Loren Data's SAM Daily™

fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF FEBRUARY 14, 2013 FBO #4100
SOLICITATION NOTICE

70 -- NB184000-13-01423 Hardware Security Modules

Notice Date
2/12/2013
 
Notice Type
Combined Synopsis/Solicitation
 
NAICS
541512 — Computer Systems Design Services
 
Contracting Office
Department of Commerce, National Institute of Standards and Technology (NIST), Acquisition Management Division, 100 Bureau Drive, Building 301, Room B129, Mail Stop 1640, Gaithersburg, Maryland, 20899-1640, United States
 
ZIP Code
20899-1640
 
Solicitation Number
NB184000-13-01423
 
Archive Date
3/29/2013
 
Point of Contact
Willie W. Lu, Phone: 3019758259, Chon S. Son, Phone: 301-975-8567
 
E-Mail Address
willie.lu@nist.gov, chon.son@nist.gov
(willie.lu@nist.gov, chon.son@nist.gov)
 
Small Business Set-Aside
Total Small Business
 
Description
THIS IS A COMBINED SYNOPSIS/SOLICITATION FOR COMMERCIAL ITEMS PREPARED IN ACCORDANCE WITH THE FORMAT IN FAR SUBPART 12.6-STREAMLINED PROCEDURES FOR EVALUATION AND SOLICITATION FOR COMMERCIAL ITEMS-AS SUPPLEMENTED WITH ADDITIONAL INFORMATION INCLUDED IN THIS NOTICE. THIS ANNOUNCEMENT CONSTITUTES THE ONLY SOLICITATION; QUOTATIONS ARE BEING REQUESTED, AND A WRITTEN SOLICITATION DOCUMENT WILL NOT BE ISSUED. THIS ACQUISITION IS BEING PROCURED UTILIZING SIMPLIFIED ACQUISITION PROCEDURES. This solicitation is a Request for Quotation (RFQ). The solicitation document and incorporated provisions and clauses are those in effect through Federal Acquisition Circular 2005-64. The associated North American Industrial Classification System (NAICS) code for this procurement is 541512, with size standard of $25.5M. This acquisition is being procured as a total small business set-aside. The Office of Information Systems Management (OISM) Enterprise Systems Division (ESD) at the National Institute of Standards and Technology (NIST) administers and maintains a standalone Public Key Infrastructure (PKI) that provides secure authentication and access to Enterprise applications, user's workstations through the use of PIV cards and the NISTNET wireless network. In order to provide a more scalable and robust PKI infrastructure, OISM will be upgrading its current PKI to a Windows 2008 R2 Enterprise PKI infrastructure. The purpose of this acquisition is to procure 2 network-based Hardware Security Modules (HSM) devices, 1 year maintenance and support and on-site Contractor provided installation and instruction. The devices obtained in this acquisition will be integrated into OISM's Windows 2008 R2 Enterprise PKI infrastructure during the upgrade process. All interested Contractors shall provide a firm fixed price quote for the following: All items must be new. Used or remanufactured equipment will not be considered for award Line item 0001: Quantity: Two (2) ea. Network-based Hardware Security Modules (HSM), that must meet or exceed the following minimum specifications: 1. Hardware and Software Requirements • The HSMs shall provide Dual hot-swappable Power Supplies. • The HSMs shall support multiple Ethernet ports and port speeds of at least 10 gigabits per second. • Supported client operating systems shall include Windows 2008 R2 and Linux. • The HSMs shall support Auditing and Monitoring. 2. Scalability and Compatibility Requirements • The HSMs shall support the following Cryptographic APIs and Key generation and Signing algorithms: PKCS#11, CAPI, CNG and RSA Key Generation and Signing algorithms. • The HSMs shall support Elliptic Curve Cryptography. • The HSMs shall support Message Digesting using MD5, SHA1, SHA256, SHA512. • The HSMs shall support Symmetric Algorithms and Asymmetric Public Key Algorithms • The Keys shall be stored in hardware and support on-board key generation and key storage. The minimum key size shall be 1024 bits or more and the maximum key size should be at least 4096. The key storage limit shall be at least 20,000. • The HSMs shall support at least 50 Users and support more than 500 Concurrent Sessions. 