Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF AUGUST 26, 2012 FBO #3928
MODIFICATION

D -- FORESCOUT TECHNOLOGIES SOFTWARE NAC-AS-A-SERVICE SOLUTION PROCUREMENT WITH ANNUAL MAINTENNACE AND SUPPORT

Notice Date
8/24/2012
 
Notice Type
Modification/Amendment
 
NAICS
541511 — Custom Computer Programming Services
 
Contracting Office
US Army Medical Research Acquisition Activity, ATTN: MCMR-AAA, 820 Chandler Street, Frederick, MD 21702-5014
 
ZIP Code
21702-5014
 
Solicitation Number
W81XWH-12-R-0066
 
Response Due
9/6/2012
 
Archive Date
11/5/2012
 
Point of Contact
Marvin Bethel, (301) 619-8807
 
E-Mail Address
US Army Medical Research Acquisition Activity
(marvin.bethel@amedd.army.mil)
 
Small Business Set-Aside
Total Small Business
 
Description
The U.S. Army Medical Research Acquisition Activity (USAMRAA) requires an experienced vendor to provide ForeScout Technologies NAC-as-a-Service Solution with Annual Maintenance and Support. This is a synopsis for commercial ForeScout Technologies NAC-as-a-Service Solution with Annual Maintenance and Support prepared in accordance with Subpart 12.6. This announcement constitutes the only synopsis of solicitation; a written solicitation will be issued on the Open Market as a Small Business Set-aside. USAMRAA hereby issues synopsis number W81XWH-12-R-0066 for ForeScout Technologies NAC-as-a-Service Solution with Annual Maintenance and Support for the TRICARE Management Activity (TMA), MHS Cyber-infrastructure Services (MCiS). This solicitation will be open to all Offerors under North American Industry Classification System (NAICS) code is 541511 - Custom Computer Programming Services. Any firm that believes it can provide the stated capability is invited to submit Capability Statement in writing to the Contracting Specialist within 15 calendar days from the date of this publication notice. Supporting evidence must be furnished in sufficient detail to demonstrate the firm's ability to provide the stated capability. All information regarding this notice should be sent electronically to Barton Vint, Contract Specialist, at barton.vint@amedd.army.mil. Responses received will be evaluated; however, a determination by the Government not to compete the proposed procurement based upon responses to this notice is solely within the discretion of the Government. Request for Quote: W81XWH-12-R-0066 Synopsis Date: 22 August 2012 Date of Solicitation: 6 September 2012 Question Due: 11 September 2012, 8:00 AM Eastern time Quote Due Date: 20 SEP 2012, 8:00 AM Eastern time Statement of Work SCOPE: This award is to request services, material and equipment to support the purchase of Network Access Control "turnkey" (a complete ready-to-use security solution and everything needed to operate\perform the NAC solution) NAC-as-a-Service solution for Department of Defense (DoD) and Military Health Systems (MHS), including but not limited to TMA Program Offices and the Services (Army, Air Force, Navy). The solution and technical support is for a base period of the award date through 29 September 2017. For the installation access the contract personnel should have a Security Clearance as minimum to work and access the designed locations. The vendor will provide the necessary ForeScout equipment to install the NAC solution into the Government equipment. The Government will provide the network connection and the port connectivity to allow ForeScout\NAC solution to operate. The government is expecting to have a "Turnkey" solution without the necessity of investing in other equipment, cabling or any other peripheral device. HQ MEDCOM (ARMY) has a requirement to purchase Network Access Control solution, based on a "turnkey" Software-as-a-Service (SaaS) licensing model, capable of identifying and discovering all network end points operating on a Unclassified but Sensitive Internet Protocol Router Network (NIPRNet) at all CONUS as well as OCONUS facilities, including but not limited to the Pacific region of the MEDCOM. BACKGROUND: This award is for a solution at each MTF location that will report all findings in a manageable database best suited for providing situational awareness of all end points and applicable users. The endpoints to be identified are computers, laptops, tablets, servers, printers, PDAs, Blackberry, VoIP phones, scanners, switches, routers, medical devices, wireless access points, USB connected devices, wireless access connected devices and any other devices connected directly or indirectly to each installations NIPRNet environment. In addition, this solution should provide the local facilities network center a single collection point or database capable of displaying discovery results. The solution must also be capable of displaying a consolidated one site