Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF MAY 07, 2021 SAM #7097
AWARD

70 -- Tenable Security Center SW Maintenance Renewal and Upgrade to NNM - New Requirement

Notice Date
5/5/2021 9:22:53 AM
 
Notice Type
Award Notice
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
TECHNOLOGY ACQUISITION CENTER NJ (36C10B) EATONTOWN NJ 07724 USA
 
ZIP Code
07724
 
Solicitation Number
36C10B21Q0223
 
Archive Date
07/04/2021
 
Point of Contact
Joseph.Pignataro@va.gov, Kathryn.Pantages@va.gov, Phone: 732-795-1115
 
E-Mail Address
joseph.pignataro@va.gov
(joseph.pignataro@va.gov)
 
Award Number
NNG15SD34B36C10B21F0131
 
Award Date
05/05/2021
 
Awardee
MINBURN TECHNOLOGY GROUP, LLC GREAT FALLS 22066
 
Award Amount
6280000.00000000
 
Description
Tenable Network Security Center Maintenance Control Number VA-21-00004818 2 of 6 Control Number VA-21-00004818 Page 2 of 2 JUSTIFICATION FOR AN EXCEPTION TO FAIR OPPORTUNITY 1. Contracting Activity: Department of Veterans Affairs (VA) Office of Procurement, Acquisition, and Logistics Technology Acquisition Center 23 Christopher Way Eatontown, New Jersey 07724 2. Description of Action: The proposed action is for a firm-fixed price delivery order to be issued under the National Aeronautics and Space Administration (NASA) Solutions for Enterprise-Wide Procurement (SEWP) V Government-wide Acquisition Contract (GWAC) for the procurement of brand name Tenable Network Security Center (Tenable.sc) software maintenance and support as well as new features found in Tenable.sc Director. 3. Description of the Supplies or Services: VA Office of Information Security has a requirement to renew software maintenance and support for 18 bundles of existing brand name Tenable.sc software licenses as well as the procurement of new features found in Tenable.sc Director for applications located at Sacramento, California; Hines, Illinois; Cleveland, Ohio; Philadelphia, Pennsylvania, Martinsburg, West Virginia; and Sterling, Virginia. Specifically, the software maintenance and support will also include an upgrade to add Tenable s features found in Tenable.sc Director which is required to support the multiple consoles utilized for the network vulnerability security scanning of the VA by the Cybersecurity Operations Center (CSOC) Vulnerability Scanning Services (VSS). This upgrade is an enhancement to current capabilities but will not increase the quantity of Tenable.sc s software licenses, or the maintenance costs. This software is used to perform network vulnerability discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of VA s enterprise network environment and provide an assessment of the agency s Information Technology (IT) security state. The existing software provides authoritative scanning services provided by the CSOC to all of VA and allow the CSOC to conduct the monthly enterprise vulnerability scan (Enterprise Predictive Scan), Payment Card Industry scans, external vulnerability scans, scans for Authority to Operate, Security Control Assessments, Quality Privacy and Risk, and support of VA s efforts to remediate the Office of Inspector General identified material weaknesses. The existing software does so with labor intensive user interaction required in each of the separate management console instances. The required upgrade to Tenable.sc Director will provide a single pane of glass interface that provides for federated control via the parent Director of the children console instances. This single pane will further benefit CSOC VSS with decreased complexity and decreased needed manhours as VA s network continues to grow both in size and complexity and by eliminating the need for human interaction will decrease the likelihood of problems and error. The licenses also support any scans required to assess the network for emergent or imminent threats; which scans are often required by various requesting agencies (e.g. Department of Health Services, Internal Revenue Services). Ultimately, the existing Tenable licenses allow VA CSOC VSS to effectively carry out its network vulnerability scanning. As part of this requirement, VA requires maintenance and support for the software licenses in order to keep the software patched, fully functional, and operational. Maintenance and support is defined as any software patch, security updates, maintenance releases and problem resolution, which shall include 9am to 5pm Eastern Standard Time assistance via phone and email, as well as all bug fixes and enhancements, all systems model upgrades, help desk support to include technical consultation. The Contractor shall provide one telephone number and/or a point of contact for VA to contact for the opening of maintenance service calls. The Contractor shall interface with the VA Program Manager, VA Technical Manager or designee in tracking and reporting service call tickets. The proposed action is for services only. The maintenance and support runs for a period of 12 months. The total estimated value of the proposed action is $. 