Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF JULY 10, 2025 SAM #8627
SOURCES SOUGHT

D -- Zero Trust Application Realtime Protection (ZARP) (VA-25-00093376)

Notice Date
7/8/2025 2:24:29 PM
 
Notice Type
Sources Sought
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
TECHNOLOGY ACQUISITION CENTER NJ (36C10B) EATONTOWN NJ 07724 USA
 
ZIP Code
07724
 
Solicitation Number
36C10B25Q0429
 
Response Due
7/16/2025 9:00:00 AM
 
Archive Date
08/15/2025
 
Point of Contact
Michael Berberich, Contract Specialist
 
E-Mail Address
michael.berberich@va.gov
(michael.berberich@va.gov)
 
Awardee
null
 
Description
DESCRIPTION Department of Veterans Affairs Request for Information (RFI) Zero Trust Application Runtime Protection (ZARP) This is a Request for Information (RFI) only. Do not submit a quote. This RFI is for planning purposes only and shall not be considered a Request for Quotation. Additionally, there is no obligation on the part of the Government to acquire any products or services described in this RFI. Your response to this RFI will be treated only as information for the Government to consider. You will not be entitled to payment for direct or indirect costs that you incur in responding to this RFI. This request does not constitute a solicitation for quotes or the authority to enter into negotiations to award a task order. No funds have been authorized, appropriated or received for this effort. The information provided may be used by the Department of Veterans Affairs (VA) in developing its acquisition strategy. Interested parties are responsible for adequately marking proprietary, restricted or competition sensitive information contained in their response. The Government does not intend to pay for the information submitted in response to this RFI. The Government requests Industry to review and provide commentary on the Governments requirement detailed below. The Government intends to review RFI responses to exchange information and improve industry s understanding of the Government requirement and the Government s understanding of industry capabilities. This will allow potential� offerors� to judge whether or how they can satisfy the Government s requirements and enhance the Government s ability to obtain quality� supplies� and services. SUBMITTAL INFORMATION: All responsible sources may submit a response in accordance with the below information. As part of your market research response, please provide a (10-page limit) submission detailing a solution that meets or exceeds the Government s requirement detailed below. Interested vendors shall provide constructive comments and/or feedback regarding the following elements of the proposed procurement: Proposed contract type: Firm Fixed Price Schedule: Base Year plus four (4) option years Industry to suggest a Contract Line-Item Number� (CLIN)/Price Structure and deliverables. Industry to provide a Rough Order of Magnitude (ROM) to include level of effort, associated labor categories and estimated pricing Feasibility of the requirement, including performance requirements Industry to provide part numbers (if applicable). Any other industry concerns, comments, or questions Interested Vendors shall provide the following information in the initial paragraph of the submission: Name of Company Address Point of Contact Phone Number Email address Company Business Size and Status under the following North American Industry Classification System (NAICS) Code: 541519 Other Computer Related Services with a Size Standard of $34 Million. Existing Contractual Vehicles (GWAC, FSS, MAC, SEWP) to include the contract and schedule numbers. Socioeconomic data (For Veteran-Owned Small Business (VOSB) and Service-Disabled Veteran-Owned Small Business (SDVOSB)s, proof of verification in Small Business Administration (SBA) Veteran Small Business Certification (VetCert)) Indicate whether you can comply with the limitations on subcontracting at VA Acquisition Regulation (VAAR) 852.219-73, VA Notice of Total Set-Aside for Certified Service-Disabled Veteran-Owned Small Businesses or VAAR 852.219-74 VA Notice of Total Set-Aside for Certified Veteran-Owned Small Businesses System for Award Management Unique Identity Identification Number While not required, artifacts supporting your submission may be submitted to better demonstrate the above. The artifacts can be in addition to the page limit. There are no specific submission requirements other than the page limit, but the Government requests that it not be inundated with marketing materials or peripheral content, and that the submission be readable. CONTRACTOR RESPONSE: All Contractors shall submit via email to Michael Berberich, Contract Specialist at michael.berberich@va.gov and Contracting Officer Jason King at jason.king6@va.gov. Any/all questions from industry must be submitted by close of business (COB) on 7/11/25. The Government intends to have all questions answered and posted by COB on 7/14/25. Final responses are due no later than 12:00 PM ET, July 16, 2025. GOVERNMENT REQUIREMENT: Introduction / Background: The Department of Veterans Affairs (VA) is conducting market research to identify capable vendors that can deliver a comprehensive, turnkey solution for application and API runtime protection across VA's enterprise environments. This initiative, titled Zero Trust Application Runtime Protection (ZARP), supports the agency's cybersecurity modernization goals under Executive Order 14028 and the VA's Zero Trust Architecture Strategy. The ZARP initiative is focused on runtime protection for web applications, APIs, and associated workloads. It will prioritize VA mission critical systems to include support for both externally facing and non-web-based services. Purpose of this RFI This RFI seeks industry feedback and solution concepts from qualified vendors. The Government intends to use responses to: Validate technical feasibility and market availability Refine its acquisition strategy Determine industry capacity to meet ZARP objectives Identify best practices and potential innovations Scope of the ZARP Solution This solution must be delivered as a total turnkey implementation, meaning the contractor shall be responsible for all components and phases of delivery without reliance on VA-led development or integration efforts. The VA seeks a commercial off the shelf (COTS) solution that provides end-to-end protection for web applications, APIs, and critical backend services across VA s hybrid environments. VA is interested in Palo Alto s Prisma Cloud Enterprise Edition or similar. Vendors are encouraged to propose alternative or equivalent solutions if they can clearly demonstrate equal or superior functionality, integration maturity, and compliance with federal standards. Salient Characteristics Respondents should confirm their solution supports or addresses the following key characteristics: Turnkey Delivery Model Implementation and integration Solution process design and configuration Documentation and training Operational support (including 24/7 monitoring and incident response) Supporting the Authority to Operate (ATO) process Runtime Protection Scope Coverage of cloud-native, web-facing and non-web workloads (e.g., internal APIs, headless services) Support for host-based, container, and serverless applications Support for monolithic, microservice, containerized, and serverless architectures Capable of protecting on-prem or VA Enterprise Cloud (VAEC) environments Platform Capabilities Web Application and API Security (WAAS) Cloud Workload Protection Platform (CWPP) Compute Defender or equivalent functionality Runtime policy enforcement, threat detection, and virtual patching Compliance FedRAMP-authorized (Moderate or High) for SaaS Applicable legislation (e.g. FISMA, NIST 800-53 and CISA directives) Tool Integration Support SIEM (Splunk, Elastic) SOAR platforms Identity and Access Management systems Vulnerability Management and CI/CD pipelines Measurable Outcomes Reduction in successful exploits and faster Mean time to detect (MTTD) / Mean time to respond (MTTR) Capable of achieving a true-positive detection rate of at least 98% and cross-over error rate of no more than 2%, as measured against independent OWASP Benchmarks or equivalent tests Requested Information from Respondents Vendors are encouraged to provide the following: A description of their proposed solution, including people processes and technologies A response matrix mapping their solution to each of the salient characteristics Details of past performance with similar enterprise security deployments, especially within federal environments Licensing models and scalability options Key differentiators or innovations Any anticipated deployment challenges and mitigation strategies Any recommended additions, corrections, or clarifications to the scope or requirements described in this RFI
 
Web Link
SAM.gov Permalink
(https://sam.gov/opp/10e1af61beec4aa5b61a6a7df1e31bc6/view)
 
Record
SN07502152-F 20250710/250708230055 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.