Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF SEPTEMBER 20, 2008 FBO #2490
SOLICITATION NOTICE

70 -- McAfee Software and Maintenance w/Option Years

Notice Date
9/18/2008
 
Notice Type
Modification/Amendment
 
Contracting Office
Department of State, FedBid.com -- for Department of State procurements only., FedBid.com, 1701 N ft myer Dr, Arlington, VA 22201
 
ZIP Code
22201
 
Solicitation Number
1069-8N5090
 
Response Due
9/19/2008
 
Archive Date
3/18/2009
 
Point of Contact
Name: Don Monaco, Title: Contract Specialist, Phone: 7038757095, Fax:
 
E-Mail Address
monacofd@state.gov;
 
Small Business Set-Aside
N/A
 
Description
AMENDMENT NOTICE: This is a combined synopsis/solicitation for commercial items prepared in accordance with the format in FAR Subpart 12.6, in conjunction with FAR 13.5, as applicable, and as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; bids are being requested and a written solicitation will not be issued. The solicitation number is 1069-8N5090 and is issued as an invitation for bids (IFB), unless otherwise indicated herein. The solicitation document and incorporated provisions and clauses are those in effect through Federal Acquisition Circular FAC 2005-26. The associated North American Industrial Classification System (NAICS) code for this procurement is 423430 with a small business size standard of 100 employees. This requirement is unrestricted and only qualified offerors may submit bids. The solicitation pricing on www.FedBid.com will start on the date this solicitation is posted and will end on 2008-09-19 10:00:00.0 Eastern Time or as otherwise displayed at www.FedBid.com. FOB Destination shall be ARLINGTON, VA 22209 The Department of State requires the following items, Exact Match Only, to the following: LI 001, McAfee Policy Auditor For Desktops. **Base year software includes one year of Maintenance, and Platinum Support (Help/phone desk)**, 95000, EA; LI 002, McAfee Policy Auditor for Servers. **Base year software includes one year of Maintenance, and Platinum Support (Help/phone desk)**, 10001, EA; LI 003, McAfee Vulnerability Manager Software. **Base year software includes one year of Maintenance, and Platinum Support (Help/phone desk)**, 135000, EA; LI 004, McAfee Vulnerability Manager Threat Correlation Manager. **Base year software includes one year of Maintenance, and Platinum Support (Help/phone desk)**, 135000, EA; LI 005, McAfee Vulnerability Manager Remediation Module. **Base year software includes one year of Maintenance, and Platinum Support (Help/phone desk)**, 135000, EA; LI 006, McAfee Compliance Platinum Support Help/phone desk Support to cover lines 1-5 for 1 year, 1, YR; LI 007, OPTION YEAR 1: 1 Year Maintenance for McAfee Policy Auditor For Desktops, 95000, EA; LI 008, OPTION YEAR 1: 1 Year Maintenance for McAfee Policy Auditor for Servers, 10001, EA; LI 009, OPTION YEAR 1: 1 Year Maintenance for McAfee Vulnerability Manager Software, 135000, EA; LI 010, OPTION YEAR 1: 1 Year Maintenance for McAfee Vulnerability Manager Threat Correlation Manager, 135000, EA; LI 011, OPTION YEAR 1: 1 Year Maintenance for McAfee Vulnerability Manager Remediation Module, 135000, EA; LI 012, OPTION YEAR 1: McAfee Compliance Platinum Support Help/phone desk Support to cover lines 7-11 for 1 year, 1, YR; LI 013, OPTION YEAR 2: 1 Year Maintenance for McAfee Policy Auditor For Desktops, 95000, EA; LI 014, OPTION YEAR 2: 1 Year Maintenance for McAfee Policy Auditor for Servers, 10001, EA; LI 015, OPTION YEAR 2: 1 Year Maintenance for McAfee Vulnerability Manager Software, 135000, EA; LI 016, OPTION YEAR 2: 1 Year Maintenance for McAfee Vulnerability Manager Threat Correlation Manager, 135000, EA; LI 017, OPTION YEAR 2: 1 Year Maintenance for McAfee Vulnerability Manager Remediation Module, 135000, EA; LI 018, OPTION YEAR 2: McAfee Compliance Platinum Support Help/phone desk Support to cover lines 13-17 for 1 year, 1, YR; LI 019, OPTION YEAR 3: 1 Year Maintenance for McAfee Policy Auditor For Desktops, 95000, EA; LI 020, OPTION YEAR 3: 1 Year Maintenance for McAfee Policy Auditor for Servers, 10001, EA; LI 021, OPTION YEAR 3: 1 Year Maintenance for McAfee Vulnerability Manager Software, 135000, EA; LI 022, OPTION YEAR 3: 1 Year Maintenance for McAfee Vulnerability Manager Threat Correlation Manager, 135000, EA; LI 023, OPTION YEAR 3: 1 Year Maintenance for McAfee Vulnerability Manager Remediation Module, 135000, EA; LI 024, OPTION YEAR 3: McAfee Compliance Platinum Support Help/phone desk Support to cover lines 19-23 for 1 year, 1, YR; LI 025, OPTION YEAR 4: 1 Year Maintenance for McAfee Policy Auditor For Desktops, 95000, EA; LI 026, OPTION YEAR 4: 1 Year Maintenance for McAfee Policy Auditor for Servers, 10001, EA; LI 027, OPTION YEAR 4: 1 Year Maintenance for McAfee Vulnerability Manager Software, 135000, EA; LI 028, OPTION YEAR 4: 1 Year Maintenance for McAfee Vulnerability Manager Threat Correlation Manager, 135000, EA; LI 029, OPTION YEAR 4: 1 Year Maintenance for McAfee Vulnerability Manager Remediation Module, 135000, EA; LI 030, OPTION YEAR 4: McAfee Compliance Platinum Support Help/phone desk Support to cover lines 25-29 for 1 year, 1, YR; For this solicitation, Department of State intends to conduct an online competitive reverse auction to be facilitated by the third-party reverse auction provider, FedBid, Inc. FedBid has developed an online, anonymous, browser based application to conduct the reverse auction. An Offeror may submit a series of pricing bids, which descend in price during the specified period of time for the aforementioned reverse auction. Department of State is taking this action in an effort to improve both vendor access and awareness of requests and the agency's ability to gather multiple, competed, real-time