3. High Availability and Multi-Site Requirements • The HSMs shall provide High Availability (HA), redundancy and load-balancing. They shall provide the ability to share keys between HSMs in different operating locations to enable load sharing and hardware fault tolerance. The vendor will explicitly document how the proposed solution meets this requirement. • The HSMs shall be able to be transported to another site in a manner after configuration, such that if the device is lost, stolen or intercepted it shall be unusable and data cannot be de-encrypted from it. The device will only become serviceable once again, after it has been installed at its designated location, and the proper credentials and protocols are provided to enable the operation of the device. The vendor will explicitly document how the proposed solution meets this requirement. • The HSMs shall support Central Management and Secure Remote Administration so that HSM devices located in different operating locations can be securely managed and remotely administered from one location. The vendor will explicitly document how the proposed solution meets this requirement. 4. Security Requirements • The HSMs shall support encrypted communication over TCP/IP (routable) between the HSM and the client. • The HSMs shall provide support for division of command (m-of-n). • The HSMs shall support at least five (5) roles: Security Office, Domain Security, User, Remote Authorization and Tamper Protection. • The HSMs shall support at least five (5) security domains/partitions, each with their own access controls and independent key storage. The vendor will explicitly document how the proposed solution meets this requirement. • The HSMs shall provide a secure backup functionality. It should provide a backup function that is encrypted when transmitting the keys for storage and the stored keys should be on a media that is encrypted at rest. • The HSMs shall meet the following Certification levels. 4.3..1.1. FIPS 140- 2 Level 3 validated 4.3..1.2. CC-EAL 4+ certified cryptographic module 5. Hardware and Software Maintenance and Support • The Contractor shall provide maintenance, 24X7 support and software upgrades for 12 months after award. 6. Installation • Onsite installation is required. • All equipment provided by the contractor will be installed in NIST provided standard 19-inch racks by Contractor. Each rack has adjustable mounting rails with square holes. • NIST with provide power to equipment. Delivery Terms Delivery terms shall be FOB Destination, and take place in accordance with Contractor's commercial schedule. FOB Destination means: The contractor shall pack and mark the shipment in conformance with carrier requirements, deliver the shipment in good order and condition to the point of delivery specified in the purchase order, be responsible for any loss of and/or damage to the goods occurring before receipt and acceptance of the shipment by the consignee at the delivery point specified in the purchase order; and pay all charges to the specified point of delivery. The contractor shall deliver line item 0001 to NIST, Building 301, Shipping and Receiving, Gaithersburg, MD 20899-1640. Inspection and Acceptance Criteria Acceptance will be provided at Government site and as duties and responsibilities are completed, the Contractor shall request review and acceptance by the NIST Technical POC. Acceptance testing will be performed as follows: a. Physical verification of equipment ordered. i. Verify quantities and specifications match invoice. b. Bring system online. i. Verify Configuration Settings ii. Verify Remote Administration Capabilities iii. Verify Ethernet interfaces c. Performance and reliability testing. i. Boot and run for 8 hours ii. Verify Cryptographic Keys Generated Evaluation Factors: Award shall be made to the Contractor whose quote offers the best value to the Government, price and other factors considered. The Government will evaluate quotations based on the following evaluation criteria: 1) Technical Capability factor "Meeting or Exceeding the Requirement", 2) Past Performance, and 3) Price. Technical capability shall be more important than past performance. If Technical Capability and Past Performance are equivalent, price shall be the determining factor. Technical Capability: Evaluation of Technical Capability shall be based on the information provided in the quotation. NIST will evaluate whether the offeror has demonstrated that its proposed equipment meets or exceeds all requirements. Quotations that do not demonstrate the proposed equipment meets all requirements will not be considered further for award. Quoters shall also include product literature which addresses all specifications & clearly documents that the product offered meets or exceeds the specifications identified herein. Past Performance: Past Performance will be evaluated to determine the overall quality of the product & service provided and the Contractor's history of meeting delivery schedules for prior deliverables. Evaluation of Past Performance shall be based on the references provided and/or the quoters recent