Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF FEBRUARY 26, 2017 FBO #5574
SOLICITATION NOTICE

63 -- IDMS/CMS Security Solution

Notice Date
2/24/2017
 
Notice Type
Fair Opportunity / Limited Sources Justification
 
NAICS
423430 — Computer and Computer Peripheral Equipment and Software Merchant Wholesalers
 
Contracting Office
National Science Foundation, Division of Acquisition and Cooperative Support, DACS, 4201 Wilson Boulevard, Room475, Arlington, Virginia, 22230
 
ZIP Code
22230
 
Solicitation Number
DACS17Q1013
 
Archive Date
3/26/2017
 
Point of Contact
Christina Carter-Kurant, Phone: 7032925330
 
E-Mail Address
ckurant@nsf.gov
(ckurant@nsf.gov)
 
Small Business Set-Aside
N/A
 
Award Number
GS-35F-0615S
 
Award Date
2/23/2017
 
Description
LIMITED SOURCE JUSTIFICATION (LSJ) AND APPROVAL FOR XTEC CARD AND IDENTITY MANAGEMENT SYSTEM AND MAINTENANCE 1. AGENCY AND CONTRACTING ACTIVITY The National Science Foundation proposes a Limited Source Justification (LSJ) for a BPA Call against XTec's General Services Administration (GSA) Federal Supply Schedule (FSS) Contract GS-35F-0615S, a small business. The contracting activity is the National Science Foundation (NSF) Office of Budget, Finance, and Award Management (BFA), Division of Acquisition and Cooperative Support (DACS). This document justifies the determination to use limited sourcing. 2. NATURE AND/OR DESCRIPTION OF THE ACTION BEING APPROVED The NSF has a requirement on a limited source basis to obtain products and services relating to the NSF Identity Management System (IDMS) / Card Management System (CMS) and Maintenance at an estimated cost of $1,860,365.42. The proposed contractor is: XTec, Inc. 5775 Blue Lagoon Drive, Suite 280 Miami, FL 33126 3. DESCRIPTION OF THE SUPPLIES AND/OR SERVICES REQUIRED TO MEET THE AGENCY'S NEEDS NSF has identified the use of XTec Homeland Security Presidential Directive 12 (HSPD-12) Personal Identification Verification (PIV), Facility Access Credentials (FAC), and integrations with C-Cure 9000 Physical Access Control System (PACS) as the solution for securing the Agency's information technology systems, networks, data and applications. This requirement is to support the solution's back end infrastructure to allow for NSF wide HSPD-12 card issuance and enable the technology required to provide the credentialing for CIV, PIV-I, and multi-customizable badges. Specifically, NSF requires HSPD-12 IDMS Infrastructure Support, Services for the NSF IDMS that supports the Agency's efforts in complying with Federal Information Processing Standard (FIPS) 201, National Institute of Standards, and Technology (NIST) Special Publications, including but not limited to the following: - IDMS interfaces to the various system with which information exchanges will take place; - Hosting services at the Network Access Point (NAP) of the Americas, Miami, FL, in support of the NSF IDMS and Card Management System (CMS) service; - CMS enterprise licenses for the NSF population accessing the CMS service; - HSPD-12 compatible smart card mini-driver licenses for the NSF population accessing the Smart Card Management Interface to read data from any NSF issued FIPS 201 compliant HSPD-12 PIV card; - Enterprise Public Key Infrastructure (PKI) licenses supporting active IDMS user accounts, support for Key Escrow, and integration of PKI into the NSF infrastructure; - Online Certificate Status Protocol (OCSP) Services; - Open interfaces for the GSA Approved Product Listing (APL) products to access the NSF enterprise IDMS and CMS through an issuance module; - Technical support and executive premier maintenance for the Government-owned Enrollment Issuance Workstations (EIWS) to include computers, keyboards, mouse, monitors, document, scanners, fingerprint scanners, fingerprint authenticators, SCM card readers, cameras, personal Identification Number (PIN) pads, PIV card printers, backdrops, and battery backup sources; - Technical support and maintenance for the Data Centers Government-owned and Government Furnished Equipment (GFE) IDMS, CMS and Hardware Security Module (HSM) systems, and - Assist the Government with seamless transitioning of the current system from the NSF Headquarters building in Arlington, VA, to the new NSF Headquarters location in Alexandria, VA. The base period of performance shall be three (3) years, anticipated to commence from August 25, 2017 through August 24, 2020, with two 1-year option periods (Base period of three (3) years, and two (2) option years). 