picture of all MEDCOM endpoints to HQ MEDCOM and USMITC on Fort Sam Houston, TX and to provide situational awareness IT and medical resources connected to a NIPRNet environment. The solution is required to meet the ever increasing security demands to track network components and support Network Access Control requirements not supported by currently owned government products. OBJECTIVE: To purchase ForeScout NAC-as-a-Service solution (includes licenses and continuous maintenance and support services) for 75,000 endpoints over 5 years. This action supports the centralization of Military Health Systems centralized acquisition of network access control to ensure information assurance compliance and continuous security monitoring. The solution includes all software, hardware, annual support/maintenance on hardware, and engineering services. Engineering Services consist of a full time ForeScout engineer to conduct architecture review and design the solution specific to Army MEDCOM requirements, deployment, configuration, travel, training of local administrators, and ongoing sustainment. Salient Features: The NAC-as-a-Service solution being sought will meet the following requirements as laid out by HQ MEDCOM: a.MEDCOM requires a fully managed "turnkey" service inclusive of software, implementation, sustainment, engineering, vendor portal, training and knowledge transfer for a real time network discovery and reporting solution. Such a solution must be capable of supporting of identification of all network endpoints (managed and unmanaged), provide reporting on each endpoint, support a Defense Information Systems Agency (DISA) Security Technical Implementation Guidelines (STIG) compliant port based security effort, identify all users information as applicable, and enable remediation of end points as required to meet network security requirements. b.MEDCOM requires a clientless solution for the identification of all endpoints. If a client is required, then the contractor shall include a process to validate in real time the client is present on all endpoints and operational. If a client is required, but not present, non-operational, or corrupted the solution must provide the capability to report this information and auto-remediate without impacting the operations of the any end point. If a client is required it must be deployed on every endpoint regardless of hardware platform or operating system and validated to ensure 100% deployment is accomplished at initial installation and the vendor will need to provide a simple process suitable to the government for any new devices the government may add to its environment in the future. If multiple processes are required for separate hardware platforms or operating systems, this must be provide to the government. Any tools required to deploy the client is required to be a part of the solution and have the proper certifications to be used within the customer's environment. c.MEDCOM requires the solution to operate in out of band configuration as in-line solutions have been proven to impair network operations. d.MEDCOM requires the solution be capable of operating in a vendor agnostic environment to ensure the government is not limited to one vendor's product for any current or future network infrastructure components. e.MEDCOM requires that the solution NOT rely on 802.1x environment, but support an 802.1X environment if at the discretion of the government such as solution is adopted. If a solution is presented requiring 802.1X, then the deployment and costing for such a solution must be incorporated into the response since reliance on 802.1X is required before the solution can be operational and accepted by the government as complete. Real time status of 802.1X based solution on each switch port and auto remediation capabilities must be included with the solution since this is not a standalone requirement. Training for all government personnel on 802.1X operations must be included at every level as applicable to each position to ensure the solution in sustainable. f.MEDCOM requires the integration of the current CounterAct solution residing at two of the existing facilities (Womack Army Medical Center, Martin Army Hospital and US Army Public Health Command). If the solution cannot integrate with the current environment at these two locations, the contractor must ensure this solution does not impair the current operations previously deployed. g.MEDCOM requires a global dashboard capability at USAMITC coupled with local dashboards for individual Army hospitals and support facilities including MTF's. If individual license fees are required for this capability, all responses should include this requirement. h.MEDCOM requires real time and on demand inventories functions