The National Institute of Standards and Technology (NIST) intends to award on a brand name basis under the authority of FAR 13.106-1(b)(1) to Computer Security Consulting Inc. (CSCI) of 17481 Oak forest Drive, Mabelvale, Arizona 72103-4514 US to obtain NGGSQuirrel Software Licenses for the National Institute of Standards and Technology (NIST)Division 181, Information Technology Laboratory, located in Gaithersburg, MD. The resulting purchase order will be a firm fixe priced award purchase order.
NGGSQuirrel Software package requirements This procurement is for the renewal of the NGS SQuirreL product for the Assessment & Authorization (A&A) team to perform automated secure configuration testing. The product provides FISMA compliance auditing and reporting as required by OMB and NIST. The product also provides the ability to generate lockdown scripts for Oracle and Microsoft SQL database servers. The license also allows administrators to quickly and easily remedy vulnerabilities found while auditing. The product interfaces one to one with existing Department of Commerce database vulnerability scanning processes and product provides strong integration with existing NIST security products, while supporting the needed range of databases. The capabilities of the system will improve the efficient and effective management of the Assessment & Authorization testing processes.
• FISMA Compliance Auditing and Reporting: a product that will allow NIST to perform secure configuration audits and generate reports in the format required by OMB and NIST for Oracle and MS SQL databases. • A product with the ability to create lockdown scripts for Oracle and MS SQL database servers. When vulnerabilities are discovered, a lockdown script can be generated to allow system administrators to patch servers quickly to remediate those vulnerabilities. • A product with ongoing support to provide updates with the latest known vulnerabilities. • A product that provides a one to one interface to existing Department of Commerce database vulnerability scanning processes. • A product that can work within NIST's existing vulnerability scanning process. • A product with and easy to use and intuitive interface.
The NAICS Code is 511210 with a size standard of $25 Million
No solicitation package will be issued. This notice of intent is not a request for quotations. However, responses received will be considered by the Government. The Justification for Other Than Full and Open Competition is attached.