Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF JANUARY 15, 2016 FBO #5166
SOURCES SOUGHT

70 -- ENTERPRISE APPLICATION SECURITY TESTING SUBSCRIPTIONS

Notice Date
1/13/2016
 
Notice Type
Sources Sought
 
NAICS
511210 — Software Publishers
 
Contracting Office
Other Defense Agencies, Defense Media Activity, DMA Acquisition and Procurement MD, 6700 Taylor Ave, Ft Meade, Maryland, 20755, United States
 
ZIP Code
20755
 
Solicitation Number
HQ0516-FY16-0007
 
Archive Date
2/12/2016
 
Point of Contact
Leila S. Miller, Phone: (301) 222-6031
 
E-Mail Address
leila.s.miller.civ@mail.mil
(leila.s.miller.civ@mail.mil)
 
Small Business Set-Aside
N/A
 
Description
The Defense Media Activity (DMA) is seeking authorized sources to provide Enterprise Application Security Testing (AST) Subscriptions, Associated Technical Service, and User Training to allow DMA to test new applications code, avert security breaches, and protect its systems/data (i.e., ability to support DMA with Static AST [SAST], Dynamic AST [DAST], Integrated AST [IAST], and mobile AST). CONTRACTING OFFICE ADDRESS: DMA Contracting Office - East 6700 Taylor Avenue Fort Meade, MD 20755 INTRODUCTION: This is a SOURCES SOUGHT TECHNICAL DESCRIPTION to determine the availability and technical capability of large and small businesses (including the following subsets, Small Disadvantaged Businesses, HUBZone Firms; Certified 8(a), Service-Disabled Veteran-Owned Small Businesses and Woman Owned Small Business) to provide the required products and/or services. The Defense Media Activity is seeking interested vendors for the procurement of Training on all types of AST for five (5) people, one (1) Annual subscription with dynamic assessments for at least 40 customer Web and mobile applications during the subscription period plus the ability to allow at least 5 vendor-provided AST assessments with a minimum of 100,000 customer IP addresses processed within 2-5 days of processing time by vendor staff, three (3) Annual single user application service subscriptions for AST that allows unlimited DAST and SAST evaluations, and one (1) Annual technical services (at least during normal business hours during weekdays plus at least 10 hours of specific support for DAST, SAST, IAST, and mobile AST) to support setup and integration for AST software tools and provide technical guidance on all types of AST. The Government also desires the ability to support AST for common programming languages (at a minimum, Classic ASP, Java, JavaScript, C/C++, Objective C,.NET, HTML5, Visual Basic, and VBScript PHP, though additional languages would be desirable). DISCLAIMER: THIS SOURCES SOUGHT IS FOR INFORMATIONAL PURPOSES ONLY. THIS IS NOT A REQUEST FOR PROPOSAL. IT DOES NOT CONSTITUTE A SOLICITATION AND SHALL NOT BE CONSTRUED AS A COMMITMENT BY THE GOVERNMENT. RESPONSES IN ANY FORM ARE NOT OFFERS AND THE GOVERNMENT IS UNDER NO OBLIGATION TO AWARD A CONTRACT AS A RESULT OF THIS ANNOUNCEMENT. NO FUNDS ARE AVAILABLE TO PAY FOR PREPARATION OF RESPONSES TO THIS ANNOUNCEMENT. ANY INFORMATION SUBMITTED BY RESPONDENTS TO THIS TECHNICAL DESCRIPTION IS STRICTLY VOLUNTARY. CONTRACT/PROGRAM BACKGROUND: The DMA under the DoD Office of the Secretary of Defense for Public Affairs, operates the American Forces Network (AFN), a worldwide radio and television broadcast network serving over one million American service men and women, DoD civilians and their families that are stationed overseas in 175 countries, as well as U.S. Navy ships deployed at sea and overseas. American radio and television broadcasts are programmed and distributed to AFN worldwide locations via two independent satellite signals originating at the AFN-Broadcast Center (AFN-BC) in Riverside, California; one each to the Pacific and Atlantic regions. Currently Defense Media Activity Headquarters has an existing AST subscription to support DAST and SAST. DMA requires DAST, SAST, IAST, and mobile AST. This requirement will provide DMA with enterprise AST subscriptions, associated technical Service, and user training and capability to identify and defend against the wide variety of cyber-threat applications that can steal critical Government information. Without it, the organization risks the theft of data and extended failure of service for its ~700 Department of Defense customers such as the Joint Chiefs of Staff. The subscriptions would allow the agency with access to the technical digital tools and code analysis services required to perform this task. The associated technical service is necessary to support the initial setup and integration of these things. Contract Number: HQ516-15-P-0003 Contract Type: Firm Fixed-Price Incumbent and their size: Alvarez & Associates, Inc., Small Business Method of previous acquisition: Open Market, SB Set-Aside Provide brief description of the current program/effort: Enterprise AST support for DMA and its customers List Anticipated Time Frame: 12 Months from DOA, plus 4 Option Years List Place of Performance: N/A REQUIRED CAPABILITIES: The Government requires the following capabilities (i.e., via subscriptions to AST services, technical support, and one-time training on AST to enable the items below): - Ability to support SAST to test the application inside out while it is not running by assessing its code for vulnerabilities, Ability to support DAST to test the application outside in by assessing it in the midst of its operations (e.g., prodding at it in a multitude of ways); - Ability to support IAST to integrate aspects of techniques used in SAST and DAST into one hybrid form (e.g., instrument an application to check the application while it is undergoing dynamic testing), Ability to support Mobile AST to test mobile applications (e.g., penetration testing to attempt hacking into these applications); - Ability to support AST for common programming languages, since a vendor must be able to translate the programming code in order to do anything with it (at a minimum, Classic ASP, Java, JavaScript, C/C++, Objective C,.NET, HTML5, Visual Basic, and VBScript PHP, though additional languages would be desirable). SPECIAL REQUIREMENTS: N/A SOURCES SOUGHT: The anticipated North American Industry Classification System Code (NAICS) for this requirement is 511210. This Sources Sought Synopsis is requesting responses to the following criteria ONLY from large and small businesses that can provide the required services under the NAICS Code. To assist DMA in making a determination regarding the level of participation by small business in any subsequent procurement that may result from this Sources Sought, you are also encouraged to provide information regarding your plans to use joint venturing (JV) or partnering to meet each of the requirements areas contained herein. This includes responses from qualified and capable Small Businesses, Small Disadvantaged Businesses, Service Disabled-Veteran Owned Small Businesses, Women-owned Small Businesses, HUBZone Small Businesses, and 8(a) companies. You should provide information on how you would envision your company's areas of expertise and those of any proposed JV/partner would be combined to meet the specific requirements contained in this announcement. In order to make a determination for a small business set-aside, two or more qualified and capable small businesses must submit responses that demonstrate their qualifications and technical capabilities to meet the Government requirement. Responses must demonstrate the company's ability to perform in accordance with the Limitations on Subcontracting clause (FAR 52.219-14). SUBMISSION DETAILS: Responses should include: 1) Business name and address; 2) Name of company representative and their business title; 3) Type of Small Business; 4) Cage Code; 5) Contract vehicles that would be available to the Government for the procurement of the product and service, to include ENCORE II, General Service Administration (GSA), GSA MOBIS, NIH, NASA SEWP, Federal Supply Schedules (FSS), or any other Government Agency contract vehicle. (This information is for market research only and does not preclude your company from responding to this notice.) 6) OEM certification that vendor is a Manufacturer Authorized Channel Partner with either Premier, Silver or Gold status as of the date of the submission of their offer, and that it has the certification/specialization level required by the Manufacturer to support both the product sale and product pricing, in accordance with the applicable Manufacturer certification/specialization requirements. 7) Technical capabilities providing clear and unambiguous evidence to substantiate the capacity to fulfill this requirement. Written responses can be in any format, but electronic media must be in Microsoft Word or Adobe Acrobat formats. Vendors who wish to respond to this should send responses via email NLT 28 JAN 2016, 2 PM Eastern to Leila.s.miller.civ@mail.mil. Interested businesses should submit a brief capabilities statement package (no more than five pages) demonstrating ability to perform the services listed in this Technical Description. Documentation should be in bullet format. Proprietary information and trade secrets, if any, must be clearly marked on all materials. All information received that is marked Proprietary will be handled accordingly. Please be advised that all submissions become Government property and will not be returned. All government and contractor personal reviewing RFI responses will have signed non-disclosure agreements and understand their responsibility for proper use and protection from unauthorized disclosure of proprietary information as described 41 USC 423. The Government shall not be held liable for any damages incurred if proprietary information is not properly identified.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/notices/631b90aac2bdc49846649751e6a5b264)
 
Place of Performance
Address: HQ DEFENSE MEDIA ACTIVITY, 6700 TAYLOR AVENUE, FORT GEORGE MEADE, Maryland, 20755, United States
Zip Code: 20755
 
Record
SN03990813-W 20160115/160113235056-631b90aac2bdc49846649751e6a5b264 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.