FDIC's Tenable Subscription Maintenance
ID: CORHQ-25-Q-0377Type: Solicitation
Overview

Buyer

FEDERAL DEPOSIT INSURANCE CORPORATIONFEDERAL DEPOSIT INSURANCE CORPORATION_

NAICS

Other Computer Related Services (541519)

PSC

IT AND TELECOM - SECURITY AND COMPLIANCE PRODUCTS (HARDWARE AND PERPETUAL LICENSE SOFTWARE) (7J20)

Set Aside

No Set aside used (NONE)

Original Source

https://sam.gov/workspace/contract/opp/e0d82c0e3cd44a2a9cd336e8a88dd0c8/view
Timeline
    Description

    The Federal Deposit Insurance Corporation (FDIC) is seeking quotes for the maintenance of its Tenable subscription, as outlined in solicitation RFQ# CORHQ-25-Q-0377. This procurement involves subscription and maintenance services for Tenable and Rapid7 software, which are critical for the FDIC to meet NIST 800-53 security standards related to vulnerability detection and compliance. The contract will cover a base year and two one-year option periods, ensuring the FDIC's ongoing adherence to essential cybersecurity protocols. Interested vendors must submit their quotes by October 17, 2025, at noon EST, and can direct inquiries to Diamond Toles at ditoles@fdic.gov or by phone at 571-213-4018.