4. AUTHORITY AND SUPPORTING RATIONALE: This acquisition is being conducted under the authority of the Multiple Award Schedule Program, Title III of the Federal Property and Administrative Services Act of 1949 (41 U.S. Code § 251, et seq) and 40 U.S. Code §501 in accordance with FAR 8.405-6(a)(1)(i)(B), only one source is capable of providing the supplies or services required at the level of quality required because the supplies or services are unique or highly specialized. XTec is the original IDMS/CMS solution provider to the NSF, and every contract written for the respective services since 2006 has been through a GSA FSS BPA directly to XTec from initial standup of an NSF capability for HSPD-12 to construction of enterprise infrastructure components, primarily the IDMS, as well as card issuance services for the Agency. The IDMS is the most critical enterprise service for the HSPD-12 program. All EIWS, which encode and print HSPD-12 PIV Cards, must connect to the IDMS for the purposes for PIV and PIV-I card enrollment and card issuance. The IDMS/CMS provides services to approximately 2,600 scientists and engineers to the administrative and technical staff that support the entire NSF organization. The operational impacts of not awarding a BPA Call to XTec will compromise the physical security posture and access to the network system (logical access) worldwide. Currently, the IDMS supports mission areas involving research vessels, astronomical observatories, particle accelerators, seismic observatories, U.S. research stations in both the Artic and Antarctica, and advanced cyberinfrastructure. The NSF PIV cards are Federal Identity, Credential and Access Management (FICAM) compliant using Fast Card Authentication Key (CAK) with the proper Public Key Infrastructure (PKI) card certificates. PACS has been implemented using CAK authentication (not CHUID authentication), which is the new anticipated mandated requirements. The enterprise approach solution provides functions and services such as certificates, Online Certificate Status Protocol (OCSP) responders, multiple card template creation, identity management software and support, and all associated equipment and integration support. Most federal agencies have not been able to implement the enterprise approach to using cryptographic challenge/response with their PACS, and outside of XTec, there are no known vendors who are proficient in the new technology measure, which provides NSF with the compliance and interoperability capabilities. 5. DETERMINATION BY THE ORDERING ACTIVITY, CONTRACTING OFFICER THAT THE ORDER REPRESENTS THE BEST VALUE The Contracting Officer has determined that the anticipated cost to the Government will represent the best value consistent with FAR 8.404(d) based on an analysis of the cost proposal for this work and a comparison with the cost of the work proposed under previous task orders. Issuing a fixed-price BPA Call against XTec's GSA FSS GS-35F-0615S in accordance with FAR 8.405-6 to continue the current effort will significantly reduce system development costs by leveraging the benefits of the existing HSPD-12 PIV, FAC, and integrations with C-Cure 9000 PACS/LACS to the maximum extent practicable. 6. DESCRIPTION OF THE MARKET RESEARCH CONDUCTED AMONG SCHEDULE HOLDERS, AND THE RESULTS OF THE RESEARCH, OR A STATEMENT WHY MARKET RESEARCH WAS NOT CONDUCTED Chronology of events related to the SaaS Solution for HSPD-12 card issuance and PAC HSPD-12 cards: 2006 - XTec was issued a BPA Call from NSF to deliver a solution to provide a host SaaS solution for HSPD-12 card Issuance and physical access control HSPD-12 cards. 2008 - NSF awarded a follow-on BPA Call to XTec to furnish and install more than 150 HSPD-12 PIV card readers for physical access control. 2011 - NSF awarded a follow-on BPA Call to XTec for continued use of Xtec products and services. 2014 - NSF utilizes the SBA 8(a) BD Program to award Chenega Aerospace LLC, an Alaska Native Corporation (ANC), and Contract NSFDAS-14-C-0052 who awarded to XTec under their GSA Schedule 70 contract GS-35F-0615S, in order to continue utilizing their products and services. The total value of the follow-on contract for the Base and two-option years is $1,004,805.61. 