22 Jun 2018

TENABLE HEALTHCHECK

Type of document: Contract Notice
Country: United States

TENABLE HEALTHCHECK

Agency:
Federal Election Commission

Official Address:
999 E Street, N.W. Washington DC 20463

Zip Code:
20463

Contact:
Stewart A Sam, PURCHASING AGENT, Phone (202) 694-1241, Fax (202) 219-3505, Email sastewart@fec.gov – Stewart A Sam, PURCHASING AGENT, Phone (202) 694-1241, Fax (202) 219-3505, Email sastewart@fec.gov

Link:

Date Posted:
20/06/2018

Classification:
99

Contract Description:
 

STATEMENT OF WORK (SOW)

Tenable Security Center & Continuous View Health Check Service

 As of 5 May 2018

 

 

 

 

 

 

 

1. Supplies or Services and prices:

 

ITEM NO.

 

SUPPLIES/SERVICES

QUANTITY

Hours

RATE

TOTAL PRICE

0001

Tenable Security Center & Continuous View Health Check Service (8 hrs., 2 days on sight and 4 hrs., 1 day off site)

20

HR

   

0002

Travel and Expenses

1

EA

NTE 500

500

 

2.  Background: 

 

The FEC has recently successfully relocated its headquarters to a new location and the OCIO is seeking Tenable’s assistance in ensuring that all vulnerability scanners and sensors are properly installed and placed within the FEC’s environment.

Type of Contract: The Agency intends to award

 

3.  Objectives:

 

The Tenable Health Check Service provides FEC guidance and direction in optimizing the FEC’s deployment of tenable solutions. This service examines FEC’s deployment to determine if it meets the agency’s current business requirements, follow recommended best practices from Tenable and the industry, and performs as efficiently as possible. The Services include the following activities:

 

  1. Project initiation and planning
  2. Architectural and configuration review of customer’s implementation of Security Center
  3. Implementation of recommendations from configuration review

 

4.  Specific Tasks:

 

4.1. Project Initiation and Planning.

Activity Tasks:

  1. Outline the high level goals and objectives of the use of SC, inclusive of current and any applicable future phases.
  2. High level discussion of customer environment, i.e., number and types of assets, network topology/scanner placement confirmation, and overview of current solution.
  3. Identify key customer project stakeholders/SC users and their roles.
  4. Discussion current pain points, including but not limited to scan operation/configuration, network topology (including firewalls), report generation, and solution performance, etc.
  5. Document project initiation meeting findings. 

 

4.2 Architectural and Configuration Review.

Activity Tasks:

  1. Review hardware specifications of SC console and Nessus scanner(s) for performance and resource usage.
  2. Review SC installation and configuration
  3.  Discuss any possible future third party product integrations and/or automation needs to provide additional value to FEC.
  4. Document any findings and configuration recommendations against FEC use of SC versus goals and objectives.

 

4.3 Implement of recommendations from configuration review.

Activity Tasks:

  1. Implementation activities around recommendations from activity
  2. Knowledge transfer to FEC staff

 

5. Packaging and Marking: NA

 

6. Inspection and acceptance:

 

The services provided will be reviewed by the performance standards stated in the table below.

 

Performance Standards. 

 

Deliveries or performance

 

Performance Standard

Acceptable Quality Level (AQL)

Method of Surveillance

Project Initiation and Planning

Performance occurs with no required re-performance or re-work at least 80% of the time. Problems that occur are minor and are resolved in a satisfactory manner.

Routine inspection of deliverable products and services.

Architectural and Configuration Review

Performance occurs with no required re-performance or re-work at least 80% of the time. Problems that occur are minor and are resolved in a satisfactory manner.

Routine inspection of deliverable products and services.

Implement of recommendations from configuration review.

Performance occurs with no required re-performance or re-work at least 80% of the time. Problems that occur are minor and are resolved in a satisfactory manner.

Routine inspection of deliverable products and services.

 

Place of Performance. 

 

The work will be performed on site at the Federal Election Commission, 1050 First Street, NW, Washington DC 20463, or as authorized by the Contracting Officer Representative. Two (2) eight (8) hours days will be performed on site and four (4) hours will be performed offsite for documentation.

 

The core hours of operation will be Monday through Friday from 9:00 am. Until 5:30 p.m., although these hours may be altered up to one hour earlier or later as authorized by the COR. In the case of inclement weather, contractor personnel may telework with approval from the CO or COR; contractor personnel should contact the CO or COR for further instruction. The contractor will follow the Federal holiday schedule listed by OPM.

