Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF FEBRUARY 04, 2015 FBO #4820
MODIFICATION

70 -- Request for Information - Attachment

Notice Date
2/2/2015
 
Notice Type
Modification/Amendment
 
NAICS
541512 — Computer Systems Design Services
 
Contracting Office
NPS, MWR - MWRO MABO 601 Riverfront Drive Omaha NE 68102 US
 
ZIP Code
00000
 
Solicitation Number
P15PS00394
 
Response Due
2/18/2015
 
Archive Date
3/5/2015
 
Point of Contact
Pittman, Patrice
 
Small Business Set-Aside
N/A
 
Description
P15PS00394 REQUEST FOR INFORMATION, Midwest Regional Office, National Park Service 1.0Description The Midwest Regional Office in support of the National Park Service is seeking information on how an interested contractor could implement a fully integrated credit card solution which addresses EMV/Pin and Chip/P2PE services with electronic cash registers. This solution must be for hardware, software, and card processing. The President issued an executive order that states ¿In order to strengthen data security and thereby better protect citizens doing business with the Government, executive departments and agencies (agencies) shall, as soon as possible, transition payment processing terminals and credit, debit, and other payment cards to employ enhanced security features, including chip-and-PIN technology. ¿ The National Park Service wishes to deploy a solution that addresses not only the executive order but to reduce the scope of compliance on each park who accepts credit cards. In addition to pin/chip/emv this has to be accomplished by using a Using a point to point encryption (P2PE) solution. P2PE involves encrypting the cardholder data with a hardware device at the point of swipe, and having the data sent in encrypted form only to the processor (Vantiv), who then decrypts it. This technology ensures that cardholder data never enters any POS unit or network component in an unencrypted form. 2.0This is a Request for Information Only This RFI is issued solely for information and planning purposes ¿ it does not constitute a Request for Proposal (RFP) or a promise to issue an RFP in the future. The purpose of this notice is to obtain information regarding the availability and capability of all qualified sources to perform a potential requirement. Responses to the information requested will assist the Government in determining the appropriate acquisition method. The Major Acquisition Buying Office in the Midwest Regional Regional Office of the National Park Service is conducting market research to understand the numbers and types of contractors who have the capability and are interested in providing a fully integrated credit card solution as outlined below. This request for information does not commit the Government to contract for any supply or service whatsoever. Further, the National Park Service is not at this time seeking proposals and will not accept unsolicited proposals. Respondees are advised that the U.S. Government will not pay for any information or administrative costs incurred in response to this RFI; all costs associated with responding to this RFI will be solely at the interested party ¿s expense. Not responding to this RFI does not preclude participation in any future RFP, if any is issued. If a solicitation is released, it will be synopsized on the Federal Business Opportunities (FedBizOpps) and FedConnect websites. It is the responsibility of the potential offeror to monitor these sites for additional information pertaining to this requirement. 3.0Technical Requirements 3.1US Treasury regulation (TFM 8060.20) requires all credit card transactions collected by or on behalf of the government be deposited directly into a US Treasury NPS designated account through the Treasury ¿s Financial Management Services (FMS) Card Acquiring Service (CAS). The contractor ¿s payment application software or device for processing credit card payments must be certified with the Treasury-designated payment processor (currently Vantiv ¿s Tandem processing platform).\ 3.2Comply with FMS and Card Brand Card Processing Rules and Regulations All card processing must follow the US Treasury Financial Manual (TFM) Part 5 Chapter 7000: Credit and Debit Card Collection Transactions and individual Card Brand Operating Regulations and Mandates. The contractor must comply with any applicable rules and mandates in these regulations and mandates. 3.3Accepted Card Brands The payment application software must be able to process visitor tenders of the Treasury designated credit card brands (Visa, MasterCard, Discover, American Express, Diners Club International, JCB, and China Union Pay). The payment system must be able to be reprogrammed to be modified to change the credit card brand options. 3.4PA-DSS Validation Requirement The PCI-DSS identifies the Payment Applications Data Security Standards (PA-DSS), security controls with which a payment application must comply. The contractor must ensure that any credit card payment application version used in processing NPS cardholder data is a current PA-DSS validated payment application. PA-DSS validation is specific to a payment application version number and includes a revalidation date and an expiration date. The contractor must provide the specific name and version number of their payment application, and must demonstrate that this name and version number have been validated as PA-DSS compliant. 3.5PA-DSS Implementation Guide Requirement The contractor must ensure that the payment application is deployed in accordance with the instructions detailed in the PA-DSS Implementation Guide for the specific product suite and version that is associated with its PA-DSS validation. The contractor must include the PA-DSS Implementation Guide as part of their package, and must ensure that the document includes appropriate proprietary markings. 3.6EMV Chip Technology - Compatible and Configured The payment application credit card devices and software must be compatible with the Europay, MasterCard and Visa (EMV) integrated circuit cards (ICC) level 1 and level 2 standards by October 15, 2015 for all payment systems. The list of approved products is available on the EMVco Approved Devices website. All devices and software must be EMV PIN-compliant according to the EMVco standards by October 15, 2015. 3.7P2PE PTS 3.X Credit Card payment Device Hardware Encryption. Any payment devices that accept credit cards and communicate over an IP/SSL connection, including satellite, commercial DSL, or cellular, must be compatible with the PCI PIN Transaction Security (PTS) 3.X standard and be deployed as part of a Point to Point Encryption (P2PE) solution supported by Vantiv. The contractor must propose and configure P2PE PTS 3.x credit card payment application. In addition the solution MUST be a fully integrated solution that works with any standard Electronic Cash Register which includes, Datasym, SAM4s, casio, and sharp cash registers. 3.8Credit Card Readers or P2PE Pin Pads Any magnetic strip reader (MSR) as part of the equipment solution must be PTS 3.x validated 3.9Validation of PCI DSS Compliance of Managed Service Providers If the contractor is proposing a managed solution the contractor must achieve and maintain PCI DSS compliance for all of the managed services they are providing in accordance with the current version of PCI DSS published by the PCI Security Standards Council. 3.10Service Providers Service providers used to store or manage NPS credit cardholder data must be registered through the Visa Global Registry of Service Providers as a validated Level 1 Service Provider. 3.11Credit Card Authorization The payment application solution must be able to obtain a credit card authorization and print a receipt in a pre-determined amount of time, set by the system administrator (i.e., 60 seconds for a dial-up, analog connection or 5 seconds for an IP connection). In cases where IP is the primary connectivity and authorization is not occurring, the payment application may be set up to obtain authorization through an analog dialup connection which must occur under 60 seconds. 4.0Integrated Solution Requirements For the purpose of this RFI an integrated solution must be able to send and receive a total per transaction. For example; The cashier tenders a transaction as a credit card, the cash register sends a total to the processing device, then when the transaction is complete, a receipt is printed on the cash register. 4.1Compatatibility 4.1.1Electronic Cash Registers The solution must be compatatable with all types of Electronic Cash Registers, which include Datasym, SAM4s, and Sharp. 4.1.2Banking Must be able compatible with the Federal Government bank, which at this point is Vantiv. If the bank is changed the hardware/software solutions must be able to be transferred to a new bank. 4.1.3EMV/Pin&Chip Must meet all requirements set forth by the PCI council and compatible with all ECR ¿s. 4.1.4P2PE The solution must contain a P2P2 solution that is fully integrated for all types of Electronic Cash Register ¿s. The solution must be compatible with one of the two supported encryption services. The encryption services that Vantiv (Federal Government Bank) currently supports is Verishield and Voltage security. The park service understands that there is an associated cost and wishes to know what those associated Verishield and Voltage security cost would be. 5.0 Summary THIS IS A REQUEST FOR INFORMATION (RFI) ONLY to identify sources that can provide a EMV/PIN&Chip/P2PE solution. The information provided in the RFI is subject to change and is not binding on the Government. The National Park Service has not made a commitment to procure any of the items discussed, and release of this RFI should not be construed as such a commitment or as authorization to incur cost for which reimbursement would be required or sought. All submissions become Government property and will not be returned. 