Notice ID 36C10B21Q0223
Contract Award Number: NNG15SD34B36C10B21F0131
“The proposed action is for a firm-fixed price delivery order to be issued under the National Aeronautics and Space Administration (NASA) Solutions for Enterprise-Wide Procurement (SEWP) V Government-wide Acquisition Contract (GWAC) for the procurement of brand name Tenable Network Security Center (Tenable.sc) software maintenance and support as well as new features found in Tenable.sc Director…”
“VA Office of Information Security has a requirement to renew software maintenance and support for 18 bundles of existing brand name Tenable.sc software licenses as well as the procurement of new features found in Tenable … Specifically, the software maintenance and support will also include an upgrade to add Tenable’s features found in Tenable.sc Director which is required to support the multiple consoles utilized for the network vulnerability security scanning of the VA by the Cybersecurity Operations Center (CSOC) Vulnerability Scanning Services (VSS). This upgrade is an enhancement to current capabilities but will not increase the quantity of Tenable.sc’s software licenses, or the maintenance costs. This software is used to perform network vulnerability discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of VA’s enterprise network environment and provide an assessment of the agency’s Information Technology (IT) security state.
The existing software provides authoritative scanning services provided by the CSOC to all of VA and allow the CSOC to conduct the monthly enterprise vulnerability scan (Enterprise Predictive Scan), Payment Card Industry scans, external vulnerability scans, scans for Authority to Operate, Security Control Assessments, Quality Privacy and Risk, and support of VA’s efforts to remediate the Office of Inspector General identified material weaknesses. The existing software does so with labor intensive user interaction required in each of the separate management console instances. The required upgrade to Tenable.sc Director will provide a single pane of glass interface that provides for federated control via the “parent” Director of the “children” console instances. This “single pane” will further benefit CSOC VSS with decreased complexity and decreased needed manhours as VA’s network continues to grow both in size and complexity and by eliminating the need for human interaction will decrease the likelihood of problems and error. The licenses also support any scans required to assess the network for emergent or imminent threats; which scans are often required by various requesting agencies (e.g. Department of Health Services, Internal Revenue Services). Ultimately, the existing Tenable licenses allow VA CSOC VSS to effectively carry out its network vulnerability scanning. As part of this requirement, VA requires maintenance and support for the software licenses in order to keep the software patched, fully functional, and operational. Maintenance and support is defined as any software patch, security updates, maintenance releases and problem resolution, which shall include 9am to 5pm Eastern Standard Time assistance via phone and email, as well as all bug fixes and enhancements, all systems model upgrades, help desk support to include technical consultation. The Contractor shall provide one telephone number and/or a point of contact for VA to contact for the opening of maintenance service calls. The Contractor shall interface with the VA Program Manager, VA Technical Manager or designee in tracking and reporting service call tickets. The proposed action is for services only. The maintenance and support runs for a period of 12 months…”
“Tenable software maintenance and support is a commercially available off the shelf maintenance package currently in use in VA. The Government’s technical experts conducted market research from January to March 2021, by researching other similar solutions. The research consisted of reviewing various software license service plans such as Solarwinds, Barracuda, and GFI LanGaurd. Based on the market research conducted by the Government’s technical experts, it has been determined that no other software maintenance and support providers can competitively meet the Government’s current Enterprise vulnerability scanning requirements, nor provide the Director upgrade and its federated console management capabilities software and be compatible with VA’s existing Tenable Security Center software proprietary source code and other proprietary data of the Tenable Network Security Center software. Only Tenable or its authorized resellers have the legal rights or tools and can access the source code and other proprietary data of the software to provide the necessary support…”