and relevant procurement history with NIST or its' affiliates. Offerors should provide a list of 3-5 references to whom the same or similar equipment has been provided. Past performance references must include the company/organizations name, contact person, phone number, and e-mail address. Past Performance and Price shall not be evaluated on quotes that are determined technically unacceptable in accordance with the Technical Capability Evaluation factor. Quotation Submission Instructions: All vendors shall submit the following to Willie Lu, Contract Specialist at willie.lu@nist.gov: 1) An electronic version of a quotation which addresses all of the above items 2) Technical description, specifications, and/or product literature 3) Description of commercial warranty 4) A copy of the most recent published price list(s) 5) Past performance references This is an Open-Market Combined Synopsis/Solicitation for item(s) as defined herein. The Government intends to award a Purchase Order as a result of this Combined Synopsis/Solicitation that will include the terms and conditions that are set forth herein. In order to facilitate the award process, ALL quotes shall include a statement regarding the terms and conditions herein as follows: The offeror shall state "The terms and conditions in the solicitation are acceptable to be included in the award document without modification, deletion, or addition." OR The offeror shall state "The terms and conditions in the solicitation are acceptable to be included in the award document with the exception, deletion, or addition of the following: Offeror shall list exception(s) and rationale for the exception(s) Please note that this procurement is not being conducted under the GSA Federal Supply Schedule (FSS) program or another Government-Wide Area Contract (GWAC). If an offeror submits a quotation based upon an FSS or GWAC contract, the Government will accept the quoted price. However, the terms and conditions stated herein will be included in any resultant Purchase Order, not the terms and conditions of the offeror's FSS or GWAC contract, and the statement required above shall be included in the quotation. All quotations must be submitted electronically via Email, and be received not later than 2:00 PM Eastern time, on Friday, February 22, 2013. E-mail quotations shall not be deemed received until the quotation is entered in the e-mail inbox of Willie Lu at willie.lu@nist.gov Any questions or concerns regarding this solicitation must be forwarded in writing via e-mail to Willie Lu, Contract Specialist, at willie.lu@nist.gov The full text of a FAR provision or clause may be accessed electronically at http://acquisition.gov/comp/far/index.html. The following provisions apply to this acquisition: 52.212-1 Instructions to Offerors-Commercial Items; 52.212-3 Offerors Representations and Certifications- Commercial Items. Offerors must complete annual representations and certifications on-line at http://orca.bpn.gov in accordance with FAR 52.212-3 Offerors Representations and Certifications- Commercial Items. If paragraph (j) of the provision is applicable, a written submission is required. The following clauses apply to this acquisition: 52.212-4 Contract Terms and Conditions-Commercial Items; 52.212-5 Contract Terms and Conditions Required to Implement Statutes or Executive Orders-Commercial Items including subparagraphs: 52.219-28 Post-Award Small Business Program Representation; 52.222-3, Convict Labor; 52.222-19 Child Labor - Cooperation with Authorities and Remedies; 52.222-21, Prohibition of Segregated Facilities; 52-222-26, Equal Opportunity; 52.222-36, Affirmative Action for Workers with Disabilities; 52.223-18, Contractor Policy to Ban Text Messaging While Driving. 52.225-3, Buy American Act-Free Trade Agreements-Israeli Trade Act. 52.225-13, Restriction on Certain Foreign Purchases; 52.232-33, Payment by Electronic Funds Transfer-Central Contractor Registration. 52.247-34, FOB Destination; and Department of Commerce Agency-Level Protest Procedures Level above the Contracting Officer is also incorporated. It can be downloaded at www.nist.gov/admin/od/contract/agency.htm.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DOC/NIST/AcAsD/NB184000-13-01423/listing.html)
 
Place of Performance
Address: NIST, 100 Bureau Dr., Gaithersburg, Maryland, 20899, United States
Zip Code: 20899
 
Record
SN02986479-W 20130214/130212235402-a6c91cb89a1dde82f33e4ae4d3556d6b (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)

FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.