bids. All responsible Offerors that respond to this solicitation MUST submit the pricing portion of their bid using the online exchange located at www.FedBid.com. There is no cost to register, review procurement data or make a bid on www.FedBid.com. Offerors that are not currently registered to use www.FedBid.com should proceed to www.FedBid.com to complete their free registration. Offerors that require special considerations or assistance may contact the FedBid Helpdesk at 877-9FEDBID (877-933-3243) or via email at clientservices@fedbid.com. Offerors may not artificially manipulate the price of a transaction on www.FedBid.com by any means. It is unacceptable to place bad faith bids, to use decoys in the www.FedBid.com process or to collude with the intent or effect of hampering the competitive www.FedBid.com process. Should offerors require additional clarification, notify the point of contact or FedBid at 877-9FEDBID (877-933-3243) or clientservices@fedbid.com. Use of FedBid: Buyers and Sellers agree to conduct this transaction through FedBid in compliance with the FedBid Terms of Use. Failure to comply with the below terms and conditions may result in offer being determined as non-responsive. In addition to providing pricing at www.FedBid.com for this solicitation, each offeror must provide any required, NON-PRICING responses (e.g. technical proposal, representations and certifications, etc.) directly to the point of contact in the FBO notice, so that they are received at that email address no later than the closing date and time for this solicitation. The selected Offeror must comply with the following commercial item terms and conditions. FAR 52.212-1, Instructions to Offerors - Commercial, applies to this acquisition. The selected Offeror must submit a completed copy of the provision at 52.212-3, Offeror Representations and Certifications - Commercial Items. FAR 52.212-4, Contract Terms and Conditions - Commercial Items, applies to this acquisition. The following FAR clauses in paragraph (b) of FAR clause 52.212-5, Contract Terms and Conditions Required To Implement Statutes or Executive Orders-Commercial Items, will apply: 52.222-21, 52.222-26, 52.222-35, 52.222-36, 52.222-37, 52.225-13, 52.232-34. The full text of a FAR clause may be accessed electronically at http://www.acqnet.gov/far. For Base Year (lines 1-5) Delivery shall be made within 30 days or less after receipt of order (ARO). Line 6 shall be performed from date of delivery of lines 1- 5 until one year there after. Option Year lines, if and to the extent the option is exercised, shall have a period of performance of one year continuing from the last day of the previous years support (Maintenance or Platinum Support). CCR Requirement - Company must be registered on Central Contractor Registration (CCR) before an award could be made to them. If company is not registered in CCR, they may do so by going to CCR web site at http://www.ccr.gov. Pursuant to the Trade Agreements Act (19 U.S.C. 2512(a)) (TAA), Federal acquisitions of supplies may be made only from offerors that will supply products of an eligible country under any of the free trade agreements entered into pursuant to the TAA. An article is considered a product of a country only if it is wholly a product of that country or if it has been substantially transformed in that country into a new and different article of commerce with a name, character, or use distinct from that of the original article(s). Note that any item that is a discreet article as it is sold in commerce, regardless of its ultimate function or use, cannot be considered substantially transformed based solely on its integration into IT or other systems. The Contractor and its employees shall exercise the utmost discretion in regard to all matters relating to their duties and functions. They shall not communicate to any person any information known to them by reason of their performance of services under this contract which has not been made public, except in the necessary performance of their duties or upon written authorization of the Contracting Officer. All documents and records (including photographs) generated during the performance of work under this contract shall be for the sole use and become the exclusive property of the U.S Government. Furthermore, no article, book, pamphlet, email, recording, broadcast, speech television appearance, film or photograph concerning any aspect of work performed under this contract shall be published or disseminated through any media without the prior written authorization of the Contracting Officer. These obligations do no cease upon the expiration or termination of this contract. The Contractor shall include the substance of this provision in all contracts of employment and in all subcontracts hereunder. The government may exercise option year 1, in whole or in part, at the prices set forth in the schedule, up to one year after the delivery date of the base year Software. The government may exercise option year 2, in whole or in part, at the prices set forth in the schedule, up to two years after the delivery date of the base year Software. The government may exercise option year 3, in whole or in part, at the prices set forth in the schedule, up to three years after the delivery of date of the base year Software. The government may exercise option year 4, in whole or in part, at the prices set forth in the schedule, up to four years after the effective date of the base year Software. The Bureau of Diplomatic Security, Security Infrastructure, Office of Computer Security (DS/SI/CS) has an urgent need to replace its current vulnerability and compliance solution which does not adequately meet the Departments cyber security needs. This procurement will support the Departments Vulnerability and Compliance Scanning program created in 2002. The current product used by the Scanning Program has failed to scale to meet the Departments expanding requirements. As technology rapidly changes its imperative that the Department has an effective means of ensuring that new technology does not impact the integrity of our resources. This procurement will provide us with a means of validating the security posture of Department systems. In an attempt to find a vulnerability/compliance software application that could meet the Departments requirements, DS/SI/CS initiated market research of vulnerability/compliance scanning technology. Requirements were created and 16 vendors were contacted to discuss their capabilities. Product testing was conducted in the Departments Enterprise testing facility and one product was identified as being able to effectively meet the Departments needs. CS is seeking to purchase the security vulnerability and compliance scanning components found in the McAfee software. Specifically this would include the following components: McAfee EPolicy Orchestrator including the Threat Correlation and Remediation modules and McAfee Vulnerability Manager (formerly known as FoundStone). This software provides an agent based (installed on the computer) and a network based solution that provides the greatest flexibility in measuring the security of Department systems. The EPolicy Orchestrator (EPO) module provides a means of measuring the compliance of systems as mandated by Federal Information Security Management Act (FISMA) and Federal Desktop Core Configuration (FDCC) standards. The Vulnerability Manager component allows for the detection of vulnerabilities that could be exploited and result in the compromise of Department systems and information. This software will be deployed domestically and overseas on up to 150,000 workstations and servers. The McAfee product provides both agent-based and agent-less scanning capabilities. This dual-technology approach is unique among all the vendors solutions and allows this product to overcome key technical obstacles that we are facing with our current product and other obstacles that we anticipate will become major challenges in the near future. This will allow us to fully support our 1 FAM mandated mission to perform Vulnerability and Compliance scanning on all Department systems. Currently DS/SI/CS performs vulnerability and compliance scanning on Department systems 24x7. Performing enterprise scanning of enterprise networks as large and diverse as those in the Department presents unique challenges. The use of bandwidth must minimize the impact to the day to day global operations of the Department. There are limitations on when scans can be conducted. These limitations include daily black out periods when scans are prohibited from running due to operational needs for bandwidth and machines being offline at Lock and Leave posts. As posts go green to conserve energy and save money, the limited time available to scan will be decreased by over half. McAfees software is the only one that will allow us to meet these challenges now by performing compliance scans locally at the system in less time and without affecting bandwidth. McAfees product architecture is unique and allows us to place network scanning software at each post and reduce the time it takes to perform vulnerability scans and decrease the bandwidth used between overseas and domestic sites. McAfees product can work with key security programs within the Department. Data can be exported into the SPLUNK data aggregator used by the Cyber Incident Response Team (CIRT) to access all relevant security data associated with a specific IP address. Timely access to this information is crucial when examining a potential cyber intrusion or malicious code detected by one of the Departments Intrusion Detection Sensors (IDS). McAfee also can interface with the Departments iPost portal, which provides system owners with a security health score for each system on the network. The vulnerability and compliance scanning results are a key component of the Departments overall Risk Score Advisor available through iPost, and the data output of the McAfee software can provide that data. The McAfee EPO module is the only product that has a direct interface with the Intrusion Detection System deployed within OBO and will provide CIRT analysts the capability to instantaneously kickoff a vulnerability scan to determine if a system has been patched or is vulnerable to a threat detected by the IDS. Our Vulnerability and Compliance scanning programs help the Department of State meet Federal requirements set by OMB and Congress. OMB requires that all Federal agencies perform security compliance scanning according to Federal Desktop Core Configuration standards. Results of that scanning must be reported to OMB in standards-based formats. Compliance scanning is a key component in the Departments annual report to Congress on the Federal Information Security Management Act. McAfees compliance with SCAP scanning protocols and standards meets the requirements for reporting results to OMB and Congress. Bidders must be manufacturer-authorized distributors. Failure to meet this requirement may render bid "non-compliant" and result in removal from award consideration.
 
Web Link
FedBizOpps Complete View
(https://www.fbo.gov/?s=opportunity&mode=form&id=b16025641fa9f09acac47ddaa75eeeeb&tab=core&_cview=1)
 
Place of Performance
Address: ARLINGTON, VA 22209<br />
Zip Code: 22209<br />
 
Record
SN01674569-W 20080920/080918222109-b16025641fa9f09acac47ddaa75eeeeb (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  © 1994-2020, Loren Data Corp.