HSI Extreme Vetting Industry Day Q&A July 19, 2017

Q&A July 19, 2017: 1. Do you all have interest in exploring areas such as the Dark Net and Closed Forums? We have an active program that is screening social media platforms. However, we have to work with publically available information. For this mission set, nothing (i.e. Dark Net/Closed Forum type data) is being currently looked at. However, we do have an interest in exploring [those areas]. 2. Do you have anyone in this process with TS/SCI that is looking at these processes? Yes. 3. Is this focused on in-country or out-of-country overstays? The major focus is on in-country overstays but we want it to extend past our borders. A lot of the vetting we will be doing will be on the front end. 4. Most programs/systems are automated while others are manual. Is it fair to say that all currently automated programs/systems are not involved in this contract? We are looking to improve the whole process. We’ve looked at other available tools both within the Government as well as looking at industry to help us identify what is available. 5. What is your next step/objective? What do you envision as your next step? This Industry Day] is helping us with requirements and the basics but we are attempting to have an overarching contract as [previously] explained. We will be going forward the next fiscal year as the budget allows. We want to analyze all current capabilities. We want to know what is available so any requirements can be refined [as needed]. 6. Can you give us a feel of how much volume is involved (information-wise) in vetting one individual case? Is there unstructured text that needs to be analyzed? First, we are looking within Government systems for derogatory information. Second, we look to see if [individuals] are in the country or applied for a legal reason to be here. Third, we look to determine the location of these individuals. All of these items need to be taken into consideration. In regards to the text, the text that we currently sift thru is pretty structured. 7. Can you tell us what the two (2) contracts are you are looking to consolidate? The “Lead Generation” contract that CTCEU uses to identify leads for overstays in the country and the “Vetting and Screening for VSP”. This is done by the same company and it is mostly analyst support at this time. These are not IT contracts at this point. This new contract will look to be the next generation of this. We know this type of analysis is being used in private industry (i.e. looking for outliers and potential causes of risk) as part of 1

their business. We are looking to do this for national security. We want to leverage what is available today but be nimble moving forward so we can grow our capabilities as we move forward. 8. Can you go over the timeline and what possible obstacles could arise? We are looking to do this in the next year and have it awarded approximately a year from now. We are looking to possibly get another RFI out there or to build on our current SOO. Funding is also a key issue and due to budget constraints we have to wait and see for that. We are looking to award this in FY18. We will review the capabilities statements and we will speak to the companies that demonstrate capabilities that will help our SMEs do their job better. We want to see what’s available and break away from the methodology of “We know what we want, here are the specifications.” 9. Are you looking to keep this effort full and open or to use a specific contract vehicle? This is probably not an EAGLE-type IT requirement. We haven’t decided what vehicle (if any) to buy this under and the complexities of this most likely do not lend itself to a setaside. We are looking for things that can be delivered in weeks/months as the days of the 7-year software development are over. 10. Who should we work thru to schedule meetings? The key to this is meeting with the SMEs. We want to ensure these meetings are fair. 11. Do you expect to follow with a routine draft followed by a final draft? Can we expect those this fiscal year? Do you expect something this calendar year? We have the program office defining the requirements and, depending on what we receive, we might have a new/modified SOO or an RFI. It depends on what we hear and what we see. This is why we aren’t doing this solely online. The focus is how we can engage industry to help us solve the issues we face. This will be an on-going process. 12. In the questions previously posted someone asked if the contractor is limited in the tools available that they can use. A later date was posted that said they would answer this question. Has that been decided yet? No, this will be determined at a later date during the acquisition process. 13. Will the capabilities statements be measured as a whole or is there a chance individual capabilities presented by a company will be measured? (i.e. Would an integration capability be considered for a specific company even if they don’t necessarily meet all the other criteria/requirements?) Any way it is approached by industry, for example through teaming agreements, will be up to them. If you have a particular capability that is of interest to us then it is likely to be 2

included in the SOO. We will look to put that in there if we think the capability will help the mission. 14. You are looking for a very bulky, non-linear mission. It is likely that there is not a single company that can provide all the answers to this. Have you also taken into consideration items such as “time for implementation”? The contract, how we split up the tasks, might be dependent on what we see. There could be multiple contracts that require different companies to work together. There probably isn’t a single company or product that meets all our needs. 15. Have you thought of an IDIQ to cover all of these items/requirements? We have given this consideration as this will have multiple requirements. 3