Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF SEPTEMBER 19, 2009 FBO #2856
SOLICITATION NOTICE

D -- Managed PKI and Certification Authority Services

Notice Date
9/17/2009
 
Notice Type
Presolicitation
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
Department of Health and Human Services, Program Support Center, Division of Acquisition Management, Parklawn Building Room 5-101, 5600 Fishers Lane, Rockville, Maryland, 20857
 
ZIP Code
20857
 
Solicitation Number
OS16378
 
Archive Date
10/7/2009
 
Point of Contact
Tory Estabrook, Phone: 301-443-4779
 
E-Mail Address
testabrook@psc.gov
(testabrook@psc.gov)
 
Small Business Set-Aside
N/A
 
Description
The Department of Health and Human Services (HHS), Program Support Center, Strategic Acquisition Service, Division of Acquisition Management, on behalf of the Office of the National Coordinator (ONC), plans to award a simplified acquisition on a sole-source basis to Verisign, Inc. to provide managed public key infrastructure (PKI) and digital certificate services for one year with two one-year option periods. These services will be used by all participants in the Nationwide Health Information Network (NHIN) for secure, encrypted, interoperable exchanges of electronic medical record data between NHIN-participant health information exchanges (HIEs) on an ongoing, production basis. The requirement includes: 1) a full service level agreement that has been approved and signed by HHS; 2) maintenance of current, up to date, authority to operate (ATO) through GSA; 3) specialized hardware that stores a set of “Root Keys” that are signed using a set of special certificates that have a very specific inheritance hierarchy and are cross-certified by the Federal PKI Bridge; 4) system hardware—used to create digital certificate for use on NHIN—in a highly secure data center; 5) dedicated account management and technical team staff to support digital certificate requirements; 6) comprehensive support packages; 7) web-based management for convenient configuration and deployment; 8) issuance of SSL certificates to multiple servers rapidly and on demand; 9) delegated administration to ONC-designated individuals; 10) full reporting and audit trails; 11) support for multiple organizations and multiple domain names as identified by ONC that have been duly granted participation in the NHIN as participant HIEs; 12) independent vetting process where the applicant HIE organization is evaluated against several criteria including its Dunn and Bradstreet and other ratings conforming to business status; 13) issuance, management, revocation, and/or renewal of certificates in accordance with the instructions provided through (one or more) ONC registration authority administrators (ORAAs) appointed by ONC; 14) administrative help (“help line” type services) to all ORAAs such that they may efficiently and effectively provide digital certificates to full “on boarded” NHIN participant HIEs; 15) notification to the ORAA whether an ORAA certificate application is approved or rejected. If approved, issue a certificate in accordance with all agreements in place; 16) assurance that there are no errors introduced by the service provider in certificate information as a result of the service provider’s failure to use necessary care in creating the certificate; 17) assurance that all applicable NIST standards have been applied and are currently in force; and 18) ongoing evidence that all necessary security and privacy actions have and continue to be made as may be required by the HHS CIO, in conformance with any/all actions by the United States Chief Information Officers Council. The NHIN will allow a wide range of public and private enterprises to exchange data. But to do so, it must assure that such exchanges take place in a highly secure and controlled manner. Therefore, it is necessary to select a Certificate Authority (CA) that is accessible and responsive to the widest possible audience, while maintaining the highest level of security. The CA must provide: 1) A stable, well established service—the CA must be and be considered broadly by professional and lay public and by both public and private entities to be recognized and trusted in the field of certificate issuance and secure information transfer in order that there is broad confidence that this all-important set of features, critical to the privacy and security of the data being transmitted, are provided by a recognized and trusted organization; 2) Managed PKI—the CA must provide a full application service provider solution; hardware and software must be provided with a web interface for ONC administrators and NHIN partners to use; 3) Large corporate presence—in order to be able to assure that required services will be scalable over time and that the CA will command respect and confidence by both technical and lay publics alike, the solutions must come from a large, internationally recognized entity known for delivering security products; 4) PKI management as a prominent product—to ensure that the services are matured and provided prior to the current acquisition on a broad commercial scale; managed PKI conducted by the successful entity must be a prominent and well established product for the entity providing the solution; 5) Support—the CA must have 24x7x365 support options available; 6) Flexible set up—the managed PKI solution must be sufficiently flexible so as to accommodate necessary NHIN business practices, upgrades, and modifications that will be part of the evolving Network; 7) Operations on an extensive world-wide basis; 8) Services that extend to an extensive network of large commercial enterprises; 9) Current use and trust by numerous banks and banking systems; 10) Command of a significant market share of the service to be provided; 11) High-level encryption, at 128 bits or greater; 12) Military-grade data centers and disaster recovery sites; 13) Active investment in research and infrastructure to keep practice standard high in the industry; 14) Recognition as an industry leader sought out and relied upon by others as setting the highest level of reliability, security, and modernization of its system infrastructure; 15) Well-known, respected and trusted by the public at large; 16) Current PKI shared service provider authority to operate (ATO) by GSA; and 17) Competitive prices. Verisign, Inc. is the only known entity which possesses all of the above capabilities, and therefore, is considered uniquely capable of satisfying this requirement within the available budget. This simplified acquisition is for services for which the Government intends to negotiate with only one source. Interested concerns may identify their interest in and capability to satisfy the requirement within 5 days after the date of publication of this notice. Capability statements may be submitted to Tory Estabrook in Room 5-101, Parklawn Building, 5600 Fishers Lane, Rockville, MD 20857 or via email at testabrook@psc.hhs.gov. Information received will be considered solely for the purpose of determining whether to conduct a competitive acquisition. A determination by the Government not to conduct a competitive acquisition is solely within the discretion of the Government.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/HHS/PSC/DAM/OS16378/listing.html)
 
Place of Performance
Address: Washington, District of Columbia, 20201, United States
Zip Code: 20201
 
Record
SN01958688-W 20090919/090917235800-4b3ae585e4a7a535e11a89ef853e917a (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  © 1994-2020, Loren Data Corp.