Loren Data's SAM Daily™

FBO DAILY - FEDBIZOPPS ISSUE OF SEPTEMBER 04, 2016 FBO #5399
DOCUMENT

D -- Enterprise Privileged Access Manager (PAM) - Attachment

Notice Date

9/2/2016
 

Notice Type

Attachment
 

NAICS

541519 — Other Computer Related Services
 

Contracting Office

Department of Veterans Affairs;Technology Acquisition Center;23 Christopher Way;Eatontown NJ 07724
 

ZIP Code

07724
 

Solicitation Number

VA11816Q1440
 

Archive Date

12/9/2016
 

Point of Contact

Amy Schmalzigan
 

Small Business Set-Aside

N/A
 

Award Number

NNG15SD27B VA118-16-F-1386
 

Award Date

9/1/2016
 

Awardee

V3GATE, LLC;6060 HOLLOW TREE CT;COLORADO SPRINGS;CO;80918
 

Award Amount

$4,298,509.84
 

Description

On September 1, 2016, the Technology Acquisition Center awarded Delivery Order VA118-16-F-1386 under the terms and conditions of National Aeronautics and Space Administration (NASA) Solutions for Enterprise-Wide Procurement (SEWP) V contract NNG15SD27B with V3 Gate, located at 6060 Hollow Tree Court, Colorado Springs, CO 80918. V3 Gate will be providing CyberArk Software, Ltd. (CyberArk) hardware, software, technical support, and training. The period of performance shall be 12 months from date of delivery, plus two 12-month option years, for continued maintenance support, the total order value of $5,922,684.12. ? JUSTIFICATION FOR AN EXCEPTION TO FAIR OPPORTUNITY 1. Contracting Activity:Department of Veterans Affairs (VA) Office of Acquisition and Operations Technology Acquisition Center 23 Christopher Way Eatontown, NJ 07724 2. Description of Action: This proposed action is for a firm-fixed-price delivery order issued under the National Aeronautics and Space Administration (NASA) Solutions for Enterprise-Wide Procurement (SEWP) V Government-Wide Acquisition Contract (GWAC) for brand name CyberArk Software, Ltd. (CyberArk) hardware, software, technical support, and training for the VA, Office of Information and Technology (OI&T), Office of Information Security (OIS). 3. Description of the Supplies or Services: VA's Continuous Readiness Information Security Program (CRISP) requires system security monitoring of all privileged user accounts, system logs and network connectivity to provide event and log correlation, event alerting and information security threat intelligence, and reporting of all malware activity. To meet CRISP requirements, OIS currently utilizes a Security Information and Event Management (SIEM)-based CyberArk hardware and software infrastructure in five (5) data center systems and networks. The purpose of the proposed acquisition is to procure two (2) CyberArk Advanced Appliance Servers, eight (8) 16 gigabyte memory packs, two (2) Central Policy Manager (CPM) modules, five (5) Enterprise Password Vault (EPV) user licenses, 30,000 Privileged Session Manager (PSM) Target System licenses, 24x7 technical support for each hardware and software item, training for advanced EPV and PSM, and professional services for elevated privilege account auditing, tracking and password vaulting. In addition to VA's continuous monitoring requirement, CyberArk hardware and software are also required to support VA's Information Technology (IT) visibility to the network initiative, which includes service account activities and integrated dependencies between data center locations. Technical support includes 24x7 telephone and email support, software updates, patches and defect support. The training to be procured for advanced EPV and PSM includes a three (3) day training course for ten (10) people. Delivery is required within 30 days of award. The period of performance shall be 12 months from date of hardware and software delivery, and includes two (2), 12-month option periods for continued technical support. 4. Statutory Authority: The statutory authority permitting this exception to fair opportunity is 41 U.S.C. 4106(c)(2) as implemented by Federal Acquisition Regulation (FAR) 16.505(b)(2)(i)(B), entitled "Only one awardee is capable of providing the supplies or services required at the level of quality required because the supplies or services ordered are unique or highly specialized." 5. Rationale Supporting Use of Authority Cited Above: Based upon market research, as described in paragraph eight of this justification, it was determined that limited competition is viable among resellers for the required brand name CyberArk hardware, software, technical support, and training. VA's current SIEM-based user account system and network monitoring cyber security system is based upon existing CyberArk proprietary hardware and software and VA requires hardware and software to meet CRISP requirements that is compatible with the existing infrastructure and functionality for continued operational availability. Specifically, CyberArk's is the only solution that meets all of VA's functional requirements for elevated privilege account auditing, tracking and password vaulting, and can seamlessly integrate and is interoperable with the current proprietary infrastructure. Other brand name solutions, as detailed in section eight of this justification are not interoperable or compatible with the currently fielded CyberArk SIEM-based brand name architecture components. Specifically, the hardware and software communicates through a source code that is based upon CyberArk proprietary data. The proprietary configuration (software and licensing) applies in a very specific way to the hardware and software that is being purchased. No other hardware and software can provide this communication capability without the proprietary source code. Additionally, only CyberArk items can meet