2016 - NSF posted a Request for Information (RFI) on FedBizOpps (FBO) to assess vendors' capability to provide a single source cloud-based enterprise HSPD-12 "End-to-End" solution for IDMS/CMS, Access Control System (ACS), and PIV Infrastructure on the Government-wide Acquisition Contract (GWAC) website and GSA Advantage! NSF has engaged in market research, subject to all applicable considerations, in accordance with Federal Acquisition Regulation (FAR) Part 8 - Required Sources of Supplies and Services and Part 10 - Market Research to assess if there were any vendors, other than XTec that have the capability of providing a single source cloud-based enterprise end-to-end IDMS/CMS solution. Four (4) vendors (Hewlett Packard Enterprise (HP), SyncroCyber Corporation, Electrosoft, and XTec) provided capability statements in response to the RFI posted on the GSA FSS website, which indicated that there was interested vendors in the marketplace; however, upon closer examination of the vendor capability statements, it was determined that some of the vendors met some of the NSF requirements, but not one vender outside of XTec had the unique capability to provide a single source cloud-based enterprise solution that met all NSF requirements necessary for a smooth transition and seamless integration to the new headquarters building in Alexandria, VA. 7. ANY OTHER FACTS SUPPORTING THE LIMITED SOURCE JUSTIFICATION In accordance with FAR 8.405-6(a)(1)(B) and as demonstrated in the chronology of events in Section 6 above, only one source is capable of providing the supplies or services required at the level of quality required because the supplies or services are unique or highly specialized. XTec is the original IDMS/CMS solution provider to the NSF for the continued development of this, highly specialized, major IT security component. Based on analysis of current GSA Schedule 70 rates in comparison with historical costs of previous acquisitions of this type, hiring another vendor at this time to recreate a software program that is already in place and fully functional would not be in the interest of economy and efficiency. 8. REMOVING BARRIERS TO COMPETITION IDMS/CMS card readers are universal with respect to meeting HSPD-12 and FIPS-201 standards; however, the software technology to support IDMS/CMS PACS/LACS interoperability has its own unique source code making most deployed access control systems proprietary. XTec's AuthentX to PACS program in NSF's C-Cure 9000 Security and Event Management platform is a proprietary solution that affords the flexible worldwide security platform needed for NSF stakeholders. There are no laws mandating software development kits to be open platforms. XTec is the only vendor that can provide NSF a single "End-to-End" solution for IDMS/CMS, Access Control System (ACS), and PIV Infrastructure in C-Cure 9000 on the Government-wide Acquisition Contract (GWAC) website and GSA Advantage!. The original BPA Call in support of the HSPD-12 mandate was competed and awarded to XTec; however at the time of original award in 2006, the HSPD-12 technology was in its infancy and XTec was the only source capable of providing the IDMS/CMS solution. Recent market research has confirmed that there are vendors who met some of the NSF requirements, but not one vender besides XTec that has the capability to meet the single source cloud-based enterprise end-to-end solution NSF requires. Upcoming FICAM mandates that are expected to take effect in 2019 may require software development kits provided by IDMS/CMS vendors to use open platforms, eliminating code restrictions. Market research shall be conducted in the future prior to issuance of the options on this BPA Call to verify whether COTS vendors are capable of providing a cost effective follow-on solution that meets the NSF single "End-to-End" requirements.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/NSF/DACS/DACS/DACS17Q1013/listing.html)
 
Place of Performance
Address: The agency headquarters will be relocating to 2415 Eisenhower Avenue, Alexandria, VA 22331. The official move is scheduled to commence in August 2017. Unless otherwise stated, performance of this effort will take place at the National Science Foundation (NSF) Headquarters in Alexandria, VA until official relocation is complete., Arlington, Virginia, 22230, United States
Zip Code: 22230
 
Record
SN04413940-W 20170226/170224234408-76f2b98a6bee306ed18e6e6c3e685a3d (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.