 

  Period of Performance. 

 

The period of performance shall be for 20 hours of security consultancy.

 

 

7. Contract Administrative Data:

 

Responsibility for contracting activities rests solely with the Agency’s CO.  No conversation, recommendations, or direction, whether given directly by, or implied by Agency personnel, that will affect the scope, schedule, or price of the program, shall be acted upon by the Contractor unless specifically approved by the Agency CO. In the event that the Contractor implements changes to the contract at the direction of any person other than the CO, the Contractor will not receive reimbursement for the work performed pursuant to those unauthorized changes. Contractual interpretation and assistance may be obtained by contacting the CO.

 

Contracting Officer Point of Contact

               Name: Pamela K. Jones

               Address: 1050 First St, NE, Washington, DC 20463

Phone:  202 694-1225

               Email: pjones@fec.gov

 

Contracting Officer’s Representative (COR)

The CO shall designate a COR who is responsible for administering the performance under the contract by:

•a.      Monitoring the Contractor’s performance

•b.      Assessing performance

•c.      Recommending changes to the CO

•d.      Interpreting the scope of work

Name: Licerio G. Ribeiro Jr.

Address: 1050 First St, NE, Washington, DC 20463

Phone: (202) 694-1289

Email: lribeiro@fec.gov

 

Alternate COR.

               Name: Justin Park

               Address: 1050 First St, NE, Washington, DC 20463

               Phone: (202) 694- 1289

               Email: jpark@fec.gov

 

8. Invoices:

 

•1)      Invoicing and payment for services rendered through this contract shall be made electronically in accordance with FAR 52.232-33. Invoices shall be submitted monthly by the fifth business day of the following month to fecinvoices@fec.gov, the CO and the COR identified above in this section.

•2)      The Contractor shall submit the final invoice within ninety calendar days after the expiration of the contract unless the Contractor requests and is granted an extension by the CO in writing.

•3)      For billing purposes, the invoice shall contain the following:

 

•a.      Contract Number/Purchase Order (PO)

•b.      CLIN Task Number (if applicable) as shown on the actual FEC Order/Price Schedule

•c.      A unique identifying Contractor invoice number

•d.      Contractor Bank Account Number

•e.      Contractor Bank Routing Number

•f.       Contractor  EIN

•g.      Contractor DUNS numbers

•h.      Time period the invoice covers

•i.       Any information or documentation required by provision of the contact/order

 

 

9. Government Furnished Equipment/ Property:

 

The Government intends to provide the following as Government Furnished Property to be used by the contractor during the performance of this contract:

 

  • Government Computer for day-to-day duties.

 

10. Key Personnel:

 

The Contractor shall provide tenable security center security consultant that are certified and employed by Tenable. The Contractor shall retain personnel to ensure continuity throughout the life of the effort.  If it should become necessary to substitute or replace key personnel, the Contractor shall immediately notify FEC in writing of key personnel vacancies.  The FEC reserves the right to dismiss any Contractor personnel from further service at the FEC site should their service be deemed unsatisfactory. Labor category for this service is senior security consultant with five years of security consultant field experience with a qualification of Tenable Certified Security Consultant certification.

 

 11. Security:

 

The contractor and its employees must exercise the utmost discretion in regard to all matters relating to their duties and functions. They must not communicate to any person any information known to them by reason of their performance services under this contract which has not been made public, except in the necessary performance of their duties or upon written authorization of the Contracting Officer. All code, documents, and records (including photographs), generated ruing the performance of work under this contract shall be for the sole use of and become the exclusive property of FEC. Furthermore, no article, book, pamphlet, recording, broadcast, speech, television appearance, film or photograph concerning any aspect of work performed under this contract shall be published or disseminated through any media without the prior written authorization of the Contracting Officer. These obligations do not cease upon the expiration or termination of this contract. The Contractor must include the substance of this provision in all contracts of employment and in all subcontracts hereunder.

 

The Contractor shall follow the following guidelines while performing under this contract:

 

  • Federal Information Security Modernization Act of 2014 (FISMA);
  • Federal Election Commission Information System Security Program Policy 58A
  • National Institute of Standards and Technology (NIST) SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems
  • National Institute of Standards and Technology (NIST) SP 800-53, Rev 4, Security and Privacy Controls for Federal Information Systems and Organizations
  • National Institute of Standards and Technology (NIST) SP 800-37, Rev 1, Guide for Applying the Risk Management Framework to Federal Information Systems.
  • OMB Circular A-130, Directive on Information Resources Management, Appendix III, Security of Federal Automated Information Resources
  • All applicable Federal Election Commission (FEC) OCIO security policies
  • All applicable Federal Election Commission (FEC) Physical Security policies.