    Point(s) of Contact
    Diamond Toles
    (571) 213-4018
    ditoles@fdic.gov
    Files
    Title
    Posted
    CORHQ-25-Q-0377- Amendment 0001.pdf
    This document is an amendment to Solicitation No. CORHQ-25-Q-0377, dated September 9, 2025, from the Federal Deposit Insurance Corporation (FDIC) for a renewal requirement. The amendment, effective September 22, 2025, provides government responses to questions received regarding the solicitation. Key responses include confirming the Tenable CID as 77586, clarifying that the requirement is for a renewal, and affirming the necessity of a Tenable Reseller/Partner Agreement, with updated language on SAM.gov. This modification ensures all terms and conditions of the original solicitation remain in effect, with this amendment serving to provide crucial clarifications to potential offerors.
    CORHQ-25-Q-0377-Amendment 0002.pdf
    This document is Amendment/Modification 0002 to Solicitation CORHQ-25-Q-0377, issued by the Federal Deposit Insurance Corporation (FDIC) on October 8, 2025. The purpose of this amendment is to update the price schedule, revise Provision 7.3.2-09 General Proposal Instructions and Attachment M-1, and extend the offer due date to October 17, 2025, at noon EST. The solicitation is for Tenable and Rapid7 subscription maintenance for a base year and two one-year option periods, fulfilling FDIC's NIST 800-53 obligations. Offers will be deemed unacceptable if they do not use the specified Price Schedule Workbook, provide Pre-Award SCRM Information, or if the offeror is not an authorized reseller of Tenable and Rapid7. Proposals will be evaluated on a Lowest Price Technically Acceptable (LPTA) basis, requiring compliance with all listed documents, matching part numbers, and proof of authorized reseller status.
    CORHQ-25-Q-0377.pdf
    This government solicitation from the Federal Deposit Insurance Corporation (FDIC) outlines the requirements for Tenable software subscriptions and maintenance for a base year and two one-year option periods. The software is crucial for the FDIC to meet NIST 800-53 RA-5 and CM-6 standards for host vulnerability detection and baseline compliance, as well as NIST 800-53 CA-8 for vulnerability exploit attempts. The document details the schedule of supplies and services for various Tenable products, including Tenable.sc Console, Tenable Security Center Plus, Metasploit Pro, Nessus Professional, and Premier Support. It specifies delivery to Arlington, VA, and outlines detailed inspection, acceptance, invoicing, and payment procedures, emphasizing electronic fund transfers and strict invoice content requirements. The solicitation also includes critical clauses on post-government employment, commercial supplier agreement terms, off-site processing of FDIC information, basic safeguarding of contractor information systems, and reporting requirements for supply chain events, ensuring compliance, security, and proper contract administration.
    Pre-Award SCRM Info - Example.xlsx
    The document, NONPUBLIC//FDIC BUSINESS# 7.1.2-03, outlines the Pre-Award Risk Management (SCRM) Information requirements for solicitations, likely within the context of federal government RFPs. It mandates offerors to provide specific details regarding the good/software/service, including solicitation and part numbers, name, model/version, and their status as a manufacturer or supplier. A critical requirement is for offerors to categorize themselves as an Original Equipment Manufacturer (OEM), Aftermarket Manufacturer (AM), or Authorized Supplier, as defined in section 7.1.2-03. Failure to provide this status may lead to ineligibility for award, underscoring the importance of supply chain risk management in the FDIC's procurement process.
    Tenable Price Schedule - Amendment 0002.xlsx
    The Federal Deposit Insurance Corporation (FDIC) requires subscriptions and maintenance for Tenable and Rapid7 software, critical for meeting NIST 800-53 security controls (RA-5, CM-6, CA-8, CA-8(1), CA-8(2)). This requirement spans a base year (December 21, 2025 – December 20, 2026) and two one-year option periods. The Tenable software provides host vulnerability and baseline compliance detection, while Rapid7 Metasploit assists with vulnerability exploit attempts. The procurement includes various Tenable products such as Tenable.sc Console, Tenable Security Center Plus, Nessus Professional, and Tenable.sc+ for lab use, along with Premier Support. Rapid7's Metasploit Pro User Subscription is also included. The document outlines the price schedules for each period, detailing specific line items, manufacturers, quantities, part numbers, and descriptions of each software component and service, all marked as "NONPUBLIC//FDIC INTERNAL ONLY."
    Tenable Price Schedule.xlsx
    The Federal Deposit Insurance Corporation (FDIC) is seeking a three-year subscription for Tenable and Rapid7 software, encompassing a base year and two one-year option periods. This requirement is crucial for the FDIC to fulfill its obligations under NIST 800-53 RA-5, CM-6, CA-8, CA-8(1), and CA-8(2). The Tenable software provides host vulnerability detection and baseline compliance detection, while Rapid7 Metasploit assists with vulnerability exploit attempts in a controlled and documented manner. The price schedule outlines various subscription and maintenance items for both Tenable and Rapid7 products, including Tenable.sc Console, Tenable Security Center Plus, Metasploit Pro User Subscription, Nessus Professional, Tenable.sc+ for Lab Use, and Premier Support. This procurement aims to ensure the FDIC's continued adherence to essential cybersecurity and risk assessment standards.
    Lifecycle
    Title
    Type
    FDIC's Tenable Subscription Maintenance
    Currently viewing
    Solicitation
    Similar Opportunities
    Congress KnowWho for Salesforce Subscription Maintenance
    Buyer not available
    The Federal Deposit Insurance Corporation (FDIC) is soliciting proposals for the Congress KnowWho for Salesforce Subscription Maintenance, a critical requirement for their Office of Legislative Affairs CAUCUS application. The procurement involves providing software subscriptions, with a contract structure that includes a one-year base period from February 1, 2026, to January 31, 2027, followed by two optional one-year extensions, potentially lasting until January 31, 2029. Interested vendors must submit a pricing schedule, software license agreements, and maintenance support agreements, with the proposal due date set for October 31, 2025, by 2:00 PM EST, and an extended deadline for quotes until December 15, 2025, at 6:00 PM EST. For further inquiries, vendors can contact Christina V. Brooks at chrbrooks@fdic.gov or by phone at 571-212-7820.
    Hardware-UPS
    Buyer not available
    The Federal Deposit Insurance Corporation (FDIC) is soliciting quotes for the procurement of hardware and services related to Uninterruptible Power Supply (UPS) systems, specifically under RFQ CORHQ-25-Q-0474. The initiative aims to replace aging, mission-critical hardware nearing the end of its life, including HPE servers, Data Center Expert software, and various hardware components, while also providing extensive support services across multiple FDIC locations. This procurement is crucial for enhancing the reliability of critical applications and mitigating hardware failures. Interested offerors must submit their proposals by December 12, 2025, at 2:00 PM ET, and can direct inquiries to Kacie Lynch at klynch@fdic.gov or by phone at 703-562-2472.
    Data Modernization Section Support
    Buyer not available
    The Federal Deposit Insurance Corporation (FDIC) is soliciting proposals for a contract to support its Data Modernization Section (DMS), focusing on enhancing its data strategy and artificial intelligence (AI) capabilities. The contractor will provide comprehensive support across four key areas: the Cloud Data Management and Analytics (CDMA) Platform, modernization of the legacy AlphaRex NLP solution, operational support for enterprise AI capabilities, and lifecycle support for new DMS initiatives starting in 2027. This initiative is critical for transforming FDIC's data management into a secure, cloud-based enterprise resource, emphasizing compliance with stringent security and privacy policies. Proposals are due by January 2, 2026, with a total estimated workload of 16,234 hours for the base period, and interested parties can reach out to Mikel Wood at mikwood@fdic.gov or Timothy Whitaker at twhitaker@fdic.gov for further inquiries.
    Brand Name or Equal Financial Times
    Buyer not available
    The Federal Housing Finance Agency (FHFA) is seeking quotations for 50 licenses for full-text online access to the Financial Times, covering a base year and one option year. This procurement is unrestricted and falls under NAICS code 513120, which pertains to Periodical Publishers, highlighting the importance of access to timely financial news and analysis for the agency's operations. Interested vendors must be registered in the System for Award Management (SAM) and submit their quotations by December 10, 2025, along with any questions by December 4, 2025, to Natalie Wallace at natalie.wallace@fhfa.gov. Quotations must adhere to specific submission guidelines, including a cover page, a technical volume limited to five pages, and a separate price quotation, with the contract awarded to the lowest-priced technically acceptable offer.
    Fiduciary Liability Insurance and Consulting Services
    Buyer not available
    The Department of the Treasury, specifically the Office of the Comptroller of the Currency (OCC), is seeking proposals for Fiduciary Liability Insurance and Consulting Services through Request for Quotation No. 2031JW26Q00011. The OCC requires a qualified specialty lines insurance broker to provide fiduciary liability insurance with a minimum coverage of $10 million, along with errors and omissions coverage for its 401(k) plans, and to deliver expert consulting and training sessions to 401(k) Committee members. This procurement is crucial for ensuring compliance with fiduciary responsibilities and mitigating legal risks associated with the management of retirement plans. Interested parties should note that the solicitation is anticipated to be posted on SAM.gov by November 7, 2025, and can contact Karen A. Green at karen.green@occ.treas.gov for further information. The estimated contract value exceeds $150,000, with a base period from January 1, 2026, to December 31, 2026, and four additional one-year options.
    USAC RFQ: Tableau License Renewal
    Buyer not available
    The Federal Communications Commission (FCC) is seeking quotes for the renewal of Tableau Software licenses through the Universal Service Administrative Company (USAC). This Request for Quotes (RFQ) aims to procure the necessary software to support USAC's administrative functions related to the Universal Service Fund and its associated support mechanisms. The renewal of these licenses is crucial for USAC to effectively manage billing, collection, and disbursement functions under FCC oversight. Interested vendors must submit their quotes by December 29, 2025, at 11:00 AM ET, and can find further details and submission instructions on the USAC procurement website. For inquiries, contact Dania Powers at Dania.Powers@usac.org or Noor Jalal at noor.jalal@usac.org.
    Facilities Technology Management
    Buyer not available
    The Federal Bureau of Investigation (FBI) is seeking industry feedback through a Request for Information (RFI) for its Facilities Technology Management (FTM) initiative. The primary objective is to gather insights and capabilities for contractor support related to TRIRIGA operations and maintenance until its End of Life in September 2027, as well as to conduct a comprehensive system assessment to optimize the FBI's facilities technology portfolio. This assessment will evaluate existing systems and market-available options, focusing on requirements alignment, cost analysis, and risk assessment to recommend optimal systems and develop an agile implementation plan for transitioning away from TRIRIGA. Interested vendors are required to submit a capabilities statement by December 19, 2025, and may have the opportunity to participate in a Reverse Industry Day for select vendors. For further inquiries, interested parties can contact Tammy Clark at tjclark2@fbi.gov or Marie Agrinzoni at meagrinzoni@fbi.gov.
    F5 BIG IP FY23
    Buyer not available
    The Department of Defense, through the Defense Finance and Accounting Service (DFAS), is seeking maintenance renewal for F5 BigIP devices utilized within the DFAS Enterprise Local Area Network (ELAN). This procurement aims to ensure the continued functionality of the F5 BIG-IP® Local Traffic Manager, which is critical for local and global load balancing across servers, thereby optimizing data center efficiency and overcoming limitations of individual systems. Interested vendors can reach out to primary contact Zachary Wilson at zachary.t.wilson37.civ@mail.mil or by phone at 614-701-3613, or secondary contact Stephanie Smith at stephanie.n.smith60.civ@mail.mil or 614-701-2787 for further details regarding this opportunity.
    USAC RFQ: EMC All-Inclusive Unity Hardware Support
    Buyer not available
    The Universal Service Administrative Company (USAC), under the direction of the Federal Communications Commission (FCC), is seeking quotes for the purchase or renewal of EMC All-Inclusive Unity Hardware Support. This Request for Quotes (RFQ) aims to secure essential hardware support services that are critical for the administration of the Universal Service Fund and its associated support mechanisms. The RFQ is part of USAC's ongoing efforts to maintain and enhance its operational capabilities, ensuring effective management of the funds allocated for various telecommunications support programs. Interested vendors must submit their quotes by December 29, 2025, at 11:00 AM ET, and can find further details and submission instructions on the USAC procurement website. For inquiries, contact Dania Powers at Dania.Powers@usac.org or Noor Jalal at noor.jalal@usac.org.
    USAC RFI: Penetration Testing as a Service
    Buyer not available
    The Universal Service Administrative Company (USAC), under the guidance of the Federal Communications Commission (FCC), is seeking information from U.S.-based companies capable of providing Penetration Testing as a Service. This Request for Information (RFI) aims to gather insights and capabilities related to cybersecurity services that are critical for safeguarding the integrity of the Universal Service Fund and its associated support mechanisms. Interested vendors are encouraged to review the RFI details available on the USAC website and submit their responses by December 8, 2025, at 11:00 AM ET. For further inquiries, potential respondents can contact Mustafa Kamal at Mustafa.Kamal@usac.org or Noor Jalal at noor.jalal@usac.org.