Applications for 'A comprehensive and visual picture of the operating environment during an emergency incident' are closed

A comprehensive and visual picture of the operating environment during an emergency incident

The California Governor’s Office of Emergency Services (Cal OES) is seeking a comprehensive and visual solution to improve our understanding of emergency incidents for our staff.

Applications are closed


The California Governor’s Office of Emergency Services (Cal OES) is seeking a comprehensive and visual solution to improve our understanding of emergency incidents for our staff.


Currently, the State of California uses SCOUT, a situational awareness and collaboration tool to provide an information sharing environment for small to extreme scale homeland security and emergency management incidents.  SCOUT facilitates operational and tactical collaboration, training, and technical management for and among partner agencies.  It further promotes interagency situational awareness for local, tribal, state, and federal partners.

SCOUT originated as a research and development project out of the Department of Homeland Security’s Science and Technology Directorate and was developed by the Massachusetts Institute of Technology Lincoln Laboratory.  The original program was called the Next Generation Incident Command System.

Vendor Education Day 
November 17, 2020 2:30-4:30pm PT 
Join online: or dial in below: 
One tap mobile:
+16699006833,,97638648665# US (San Jose) 13462487799,,97638648665# US (Houston)
Find your local number:

Requirements & Outcome

This solicitation is intended to present an overview of the transition of SCOUT to a new solution called NEXT-GEN SCOUT. 

NEXT-GEN SCOUT shall provide a comprehensive, visual picture of the operating environment during an emergency incident. This tool must provide the following:

  • A Common Operating Picture (COP) which allows for the contribution of data and analytics from and sharing of information with various public and private organizations.
  • The ability to display multiple incidents simultaneously.
  • Must operate in an all-hazard environment.
  • Must provide a modern and easy-to-use user experience.
  • Field workers with spotty/or no internet coverage must be able to use the application and have a synchronizing capability (store-and-forward) with no loss of data.
  • Provide access controls for varied users: first responders, emergency managers, utilities, private and public organizations including government agencies such as, CAL FIRE, National Weather Service, FEMA, US Forest Service, Coast Guard, and Tribal.


In addition to detailed requirements for the NEXT-GEN SCOUT (attached), essential data requirements include:


  • Weather Data (NWS, GACC, etc)
  • Live Video Feeds (Alert Wildfire Cameras, Traffic Camers)
  • Transportation Data (Caltrans road closures)
  • Census Data
  • Critical Infrastructure
  • Utilities
  • Land Ownership
  • Public Safety Facilities
  • Airports
  • Railroads
  • Fire Station Locations and Apparatus


  • Wildland Fire Perimeter
  • Direct Protection Areas
  • Wildfire Topography
  • Wildland Fuel Types
  • Aircraft Flight Following
  • Wildfire Modeling (WiFIRE)
  • Urban Search & Rescue Symbology


  • Integration with Surveillance Cameras
  • Automatic Vehicle Locators for Law Enforcement Vehicles
  • Officer Tracking
  • Evacuation Zones
  • Evidence Collection
  • Crime Scene Mapping and Documentation
  • UAS Video Feed


  • Automatic Vehicle Locators for Ambulances
  • Hospitals and Trauma Centers
  • Hospital Emergency Room Status
  • Mass Casualty Victim Mapping
  • EMS Personnel Tracking


  • Evacuation Zones
  • Population Affected
  • Resource Allocation
  • Resource Availability
  • Asset Management
  • Incidents
  • Damage Assessment
  • County EOC Locations
  • Live Video Feed
  • Incident Checklists
  • Critical Infrastructure
  • Shelter Locations
  • Alert and Warning Notifications


A cloud solution is preferred, and relevant Cal OES technologies include Microsoft 365, Azure AD, ESRI, Salesforce, Mulesoft, Tableau, Docusign, GovDelivery, SendGrid. MFA is being enabled and multiple SSO implementations have been deployed. 

Information Security & Privacy Compliance Requirements 

Minimum Security Requirements (NIST 800-53 Rev.4)  

Access Control 

  1. The application shall use account management and enforce access controls to ensure separation of duties to prevent abuse of authorized privileges.  
  2. Concurrent Session Control. 
  3. Session Lock/Termination Period should be established. 
  4. Information Flow Enforcement. (Data Loss Prevention) 


  1. Ensure that security events are audited and protected to include unsuccessful login attempts. 
  2. Monitoring and log for information disclosures that leave the information system.  

System Assessment & Authorization 

  1. Utilize interconnection security agreements and validate that appropriate controls are employed to determine the risk associated with connecting separate information systems 
  2. Information system must be continuously monitored for threats and vulnerabilities. 

Information System Backup 

  1. Provide backup of user-level and system level information contained in the information system 
  2. Provide alternate telecommunication services including necessary agreements to permit the resumption of NEXT-GEN SCOUT for essential mission and business functions 
  3. Establish a “Safe Mode” when certain conditions such as reduced bandwidth or limited power.  Restriction could include limiting only certain functions to operate. 

Identification and Authentication 

  1.  The application shall use two-factor authentication to validate identity of the user 

System and Communication Protections  

  1. Ensure that the application protects against or limits the effects of denial service attacks.  
  2. Ensure that priority protection is in place to prevent lower-priority processes from delaying or interfering with the information system servicing any higher-priority processes 
  3. Information at rest shall be protected via encryption  

System and Information Integrity 

  1. The application should be able to detect extraneous content such as SQL injections.  This would include the ability to perform information input validation checks. 
  2. Malicious Code Protection mechanism at entry and exit points to detect and eradicate malicious code. 
  3. The application must support tier 3 deployment 

Federal Risk and Authorization Management Program (FedRAMP) Version 2.0 

FedRAMP is a government-wide program that provides a standardized approach to security assessments, authorization, and continuous monitoring for cloud products and services.  FedRAMP controls are based on NIST SP 800-53.  FedRAMP authorized providers are available at!/products?sort=productName 

  • Cloud Service Offerings must be FedRAMP compliant  

Additional Security References: 


California Privacy Policy and Privacy notice on collection requirements, (Government Code Section 11015.5 and 11019.9, and Civil Code Section 1798.17, when personal information is involved.  


California Government Code section 7405directs that: “state government entities, in developing, procuring, maintaining, or using electronic or IT, either indirectly or through the use of state funds by other entities, shall comply with the accessibility requirements of Section 508 of the Rehabilitation Act of 1973, as amended (29 U.S.C. Sec. 794d), and regulations implementing that act as set forth in Part 1194 of Title 36of the Code of Federal Regulations.” 

Government Code section 7405, in requiring compliance with Section 508, mandates that electronic and information technology (EIT) are accessible to individuals with disabilities, specifically: 

State Agencies/state entities must develop, procure, maintain, or use EIT, that employees with disabilities have access to and use of information and data that is comparable to the access and use by employees who are not individuals with disabilities, unless an undue burden would be imposed on the Agency/state entity. 

Individuals with disabilities, who are members of the public seeking information or services from an Agency/state entity, have access to and use of information and data that is comparable to that provided to the public who are not individuals with disabilities, unless an undue burden would be imposed on the Agency/state entity. 


Data Analytics, Geo Services, Public Safety, and Resilience


Budget Not Determined Yet

Procurement Method

Challenge-Based Procurement

Application Period

November 13 through December 3, 2020 at 10:00 AM (GMT-08:00) Pacific Time (US & Canada)

Q&A Period

November 13 through November 23, 2020 at 10:00 AM (GMT-08:00) Pacific Time (US & Canada)

Are you able to help?
Let's tackle this challenge together!

Applications are closed

© 2020 Cal OES. All rights reserved.