 

12.  Other Pertinent Information or Special Considerations: None.

 

13. Identification of Possible Follow-on Work: No possible follow-on work has been identified at this time.

 

14.  Identification of Potential Conflicts of Interest (COI). 

 

•(a)    The Contractor warrants that, to the best of its knowledge and belief, there are no relevant facts or circumstances which would give rise to an organizational conflict of interest, as defined in FAR Subpart 9.5, or that the Contractor has disclosed all such relevant information.

•(b)   The Contractor agrees that if an actual or potential organizational conflict of interest is discovered after award, the Contractor will make a full disclosure in writing to the Contracting Officer. This disclosure shall include a description of actions which the Contractor has taken or proposes to take to avoid or mitigate the actual or potential conflict.

•(c)    If the Contractor was aware of a potential organizational conflict of interest prior to award or discovered an actual or potential conflict after award and did not disclose or misrepresented relevant information to the Contracting Officer, the Government may terminate the contract for default.

•(d)   The Contractor shall insert the substance of this clause, including this paragraph (d), in all subcontracts.

 

  15. Identification of Non-Disclosure Requirements. 

 

The contractor and its employees must exercise the utmost discretion in regard to all matters relating to their duties and functions. They must not communicate to any person any information known to them by reason of their performance services under this contract which has not been made public, except in the necessary performance of their duties or upon written authorization of the Contracting Officer. All code, documents, and records (including photographs), generated during the performance of work under this contract shall be for the sole use of and become the exclusive property of FEC. Furthermore, no article, book, pamphlet, recording, broadcast, speech, television appearance, film or photograph concerning any aspect of work performed under this contract shall be published or disseminated through any media without the prior written authorization of the Contracting Officer. These obligations do not cease upon the expiration or termination of this contract. The Contractor must include the substance of this provision in all contracts of employment and in all subcontracts hereunder.

 

  16. Packaging, Packing and Shipping Instructions. 

 

               This is a services contract and no packaging or marking requirements are provided. 

 

All Contractor deliverables and work products produced as part of performance under this contract become Government property. As Government property, such deliverables and work products shall not be used by the Contractor for any other purposes.

                                                                                                        

17.  Section 508 Accessibility Standards.  The following Section 508 Accessibility Standard(s) (Technical Standards and Functional Performance Criteria) are applicable (if box is checked) to this acquisition.

 

Technical Standards

 

 1194.21 – Software Applications and Operating Systems

 1194.22 – Web Based Intranet and Internet Information and Applications

 1194.23 – Telecommunications Products

 1194.24 – Video and Multimedia Products

 1194.25 – Self-Contained, Closed Products

 1194.26 – Desktop and Portable Computers

 1194.41 – Information, Documentation and Support

 

The Technical Standards above facilitate the assurance that the maximum technical standards are provided to the Offerors.  Functional Performance Criteria is the minimally acceptable standards to ensure Section 508 compliance.  This block is checked to ensure that the minimally acceptable electronic and information technology (E&IT) products are proposed.

 

Functional Performance Criteria

 

 1194.31 – Functional Performance Criteria

 

18. Questions due Date and Time:

 

Questions related to this solicitation shall be emailed no later than 12:00 p.m., Eastern Time, June 20, 2018.

 

Methods of quote delivery

 

Quote shall be submitted via email by the closing date and time as specified below.

 

Quote Due Date & Time

 

Quotation submitted in response this RFQ shall be received by the due date and time established herein. 

 

19 Evaluation of Quote:

 

19.1 Basis for award

The Contracting Officer will evaluate offers on the basis of information furnished by the offeror and shall not be responsible for locating or obtaining any information not identified.

The Government will evaluate the quoted price for reasonableness.  An evaluation of the Offeror’s price quote will be made to determine if it is reasonable for the work to be performed and reflects a clear understanding of the requirements, and if it is consistent with the SOW. The FEC will evaluate the proposal based on key personnel criteria listed in section 10 of this SOW.

 

 

 

Response Date:
062218

Sol Number:
RFI-FEC-0282SS