of all applications and software running on all endpoints. i.MEDCOM requires a solution that will identify users to include system guests and contractors. This will help apply the appropriate system policy to the type of user accessing the network and system. j.MEDCOM requires a solution that will grant, limit or block any endpoints access to the MEDCOM network as determine by DoD, Army, MEDCOM, or local policies. k.MEDCOM requires the ability to identify and control access with any mobile device such as but not limited to iPhones, iPads, smart phones, blackberry, and android devices. l.MEDCOM requires the solution integrate with McAfee ePO/HBSS and auto populate the Host Based Security System (HBSS) environment at the discretion of the government to limit unidentifiable hardware therefore reducing the number of HBSS reported rogue devices currently authorized. m.MEDCOM requires a solution that will integrate with Microsoft Systems Center Configuration Manager (SCCM) in order to automate patching of non-compliant endpoints. n.MEDCOM requires the contractor to provide an installation support team and a full time technical account manager to oversee the architectural design, implementation, configuration, sustainment, training and knowledge transfer of the comprehensive security service. o.MEDCOM requires each network be provided a standalone system and be manageable as such. p.MEDCOM requires the solution be capable of reporting captured information from all networks into a central point to provide MEDCOM and U.S. Army Medical Information Technology Center (USAMITC) oversight of network resources. q.The equipment must be JITC (Joint Interoperability Test Command) certified. r.The turn-key solution will include knowledge transfer and training of the technology/operation of the solution. s.The installation will include compliance testing Information Assurance Workshop (IAW) DISA STIGs and Air Force (AF) requirements. t.Any Information Assurance Category I or II (high or medium risk) findings must be resolved at a minimum before the solution is accepted as a completed installation. This requirement includes the first 3 installments at each location starting with the Pacific region, configuration management, consolidated reporting features, web-portal to manage licenses, training, and knowledge transfer to each installation to include MEDCOM and USMITC as required by the solution. The current DoD Healthcare customers of ForeScout include Womack Army Medical Center, US Army Public Health Command, Martin Army hospital, San Diego Naval Hospital, Camp Pendleton and 29 Palms. ForeScout pilots have been conducted at Madigan Army hospital, Weed Army Hospital and Evans Army Hospital. C. Period of Performance: Base Period (12) months, plus Four (12) months Option Periods. D. Performance Location: The Contractor shall perform primary activity at the Government's facility. E. Acceptance Criteria: Certification by the Government of satisfactory services provided is contingent upon the Contractor performing in accordance with the terms and conditions of this contract and all modifications. F. Evaluation Factors and Subfactors: Award of this order will be made on a competitive best value basis using the "lowest price, technically acceptable" basis. Evaluation will be made to identify all Offerors whose proposals are technically acceptable in accordance with the RFQ and the evaluation criteria set forth below. Award will be made to the Offeror from the pool of technically acceptable proposals, whose cost/price is lowest. Technical acceptability will be determined by evaluating ForeScout software. All technical evaluation criteria must be rated Acceptable to be considered for award. Each Offeror must fully document and substantiate a cross mapping of their cost approach as it equates to the technical approach listed in the evaluation criteria. Please note that unsubstantiated costs that are considered unrealistic or unsupported or both may cause the overall technical evaluation to be rated Unacceptable. NOTE: Government will not assume that the offeror possesses any capability or knowledge unless it is specified in their Capability Statement. All Capability Statements must include a point of contact (POC), name and phone number. Each response must clearly indicate the capability of the offeror to meet all specifications and requirements.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/USA/USAMRAA/DAMD17/W81XWH-12-R-0066/listing.html)
 
Place of Performance
Address: US Army Medical Research Acquisition Activity ATTN: MCMR-AAA, 820 Chandler Street Frederick MD
Zip Code: 21702-5014
 
Record
SN02854116-W 20120826/120824235754-f277d3d7d8f8d8246f2b1a829d28e07c (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.