6.0Interested parties are requested to respond to this RFI with a white paper. White papers in Microsoft Word for Office 2000 compatible format. ALL INFORMATION MUST BE RECEIVED BY THE NATIONAL PARK SERVICE NO LATER THAN CLOSE OF BUSINESS ON FEBRUARY 16, 2015, 5 PM CST. Responses should include a description of services as well as a diagram of how the solution works. Interested contractors able to perform the type of work detailed above should provide their: (1) Company or Entity Name; (2) Address; (3) DUNS Information; (4) SBA Size Determination; (5) Contact information for primary points of contact; (6) Relevant information demonstrating previous experience in this type of work. All information should be submitted to Patrice Pittman, Contract Specialist, National park Service, Midwest Regional Office Major Acquistions Buying Office, via email to patrice_pittman@nps.gov AND james_bissaillon@nps.gov. Proprietary information, if any, should be minimized and MUST BE CLEARLY MARKED. To aid the Government, please segregate proprietary information. Please be advised that all submissions become Government property and will not be returned. Interested contractors must be currently registered (or be able to be registered prior to any future award) in the System for Award Management (SAM) at the official SAM website www.sam.gov (SAM registration is FREE - beware fraudulent websites posing as SAM and attempting to collect registration fee). Disclaimer and Important Notes: This notice does not obligate the Government to award a contract or otherwise pay for the information provided in response. An organization responding to this notice should ensure that its response is complete and sufficiently detailed to allow the Government to determine the organization's qualifications to perform the work. Respondents are advised that the Government is under no obligation to acknowledge receipt of the information received or provide feedback to respondents with respect to any information submitted. After a review of the responses received, a pre-solicitation synopsis and solicitation may be published online at the websites of Federal Business Opportunities and Fed Connect. Responses to this notice will not be considered adequate responses to a solicitation. Interested parties may register at http://www.fbo.gov to receive notification when the solicitation and any amendments or notices are issued and available for downloading. Please note that the General Services Administration provides the notification service as a convenience and does not guarantee that notifications will be received by all persons on the mailing list. Therefore, we recommend that you monitor the Federal Business Opportunities site at http://www.fbo.gov for all information relevant to desired acquisitions. Business type (large business, small business, small disadvantaged business, 8(a)-certified small disadvantaged business, HUBZone small business, woman-owned small business, very small business, veteran-owned small business, service-disabled veteran-owned small business) shall be determined based upon North American Industry Classification System (NAICS) code 541512, Computer Systems Design Services. ¿Small business concern ¿ means a concern, including its affiliates, that is independently owned and operated, not dominant in the field of operation in which it is bidding on Government contracts, and qualified as a small business under the criteria and size standards in 13 CFR part 121. A small business concern for the purposes of this procurement is generally defined as a business, including its affiliates, averaging no more than $27.5 million dollars in annual receipts. Annual receipts of a concern that has been in business for 3 or more complete fiscal years means the annual average gross revenue of the concern taken for the last 3 fiscal years. Annual receipts of a concern that has been in business for less than 3 complete fiscal years means its total receipts for the period it has been in business, divided by the number of weeks including fractions of a week that it has been in business, and multiplied by 52. Respondees are cautioned, however, that this is a general description only. Complete information on SBA size standards can be found online at: https://www.sba.gov/content/small-business-size-standards
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DOI/NPS/APC-IS/P15PS00394/listing.html)
 
Record
SN03630621-W 20150204/150202234742-ccb1a013c99b402f4de4de321e78a07b (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.