Sources Sought for Mainframe and Legacy System Modernization

Sources Sought Notice

This notice is issued by the Defense Information Systems Agency (DISA) to determine the availability and technical capability of certified 8(a) small businesses to provide mainframe and legacy system modernization services. DISA is seeking information to support the modernization of various mainframe and legacy computing systems essential for providing enterprise-level IT services to the Department of Defense (DoD).

Respondents are asked to provide detailed examples of their experience in the following areas:

• Code Modernization: Transforming legacy IBM Mainframe application code (e.g., COBOL, Assembler) to modern languages (e.g., Java, Python) using deep code analysis, refactoring, and AI-enabled tools.

• Data Ecosystem Transformation: Migrating legacy mainframe data to modern platforms, integrating data into a centralized data lake, and implementing DataOps pipelines.

• Hybrid Cloud Transformation: Transforming legacy IT infrastructure into a hybrid cloud environment by integrating on-premises systems with cloud platforms.

• DoD Security Accreditation and ATO: Ensuring mainframe modernization efforts comply with cybersecurity standards, including ICAM frameworks, RBAC, FIPS, and SNAP.

• Legacy System API Enablement: Exposing data and functionality from legacy systems through secure and scalable APIs.

• Mainframe AI/ML Implementation: Embedding AI, ML, and automation into the mainframe environment.

• Testing and Transition Management: Ensuring modernized systems are reliable and secure through rigorous testing and transition processes.

• Anticipated Period of Performance: December 1, 2026 – November 30, 2031.

• Contract Type: Not specified, but this is a Sources Sought Notice, not a Request for Proposal.

• Interested businesses must submit a brief capabilities statement package (max 6 pages) via email by 4:00 PM CDT on March 13, 2026.

• Responses should include business name and address, representative's name and title, small business socio-economic status (8(a) entity type), CAGE Code, and relevant contract vehicles (e.g., GSA MAS, STARS III, OASIS).

• A commercial price list for labor categories or services is requested to help determine fair market prices.

• Information regarding joint ventures (JVs) or partnering plans is also requested.

• This notice specifically seeks capabilities from certified 8(a) small businesses.

• DISA will assess if the requirement can be awarded on a sole-source basis to an eligible 8(a) participant.

• This is for informational purposes only and does not constitute a solicitation or commitment to award a contract.

• No funds are available to pay for response preparation.

• All contractor personnel must have a Secret level clearance. Some positions may require Top Secret clearance.

• The North American Industry Classification System (NAICS) code is 541519 (Other Computer Related Services) with a size standard of $34 million.

Statement of Objectives (SOO)

This SOO outlines the work required to modernize DISA's mainframe and legacy IT systems to enhance operational efficiency, security, and leverage advanced technologies, ultimately aligning with DoD's strategic goals.

The effort focuses on three key areas: Program Management Office (PMO) support, assessments, and implementation of modernization strategies. Specific tasks include:

• PMO Support: Governance, risk management, performance tracking, and stakeholder coordination.
• Assessments: Identifying inefficiencies, risks, and opportunities in legacy systems, and developing actionable roadmaps.
• Implementation: Executing modernization strategies, including code refactoring, data migration, system integration, and deployment of cloud, AI, and automation technologies.

The contractor will be responsible for various tasks, including:

• Code Modernization: Transforming legacy code to modern languages (e.g., Java, Python) and integrating with modern platforms.
• Code Optimization: Enhancing application efficiency, reducing technical debt, and improving performance.
• Data Modernization: Migrating legacy databases, creating data lakes, and implementing data governance.
• Database Upgrade: Modernizing legacy databases for scalability and performance.
• API Enablement: Exposing legacy system functionality through APIs for integration.
• Infrastructure Modernization: Transitioning to cloud-aligned environments and implementing Infrastructure-as-Code.
• Performance Optimization: Fine-tuning infrastructure, applications, and databases for efficiency.
• Hybrid Cloud Integration: Synchronizing on-premises and cloud platforms.
• Testing and Quality Assurance: Ensuring modernized systems meet functional, performance, and security requirements.
• Security and Compliance: Ensuring systems comply with DoD and federal regulations.
• Training and Documentation: Developing training modules and documentation for modernized systems.
• Cutover Planning and Execution: Managing the transition of legacy systems to modernized environments.
• Data Architecture Support: Establishing a scalable and adaptable data architecture.
• Solution Architecture Support: Designing and integrating systems across diverse platforms.
• Data Governance and Policy Support: Defining policies and procedures for data management.
• Vendor and Program Support: Managing third-party providers and ensuring compliance.
• Mainframe AI and Automation Integration: Embedding AI and automation into mainframe workflows.
• Sustainability-Driven Legacy Modernization: Migrating workloads for energy efficiency.
• Mainframe Workforce Development: Bridging the mainframe skills gap.
• Mainframe-Driven Analytics and AI Enablement: Leveraging advanced analytics and AI within mainframe environments.

The contract will have a five-year ordering period. The place of performance will be agreed upon by all parties, with potential for remote work, DISA locations, or strategic partner locations. Mission location is DISA, Mechanicsburg, PA.