate security clearances.

• Evaluation Criteria: Award of task orders will be based on a best-value determination, considering technical expertise, understanding of USAF requirements, past performance, and proposed cost and schedule.

• Deliverables: Include cloud assessment reports, cloud migration plans, cloud continuous development code and documentation, cybersecurity policies/procedures/reports, and training materials.