SOURCES SOUGHT
D -- Enterprise Vulnerability Scanning System (EVSS) - SSN Attachment: Requirement Matrix, Table 1
- Notice Date
- 7/16/2013
- Notice Type
- Sources Sought
- NAICS
- 541519
— Other Computer Related Services
- Contracting Office
- United States Senate, Office of the Sergeant at Arms, Finance Division, United States Senate, Washington, District of Columbia, 20510-7207, United States
- ZIP Code
- 20510-7207
- Solicitation Number
- 2013-S-052
- Archive Date
- 8/2/2013
- Point of Contact
- Kathleen M. Haddow,
- E-Mail Address
-
Acquisitions2012@saa.senate.gov
(Acquisitions2012@saa.senate.gov)
- Small Business Set-Aside
- N/A
- Description
- SSN Attachment: Requirement Matrix, Table 1 The United States Senate Office of the Sergeant at Arms (SAA) is seeking sources for Enterprise Vulnerability Scanning System (EVSS) technologies that are currently available in the marketplace. This is a Sources Sought Notice (SSN) only and vendors will not be compensated for the information provided. No solicitation will be issued at this time. BACKGROUND: The United States Senate has currently deployed a Tripwire (formerly nCircle) Enterprise Vulnerability Assessment tool. The Senate Sergeant at Arms (SAA) IT Security branch, with support from vendor staff, has been conducting authenticated vulnerability assessments of Senate IT assets for several years. The U.S. Senate Sergeant at Arms is now seeking an application vulnerability scanner to assess public-facing Senate websites and devices. This scanner may have features that could be leveraged to conduct internal web, authenticated vulnerability assessment scans. THE SAA MISSION: The Vulnerability Assessment (VA) service is part of the SAA's mission to provide secure and reliable network services to the U.S. Senate. A vulnerability assessment is an automated scan conducted against networked devices to reveal vulnerabilities associated with each device, such as missing security updates or misconfigured applications. The list of vulnerabilities is then used to identify required patches or other fixes. To support this mission, the SAA is evaluating Enterprise Vulnerability Scanning System (EVSS) solutions that can scan, identify, report, and help resolve web application vulnerabilities and vulnerabilities in the operating systems on which they run. The product/solution must allow authorized users to perform both scheduled and ad-hoc scans across different platforms, track and report identified vulnerabilities, integrate with our Security Information and Event Management tool (ArcSight), and allow the SAA to access detailed information as needed. Integration with our current Vulnerability Assessment solution (Tripwire - formally nCircle) is highly desirable. INSTRUCTIONS In responding to this SSN: 1) Complete the requirements matrix, TABLE 1. (See SSN Attachment: Requirement Matrix, Table 1) 2) Provide a detailed description of how your product works and what differentiates it within the EVSS market space. Please include the following information, at a minimum: a. Describe the product architecture and provide a representative diagram(s) if available, including: • User Interfaces • Directory Integration • Role-based Administration • Policy Creation and Management • System Administration, Reporting, and Other features b. Provide past performance experience and information for a minimum of three (3) contracts, each less than two (2) years old that involve use of products and capabilities relevant to Senate requirements. Please include the contract number, customer name and address, and a brief synopsis of work performed. c. Organizational information including your Dun and Bradstreet number and point of contact with telephone, fax, and e-mail address. This Sources Sought Notice (SSN) is not a request for proposal and in no way obligates the Senate to award a contract. This sources sought synopsis contains the currently available information. This information is subject to change at any time. The information contained in this notice will be the only information provided by the Senate during the Sources Sought process. All qualified sources should respond to this Sources Sought by submitting an information package in accordance with the instructions provided. Vendors responding to this sources sought notice and deemed qualified by the SAA may be requested to submit a proposal in response to a solicitation. Only firms deemed qualified will be permitted to submit proposals. If suitable responses are received from qualified sources, the SAA anticipates release of a solicitation in Fiscal Year 2014. Neither the SAA nor the Senate will be responsible for any costs for the preparation of responses to this request. Responses to this Sources Sought request are due to the SAA Procurement point of contact no later than August 1, 2013, at Noon EST and shall be submitted electronically via email only to the attention of Kathleen M. Haddow to acquisitions2012@saa.senate.gov. The subject line of the email message shall be SSN 2013-D-052 Enterprise Vulnerability Scanning System. No other method of transmittal will be accepted. The response shall not exceed twenty (25) pages, excluding the cover sheet and completed Attachment: Requirement Matrix, Table 1). Unnecessarily elaborate submissions are discouraged. Pages over the page limitation may be discarded. Access by the SAA to information in any files attached to the response is the responsibility of the submitting party. Neither the SAA nor the Senate is responsible for any failure to access vendor's information. THIS IS NOT A REQUEST FOR PROPOSAL. THIS NOTICE CONSTITUTES THE ENTIRE SOURCES SOUGHT NOTICE AND IS THE ONLY INFORMATION PROVIDED BY THE SAA OR SENATE. ANY REQUESTS FOR ADDITIONAL INFORMATION WILL NOT BE HONORED.
- Web Link
-
FBO.gov Permalink
(https://www.fbo.gov/spg/Senate/SAA/SAAFD/2013-S-052/listing.html)
- Place of Performance
- Address: United States Senate, Washington, District of Columbia, 20510, United States
- Zip Code: 20510
- Zip Code: 20510
- Record
- SN03118013-W 20130718/130716235456-ea3b01f0c878c58c06e29148ae4e51ff (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |