Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF JULY 01, 2017 FBO #5699
AWARD

35 -- NCC Auditor License & Maintenance

Notice Date
6/29/2017
 
Notice Type
Award Notice
 
Contracting Office
Other Defense Agencies, Defense Health Agency, Contracting Office-HIT, Texas, United States
 
ZIP Code
00000
 
Solicitation Number
HT0015-17-P-0006
 
Archive Date
7/7/2017
 
Point of Contact
Diana R Carreon, Phone: 2102952452
 
E-Mail Address
diana.r.carreon.ctr@mail.mil
(diana.r.carreon.ctr@mail.mil)
 
Small Business Set-Aside
N/A
 
Award Number
HT0015-17-P-0006
 
Award Date
6/22/2017
 
Awardee
NCC Group Security Services Limited, Manchester Technology Centre<br />, Manchester MI 7EF<br />, Manchester, Non-U.S. M1 7EF, United Kingdom
 
Award Amount
$89,600.00
 
Description
Tracking #: Justification and Approval for Other than Full and Open Competition Sole Source Acquisition Subpart 6.3 Other Than Full and Open Competition NCC Auditor License Maintenance 1. Identification of the agency and contracting activity: 2. Nature and/or Description of Action being approved: NCC Auditor is one of only two known offerings to provide all of the following: Database Security and Compliance, Database Discovery, Vulnerability Assessment, Pen Test, Security Audit, Vulnerability Knowledgebase, Up-to-Date Support, User Rights Review, Database Access Control Review, Work Plans and Policies, AppDetectivePro Reporting, Deep analysis of user and role permissions, and customizable reporting. 3. Description of Supplies/Services: The total estimated price of this effort is Base Year - (Maintenance Support)(POP 4 Aug 2017 - 3 Aug 2018) Option year 1 - (Maintenance Support)(POP 4 Aug 2018- 3 Aug 2019) Option year 2 - (Maintenance Support)(POP 4 Aug 2019- 3 Aug 2020) Option year 3 - (Maintenance Support)(POP 4 Aug 2020- 3 Aug 2021) and 6-month extension - (Maintenance Support)(POP 4 Aug 2021- 3 Feb 2022) for the Option to Extend Services (FAR 52.217-8 clause). 4. Statutory Authority Cited permitting other than full: 1 Tracking #: source in the case of follow-on contracts for the continued provision of highly specialized services when it is likely that award to any other source would result in substantial duplication of cost to the Government that is not expected to be recovered through competition, or unacceptable delays in fulfilling the agency's requirements. (See 10 U.S.C. 2304(d)(1)(B).) 5. Reason for Authority Cited: The NCC Auditor suite is available only from the original source in the case of a follow-on from an Other Direct Cost (ODCs) purchase for the continued development or production of a major system or highly specialized equipment. The competing product is AppDetective which is being used in another environment and is found to not have special features as DoD mapping, control levels for segragting duties, and automatic email report generation at the end of a scan. The use of this other product would require rework of completed development efforts thus creating an estimated cost of to revise current architecture and bring the productivity of the resulting systems back up to the current level of security and productivity. Furthermore, because EIDS will be unable to scan/audit MS SQL Server, Oracle, Sybase, MySQL, and Postgres databases that must map product checks to the DISA STIGs/RMF controls. If the required license is not procured, not only will DHA be without mapping for STIGs/RMF controls, DHA also runs the risk of losing connectivity adversely impacting the Information Assurance program and result in a possible shut-down because of non-compliance. 6. Efforts to Obtain Competition: 7. Actions to Increase Competition: 8. Market Research: Failure to purchase the NCC Group support will result in mission failure as the system is already in place and these requirements must be executed to meet the Department of Defense (DoD) mandate for the Enterprise Intelligence & Data Solutions (EIDS) and to allow for data analysis for Behavioral Health. 2 Tracking #: Per the Program Manager for this requirement, this NCC Auditor software support and the requirements identified for procurement will meet the needs of the Healthcare providers and allow them to continue monitoring and analyzing data for patient Behavioral Health. 9. Other Facts: a. Sole-Source: NCC Group is currently the only source for NCC Auditor maintenance and support. b. Historical data: Without the continued subscription for annual code updates, revisions, bugs fixes, patches, etc., Solution Delivery Division (SDD) will be unable to map products tests to the DISA STIGs, which will greatly improve the operational efficiency of its use when evaluating databases for IA compliance. There is adequate information to ensure cost to the Government for this acquisition will be fair and reasonable. c. Unusual and compelling urgency: N/A 10. Interested Sources: 11. Methods to overcome barriers: Coordination: 12. Technical/Functional Representative: I certify that the supporting data under my cognizance which are included in the justification is accurate and complete to the best of my knowledge and belief. Typed Name: ___ Date: _____________________________ Title: ____ __ Signature: _________________________ 13. Requirements Certification I certify that the supporting data under my cognizance which are included in the justification is accurate and complete to the best of my knowledge and belief. Typed Name: __ _ Date: _____________________________ Title: ___ ___ Signature: _________________________ 14. Fair and Reasonable Cost Determination Tracking #: Typed Name: __ _________ Date: _____________________________ Title: ___ Signature: _________________________ 15. Legal Review: Typed Name: __ ____ Date: _____________________________ Title: ___________________________ Signature: _________________________ Approval: 16. Contracting Officer: procurement of NCC Auditor, on an other than full and open competition basis pursuant to the authority of 10 U.S.C. 2304(d)(1)(B), subject to availability of funds, and provided that the supplies and/or Services herein described have otherwise been authorized for acquisition. Typed Name: ___ Date: _____________________________ Title: __ _____________ Signature: ________________________ 4 Based on the foregoing justification, I hereby approve the I have reviewed this J&A and it is deemed to be legally sufficient. : I certify that this justification is accurate and complete to the best of my knowledge and belief. 3 : When a decision is made to change the NCC Auditor system the Solution Delivery Division (SDD) will be consulted to determine the optimum evaluation process/criteria for the new application and maintenance requirement. Maximum consideration will be given to the most competitive approach in order to provide the best value to the Government. To date, no other sources have written to express an interest. Market research was conducted by researching and consulting with the civilian and military healthcare organizations to identify alternatives. Various sources under the General Services Administration Vets (GSA-Vets), GSA Alliant Small Business's and GSA 8(a) STARS II were used to compare labor rates and capabilities. The labor rates compared favorably, however, their capabilities did not since the NCC Auditor system has been modified to a degree that only NCC Group can decrypt the data. NCC Group states that their company is the only source for the NCC Auditor software maintenance and its corresponding products are only available through NCC Group. If the Defense Health Agency replaces the NCC Auditor, market research will be performed at that time to find as many potential offerors possible to compete on the actual hardware and support services. The requested contract will be awarded on a sole source basis to NCC Group. At this time, no effort will be made to solicit from multiple offerors, due to the fact that this modified system cannot be maintained by any other vendor. Due to the nature of the requirement the J&A approval period and needed contract award date, a Request for Information (RFI), not Sources Sought notice was posted on Federal Business Opportunities (FBO) website on 03 Apr 2017 and no responses were received by the reply date of 13 Apr 2017. The particular Brand Name, NCC Auditor, is essential to the Government's requirements, and market research indicates there is only one other product that is similar but lacks some of the particular features that do not meet or cannot be modified to meet, EIDS's needs. The statutory authority permitting other than full and open competition is 10 U.S.C 2304(d)(1)(B) in accordance with FAR 6.302-1(a)(2)(iii) - Only One Responsible Source and No Other Supplies or Services Will Satisfy Agency Requirements. For DoD, NASA, and the Coast Guard, services may be deemed to be available only from the original The DHA requires procurement of the services listed above in support of the NCC Auditor. This procurement is necessary to ensure existing Software Upgrades/Technical Assistance (SU/TA) is sustained and that operational and engineering requirements are met and supported without interruption. Without this renewal, EIDS will be unable to scan/audit MS SQL Server, Oracle, Sybase, MySQL, and Postgres databases that must map product checks to the DISA STIGs/RMF controls. The expected period of performance will occur on date of award for one year with three additional (12 month) one year options, however, new market research will be conducted before each exercise of an option that sufficiently demonstrates that circumstances have not changed and that this requirement is still under a sole source environment and that the exercise of the option is the most advantageous method of meeting this requirement. The Government intends to negotiate a new firm-fixed price contract using FY17 Operations and Maintenance (O&M) funds: Approval is being requested for a new firm-fixed price contract using FY 17 Operations and Maintenance (O&M) funds for the procurement of a NCC Auditor Suite software maintenance requirement for annual renewal of subscription with upgrades and technical assistance for Enterprise Intelligence & Data Solutions (EIDS). Defense Health Agency, Solution Delivery Division (SDD) - 5109 Leesburg Pike Suite 809, Falls Church VA 22042 is the requiring activity. The Contracting Activity responsible for this action is the, Contracting Office - Health Information Technology (CO-HIT), 4130 Stanley Road, Suite 208, Joint Base San Antonio TX 78234.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/notices/6515ae362fbf5e4eb3c2d00c1f667582)
 
Record
SN04564131-W 20170701/170630000527-6515ae362fbf5e4eb3c2d00c1f667582 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.