Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF APRIL 02, 2011 FBO #3416
SOLICITATION NOTICE

70 -- Fortify 360 Licenses to the NIST

Notice Date
3/31/2011
 
Notice Type
Combined Synopsis/Solicitation
 
NAICS
511210 — Software Publishers
 
Contracting Office
Department of Commerce, National Institute of Standards and Technology (NIST), Acquisition Management Division, 100 Bureau Drive, Building 301, Room B129, Mail Stop 1640, Gaithersburg, Maryland, 20899-1640
 
ZIP Code
20899-1640
 
Solicitation Number
SB134111RQ0180
 
Archive Date
4/21/2011
 
Point of Contact
Janine A. Kerns, Phone: 301-975-4267
 
E-Mail Address
janine.kerns@nist.gov
(janine.kerns@nist.gov)
 
Small Business Set-Aside
Total Small Business
 
Description
This is a combined synopsis/solicitation for commercial items prepared in accordance with the format in FAR Subpart 12.6, as supplemented with additional information included in this notice. FAR Part 13, Simplified Acquisition Procedures, are being utilized for this acquisition. THIS ANNOUNCEMENT CONSTITUTES THE ONLY SOLICITATION; QUOTATIONS ARE BEING REQUESTED AND A WRITTEN SOLICITATION DOCUMENT WILL NOT BE ISSUED. This solicitation is a Request for Quotation (RFQ). This solicitation document and incorporated clauses are those in effect through Federal Acquisition Circular 2005-48. Offerors will be responsible for obtaining related amendments to this solicitation, if any, from www.fbo.gov. It is the responsibility of each potential offeror to monitor www.fbo.gov for any amendments or other information related to this solicitation. Any communications regarding this acquisition must be made in writing and forwarded via email to Divya Soni at janine.kerns@nist.gov and shall identify the solicitation number, company name, company address, as well as point of contact email address and phone number. The associated North American Industrial Classification System (NAICS) code for this procurement is 511210. This requirement is being competed as a small business set-aside whereby Fortify-authorized resellers/business partners will be the potential offeror base. APPLICABLE PROVISIONS AND CLAUSES FOR THIS SOLICITATION: The Following FAR provisions and clauses apply to this solicitation: FAR 52.212-1; FAR 52.212-3; FAR 52.212-4; FAR 52.212-5, including 52.222-50, 52.233-3, and 52.233-4 in paragraph (a)(1), and the following fill-ins in paragraph (b): 52.222-3; 52.222-19; 52.222-21; 52.222-26; 52.222-36; 52.225-13; 52.232-33. All provisions and clauses can be viewed at http://acquisition.gov/comp/far/index.html. Section 508 of the Rehabilitation Act of 1973, as amended, does not apply to this acquisition because this is support for a database that has already been purchased previously. This requirement consists of the following Contract Line Items. Quotations shall be tailored to the exact items listed. The Contractor shall provide: CLIN 0001: Description: Fortify 360-Standard License - Perpetual Includes: 1 Named Author 1 named CPU for SCA/PTA/RTA Audit WorkBench for 1 named user Fortify 360 Server RulesBuilder Bug Tracking Integration Quantity: 1 EA CLIN 0002: Fortify 360-Standard License-Perpetual-1year support-Rules & Maintenance Web,Phone, and Email based support Annual Secure Coding Rules Subscription - Core & Extended (12 months) Period of Performance: One (1) Year BRAND NAME JUSTIFICATION: NIST has been tasked with testing the source code of applications that will be deployed on hand-held devices in various military theaters (e.g., Afghanistan). Given the sensitive nature of these applications, their target environment, and the data that they use, one of the goals of testing is to eliminate as many possible security weaknesses that might exist in the application's source code in order to reduce the risk of compromising sensitive information (which may, in turn, impact national security). The specification that identifies security weaknesses in software is referred to as the Common Weakness Enumeration (CWE) (see http://cwe.mitre.org/). This specification specifies all known CWEs as well as the top 25 most dangerous CWEs (see https://www.securecoding.cert.org/confluence/display/seccode/2010+CWE+SANS+Top+25+Most+Dangerous+Programming+Errors). One of the goals of this project is to test the software source code of these applications for as many of the top 25 most dangerous CWEs as possible. To identify which product (open source or commercial) would provide the best top 25 CWE coverage (i.e., can detect the presence of more top 25 CWEs than any other product), NIST conducted a survey of all known open source and commercial testing products. Of these, NIST then identified those that detected any of the top 25 CWEs and found that Fortify provided the best coverage for identifying the top 25 CWEs; Fortify detects 23 of the top 25 CWEs while the next best product detects only 10 of the top 25 CWEs. Fortify is the only product that meets NIST's requirement because it detects a significantly amount more, 23 of the top 25 CWEs than any other known commercial product in its class which is required and critical for facilitating maximum security of applications in this sensitive environment. All responsible offerors that are small businesses and Fortify-authorized resellers/business partners are invited to submit quotations in accordance with the instructions below. ADDENDUM TO PROVISION 52.212-1 - QUOTATION SUBMISSION INSTRUCTIONS Paragraph (b) below replaces paragraph (b) in provision 52.212-1. (b) Submission of quotations. Submit signed and dated quotations to the office specified in this solicitation at or before the exact time specified in this solicitation. Quotations may be submitted on company letterhead stationery, or as otherwise specified in the solicitation. As a minimum, quotations must include- (1) The solicitation number; (2) The name, address, and telephone number of the offeror; (3) Technical description of the items being offered in sufficient detail to evaluate compliance with requirements in the solicitation. Item MUST meet exact specifications as laid out in the description attached. This may include product literature, or other documents, if necessary; (4) Evidence that the offeror is an authorized FortifyHP Reseller (5) Terms of any expressed warranty; (6) Firm-fixed price for each CLIN and discount terms; (7) Acknowledgement of solicitation amendment(s); (8) Include a statement specifying the extent of agreement with all terms, conditions, and provisions included in the solicitation. Quotations that fail to furnish required representations or information, or reject the terms and conditions of the solicitation may be excluded from consideration. NIST reserves the right to award a purchase order without discussions, based solely on the submission of the Contractor. EVALUATION FACTORS FOR AWARD: The award will be made to the responsible authorized offeror whose technically acceptable quotation is deemed to represent the lowest price. Offers that meet all of the attached minimum requirements will be deemed technically acceptable/
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DOC/NIST/AcAsD/SB134111RQ0180/listing.html)
 
Place of Performance
Address: National Institute of Standards and Technology, Gaithersburg, Maryland, 20899, United States
Zip Code: 20899
 
Record
SN02414566-W 20110402/110331235034-c5237294dff70472e0b0d1a0c4ae742b (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  © 1994-2020, Loren Data Corp.