4. Statutory Authority: Pursuant to Federal Acquisition Regulation (FAR) 16.505(a)(4), the following brand name requirement is being justified and approved as an exception to fair opportunity under the statutory authority of Section 41 U.S.C. 4106(c)(2) as implemented by FAR 16.505(b)(2)(i)(B), entitled Only one awardee is capable of providing the supplies or services required at the level of quality required because the supplies or services ordered are unique or highly specialized. 5. Rationale Supporting Use of Authority Cited Above: Based on market research, as described in Section 8 of this document, it was determined that limited competition is viable among resellers for the upgrade of new features in the brand name Tenable software and for maintenance and support of the existing brand name Tenable.sc software licenses. Only Tenable software maintenance and support will meet VA s requirements due to compatibility and interoperability constraints with the proprietary solution. The required Tenable software products are proprietary and only available from Tenable or their authorized resellers of the brand name product. Tenable is the OEM for the applicable software subscription and does not authorize any third party software modification or patches to its software. Tenable owns the copyrighted source software with all legal rights, privileges, and ownership contained therein. No other source may legally modify or change the software, nor would they have access to the source code to do so with the licenses currently installed on the network. Also, in order to prevent interoperability IT products such as Tenable only function within their own production environment and do not interoperate in a mixed vendor variety of licensing model or configuration while maintaining the central management requirement from existing production Tenable Security Center console. The required software maintenance and support of the Tenable Network Security Center software in use on six VA CSOC s VSS consoles is critical to effectively carry out its network vulnerability scanning. Tenable also owns the intellectual property rights to the Security Center software; therefore, only Tenable or its resellers have the required access to the source code and other proprietary data of the software to be able to meet the Government s needs. The source code and proprietary data are necessary in order for the existing infrastructure and configuration to run properly. As such, the requirement to provide a single pane of glass interface to provide federated control via upgrade to Tenable.sc Director can only be provided by Tenable or its resellers as only they have the required access to the source code and other proprietary data of the software to be able to meet the Government s needs. As such, because of the proprietary nature of the software and due to the scanning infrastructure s complexity, any alternative solution would require the acquisition of alternative software and replacement of the existing infrastructure including six consoles and over 300 scanners. Due to the complexity and size, the original deployment took over two years. The use of any alternative solution would at a minimum require procurement of over one million IP licenses as well as new compatible hosting platforms and integration of support systems for an enterprise-wide project. The past years millions of dollars would have to be respent and would not be recovered through competition. More importantly, the two years downtime required to perform this migration would put VA in an incredible increased amount of risk. Specifically, an alternate solution would mean a gap during its research, development, and deployment in VA s awareness of its security posture, a lack of knowledge of the needed steps to mitigate VA s system-level vulnerabilities, and that gap would greatly increase the risk to VA systems and veteran data. Though not a requirement, such a move to an alternate software and infrastructure would also mean VA would not be using the same tool that outside agencies such as OIG, DHS, and GAO use for vulnerability scanning which would create difficulties in completing vulnerability scans and reports on efforts that require coordination with these agencies (e.g. when they audit VA). This would have an adverse effect on VA in working with these agencies to close its issues and findings. Tenable Security Center software performs the discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of VA s enterprise network environment and provides an assessment of the agency s IT security state. Failure to procure the required upgrade incorporating features of the brand name Tenable.sc Director software to simplify management of multiple consoles, will result in ever increasing man hours and increasing difficulty in providing the same levels of vulnerability and security awareness. With the global trending increase of IT security threats, any gap in security management efforts due to a failure to maintain the software would place VA s IT security posture and the VA Mission in an unacceptable risk state.  