all of VA's functional requirements. Specifically, only CyberArk brand name security architecture components can provide upstream forwarding of any localized data center elevated privilege account auditing, tracking and password vaulting data into the existing OIS SIEM-based infrastructure. The upstream forwarding of data is a VA functional requirement and is critical to produce a single view, collective status of all elevated privilege account auditing, tracking and password vaulting related information localized in a data center system or over the network. This provides VA with a single interactive view that displays the monitored user, system and network's security posture of all elements of IT protection. Therefore, only CyberArk or an authorized reseller has the ability to meet VA's functional requirements. No other brand name solution can integrate or communicate with OIS's existing CyberArk proprietary infrastructure to provide the required security visibility of elevated privilege account auditing, tracking and password vaulting activity on the network. Failure to acquire a compatible solution would cause system failure, putting VA's security posture at risk. In addition, VA requires 24x7 technical support for each hardware and software item, training for advanced EPV and PSM, and professional services for elevated privilege account auditing, tracking and password vaulting. Only CyberArk or an authorized reseller has access to the proprietary software code to provide the required technical support for the hardware and software, which includes software updates, patches and defect support, as well as access to the required professional services. Further, only CyberArk or an authorized reseller has access to the training materials and knowledge base for providing advanced EPV and PSM training. The materials are comprised of proprietary data, specifically the interworkings of the training are such that a non-reseller could not provide them. Only CyberArk certified trainers are authorized to provide the advanced EPV and PSM courses. 6. Efforts to Obtain Competition: Market research was conducted, details of which are in the market research paragraph of this document. This effort did not yield any additional sources that can meet the Government's requirements. It was determined however, that limited competition is viable among authorized resellers for the required brand name CyberArk hardware, software, technical support and training. In accordance with FAR 5.301 and 16.505(b)(2)(ii)(D), the award notice for this action will be synopsized and the justification will be made publicly available on the Federal Business Opportunities Page within 14 days of award of the order. Additionally, in accordance with FAR 16.505(a)(4)(iii)(A)(2), this justification will be provided with the Request for Quote to NASA SEWP V GWAC holders. 7. Actions to Increase Competition: The Government will continue to conduct market research to ascertain if there are changes in the market place that would enable future actions to be competed. VA networking Subject Matter Experts regularly review industry trade publications and conduct internet research to ascertain if any other brand name hardware, software, technical support and training is available to meet the requirements described herein. 8. Market Research: The Government's technical experts conducted market research by reviewing other similar elevated privilege account auditing, tracking and password vaulting systems in June 2016. Specifically, the Government's technical experts conducted web-based research on web sites of vendors including Quest Software and Computer Associates. Based upon reviews of these products, the Government's technical experts determined that neither of these products can meet the Government's functionality, interoperability and compatibility requirements with the existing OIS security architecture components discussed in section five above. No other solutions can seamlessly integrate into the current CyberArk security infrastructure, nor can they provide upstream forwarding of localized data into the existing OIS SIEM console architecture, which is critical to network security operations. Additionally, as stated above in section five, only CyberArk or an authorized reseller can provide the required technical support, training and professional services. The Government's technical experts have determined that only CyberArk brand name security hardware, software, technical support and training can meet all of VA's needs. Additional market research was conducted in July 2016 by utilizing the NASA SEWP Provider Lookup tool to determine whether the brand name CyberArk products are available from NASA SEWP V GWAC holders. It was determined that there are several resellers of the brand name CyberArk products that hold current GWACs such that limited competition is anticipated.
 

Web Link

FBO.gov Permalink
(https://www.fbo.gov/notices/786dd3d8f9b6759eb6893fa68a685474)
 

Document(s)

Attachment
 

File Name: NNG15SD27B VA118-16-F-1386 NNG15SD27B VA118-16-F-1386_1.docx (https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=2984277&FileName=NNG15SD27B-024.docx)

Link: https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=2984277&FileName=NNG15SD27B-024.docx

 

Note: If links are broken, refer to Point of Contact above or contact the FBO Help Desk at 877-472-3779.
 

Record

SN04254655-W 20160904/160902235634-786dd3d8f9b6759eb6893fa68a685474 (fbodaily.com)
 

Source

FedBizOpps Link to This Notice
(may not be valid after Archive Date)

---

| FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |