Loren Data's SAM Daily™

FBO DAILY ISSUE OF AUGUST 31, 2012 FBO #3933
DOCUMENT

D -- IBM Rational AppScan Subscription and Support Renewal - Attachment

Notice Date

8/29/2012
 

Notice Type

Attachment
 

NAICS

541519 — Other Computer Related Services
 

Contracting Office

Department of Veterans Affairs;Technology Acquisition Center;260 Industrial Way West;Eatontown NJ 07724
 

ZIP Code

07724
 

Archive Date

10/23/2012
 

Point of Contact

Brandon Caltabilota
 

E-Mail Address

8-5561<br
 

Small Business Set-Aside

N/A
 

Award Number

NNG07DA44B
 

Award Date

8/24/2012
 

Description

JUSTIFICATION AND APPROVAL FOR AN EXCEPTION TO FAIR OPPORTUNITY 1.Contracting Activity: Department of Veterans Affairs (VA) Office of Acquisition Operations Technology Acquisition Center 260 Industrial Way West Eatontown, NJ 07724 2.Description of Action: The proposed action is for a firm-fixed-price Delivery Order, issued under the National Aeronautics and Space Administration (NASA) Solutions for Enterprise Wide Procurement (SEWP) IV Government Wide Acquisition Contract (GWAC), for the renewal of the International Business Machines (IBM) Rational AppScan Enterprise Edition Server software license subscriptions and support. The period of performance for this proposed action consists of a 12-month base period, with four, 12- month option periods. 3.Description of Supplies or Services: VA Office of Information and Technology (OI&T) Office of Information Security (OIS) requires renewal of the licensing and support for IBM Rational AppScan Enterprise Edition software licenses. The IBM Rational AppScan Enterprise Edition software is a Web-application vulnerability scanning software that allows security and compliance testers to discover any known software defects in running Web-facing applications so that they may be remediated. The product detects security, privacy, Section 508/Accessibility software compatibility, and general software coding defects. VA is renewing the software support for the existing software application-security and risk-management solutions. Capabilities of the software include automated scanning of Web applications for National Institute of Standards and Technology (NIST) and Federal Information Security Management Act (FISMA) compliance and continuous monitoring activities: malware; security; privacy (PII); quality (broken links and misspelled words); and, accessibility (Section 508, Health Insurance Portability and Accountability Act, etc). This acquisition will modernize the licensing type of VA's existing IBM Rational AppScan Enterprise and Policy Tester Deployment (Policy Tester ensures that Web applications and dynamic Web content are accessible and comply with Government accessibility regulations) from Authorized User to Floating License Deployment. In addition, the IBM Rational AppScan Enterprise Edition software license subscriptions and support includes access to new releases and versions of installed IBM software and the option to receive notifications of new product releases and technical support updates. IBM provides cross-platform software technical support 24x7x365; online technical support including enhanced self-help and search capabilities; voice support for new deployments, migration, and code-related questions; and, fast problem resolution by phone for all "Severity 1" situations-24 hours a day, seven days a week. Severity levels are determined during a mutual discussion by the client and support analyst, based on the business impact of the issue. Additionally, a severity level 1 issue is classified as business critical software components being inoperable or critical interfaces have failed. This usually applies to a production environment and indicates you are unable to use the program resulting in a critical impact on operations. Typically, this condition requires an immediate solution. 4.Statutory Authority: The statutory authority permitting an exception to fair opportunity is Section 41 U.S.C. 4106(c)(2) as implemented by Federal Acquisition Regulation (FAR) Subpart 16.505(b)(2)(i)(B) entitled, "Only one awardee is capable of providing the supplies or services required at the level of quality required because the supplies or services ordered are unique or highly specialized." 5.Rationale Supporting Use of Authority Cited Above: Based on the market research, as described in paragraph 8 of this document, it was determined that limited competition is viable among authorized resellers for these brand name software license subscriptions and support. VA OIS Deputy Assistant Secretary for Information Security created a new program office in OIS to address Security Architecture and Software Assurance (SASA). SASA is in the processes of working with developers and other users of Software Assurance (SwA) tools to reinvigorate the SwA program, which will greatly improve VA security posture by reducing risk brought by considerable defects found in software to which VA is not immune. The key to getting the SwA program back on track is to reinstate already purchased IBM Rational AppScan software license subscriptions and support. VA already owns IBM Rational AppScan Enterprise perpetual software licenses. It is critical to the SwA program that the aforementioned software licenses are up to date. Failure to obtain IBM Rational AppScan Enterprise software license subscriptions and support will expose VA to great security risk. Also, VA has invested significant resources in both the procurement of IBM Rational AppScan Enterprise software licenses and staff training. Obtaining similar software would take new training and new processes to be developed, which would incur a cost that exceeds the current budget. This would not be advantageous to the VA OIS holistic SwA program. VA relies on the known quality of the reports generated by the IBM Rational AppScan Enterprise software and has customized these for VA's environment. The Section 508 and Privacy groups will then also need to go out and look for new products since IBM Rational AppScan software is one of the few that cover these areas in one suite/framework. It is important that the scanning software not only generate reports compatible with other, in-use software and hardware, as well as not alter the information it inspects. 6.Efforts to Obtain Competition: Market research was conducted, details of which are in the market research section of this document. Based on this research, it was determined that limited competition among resellers is available on NASA SEWP for the procurement of IBM Rational AppScan Enterprise Edition Server software license subscriptions and support. Accordingly, this justification and the Request for Quotation (RFQ) will be submitted to all four NASA SEWP IV GWAC contract groups in order to fully notify all interested parties. Furthermore, in accordance with FAR 5.301 and 16.505(b)(2)(D)(1)(i), this action will be synopsized at award on the Federal Business Opportunities Page and the justification will be made publicly available. 7.Actions to Increase Competition: In order to remove or overcome barriers to competition in future acquisitions for this requirement, the Government's technical experts will continue to perform market research to determine if other products can be considered. Additionally, the Government's technical experts will conduct market research prior to exercising each option to ensure market conditions have not changed and that no emerging technology is available that can meet VA's needs. 8.Market Research: In May 2012 market research was conducted by VA OIS to determine if there were viable products from other manufacturers besides IBM to meet VA's IT security reporting requirements. It was determined that IBM's Rational AppScan software was the only brand name software that offered the Floating User licensing option; this was not found as a feature on other similar brand name products during market research. In addition, market research also indicated that other similar brand name software licenses available for use within VA's Enterprise Information Technology Infrastructure would require significant compatibility testing, and a substantial amount of time for VA's Information Technology (IT) engineers to fully test and validate the other software licenses to establish equivalent functionality. Conversely, VA cannot stop using one to test another and this creates a prevalent problem. Running two software applications with similar functionality in a single enterprise environment would cause interoperability issues, plus it would expose VA to great risk to stop running the current software to begin testing the other. Additional Market research was conducted in June 2012 utilizing the NASA SEWP IV Manufacturer Lookup tool, and it was determined that there are 35 resellers of IBM products/services. Furthermore, in accordance with the SEWP website, when soliciting a requirement on a brand name basis, the solicitation shall be sent to all SEWP contract holders in all four groups providing all contract holders notification. However, in order to promote award opportunity for SDVOSBs, quotes will only be accepted from contract holders in Group B. 9.Other Facts: This requirement has been reported in the Forecast of Contracting Opportunities database.
 

Web Link

FBO.gov Permalink
(https://www.fbo.gov/notices/1b6cc297aed227984a83bea67982faff)
 

Document(s)

Attachment
 

File Name: NNG07DA44B VA118-12-F-0391 NNG07DA44B VA118-12-F-0391_2.docx (https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=460779&FileName=NNG07DA44B-009.docx)

Link: https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=460779&FileName=NNG07DA44B-009.docx

 

Note: If links are broken, refer to Point of Contact above or contact the FBO Help Desk at 877-472-3779.
 

Record

SN02860292-W 20120831/120829235821-1b6cc297aed227984a83bea67982faff (fbodaily.com)
 

Source

FedBizOpps Link to This Notice
(may not be valid after Archive Date)

---

| FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |