Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF FEBRUARY 28, 2020 SAM #6665
SOURCES SOUGHT

99 -- Cloud Access SecurityBroker (CASB) and Next Generation FireWall (NGFW) Solutions

Notice Date
2/26/2020 8:24:57 AM
 
Notice Type
Sources Sought
 
NAICS
334614 — Software and Other Prerecorded Compact Disc, Tape, and Record Reproducing
 
ZIP Code
00000
 
Solicitation Number
2020-S-00004
 
Response Due
3/19/2020 2:00:00 PM
 
Archive Date
09/30/2020
 
Point of Contact
Cora R. Carag
 
E-Mail Address
acquisitions@saa.senate.gov
(acquisitions@saa.senate.gov)
 
Description
DESC: MARKET SURVEY AND SOURCES SOUGHT NOTICE FOR THE SENATE�S COMBINED CLOUD ACCESS SECURITY BROKER (CASB) AND NEXT GENERATION FIREWALL (NGFW) SOLUTION. The purpose of this Sources Sought Notice (SSN) is to gain information about qualified industry sources that can provide combined CASB and NGFW solutions. The U.S. Senate Sergeant At Arms (Senate or SAA) seeks to identify combined CASB and NGFW solutions currently available in the marketplace. Responses to this SSN will assist the SAA in its review of current solutions offered in the marketplace for combined CASB and NFGW. The SAA requests responses providing a full description of the solution proposed, scope of the solution, method of implementation and services offered. THIS IS A REQUEST FOR INFORMATION ONLY. This SSN is issued solely for information and planning purposes � it does not constitute a Request for Proposal (RFP) or a promise to issue an RFP or Solicitation in the future. This SSN does not commit the SAA to contract for any supply or service whatsoever. The SAA does not seek proposals at this time and will not accept unsolicited proposals. The SAA will not pay for any information or administrative costs incurred in responding to this SSN. All costs associated with responding to this SSN will be solely at the interested party�s expense. The SAA will not provide any debriefing. This synopsis contains the currently-available information and is subject to change at any time. All requirements listed below are mandatory unless otherwise noted. Each item in the following section requires a response.� REQUIREMENTS: 1.� The key high-level functional requirements under consideration include, but are not limited to the items listed on ATTACHMENT A � Senate Combined_CASB_NGFW_Requirements. 2.� Technical Questions: Briefly describe a typical implementation of the CASB and NGFW solutions. What integration options are there for the CASB and NGFW solutions?� Do you integrate, or require integration, with third-party providers for either or both products? Please list the third-party CASB and/or NGFW solutions with which you integrate. What, if any, are the most common customizations required to operationalize the solutions? What High Availability scenarios do you support? Briefly describe the integration points you support for a Cisco-based network infrastructure. In the NGFW scenario where both core routing/forwarding and security inspection processes occur on the same physical hardware, please describe options for isolating and troubleshooting the security inspection functions (e.g., for customer complaints of slowness, blocked access to Internet sites, etc.). Do you support customizable splash screens on the NGFW for blocking of malicious domains/IP addresses? Is the solution cloud-based, on-premises or both? Do you offer a hybrid option? If any component of the solution is cloud-based, please respond to the following questions: Is any data stored in the cloud? If so, what data is stored there and what is the Cloud Service Provider (CSP)? Is the data transmitted to and stored within the cloud service encrypted in transit and at rest using modern encryption capabilities? If so, describe your encryption both in transit and at rest.� How are keys managed? Is the solution component FedRAMP Authorized, In Process, or Ready? What other assurance accreditations or certifications does your solution hold, if any? Are all employees of the cloud service provider and anyone else with access to customer data U.S. Persons (e.g. U.S. citizens, U.S. permanent residents (""Green Card"" holders); or any person who is granted status as a ""Protected Individual"" under 8 U.S.C. � 1324b� (a) (3)? Have all employees of the cloud service provider and anyone else with access to customer data undergone a background check?� Please specify the type and scope of the background check. Is the processing and storage location of customer data restricted to the continental United States? What is the Service Level Agreement (SLA) for notifying customers of a security breach of the cloud service component? What is the SLA for availability of the cloud service component? What are the SLAs for notifying customers of non-disruptive and disruptive maintenance planned for the cloud service component? Does the solution offer out-of-the-box integration with any security event information management (SEIM) system?� If so, which ones? Does the solution integrate with an STS and/or SSO service? Does the solution support native integration with any on-premises or cloud-based identity and access management (IAM) solutions? If so, which solutions? For what use cases, if any, does the solution require the installation of a server-side service component in order to allow MFA for select services? With what assurance standards does the solution comply (e.g., FIPS)? 3.� Licensing: Describe the licensing model(s) 4. Sustainability/Lifecycle: How often do you release new major (x.0), minor (1.x) and revision (1.0.x) versions? How do you notify customers of new releases and critical updates?����� 5.�� CASB and NGFW Solutions responses must be in accordance with the following: Respondents must be the COTS solution provider/vendor. Responses submitted by VARs or third party integrators will not be accepted by the SAA. Vendor responses must be based on the product or solution�s current, out-of-the-box configurable capabilities. The SAA will not consider custom or uniquely-customized products or solutions. The SAA will not consider planned or future product enhancements when reviewing responses. Responses with proposed solutions deemed qualified by the SAA, if any, will be selected to proceed to a second round of procurement consideration by the SAA. The respondents must be prepared to discuss in detail and demonstrate stated capabilities relative to some or all listed requirements on section 1) ATTACHMENT A � Senate Combined_CASB_NGFW_Requirements, and section 2) Technical Questions. The SAA will notify selected vendors of the date and Senate facility location where the briefings and demonstrations will take place.� Solutions selected to move to the third round of procurement evaluation by the SAA, if any, will be asked to participate in a Senate-hosted Proof of Concept evaluation to be conducted at a Senate facility. The SAA will not provide any debriefing. INSTRUCTIONS: All qualified sources should respond to this Notice by submitting an information package in accordance with the following instructions. The respondents to this SSN must submit the following in their response - Completed ATTACHMENT A � Senate Combined_CASB_NGFW_Requirements as instructed; Concise, brief and direct response to each question listed on section 2. Technical Questions under REQUIREMENTS above; Description of the licensing model(s) asked for on section 3. Licensing under REQUIREMENTS above; Concise, brief and direct response to questions on section 4. Sustainability/Lifecycle under REQUIREMENTS above; and Business information to include the following:� Name of organization, submitter�s name and position in the organization, street address, city, state, and zip code, point of contact (POC) and position in organization if different from Submitter, telephone number, fax number, and email address. Company literature or brochures providing more details on proposed product or solution, if any, shall be submitted in .pdf or a similar, conveniently-printable format. The response shall not exceed twenty-five (25) pages, excluding company product literature or brochure. Unnecessarily elaborate submissions are discouraged. Pages over the page limitation will be discarded. Responses to this Sources Sought Notice are due to the SAA no later than 5:00 PM on March 19, 2020, and shall be submitted electronically via email only to Cora R. Carag at acquisitions@saa.senate.gov. The subject line of the email message shall be: �SSN 2020-S-0004 Combined CASB and NGFW Solution.� No other method of transmittal will be accepted. Access by the SAA to information in any files attached to the response is the responsibility of the submitting party. Neither the SAA nor the Senate is responsible for any failure to access vendor's information. The information contained in this Notice is the most current and will be the only information provided by the SAA during this phase of the Sources Sought process.� It is the responsibility of the potential Offerors to monitor this site for additional information, if any, pertaining to this requirement. THIS IS NOT A REQUEST FOR PROPOSAL. THIS NOTICE CONSTITUTES THE ENTIRE SOURCES SOUGHT NOTICE AND IS THE ONLY INFORMATION PROVIDED BY THE SAA OR SENATE NOW. ANY REQUESTS FOR ADDITIONAL INFORMATION WILL NOT BE HONORED OR ACCEPTED.
 
Web Link
SAM.gov Permalink
(https://beta.sam.gov/opp/caece1a947a14496aec00224ef5e667b/view)
 
Place of Performance
Address: Washington, DC 20510, USA
Zip Code: 20510
Country: USA
 
Record
SN05573571-F 20200228/200226230259 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.