6. Efforts to Obtain Competition: Market research was conducted, details of which are in Section 8 of this justification. Currently no other vendor, other than Tenable, or a reseller, can provide the required upgrade of features and the software maintenance and support. This effort did not yield any additional sources that can meet the Government s requirements. It was determined, however, that limited competition is anticipated among resellers of the Tenable brand name for the upgrade of features and for the software maintenance and support. In accordance with FAR 16.505(a)(4)(iii)(A)(1), this justification will be provided with the solicitation to all appropriate to all applicable NASA SEWP V GWAC holders along with the Request for Quotation in order to fully notify all interested parties on the NASA SEWP V GWAC. Furthermore, in accordance with FAR 5.301, 16.505(b)(2(ii)(D), and 16.505(a)(4)(ii), notice of award for this action will be synopsized at award on the Contract Opportunities website and the justification will be made publicly available within 14 days of award. 7. Actions to Increase Competition: In order to remove or overcome barriers to competition in future acquisitions for this requirement, the Government will continue to perform market research to determine if there are any new products or maintenance services available in the marketplace that would enable future actions to be fully competed. 8. Market Research: Tenable software maintenance and support is a commercially available off the shelf maintenance package currently in use in VA. The Government s technical experts conducted market research from January to March 2021, by researching other similar solutions. The research consisted of reviewing various software license service plans such as Solarwinds, Barracuda, and GFI LanGaurd. Based on the market research conducted by the Government s technical experts, it has been determined that no other software maintenance and support providers can competitively meet the Government s current Enterprise vulnerability scanning requirements, nor provide the Director upgrade and its federated console management capabilities software and be compatible with VA s existing Tenable Security Center software proprietary source code and other proprietary data of the Tenable Network Security Center software. Only Tenable or its authorized resellers have the legal rights or tools and can access the source code and other proprietary data of the software to provide the necessary support. Additional market research was conducted by the Government in March 2021 to ascertain the extent of limited competition among resellers of the required Tenable software maintenance and support, wherein the Contract Specialist utilized the Provider Lookup tool on the NASA SEWP website. The research shows that there are a total of 17 Service-Disabled Veteran Owned Small Business contract holders identified as resellers of brand name Tenable that can fulfil the Government s requirements. 9. Other Facts: None 10. Technical and Requirements Certification: I certify that the supporting data under my cognizance, which are included in this justification, are accurate and complete to the best of my knowledge and belief. Date: ____________________ IT Specialist, CSOC Signature: ________________ 11. Fair and Reasonable Cost Determination: I hereby determine that the anticipated price to the Government for this contract action will be fair and reasonable based on anticipation of limited competition. Additionally, NASA SEWP V has already been determined the prices on contract to be fair and reasonable and more competitive pricing may result from competition. Finally, the successful quote will be compared to the Independent Government Cost Estimate. Date:_____________________ Procuring Contracting Officer Signature: ________________ 12. Procuring Contracting Officer Certification: I certify that this justification is accurate and complete to the best of my knowledge and belief. Date: ___________________ Procuring Contracting Officer Signature: _______________ Approval In my role as procuring activity Advocate for Competition, based on the foregoing justification, I hereby approve the acquisition of brand name Tenable.sc software maintenance and support as well as new features found in Tenable.sc Director on an other than fair opportunity basis pursuant to the authority cited in Section 4 above, subject to availability of funds, and provided that the services herein described have otherwise been authorized for acquisition. Date: ____________ Signature: _________________________________ Advocate for Competition Technology Acquisition Center Office of Procurement, Acquisition and Logistics
 
Web Link
SAM.gov Permalink
(https://beta.sam.gov/opp/701edb038e644bb589026e7463a240d2/view)
 
Record
SN05991706-F 20210507/210505230109 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.